API tools faq
paste
Advertisement
YeiZeta

(InfraEstructura)mega.co.nz Posibilidades

YeiZeta
Feb 1st, 2013
774
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.16 KB | None | 0 0
raw download clone embed print report
  1. ***mega.co.nz***
  2.  
  3. Saludos soy yei zeta en estos dias, se lanzo la pagina conocida como "mega.co.nz" hace unos dias.. estube viendo la publicacion de un foro, en la que decia sobre encontrar la vulnabirilidad del "Mega" Habia Recompensas resulta que la pagina oficial, de Kit Doctom en http://kim.com, cuando vi que de habia probiene una extencion .js que significa un archivo que contiene "JavaScripting", y se encuentra en una sub.> de Mega.co.nz, cuando realmente el scirpt java biene de la pagina oficial de kit doctom, es decir podemos dañar la estructura del sitio web nada mas aperandonos de la pagina oficial de "Kit Doctom".
  4.  
  5.  
  6. Aca Abajo vemos....>
  7. kim.com-> oficial
  8. sub-> static.kim.com y practicamen extendida en la pagina de mega.co.nz
  9.  
  10. http://static.kim.com/mega/release/js/main.js?v=54
  11.  
  12.  
  13. <pre>var requirejs,require,define;(function(e){function l(e,t){var n,r,i,s,o,a,f,l,c,h,p=t&amp;&amp;t.split("/"),d=u.map,v=d&amp;&amp;d["*"]||{};if(e&amp;&amp;e.charAt(0)==="."&amp;&amp;t){p=p.slice(0,p.length-1),e=p.concat(e.split("/"));for(l=0;l&lt;e.length;l+=1){h=e[l];if(h===".")e.splice(l,1),l-=1;else if(h===".."){if(l===1&amp;&amp;(e[2]===".."||e[0]===".."))break;l&gt;0&amp;&amp;(e.splice(l-1,2),l-=2)}}e=e.join("/")}if((p||v)&amp;&amp;d){n=e.split("/");for(l=n.length;l&gt;0;l-=1){r=n.slice(0,l).join("/");if(p)for(c=p.length;c&gt;0;c-=1){i=d[p.slice(0,c).join("/")];if(i){i=i[r];if(i){s=i,o=l;break}}}if(s)break;!a&amp;&amp;v&amp;&amp;v[r]&amp;&amp;(a=v[r],f=l)}!s&amp;&amp;a&amp;&amp;(s=a,o=f),s&amp;&amp;(n.splice(0,o,s),e=n.join("/"))}return e}function c(t,r){return function(){return n.apply(e,f.call(arguments,0).concat([t,r]))}}function h(e){return function(t){return l(t,e)}}function p(e){return function(t){s[e]=t}}function d(n){if(o.hasOwnProperty(n)){var r=o[n];delete o[n],a[n]=!0,t.apply(e,r)}if(!s.hasOwnProperty(n)&amp;&amp;!a.hasOwnProperty(n))throw new Error("No "+n);return s[n]}function v(e){var t,n=e?e.indexOf("!"):-1;return n&gt;-1&amp;&amp;(t=e.substring(0,n),e=e.substring(n+1,e.length)),[t,e]}function m(e){return function(){return u&amp;&amp;u.config&amp;&amp;u.config[e]||{}}}var t,n,r,i,s={},o={},u={},a={},f=[].slice;r=function(e,t){var n,r=v(e),i=r[0];return e=r[1],i&amp;&amp;(i=l(i,t),n=d(i)),i?n&amp;&amp;n.normalize?e=n.normalize(e,h(t)):e=l(e,t):(e=l(e,t),r=v(e),i=r[0],e=r[1],i&amp;&amp;(n=d(i))),{f:i?i+"!"+e:e,n:e,pr:i,p:n}},i={require:function(e){return c(e)},exports:function(e){var t=s[e];return typeof t!="undefined"?t:s[e]={}},module:function(e){return{id:e,uri:"",exports:s[e],config:m(e)}}},t=function(t,n,u,f){var l,h,v,m,g,y=[],b;f=f||t;if(typeof u=="function"){n=!n.length&amp;&amp;u.length?["require","exports","module"]:n;for(g=0;g&lt;n.length;g+=1){m=r(n[g],f),h=m.f;if(h==="require")y[g]=i.require(t);else if(h==="exports")y[g]=i.exports(t),b=!0;else if(h==="module")l=y[g]=i.module(t);else if(s.hasOwnProperty(h)||o.hasOwnProperty(h)||a.hasOwnProperty(h))y[g]=d(h);else{if(!m.p)throw new Error(t+" missing "+h);m.p.load(m.n,c(f,!0),p(h),{}),y[g]=s[h]}}v=u.apply(s[t],y);if(t)if(l&amp;&amp;l.exports!==e&amp;&amp;l.exports!==s[t])s[t]=l.exports;else if(v!==e||!b)s[t]=v}else t&amp;&amp;(s[t]=u)},requirejs=require=n=function(s,o,a,f,l){return typeof s=="string"?i[s]?i[s](o):d(r(s,o).f):(s.splice||(u=s,o.splice?(s=o,o=a,a=null):s=e),o=o||function(){},typeof a=="function"&amp;&amp;(a=f,f=l),f?t(e,s,o,a):setTimeout(function(){t(e,s,o,a)},15),n)},n.config=function(e){return u=e,n},define=function(e,t,n){t.splice||(n=t,t=[]),o[e]=[e,t,n]},define.amd={jQuery:!0}})(),require.config({deps:["main"],
  14.  
  15. ------------------------------------------Parte Interesante de la Infra-Estructura del sitio web de kit doctom y en Extencion con Mega.co.nz------------------------------------------
  16. paths:{libs:"../assets/js/libs",plugins:"../assets/js/plugins",vendor:"../assets/vendor",jquery:"../assets/js/libs/jquery/jquery","jquery-easing":"../assets/js/libs/jquery/jquery-easing/jquery.easing","jquery-scrollpane":"../assets/js/libs/jquery/jquery-scrollpane/script/jquery.jscrollpane","jquery-mousewheel":"../assets/js/libs/jquery/jquery-scrollpane/script/jquery.mousewheel","jquery-validation":"../assets/js/libs/jquery/jquery-validation/jquery.validate","jquery-placeholder":"../assets/js/libs/jquery/jquery-
  17. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
  18. que mas peligroso que los usuarios se guarden en una extencion de texto.
  19.  
  20. http://kim.com/login
  21.  
  22. <input type="text" id="username" name="_username" class="btn-large"/>
  23.  
  24.  
  25.  
  26. Tambien tenemos algunos datos de la pagina de Kit Doctom
  27.  
  28. Hosteado en : Steinsel, LUXEMBOURG (LU) Creemos que biene hosteado de esta empresa :> http://www.server.lu/
  29.  
  30.  
  31. Incluso Vemos aca en esta foto: http://subefotos.com/ver/?1beb0811ce2d0880b8fe5c92ba6296d9o.png#codigos
  32.  
  33. en una pequeña busqueda "avanzada", para ver los sub dominios y posibles subs de los dns. de la pagina de mega.co.az
  34.  
  35. Incluso nos encomtramos con estos que tenemos aca:
  36.  
  37. (Sub Domains)
  38.  
  39. https://eu.static.mega.co.nz/test.html
  40. http://nsde2.mega.co.nz/
  41. http://static.kim.com/
  42. http://g.static.mega.co.nz/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!