Sea Adventure

"jFoler, jsp Webfolder Managment" A n e w shell and Deface upload exploit Hi Mates !! Hapy holi to evry o ne checkout holi special post here so i'm back with a n e w exploit its a new remote file upload  vulnerability, you can upload your deface page, files and shells on websites, without gaining Admin acess  mostly vulnerable websites for this attacks belongs to China and Tiwan ( .cn and .tw) Dork :  www.topronet.com ,All Rights Reserved.Any question, please email me cqq1978@Gmail.com and   JFoler 1.0 A jsp based web folder management tool by Steven Cee (its not a Particular dork, please try to modify it and if you sucessfull modified then leav e new dork in comment) Just select any site from search results and now upload your deface page or shell shell upload : for shell uploading rename your asp shell (shell.asp) to shell.jsp then upload it, you can try .php too, every Ext e nsion is allowed but in some sites you can't excute php and asp...

    In Internet Information Server Exploit website  we can upload the Defaced page on the Vulnerable Server without any User Name or Password. It is most Easiest way to Website Hacking .  STEP 1: Click on Start button and open "RUN". STEP 2: Now Type this in RUN %WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F} Now A Folder named " Web Folders " will open. STEP 3: Now " Right-Click " in the folder and Goto " New " and then " Web Folder ". STEP 4: Now type the name of the Vulnerable site in this. e.g." http: / / autoqingdao.com / " and click " Next ". STEP 5: Now Click on " Finish " STEP 6: Now the folder will appear. You can open it and put any deface page or anything. STEP 7: I put text file in that folder. Named " securityalert.txt " (you can put a shell or...

Title : TinyFileBrowser  ~ Remote file Upload Vulnerability Google Dork : "inurl:tinybrowser/upload.php"  Lets Start : Open google.com/ncr or you country dOmain like Google.co.in and enter This dork "inurl:tinybrowser/upload.php"   Vulnerable website's title will  TinyBrowser :: Upload in search results  and in sOme sites it will show you website directory in title :)  click on Vulnerable website only ... igNore sOme extra results  Now You'll Got a page Like this image  For uploading Your files click on upload ... and click on browse to view Your Uploaded File :) you can upload [.html],[.txt],[.jpg],[.gif],[.bmp] [.php not allowed] but atleast you can try as  php.jpg :P ... but in sOme websites you can upload images and txt file Only .. but  dont worry ... u can notify your deface as image or text file :D Must levae a comment if you like this Post :)  "Nothing is impos...

paw is a Vunerablity, you Can Upload your deface & Shell Easily in Vunerable websites Lets Start open www.google.com enter The Dork  inurl:"spaw2/dialogs/" or  inurl:"spaw2/uploads/files/" You will Got results Like this " Index of/ spaw2/dialogs/"   or : site.com/abc/spaw2/uploads/files/abc/abc.pdf Now replace The Spaw2/Uploads/abc/abc ur with this url spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files for example i got this website   http://climatechange.jgsee.org/Admin/spaw2/uploads/files/%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%87%E0%B8%AA%E0%B8%B7%E0%B8%AD%20Climate%20Change.pdf   so Now i will replcae  /Admin/spaw2/uploads/files/%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%87%E0%B8%AA%E0%B8%B7%E0%B8%AD%20Climate%20Change.pdf with /spaw2/uploads/files/%E0%B8%AB%E0%B8%99%E0%B8%B1%E0%B8%87%E0%B8%AA%E0%B8%B7%E0%B8%AD%20Climate%20Cha...

Hi Guys ! here, this is a quick tutorial on ' preventing sql injections ' , don't wrry if u don't know php, this is php friendly :) There are usually two types of attacks : 1. URL based  2. Form based  Major reason for both of them is 'badly architectured parametres' many say That remove/rename or unlink the database configuration file, ofcourse this will work but this is NOT the solution, as it will halt the functionality of the site , your Dynamic website will turn into just html pages in seconds, this is anologus to condition like, because of fear of robbery you don't buy anything for yourself too: P what we will be doing is sanitizing and validating php variables, we have make sure That our critical global arrays like get, post, files, session, cookies etc allow data which we Want them to store and nothing else, because we can't trust the fact that users will enter expected data. What we mean is suppose you have site script like...

Today we will Learn CPANEL cracking or Hacking  i.e gaining password for port no 2082 on website first of all we need a cpanel cracking shell on the server because we are going to crack those websites cpanels which are hosted on the shelled server.  so lets start i am using cpanel.php [ download it here ]shell for cracking :) we need two things in cracking first one is usernames of the websites that are hosted on the server second is a good password dictonery [Get Passwords List Here] so in first step :- grab the usernames of the websites using command ls /var/mail or use the "Grab the usernames from /etc/passwd" option in the shell press the go button we have done from our side lets wait and watch ,if we have supplied good passwords then shell will show a message " [~]# cracking success with username "xyz" with password "xyz" " otherwise it will show "[~] Please put some good passwords to crack username ...