• XSS.stack #1 – первый литературный журнал от юзеров форума

[CVE-2022-1386] [http] [critical]

Отслеживать
Focus17 сказал(а):
бью урл этим сплойтом, пробивает, просит пейлод, какой пейлод или фреймворк юзать?
ссылку на то что хочешь чтоб сплойт отобразил. https://google.com/ к примеру или какой хост из локальной сети
 
root@user:~/CVE-2022-1386# python3 CVE-2022-1386.py

CVE-2022-1386 - Fusion Builder < 3.6.2 - Unauthenticated SSRF
___ ____ ___ ___ ________ ____ _____
|__ \ / __ \__ \|__ \ < /__ /( __ )/ ___/
__/ // / / /_/ /__/ /_____/ / /_ </ __ / __ \
/ __// /_/ / __// __/_____/ /___/ / /_/ / /_/ /
/____/\____/____/____/ /_//____/\____/\____/

[>] Target URL: http://ччччччччю/wp-admin/admin-ajax.php
[+] Testing SSRF...
[+] Target is vulnerable to SSRF!
[+] Saving raw request...
[+] Raw request saved to output/ folder
[>] Payload: Какой пейлод юзать?
 
Focus17 сказал(а):
root@user:~/CVE-2022-1386# python3 CVE-2022-1386.py

CVE-2022-1386 - Fusion Builder < 3.6.2 - Unauthenticated SSRF
___ ____ ___ ___ ________ ____ _____
|__ \ / __ \__ \|__ \ < /__ /( __ )/ ___/
__/ // / / /_/ /__/ /_____/ / /_ </ __ / __ \
/ __// /_/ / __// __/_____/ /___/ / /_/ / /_/ /
/____/\____/____/____/ /_//____/\____/\____/

[>] Target URL: http://ччччччччю/wp-admin/admin-ajax.php
[+] Testing SSRF...
[+] Target is vulnerable to SSRF!
[+] Saving raw request...
[+] Raw request saved to output/ folder
[>] Payload: Какой пейлод юзать?
github.com

PayloadsOfAllTheThings/SSRF payloads at main · DevanshRaghav75/PayloadsOfAllTheThings

A collection of payloads for different vulnerabilities, best payload lists in one repository - DevanshRaghav75/PayloadsOfAllTheThings
github.com
 
Focus17 сказал(а):
root@user:~/CVE-2022-1386# python3 CVE-2022-1386.py

CVE-2022-1386 - Fusion Builder < 3.6.2 - Unauthenticated SSRF
___ ____ ___ ___ _______ ____ _____
|__ \ / __ \__ \|__ \ < /__ /( __ )/ ___/
__/ // / / /_/ /__/ /_____/ / /_ </ __ / __ \
/ __// /_/ / __// __/_____/ /___/ / /_/ / /_/ /
/____/\____/____/____/ /_//____/\____/\____/

[>] Target URL: http://www.wp-admin/admin-ajax.php
[+] Testing SSRF...
[+] Target is vulnerable to SSRF!
[+] Saving raw request...
[+] Raw request saved to output/folder
[>] Payload: What payload should I use?
the URL you are trying to read the response of, if the website is hosted on a cloud server, you can get rce, if not, likely useless unless they have custom scripts or other services on local
 
workerB сказал(а):
the URL you are trying to read the response of, if the website is hosted on a cloud server, you can get rce, if not, likely useless unless they have custom scripts or other services on local
експйлойт пробивает урл, какой пейлод юзать? что я могу из этого получить, сессию метерпретер?
 
Focus17 сказал(а):
expyloit breaks url, what payload to use? what can I get out of this, meterpreter session?
SSRF exploit = you can make HTTP request on behalf of the web server
means you give URL (https://example.com)
and you see the HTML, response of https://example.com

that is what the vulnerability is, you will likely not escalate this on wordpress
 
workerB сказал(а):
SSRF exploit = you can make HTTP request on behalf of the web server
means you give URL (https://example.com)
and you see the HTML, response of https://example.com

that is what the vulnerability is, you will likely not escalate this on wordpress
то есть я могу редактировать index.html?
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх