Check Order status | Verified Sales | Escrow Service | Advertise
westernunion carding gold carding
revolut carding electronics carding
paypal carding payoneer carding
advertise on cracking forums

[Tutorial] Source Code Disclosure [/Tutorial]

Prince

[ Verified Seller ]
Staff member
Trusted Seller
Joined
10 yrs. 6 mth. 15 days
Messages
5,387
Reaction score
18,373
Age
44
Wallet
11,590$
What is Source Code Disclosure?

This is a kind of exploits that is very easy & tricky .... That you actually exploit the PDF downloading system to download such other suspec. files from the web server!

This is a google dork that can be used to capture such Vulnerabilities

Code:
Please, Log in or Register to view codes content!


Alright so here is the requirements :
1-Old exp. in PHP ( not very important )
2-Old exp. in SQL commands.. ( very important )

Okay here we go ,
Lets say we found a URL tat allows PDF downloading ..

http://www.target.co...?f=somefile.pdf


We will ignore the popup downloading box And start playing abit with the URL so we can find the Suspec. PHP files ...!

http://www.target.co...?f=download.php

Now lets notice if theres a downloading popup , If there is then you are lucky to find the PHP file on the first Directory...! If not Then keep searching in the directories like this

http://www.target.co...../download.php

http://www.target.co...../download.php

http://www.target.co...../download.php


Alright After we download this PHP file we are going to check codes in it .. In my case i found

Code:
Please, Log in or Register to view codes content!


Okay lets keep going ... Now as you see the download.php file has a config file but thats not the config file we want , We want one that is actually attached to the sql database of them ... Like some login boxes etc..

Lets say we found an admin page login

Please, Log in or Register to view URLs content!


Okay now you need a FF Add-on called FireBug , Once you install it and restart your FF

Go to the admin login page and right click and click on Inspect Element
Then click on HTML Then start looking for some thing familiar to this

Code:
Please, Log in or Register to view codes content!


Now this is the config file we want to download to fetch the sql informations!

In my Case

http://www.target.co...gin/process.php


After downloading this file Open it to view the source code! Now you will be able to view the sql connection information , Most of you will actually give up by seeing localhost , Well theres still a chance to connect

Open up cmd.exe and type

Code:
Please, Log in or Register to view codes content!

Now you are connected Theres alot of ways to get your PHP shell script up !
 
Paid adv. expire in 2 months
CLICK to buy Advertisement !
westernunion carding Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
electronics carding Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding
Top Bottom