This tut Shows how to hack Sites running: Php 4.4 Sites.

Step 1 – Search for them

Yep,make a Google dork to find sites running Apache and PHP 4.4 . Its quite easy.

Step 2 – Scan them

Start by scanning them using Nmap,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login.

Now just login using port 2000 ie –

and you will be comfortably login into admin page like this –

Step 3 – Hack them

Now in the fields,you have to type –

username – admin

password – a’ or 1=1 or ‘b

domain – a’ or 1=1 or ‘b

and press go,you will login into admin

voila..you have hacked into admin. Actually sites based on PHP 4.4 have the vulnerability in them that they are vulnerable to SQL injection.

credit: prohack

Explore More

XSS The Complete Walkthrough

Author: t0pP8uZz Description: Complete tutorial on XSS methods. Homepage: G0t-Root.net, H4cky0u.org, Milw0rm.com Date: 24/07/07 Chapters: What is XSS? Finding XSS Vulnerbilitys The Basics On XSS Deface Methods Cookie Stealing Filteration

Read More

Critical persistent xss vulnerabilities at IPAY : Myanmar Online payment Official Site

This evening, I found a fascinated  big bill board “IPAY” http://www.ipay.com.mm at Thamine Junction, Yangon, Myanmar. Then, I said my friend “googl3group” about it, and said  “NO XSS, NO SQL

Read More

What are the various steps in the pre-attack phase?

In the pre-attack phase, there are seven steps, which have been defined by the EC-Council, as follows: 1. Information gathering 2. Determining network range 3. Identifying active machines 4. Finding

Read More