How can we post like this can some body tell this "getmedia" hack

carolchu

Newbie
Joined
May 9, 2022
Messages
16
Reaction score
4
Hello many people are doing this kind of post and all are google indexed can somebody tell how can we post like this.
here is sample link.
https://www.explore.co.uk/getmedia/1bbd67ba-f635-4a5c-952a-b2bc9165ae55/vuJka.htmlThanks if some one can tell.
 
They're probably exploiting a form on the site somewhere. My approach would be to find all the forms on the site, look for any that offer an upload option (sometimes hidden in TinyMCE), try uploading some files while keeping an eye on http traffic and see if I can find any data similar to the identifiers in the url you mentioned.
 
I'm also interested in this... I found a similarity between all 'getmedia' urls I've encountered:

Code:
(function() {var fn = function() {$get("manScript_HiddenField").value = '';Sys.Application.remove_init(fn);};Sys.Application.add_init(fn);})();
var callBackFrameUrl='/WebResource.axd?d=3id44dG_QCmIUCCzkYlyoT9Em3HXU0eDAfiodrVDXO9eUVK8Hhod30homw4f0DrYtkTdb51AmF01wD86f9rNKdHPYvA1&t=638399355142847209';
WebForm_InitCallback();
theForm.oldSubmit = theForm.submit;
theForm.submit = WebForm_SaveScrollPositionSubmit;

theForm.oldOnSubmit = theForm.onsubmit;
theForm.onsubmit = WebForm_SaveScrollPositionOnSubmit;
Sys.Application.add_init(function() {
$create(Sys.Extended.UI.TextBoxWatermarkBehavior, {"ClientStateFieldID":"p_lt_ctl02_SearchBox_txtWord_exWatermark_ClientState","WatermarkText":"search our site","id":"p_lt_ctl02_SearchBox_txtWord_exWatermark"}, null, null, $get("p_lt_ctl02_SearchBox_txtWord"));
});
 
I'm also interested in this... I found a similarity between all 'getmedia' urls I've encountered:

Code:
(function() {var fn = function() {$get("manScript_HiddenField").value = '';Sys.Application.remove_init(fn);};Sys.Application.add_init(fn);})();
var callBackFrameUrl='/WebResource.axd?d=3id44dG_QCmIUCCzkYlyoT9Em3HXU0eDAfiodrVDXO9eUVK8Hhod30homw4f0DrYtkTdb51AmF01wD86f9rNKdHPYvA1&t=638399355142847209';
WebForm_InitCallback();
theForm.oldSubmit = theForm.submit;
theForm.submit = WebForm_SaveScrollPositionSubmit;

theForm.oldOnSubmit = theForm.onsubmit;
theForm.onsubmit = WebForm_SaveScrollPositionOnSubmit;
Sys.Application.add_init(function() {
$create(Sys.Extended.UI.TextBoxWatermarkBehavior, {"ClientStateFieldID":"p_lt_ctl02_SearchBox_txtWord_exWatermark_ClientState","WatermarkText":"search our site","id":"p_lt_ctl02_SearchBox_txtWord_exWatermark"}, null, null, $get("p_lt_ctl02_SearchBox_txtWord"));
});
My advice is to look at CVE reports about Kentico CMS...
 
My advice is to look at CVE reports about Kentico CMS...
Thanks for the pointer in the right direction but I'm having trouble figuring out which CVE it is out of these:

Code:
https://www.cvedetails.com/vulnerability-list/vendor_id-15688/product_id-32548/Kentico-Kentico-Cms.html

There's no POC whatsoever on any of the links either... hmmm

Would be nice to figure this one out for sure!

Code:
https://www.carrollu.edu/CarrollUniversity/media/Events/psn-giveaway-2024.html
 
Thanks for the pointer in the right direction but I'm having trouble figuring out which CVE it is out of these:

Code:
https://www.cvedetails.com/vulnerability-list/vendor_id-15688/product_id-32548/Kentico-Kentico-Cms.html

There's no POC whatsoever on any of the links either... hmmm
Try this list instead
Code:
https://www.cvedetails.com/vulnerability-list/vendor_id-15688/product_id-52948/Kentico-Kentico.html
 
Definitely finding some interesting things in there but I can't find any PoC it seems they've all been removed so it's basically just guessing at injecting form data which I've tried numerous things to no avail...

Mystery to me!
Code:
https://www.knowlescapacitors.com/getmedia/1d29249a-036b-49b7-bee6-57c86995d555/3qzSJSen4HyEsGFeJeFM.html

Closest thing I can find is this which is an ad riddled locked "subscribe to trial" nightmare of sorts:

Code:
https://www.scribd.com/document/692205185/5255-44-20112023-12-00-00-a-m-2

Getting close chasing down google dorks but nothing to write my own python script around it yet...

Code:
https://nationalguild.org/CMSModules/MediaLibrary/FormControls/LiveSelectors/InsertImageOrMedia/Tabs_Media.aspx?output=url&content=img&pagetypes=All&documentid=1040&parentid=60&content_userelativeurl=True&content_culture=en-US&siteid=1&hash=f73938b5aa099dddefe368b7543bbd962dc6de16cc2f27146d04f0658fd8e9d9
 
It's looking like the upload panel is accessible if I could divulge what the hash is:

Code:
https://www.mcdermott.com/CMSFormControls/LiveSelectors/InsertImageOrMedia/Tabs_Media.aspx

A full URL GET request with the hash would look like this but I'm unable to figure out the hash:

Code:
/CMSModules/MediaLibrary/FormControls/LiveSelectors/InsertImageOrMedia/Tabs_Media.aspx?output=html&link=1&pagetypes=All&documentid=4242&parentid=2456&content_userelativeurl=True&content_culture=en-US&siteid=3&hash=f0d6e71a06720df1202482ec7c6020baf17084236672f219b912f8e730fe5075

Gonna keep poking around to see what I can find...
 
It's looking like the upload panel is accessible if I could divulge what the hash is:

Code:
https://www.mcdermott.com/CMSFormControls/LiveSelectors/InsertImageOrMedia/Tabs_Media.aspx

A full URL GET request with the hash would look like this but I'm unable to figure out the hash:

Code:
/CMSModules/MediaLibrary/FormControls/LiveSelectors/InsertImageOrMedia/Tabs_Media.aspx?output=html&link=1&pagetypes=All&documentid=4242&parentid=2456&content_userelativeurl=True&content_culture=en-US&siteid=3&hash=f0d6e71a06720df1202482ec7c6020baf17084236672f219b912f8e730fe5075

Gonna keep poking around to see what I can find...
great findings. I am also struck at hash value.
 
Nothing on this end and I've researched my ass off on this one.
 
Hello many people are doing this kind of post and all are google indexed can somebody tell how can we post like this.
here is sample link.
https://www.explore.co.uk/getmedia/1bbd67ba-f635-4a5c-952a-b2bc9165ae55/vuJka.htmlThanks if some one can tell.
lean and earn online mone best method
 
Back
Top
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features and essential functions on BlackHatWorld and other forums. These functions are unrelated to ads, such as internal links and images. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock