Sea Adventure

"jFoler, jsp Webfolder Managment" A n e w shell and Deface upload exploit Hi Mates !! Hapy holi to evry o ne checkout holi special post here so i'm back with a n e w exploit its a new remote file upload  vulnerability, you can upload your deface page, files and shells on websites, without gaining Admin acess  mostly vulnerable websites for this attacks belongs to China and Tiwan ( .cn and .tw) Dork :  www.topronet.com ,All Rights Reserved.Any question, please email me cqq1978@Gmail.com and   JFoler 1.0 A jsp based web folder management tool by Steven Cee (its not a Particular dork, please try to modify it and if you sucessfull modified then leav e new dork in comment) Just select any site from search results and now upload your deface page or shell shell upload : for shell uploading rename your asp shell (shell.asp) to shell.jsp then upload it, you can try .php too, every Ext e nsion is allowed but in some sites you can't excute php and asp...

    In Internet Information Server Exploit website  we can upload the Defaced page on the Vulnerable Server without any User Name or Password. It is most Easiest way to Website Hacking .  STEP 1: Click on Start button and open "RUN". STEP 2: Now Type this in RUN %WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F} Now A Folder named " Web Folders " will open. STEP 3: Now " Right-Click " in the folder and Goto " New " and then " Web Folder ". STEP 4: Now type the name of the Vulnerable site in this. e.g." http: / / autoqingdao.com / " and click " Next ". STEP 5: Now Click on " Finish " STEP 6: Now the folder will appear. You can open it and put any deface page or anything. STEP 7: I put text file in that folder. Named " securityalert.txt " (you can put a shell or...

Title : TinyFileBrowser  ~ Remote file Upload Vulnerability Google Dork : "inurl:tinybrowser/upload.php"  Lets Start : Open google.com/ncr or you country dOmain like Google.co.in and enter This dork "inurl:tinybrowser/upload.php"   Vulnerable website's title will  TinyBrowser :: Upload in search results  and in sOme sites it will show you website directory in title :)  click on Vulnerable website only ... igNore sOme extra results  Now You'll Got a page Like this image  For uploading Your files click on upload ... and click on browse to view Your Uploaded File :) you can upload [.html],[.txt],[.jpg],[.gif],[.bmp] [.php not allowed] but atleast you can try as  php.jpg :P ... but in sOme websites you can upload images and txt file Only .. but  dont worry ... u can notify your deface as image or text file :D Must levae a comment if you like this Post :)  "Nothing is impos...

paw is a Vunerablity, you Can Upload your deface & Shell Easily in Vunerable websites Lets Start open www.google.com enter The Dork  inurl:"spaw2/dialogs/" or  inurl:"spaw2/uploads/files/" You will Got results Like this " Index of/ spaw2/dialogs/"   or : site.com/abc/spaw2/uploads/files/abc/abc.pdf Now replace The Spaw2/Uploads/abc/abc ur with this url spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files for example i got this website   http://climatechange.jgsee.org/Admin/spaw2/uploads/files/%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%87%E0%B8%AA%E0%B8%B7%E0%B8%AD%20Climate%20Change.pdf   so Now i will replcae  /Admin/spaw2/uploads/files/%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%87%E0%B8%AA%E0%B8%B7%E0%B8%AD%20Climate%20Change.pdf with /spaw2/uploads/files/%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%87%E0%B8%AA%E0%B8%B7%E0%B8%AD%20Climate%20Cha...

Hi Guys ! here, this is a quick tutorial on ' preventing sql injections ' , don't wrry if u don't know php, this is php friendly :) There are usually two types of attacks : 1. URL based  2. Form based  Major reason for both of them is 'badly architectured parametres' many say That remove/rename or unlink the database configuration file, ofcourse this will work but this is NOT the solution, as it will halt the functionality of the site , your Dynamic website will turn into just html pages in seconds, this is anologus to condition like, because of fear of robbery you don't buy anything for yourself too: P what we will be doing is sanitizing and validating php variables, we have make sure That our critical global arrays like get, post, files, session, cookies etc allow data which we Want them to store and nothing else, because we can't trust the fact that users will enter expected data. What we mean is suppose you have site script like...

Today we will Learn CPANEL cracking or Hacking  i.e gaining password for port no 2082 on website first of all we need a cpanel cracking shell on the server because we are going to crack those websites cpanels which are hosted on the shelled server.  so lets start i am using cpanel.php [ download it here ]shell for cracking :) we need two things in cracking first one is usernames of the websites that are hosted on the server second is a good password dictonery [Get Passwords List Here] so in first step :- grab the usernames of the websites using command ls /var/mail or use the "Grab the usernames from /etc/passwd" option in the shell press the go button we have done from our side lets wait and watch ,if we have supplied good passwords then shell will show a message " [~]# cracking success with username "xyz" with password "xyz" " otherwise it will show "[~] Please put some good passwords to crack username ...

Today I will be teaching you a very common vulnerability called XSS/Cross Site Scripting . Plus how to exploit it. What is XSS, what can I accomplish with it? XSS is common in search bars and comment boxes . We can then inject almost any type of programming language into the website. Whether it be Javascript , HTML or XML. XSS is mainly directed at Javascript injection. However, you can inject other languages which will be shown later. Most people use it to display messages on the website, redirect you to their defacement and even put cookie loggers and XSS shells on the website. What causes the vulnerability? Poor PHP coding within text boxes and submission forms. They were too lazy to code it properly allowing us to inject strings into the source code, that would then give us the conclusion of what we put in since it's also in the source code. They did not bother to filter what we type in . They allowed characters such as ">, ", /", etc. What ...

"CMS admin Image Uploader " Shell Upload Vulnrability Google dorks inurl:"default_image.asp" inurl:"default_imagen.asp"  inurl:"/box_image.htm" You'll got a upload option after clicking on link that you got in google serach results Now select your deface, or shell and upload it =) supported foramts : shell.asp;.jpg, shell.php;.jpg, .gif, .jpg, .png, .pdf, .zip .html .php you can use Tamper data too... Live demo :  https://www.thinkheartland.com/CMS/admin/default_Image.asp https://www.thinkheartland.com/CMS/admin/images/backlinks.html http://www.dautphetal.de/edit/default_asset.asp New shell & Deface Upload Vulnerability New shell & Deface  Upload Vulnerability ! by using this Vulnerability  You can Upload Your deface Page shell and files etc on websites :) Google dork :  inurl:.php " Please wait while the file is uploaded, it may take several minutes depending by the size of the ...

what is Blind SQLi Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack can become time-intensive because a new statement must be crafted for each bit recovered. There are several tools that can automate these attacks once the location of the vulnerability and the target information has been established . Blind SQLi Tutorial Let’s Start…………                 Suppose That You want to Hack This website with Blind SQLi http://site.com/index.php?id=5 when we execute this, we see some page and articles on that page, pictures etc… then when we want to test it for blind sql injection attack http://www.si...

Newbie3viLc063s shell is coded by newbie c0de d3vil, its a suitble shell for "Localhost Jumping" This shell is new verison of most popular shell b374k  download it here :  http://pastebin.com/JDhBnfkH (copy source from pastebin raw data section and paste it in notepad and save as any name .php, like shell.php or devilscafe.php )  Step 1 - download shell =) Click On Local Domain To view all websites based on same server  Check for readable  [click to view image] Step 2 - Now choose any website from Local host domain list and copy Senarai User value then goto home and paste in view file/folder after home/replacethiskeyword/public_html/ for example current view file/folder value = home/abc/public_html and your website's Senarai User value (username) is xyz then view file/folder value will be home/xyz/public_html/ [click to view image] Step 3 - After Going to that Folder Look for MySQL confiq (wp-config.php in wor...

Buka Google Search Engine , Tipe ini dork : inurl :/ plugins / ajaxfilemanager / Misalnya saya punya: http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/session/ atau http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/jscripts/edit_area/reg_syntax/ atau situs lain ... MisalNya : http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php Sekarang Cari Upload Upload dan Upload shell Anda / Deface / file Untuk melihat Anda Berkas menemukan / Uploaded / direktori di Website dengan menggunakan Perkiraan Anda :P example of uploaded file :  http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/aaaaaaaa.txt http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/aaaaaaaa.txt Some Demo sites http://www.ziaislamic.com/BOOK-CM...

Judul: " Encodable " ~   mengunggah berkas lain Vulnerablity safe_image.php (90 × 90) Dork Google: " intext: File Upload by Encodable " Mari kita Mulai .. xd membuka google.com dan memasukkan dork : " intext : File Upload by Encodable " hasil datang dengan 166.000 hasil tetapi beberapa hasil palsu ... yang mungkin malwaers jadi memilih hal-hal nyata saja, "Upload file " Anda akan judul ini untuk mencari hasil di sini :) klik situs situs hanya yang datang dengan meng-upload sebuah judul file setelah klik link Anda akan mendapat formulir pemuatan Anda akan melihat beberapa pilihan dalam formulir ini seperti nama dll Keterangan email ...   Jenis apa pun di kotak-kotak tetapi menambahkan email di kotak email , jangan gunakan sendiri menempatkan ini billy@microsoft.com satu, admin@nasa.gov dll: P sekarang memilih file Anda dan meng-upload :) setelah mengklik tom...