Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Một cụm từ như "Powered by" có thể rất hữu ích trong việc định vị mục tiêu cụ thể do độ cao của họ về tính độc đáo. Sau khi "trang" là cụm từ một liên kết đến http://cutephp.com/cutenews/ và chuỗi $ config_version_name, sẽ liệt kê tên phiên bản của program.To CuteNews có rất cụ thể "Powered by" tìm kiếm thức ăn Google, kẻ tấn công hoặc phải đoán số phiên bản chính xác mà sẽ được hiển thị (ghi nhớ rằng phiên bản 1.3.1 của CuteNews được tải xuống) hoặc phiên bản hiển thị con số thực tế phải. | Locating Exploits and Finding Targets Chapter 6 241 there is a great deal of information in this function as shown in Figure 6.17 certain things will catch the eye of any decent Google hacker. For example line 168 shows that copyrights are printed and that the term Powered by is printed in the footer. Figure 6.17 The echofooter Function Reveals Potential Query Strings A phrase like Powered by can be very useful in locating specific targets due to their high degree of uniqueness. Following the Powered by phrase is a link to http cutephp.com cutenews and the string config_version_name which will list the version name of the CuteNews program.To have a very specific Powered by search to feed Google the attacker must either guess the exact version number that would be displayed remembering that version 1.3.1 of CuteNews was downloaded or the actual version number displayed must be located in the source code. Again grep can quickly locate this string for us. We can either search for the string directly or put an equal sign after the string to find where it is defined in the code. A grep command such as grep -r config_ver-sion_name will do the trick johnny-longs-g4 root grep -r coniig_version_name inc install.mdu coniig_version_name CuteNews v1.3.1 inc options.mdu fwrite handler PHP n n System Configurations n n config_version_name config_version_name n n config_version_id config_version_id n n johnny-longs-g4 root 242 Chapter 6 Locating Exploits and Finding Targets As shown here the version name is listed as CuteNews v1.3.1. Putting the two pieces of the footer together creates a very specific string Powered by CuteNews v1.3.1 .This in turn creates a very nice Google query as shown in Figure 6.18.This very specific query returns nearly perfect results displaying nearly 500 sites running the potentially vulnerable version 1.3.1 of the CuteNews software. Figure 6.18 A Completed Vulnerability Search Too many examples of this technique are in action to even begin to list .