Sea Adventure

Today I will be teaching you a very common vulnerability called XSS/Cross Site Scripting . Plus how to exploit it. What is XSS, what can I accomplish with it? XSS is common in search bars and comment boxes . We can then inject almost any type of programming language into the website. Whether it be Javascript , HTML or XML. XSS is mainly directed at Javascript injection. However, you can inject other languages which will be shown later. Most people use it to display messages on the website, redirect you to their defacement and even put cookie loggers and XSS shells on the website. What causes the vulnerability? Poor PHP coding within text boxes and submission forms. They were too lazy to code it properly allowing us to inject strings into the source code, that would then give us the conclusion of what we put in since it's also in the source code. They did not bother to filter what we type in . They allowed characters such as ">, ", /", etc. What ...

"CMS admin Image Uploader " Shell Upload Vulnrability Google dorks inurl:"default_image.asp" inurl:"default_imagen.asp"  inurl:"/box_image.htm" You'll got a upload option after clicking on link that you got in google serach results Now select your deface, or shell and upload it =) supported foramts : shell.asp;.jpg, shell.php;.jpg, .gif, .jpg, .png, .pdf, .zip .html .php you can use Tamper data too... Live demo :  https://www.thinkheartland.com/CMS/admin/default_Image.asp https://www.thinkheartland.com/CMS/admin/images/backlinks.html http://www.dautphetal.de/edit/default_asset.asp New shell & Deface Upload Vulnerability New shell & Deface  Upload Vulnerability ! by using this Vulnerability  You can Upload Your deface Page shell and files etc on websites :) Google dork :  inurl:.php " Please wait while the file is uploaded, it may take several minutes depending by the size of the ...

what is Blind SQLi Blind SQL Injection is used when a web application is vulnerable to an SQL injection but the results of the injection are not visible to the attacker. The page with the vulnerability may not be one that displays data but will display differently depending on the results of a logical statement injected into the legitimate SQL statement called for that page. This type of attack can become time-intensive because a new statement must be crafted for each bit recovered. There are several tools that can automate these attacks once the location of the vulnerability and the target information has been established . Blind SQLi Tutorial Let’s Start…………                 Suppose That You want to Hack This website with Blind SQLi http://site.com/index.php?id=5 when we execute this, we see some page and articles on that page, pictures etc… then when we want to test it for blind sql injection attack http://www.si...

Newbie3viLc063s shell is coded by newbie c0de d3vil, its a suitble shell for "Localhost Jumping" This shell is new verison of most popular shell b374k  download it here :  http://pastebin.com/JDhBnfkH (copy source from pastebin raw data section and paste it in notepad and save as any name .php, like shell.php or devilscafe.php )  Step 1 - download shell =) Click On Local Domain To view all websites based on same server  Check for readable  [click to view image] Step 2 - Now choose any website from Local host domain list and copy Senarai User value then goto home and paste in view file/folder after home/replacethiskeyword/public_html/ for example current view file/folder value = home/abc/public_html and your website's Senarai User value (username) is xyz then view file/folder value will be home/xyz/public_html/ [click to view image] Step 3 - After Going to that Folder Look for MySQL confiq (wp-config.php in wor...

Buka Google Search Engine , Tipe ini dork : inurl :/ plugins / ajaxfilemanager / Misalnya saya punya: http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/session/ atau http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/jscripts/edit_area/reg_syntax/ atau situs lain ... MisalNya : http://www.ziaislamic.com/BOOK-CMS/interfaces/fckeditor/editor/plugins/ajaxfilemanager/ajaxfilemanager.php http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php Sekarang Cari Upload Upload dan Upload shell Anda / Deface / file Untuk melihat Anda Berkas menemukan / Uploaded / direktori di Website dengan menggunakan Perkiraan Anda :P example of uploaded file :  http://lovegracia.com/tiny_mce/jscripts/tiny_mce/plugins/ajaxfilemanager/uploaded/aaaaaaaa.txt http://www.ziaislamic.com/BOOK-CMS/interfaces/uploaded/aaaaaaaa.txt Some Demo sites http://www.ziaislamic.com/BOOK-CM...

Judul: " Encodable " ~   mengunggah berkas lain Vulnerablity safe_image.php (90 × 90) Dork Google: " intext: File Upload by Encodable " Mari kita Mulai .. xd membuka google.com dan memasukkan dork : " intext : File Upload by Encodable " hasil datang dengan 166.000 hasil tetapi beberapa hasil palsu ... yang mungkin malwaers jadi memilih hal-hal nyata saja, "Upload file " Anda akan judul ini untuk mencari hasil di sini :) klik situs situs hanya yang datang dengan meng-upload sebuah judul file setelah klik link Anda akan mendapat formulir pemuatan Anda akan melihat beberapa pilihan dalam formulir ini seperti nama dll Keterangan email ...   Jenis apa pun di kotak-kotak tetapi menambahkan email di kotak email , jangan gunakan sendiri menempatkan ini billy@microsoft.com satu, admin@nasa.gov dll: P sekarang memilih file Anda dan meng-upload :) setelah mengklik tom...