LFI to RCE via access_log injection

on
18

How Do I Get tempo.co.id Email Login

on


Well this is an old vulnerablity called Heartbleed (CVE-2014-0160). Let's exploit this.

Run the Heartbleed exploit and you'll get the Zimbra cookie.


See the Referer and Cookie? Use that to login.

Referer: https://mx.tempo.co.id/
Cookie: ZM_TEST=true; ZM_AUTH_TOKEN=0_73ec70e72712cb16eaee148d405d1b8297c411f2_69643d33363a66356438353363632d633032372d343032302d383566322d3635636436366531623932313b6578703d31333a313438373232343637313230353b747970653d363a7a696d6272613b; JSESSIONID=1xv343h6xss51a0uhvn29oe6x

Open the Referer site in firefox who have installed Cookie Injector plugin https://mx.tempo.co.id/ and press alt+c to show the Cookie Injector.


You'll see "Wireshark Cookie Dump" there. Now paste the Cookie and click OK. You should have popup screen "All Cookie Have Been Written".


Refresh (F5) the site again and you are now login to user email.


Type password on search box and hit enter... :p



./NoGe

Comments

irris said…
great info. It was helpful for me to know. Therefore, I decided to share with you a guide - common app prompt 6 https://wr1ter.com/common-application-essay-prompts . There you will find general essay writing tips with tips and examples.
August 30, 2022 at 7:52 PM
Max Roy said…
This comment has been removed by the author.
March 9, 2023 at 6:57 PM
Milton Paul said…
This blog is a helpful resource for anyone seeking information about how to get tempo.co.id email login. The step-by-step guides provided are clear and easy to follow. Now read more about https://www.limo-world.com/ for more information
July 9, 2023 at 1:23 AM
Tommy Rick said…
This comment has been removed by the author.
July 13, 2023 at 8:10 PM
Tommy Rick said…
Your post is very great.I read this post, this is a very helpful for Get tempo.co.id Email. Thanks for sharing this with us. Now read more about wordle junior for more information.
July 13, 2023 at 8:11 PM
Tristin Troy said…
"Thank you for sharing the information on how to access tempo.co.id email login. It's always helpful to have clear instructions on this platform. Now read more about super god system 67 for more information.
July 19, 2023 at 11:31 AM
Carlos Conner said…
Thank you for sharing this informative blog post on accessing tempo.co.id email login! The step-by-step guide and clear instructions make it easy for users to navigate through this process. Now read more about https://metrodetroitlimo.com/ for more information.
August 7, 2023 at 10:07 PM
Post a Comment