New inurl misc php do. Operators of search engines Google and Yandex. "bookend"

Run the downloaded file with a double click (you need to have virtual machine ).

3. Anonymity when checking the site for SQL injection

Configuring Tor and Privoxy on Kali Linux

[Section under construction]

Configuring Tor and Privoxy on Windows

[Section under construction]

Settings for working through a proxy in jSQL Injection

[Section under construction]

4. Checking the site for SQL injection with jSQL Injection

Working with the program is extremely simple. It is enough to enter the site address and press ENTER.

The next screenshot shows that the site is vulnerable to three types of SQL injection at once (information about them is indicated in the lower right corner). By clicking on the names of the injections, you can switch the method used:

Also, the existing databases have already been displayed.

You can see the contents of each table:

Usually, the most interesting thing in the tables is the administrator's credentials.

If you are lucky and you have found the administrator's data, then it's too early to rejoice. You also need to find the admin panel, where to enter this data.

5. Search for admin areas with jSQL Injection

To do this, go to the next tab. Here we are greeted by a list of possible addresses. You can select one or several pages to check:

The convenience lies in the fact that you do not need to use other programs.

Unfortunately, there are not very many careless programmers who store passwords in clear text. Quite often, in the password line, we see something like

8743b52063cd84097a65d1633f5c74f5

This is a hash. You can decrypt it with brute force. And ... jSQL Injection has a built-in brute-force.

6. Brute-forcing hashes using jSQL Injection

The undoubted convenience is that you do not need to look for other programs. It has support for many of the most popular hashes.

This is not the best option. In order to become a guru in decoding hashes, the Book "" in Russian is recommended.

But, of course, when there is no other program at hand or there is no time to learn, jSQL Injection with a built-in brute-force function will come in handy.

There are settings: you can set what characters are included in the password, the password length range.

7. Operations with files after detecting SQL injection

In addition to operations with databases - reading and modifying them, in case of detection of SQL injections, the following file operations can be performed:

• reading files on the server
• uploading new files to the server
• uploading shells to the server

And all this is implemented in jSQL Injection!

There are restrictions - the SQL server must have file privileges. For reasonable system administrators, they are disabled and access to file system you will not be able to get it.

The existence of file privileges is easy enough to check. Go to one of the tabs (reading files, creating a shell, uploading a new file) and try to perform one of the specified operations.

Another very important note - we need to know the exact absolute path to the file with which we will work - otherwise nothing will work.

Take a look at the following screenshot:

Any attempt to operate on a file is answered by: No FILE privilege(no file privileges). And nothing can be done about it.

If instead you have a different error:

Problem writing into [directory_name]

This means that you have incorrectly specified the absolute path where you want to write the file.

In order to assume an absolute path, you must at least know the operating system on which the server is running. To do this, switch to the Network tab.

Such an entry (line Win64) gives us reason to assume that we are dealing with a Windows OS:

Keep-Alive: timeout = 5, max = 99 Server: Apache / 2.4.17 (Win64) PHP / 7.0.0RC6 Connection: Keep-Alive Method: HTTP / 1.1 200 OK Content-Length: 353 Date: Fri, 11 Dec 2015 11:48:31 GMT X-Powered-By: PHP / 7.0.0RC6 Content-Type: text / html; charset = UTF-8

Here we have some Unix (* BSD, Linux):

Transfer-Encoding: chunked Date: Fri, 11 Dec 2015 11:57:02 GMT Method: HTTP / 1.1 200 OK Keep-Alive: timeout = 3, max = 100 Connection: keep-alive Content-Type: text / html X- Powered-By: PHP / 5.3.29 Server: Apache / 2.2.31 (Unix)

And here we have CentOS:

Method: HTTP / 1.1 200 OK Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID = 9p60gtunrv7g41iurr814h9rd0; path = / Connection: keep-alive X-Cache-Lookup: MISS from t1.hoster.ru:6666 Server: Apache / 2.2.15 (CentOS) X-Powered-By: PHP / 5.4.37 X-Cache: MISS from t1.hoster.ru Cache-Control: no-store, no-cache, must-revalidate, post-check = 0, pre-check = 0 Pragma: no-cache Date: Fri, 11 Dec 2015 12:08:54 GMT Transfer-Encoding: chunked Content-Type: text / html; charset = WINDOWS-1251

On Windows, a typical folder for sites is C: \ Server \ data \ htdocs \... But, in fact, if someone "thought of" making a server on Windows, then, most likely, this person has not heard anything about privileges. Therefore, it is worth starting attempts directly from the C: / Windows / directory:

As you can see, everything went fine the first time.

But the jSQL Injection shells themselves raise my doubts. If you have file privileges, then you can easily upload something from the web interface.

8. Bulk check of sites for SQL injection

And even jSQL Injection has this feature. Everything is extremely simple - load a list of sites (you can import from a file), select those that you want to check and press the appropriate button to start the operation.

Conclusion on jSQL Injection

jSQL Injection is a good, powerful tool for finding and then using SQL Injection found on sites. Its undoubted advantages: ease of use, built-in related functions. jSQL Injection can be a beginner's best friend when analyzing websites.

Of the shortcomings, I would note the impossibility of editing databases (by at least I did not find this functionality). As with all tools with a graphical interface, the disadvantages of this program can be attributed to the impossibility of using it in scripts. Nevertheless, some automation is possible in this program too - thanks to the built-in bulk site check function.

Of the established sample and certificate... At a special discount for any faculties and courses!

SSY stands for "Siddha Samadhi Yoga"(often expanded as ‘Science of Silence Yoga’) where Siddha means ‘something (i.e., knowledge) that is proven or accomplished’, Samadhi means ‘a state in which the intellect is equanimous’ and Yoga means ‘union with one’s higher self’.

SSY is the fundamental knowledge of life. Our ancient rishis had formulated a unique mode of training called Brahmopadesam, which is an instruction on the science of non-doing and experiencing stillness within and abundance without. It brings about a sea change in one’s outlook towards life and effects remarkable maturity in the individual. SSY is nothing but the present-day version of this ancient science of Brahmopadesam.

SSY as a training program is offered byLife Yessence Academy (LiYA), and it is the flagship program of the institution. Being the flagship program, it has become synonymous with the name of the organization. Trainings of this great knowledge are taught in many places in the world by teachers of LiYA. The Indian chapter of LiYA is calledRishi Samskruti Vidya Kendra (RSVK).

“I am the Body” is the first notion that kills the awakening. SSY is the process
To enter into Samadhi, the state of total detachment." -Guruji

The Google search engine (www.google.com) provides many search options. All these capabilities are an invaluable search tool for a first-time Internet user and, at the same time, an even more powerful weapon of invasion and destruction in the hands of people with evil intentions, including not only hackers, but also non-computer criminals and even terrorists.
(9475 views in 1 week)

Denis Batrankov
denisNOSPAMixi.ru

Attention:This article is not a guide to action. This article was written for you, administrators of WEB servers, so that you lose the false feeling that you are safe, and you finally understand the insidiousness of this method of obtaining information and set about protecting your site.

Introduction

For example, I found 1670 pages in 0.14 seconds!

2. Let's introduce another line, for example:

inurl: "auth_user_file.txt"

a little less, but this is already enough for free download and for brute-force attacks (using the same John The Ripper). Below I will give some more examples.

So, you need to realize that the Google search engine has visited most of the sites on the Internet and stored in the cache the information they contain. This cached information allows you to get information about the site and the content of the site without a direct connection to the site, just digging into the information that is stored inside Google. Moreover, if the information on the site is no longer available, then the information in the cache may still be preserved. All it takes for this method is to know some Google keywords. This technique is called Google Hacking.

For the first time, information about Google Hacking appeared on the Bugtruck mailing list 3 years ago. In 2001, this topic was brought up by a French student. Here is a link to this letter http://www.cotse.com/mailing-lists/bugtraq/2001/Nov/0129.html. It provides the first examples of such requests:

1) Index of / admin
2) Index of / password
3) Index of / mail
4) Index of / + banques + filetype: xls (for france ...)
5) Index of / + passwd
6) Index of / password.txt

This topic made a splash in the English-reading part of the Internet quite recently: after Johnny Long's article published on May 7, 2004. For a more complete study of Google Hacking, I recommend visiting this author's site at http://johnny.ihackstuff.com. In this article, I just want to bring you up to date.

Who can use it:
- Journalists, spies and all those people who like to poke their nose into other matters can use this to search for compromising evidence.
- Hackers looking for suitable targets for hacking.

How Google works.

To continue the conversation, let me remind you of some of keywords used in Google queries.

Search using the + sign

Google excludes from the search, in its opinion, words that are unimportant. For example, question words, prepositions and articles in English: for example are, of, where. In Russian, Google seems to consider all words important. If the word is excluded from the search, then Google writes about it. In order for Google to start looking for pages with these words in front of them, you need to add a + sign without a space in front of the word. For example:

ace + of base

Search using the sign -

If Google finds a large number of pages from which it is necessary to exclude pages with a specific topic, then you can force Google to search only for pages that do not have specific words. To do this, you need to indicate these words, putting in front of each sign - without a space in front of the word. For example:

fishing vodka

Search using ~

You may want to find not only the specified word, but also its synonyms. To do this, precede the word with the ~ symbol.

Finding the exact phrase using double quotes

Google searches on each page for all occurrences of the words that you wrote in the query string, and it does not care about the relative position of words, the main thing is that all the specified words are on the page at the same time (this is the default action). To find the exact phrase, you need to enclose it in quotes. For example:

"bookend"

To have at least one of the specified words, you need to specify the logical operation explicitly: OR. For example:

book safety OR protection

In addition, in the search bar, you can use the * sign to denote any word and. to denote any character.

Finding words using additional operators

Exists search operators, which are indicated in the search string in the format:

operator: search_term

Spaces next to the colon are not needed. If you insert a space after the colon, you will see an error message, and before it, then Google will use them as a normal search string.
There are groups of additional search operators: languages ​​- indicate in what language you want to see the result, date - limit results for the past three, six or 12 months, occurrences - indicate where in the document you need to search for a string: everywhere, in the title, in the URL, domains - search the specified site or, on the contrary, exclude it from the search, safe search - block sites containing the specified type of information and remove them from the search results pages.
At the same time, some operators do not need an additional parameter, for example, the request " cache: www.google.com"can be called as a full-fledged search string, and some keywords, on the contrary, require a search word, for example" site: www.google.com help". In light of our topic, let's look at the following operators:

Operator	Description	Requires an additional parameter?
	search only on the site specified in search_term
	search only in documents with the search_term type
	find pages containing search_term in title
	find pages containing all the words search_term in the title
	find pages containing the word search_term in their url
	find pages containing all the words search_term in their url

Operator site: restricts the search only to the specified site, and you can specify not only Domain name but also an IP address. For example, enter:

Operator filetype: restricts searches to files of a specific type. For example:

As of the article's release date, Google can search within 13 different file formats:

• Adobe Portable Document Format (pdf)
• Adobe PostScript (ps)
• Lotus 1-2-3 (wk1, wk2, wk3, wk4, wk5, wki, wks, wku)
• Lotus WordPro (lwp)
• MacWrite (mw)
• Microsoft Excel (xls)
• Microsoft PowerPoint (ppt)
• Microsoft Word(doc)
• Microsoft Works (wks, wps, wdb)
• Microsoft Write (wri)
• Rich Text Format (rtf)
• Shockwave Flash (swf)
• Text (ans, txt)

Operator link: shows all pages that point to the specified page.
It's probably always interesting to see how many places on the Internet know about you. Trying:

Operator cache: shows the version of the site in the Google cache, what it looked like when Google last visited this page once. We take any site that changes frequently and look at:

Operator intitle: searches for the specified word in the page title. Operator allintitle: is an extension - it looks for all specified multiple words in the page title. Compare:

intitle: flight to mars
intitle: flight intitle: to intitle: mars
allintitle: flight to mars

Operator inurl: forces Google to display all pages containing the specified string in the URL. Operator allinurl: Searches for all words in a URL. For example:

allinurl: acid acid_stat_alerts.php

This command is especially useful for those who do not have SNORT - at least they can see how it works on a real system.

Hacking Methods Using Google

So, we found out that using a combination of the above operators and keywords, anyone can start collecting the necessary information and looking for vulnerabilities. These techniques are often referred to as Google Hacking.

map of site

You can use the site: operator to see all the links Google finds on the site. Usually, pages that are dynamically created by scripts are not indexed using parameters, so some sites use ISAPI filters so that links are not in the form /article.asp?num=10&dst=5, and with slashes / article / abc / num / 10 / dst / 5... This is done so that the site is generally indexed by search engines.

Let's try:

site: www.whitehouse.gov whitehouse

Google thinks every page on the site contains the word whitehouse. This is what we use to get all the pages.
There is also a simplified version:

site: whitehouse.gov

And the best part is that the comrades from whitehouse.gov did not even know that we looked at the structure of their site and even looked at the cached pages that Google downloaded for itself. This can be used to study the structure of sites and view content without being noticed for the time being.

Viewing a list of files in directories

WEB servers can show lists of server directories instead of usual HTML pages... This is usually done to get users to select and download specific files. However, in many cases, administrators do not have the goal of showing the contents of a directory. This occurs due to incorrect configuration of the server or the absence of the main page in the directory. As a result, the hacker has a chance to find something interesting in the directory and use it for his own purposes. To find all such pages, just notice that they all contain the words: index of in their title. But since the words index of contain not only such pages, we need to clarify the query and take into account the keywords on the page itself, so queries of the form are suitable for us:

intitle: index.of parent directory
intitle: index.of name size

Since most of the directory listings are intentional, you may find it difficult to find erroneous listings the first time around. But at least you can already use the listings to determine the version of the WEB server, as described below.

Getting the version of the WEB server.

Knowing the version of the WEB server is always useful before starting any hacker attack. Again thanks to Google it is possible to get this information without connecting to the server. If you look closely at the listing of the directory, you can see that the name of the WEB server and its version are displayed there.

Apache1.3.29 - ProXad Server at trf296.free.fr Port 80

An experienced administrator can change this information, but, as a rule, it is true. Thus, to get this information, it is enough to send a request:

intitle: index.of server.at

To get information for a specific server, we clarify the request:

intitle: index.of server.at site: ibm.com

Or vice versa, we are looking for servers running on a specific server version:

intitle: index.of Apache / 2.0.40 Server at

This technique can be used by a hacker to find a victim. If, for example, he has an exploit for a certain version of the WEB server, then he can find it and try the existing exploit.

You can also get the server version by looking at the pages that are installed by default when installing a fresh version of the WEB server. For example, to see the Apache 1.2.6 test page, just type

intitle: Test.Page.for.Apache it.worked!

Moreover, some OS during installation, they immediately install and start the WEB server. At the same time, some users are not even aware of this. Naturally, if you see that someone has not deleted the default page, then it is logical to assume that the computer has not undergone any configuration at all and is probably vulnerable to attacks.

Try to find IIS 5.0 pages

allintitle: Welcome to Windows 2000 Internet Services

In the case of IIS, you can determine not only the server version, but also the Windows version and Service Pack.

Another way to determine the version of the WEB server is to search for manuals (help pages) and examples that can be installed on the site by default. Hackers have found many ways to use these components to gain privileged access to a site. That is why you need to remove these components on the production site. Not to mention the fact that by the presence of these components you can get information about the type of server and its version. For example, let's find the apache manual:

inurl: manual apache directives modules

Using Google as a CGI scanner.

CGI scanner or WEB scanner is a utility for searching for vulnerable scripts and programs on the victim's server. These utilities should know what to look for, for this they have a whole list of vulnerable files, for example:

/cgi-bin/cgiemail/uargg.txt
/random_banner/index.cgi
/random_banner/index.cgi
/cgi-bin/mailview.cgi
/cgi-bin/maillist.cgi
/cgi-bin/userreg.cgi

/iissamples/ISSamples/SQLQHit.asp
/SiteServer/admin/findvserver.asp
/scripts/cphost.dll
/cgi-bin/finger.cgi

We can find each of these files with using google using the words index of or inurl in addition to the file name in the search bar: we can find sites with vulnerable scripts, for example:

allinurl: /random_banner/index.cgi

Using additional knowledge, a hacker can exploit a script vulnerability and use this vulnerability to force the script to return any file stored on the server. For example a password file.

How to protect yourself from Google hacking.

1. Do not post important data to the WEB server.

Even if you posted the data temporarily, then you can forget about it or someone will have time to find and take this data before you erase it. Don't do that. There are many other ways to transfer data to protect it from theft.

2. Check your site.

Use the methods described to research your site. Check your site periodically with new methods that appear on the site http://johnny.ihackstuff.com. Remember that if you want to automate your actions, you need to get special permission from Google. If you read carefully http://www.google.com/terms_of_service.html then you will see the phrase: You may not send automated queries of any sort to Google "s system without express permission in advance from Google.

3. You may not need Google to index your site or part of it.

Google allows you to remove a link to your site or part of it from its database, as well as remove pages from the cache. In addition, you can prohibit the search for images on your site, prohibit showing short fragments of pages in search results. All options for deleting a site are described on the page http://www.google.com/remove.html... To do this, you must confirm that you are actually the owner of this site or insert tags into the page or

4. Use robots.txt

It is known that search engines look into the robots.txt file located at the root of the site and do not index those parts that are marked with the word Disallow... You can take advantage of this to prevent part of the site from being indexed. For example, to avoid indexing the entire site, create a robots.txt file containing two lines:

User-agent: *
Disallow: /

What else happens

So that life does not seem like honey to you, I will say in the end that there are sites that monitor those people who, using the above methods, are looking for holes in scripts and WEB servers. An example of such a page is

Application.

A little bit sweet. Try something from the following list yourself:

1. #mysql dump filetype: sql - search for database dumps mySQL data
2. Host Vulnerability Summary Report - will show you what vulnerabilities other people have found
3.phpMyAdmin running on inurl: main.php - this will force close control via phpmyadmin panel
4.not for distribution confidential
5. Request Details Control Tree Server Variables
6. Running in Child mode
7. This report was generated by WebLog
8.intitle: index.of cgiirc.config
9.filetype: conf inurl: firewall -intitle: cvs - can anyone need firewall configuration files? :)
10. intitle: index.of finances.xls - hmm ....
11.intitle: Index of dbconvert.exe chats - icq chat logs
12.intext: Tobias Oetiker traffic analysis
13.intitle: Usage Statistics for Generated by Webalizer
14.intitle: statistics of advanced web statistics
15.intitle: index.of ws_ftp.ini - ws ftp config
16.inurl: ipsec.secrets holds shared secrets - the secret key is a good find
17.inurl: main.php Welcome to phpMyAdmin
18.inurl: server-info Apache Server Information
19.site: edu admin grades
20. ORA-00921: unexpected end of SQL command - getting paths
21. intitle: index.of trillian.ini
22. intitle: Index of pwd.db
23. intitle: index.of people.lst
24. intitle: index.of master.passwd
25. inurl: passlist.txt
26. intitle: Index of .mysql_history
27. intitle: index of intext: globals.inc
28. intitle: index.of administrators.pwd
29. intitle: Index.of etc shadow
30. intitle: index.of secring.pgp
31.inurl: config.php dbuname dbpass
32. inurl: perform filetype: ini

"Hacking mit Google"

Training center "Informzashita" http://www.itsecurity.ru - a leading specialized center in the field of training information security(License of the Moscow Education Committee No. 015470, State accreditation No. 004251). The only authorized training center for companies Internet Security Systems and Clearswift in Russia and the CIS countries. Microsoft Authorized Training Center (Security specialization). The training programs are coordinated with the State Technical Commission of Russia, the FSB (FAPSI). Certificates of training and state documents on professional development.

SoftKey is a unique service for buyers, developers, dealers and affiliate partners. In addition, it is one of the best online software stores in Russia, Ukraine, Kazakhstan, which offers customers a wide assortment, many payment methods, prompt (often instant) order processing, tracking the order fulfillment process in the personal section, various discounts from the store and manufacturers. ON.

Search operators ( Special symbols which add to search query) help to get a huge amount of useful information About the site. With their help, you can significantly narrow the search range and find the information you need. Basically, operators in different search engines ah are the same, but there are differences. Therefore, we will consider the operators for Google and Yandex separately.

Google Operators

Let's start with the simplest operators:

+ - the plus operator is used to find words in one sentence, just insert this symbol between words. For example, by making a query like "winter + tires + for + Nissan", you will get in the search results those sites that have sentences with a full set of all words from the query.

- - the "minus" operator will help to exclude unwanted words from the query. For example, if you make a request "The Godfather is online", then you will be given sites with information about the film, review, review, etc., but exclude sites with online viewing.

.. - will help to find results containing numbers in the specified range.

@ and #- symbols for searching by tags and hashtags of social networks.

OR- the "or" operator, with its help you can find pages on which at least one of several words is found.

« » - quotes tell the search engine that you need to find sites where the entered words are in the specified order - the exact match.

Complex operators:

site: will help you find the information you need on a specific site.

cache: a useful operator in case the content of any page has changed or has been blocked. Will show the cached version. Example: cache: site

info: serves to display all information about the address.

related: excellent operator for finding sites with similar content.

allintitle: pages are displayed that have the words specified in the request in the title tag

allinurl: great operator with which you can find the pages you really need. Shows sites that contain the specified words in the page address. Unfortunately, there are still few sites in the Russian segment of the Internet that use the Cyrillic alphabet, so you will have to use either transliteration, for example, allinurl: steklopakety, or the Latin alphabet.

inurl: does the same as the operator above, but the selection occurs only for one word.

allintext: the selection of pages is made precisely by the content of the page. It can be useful if you are looking for some information, but you have simply forgotten the address of the site.

intext: same thing for just one word.

allinanchor: the operator shows pages that have keywords in the description. For example: allinanchor: wrist watch.

inanchor: the same thing for only one keyword.

Operators Yandex

Simple Operators:

! - is placed before a keyword and pages are displayed in the search results, where exactly the same word is indicated (without changing the word form).

+ - just like Google, pages are displayed with all the words specified between the plus.

« » - shows the exact match of the phrase.

() - used to group words in complex queries.

& - is needed to search for pages in which the words combined by this operator occur in one sentence.

* - serves to search for missing words in quotes. For example: Russia * soul. One * operator replaces one word.

The following operators are already built into Yandex advanced search, so there is no point in memorizing them, but we will still explain what each of them does.

title: search by site page titles

url: search through pages located at a given address, for example url: site / blog / *

host: searches the entire host.

site: here the search is performed on all subdomains and pages of the site.

inurl: search through the pages of this domain only using keywords. For example, inurl: blog site

mime: search for documents of a given type, for example mime: xls.

cat: search for sites that are present in Yandex.Catalog, as well as the region and heading of which matches the given one. For example: car cat: category_id

This is how these operators look in the search engine itself:

Thus, by correctly selecting and using the operators of the search engines Google and Yandex, you can independently compose semantic core for the site, find flaws and mistakes in the work, make an analysis of competitors, and also find out - where and what external links go to your website.

If you use any other operators in your work that we did not take into account, share in the comments. Let's discuss =)

And so, now I will talk about how to hack something without special knowledge of something. I say right away that there is little benefit from this, but still.
First, you need to find the sites themselves. To do this, go to google.com and search for dorks

Inurl: pageid = inurl: games.php? Id = inurl: page.php? File = inurl: newsDetail.php? Id = inurl: gallery.php? Id = inurl: article.php? Id = inurl: show.php? id = inurl: staff_id = inurl: newsitem.php? num = inurl: readnews.php? id = inurl: top10.php? cat = inurl: historialeer.php? num = inurl: reagir.php? num = inurl: Stray- Questions-View.php? Num = inurl: forum_bds.php? Num = inurl: game.php? Id = inurl: view_product.php? Id = inurl: newsone.php? Id = inurl: sw_comment.php? Id = inurl: news.php? id = inurl: avd_start.php? avd = inurl: event.php? id = inurl: product-item.php? id = inurl: sql.php? id = inurl: news_view.php? id = inurl: select_biblio.php? id = inurl: humor.php? id = inurl: aboutbook.php? id = inurl: ogl_inet.php? ogl_id = inurl: fiche_spectacle.php? id = inurl: communique_detail.php? id = inurl: sem. php3? id = inurl: kategorie.php4? id = inurl: news.php? id = inurl: index.php? id = inurl: faq2.php? id = inurl: show_an.php? id = inurl: preview.php? id = inurl: loadpsb.php? id = inurl: opinions.php? id = inurl: spr.php? id = inurl: pages.php? id = inurl: announce.php? id = inurl: clanek.php4? id = i nurl: participant.php? id = inurl: download.php? id = inurl: main.php? id = inurl: review.php? id = inurl: chappies.php? id = inurl: read.php? id = inurl: prod_detail.php? id = inurl: viewphoto.php? id = inurl: article.php? id = inurl: person.php? id = inurl: productinfo.php? id = inurl: showimg.php? id = inurl: view. php? id = inurl: website.php? id = inurl: hosting_info.php? id = inurl: gallery.php? id = inurl: rub.php? idr = inurl: view_faq.php? id = inurl: artikelinfo.php? id = inurl: detail.php? ID = inurl: index.php? = inurl: profile_view.php? id = inurl: category.php? id = inurl: publications.php? id = inurl: fellows.php? id = inurl : downloads_info.php? id = inurl: prod_info.php? id = inurl: shop.php? do = part & id = inurl: productinfo.php? id = inurl: collectionitem.php? id = inurl: band_info.php? id = inurl : product.php? id = inurl: releases.php? id = inurl: ray.php? id = inurl: produit.php? id = inurl: pop.php? id = inurl: shopping.php? id = inurl: productdetail .php? id = inurl: post.php? id = inurl: viewshowdetail.php? id = inurl: clubpage.php? id = inurl: memberInfo.php? id = inurl: section.php? id = in url: theme.php? id = inurl: page.php? id = inurl: shredder-categories.php? id = inurl: tradeCategory.php? id = inurl: product_ranges_view.php? ID = inurl: shop_category.php? id = inurl: transcript.php? id = inurl: channel_id = inurl: item_id = inurl: newsid = inurl: trainers.php? id = inurl: news-full.php? id = inurl: news_display.php? getid = inurl: index2. php? option = inurl: readnews.php? id = inurl: top10.php? cat = inurl: newsone.php? id = inurl: event.php? id = inurl: product-item.php? id = inurl: sql. php? id = inurl: aboutbook.php? id = inurl: preview.php? id = inurl: loadpsb.php? id = inurl: pages.php? id = inurl: material.php? id = inurl: clanek.php4? id = inurl: announce.php? id = inurl: chappies.php? id = inurl: read.php? id = inurl: viewapp.php? id = inurl: viewphoto.php? id = inurl: rub.php? idr = inurl: galeri_info.php? l = inurl: review.php? id = inurl: iniziativa.php? in = inurl: curriculum.php? id = inurl: labels.php? id = inurl: story.php? id = inurl: look.php? ID = inurl: newsone.php? Id = inurl: aboutbook.php? Id = inurl: material.php? Id = inurl: opinions.php? Id = inurl: announce.php? Id = inurl: rub.php? Idr = inurl: galeri_info.php? l = inurl: tekst.php? idt = inurl: newscat.php? id = inurl: newsticker_info.php? idn = inurl: rubrika.php? idr = inurl: rubp.php? idr = inurl: offer.php? idf = inurl: art.php? idm = inurl: title.php? id = inurl: ". php? id = 1" inurl: ". php? cat = 1" inurl: ". php? catid = 1 "inurl:". Php? Num = 1 "inurl:". Php? Bid = 1 "inurl:". Php? Pid = 1 "inurl:". Php? Nid = 1 "

here is a small list. You can use your own. And so, we found the site. For example http://www.vestitambov.ru/
Next, download this program

** Hidden Content: To see this hidden content your post count must be 3 or greater. **

Click OK. Then we insert the site of the victim.
We press start. Next, we are waiting for the results.
And so, the program found a SQL vulnerability.

Next, download Havij, http://www.vestitambov.ru:80/index.php?module=group_programs&id_gp= paste the resulting link there. Explaining how to use Havij and where I won't download it, it's not hard to find it. Everything. You have received the data you need - the administrator password, and then it's up to your imagination.

P.S. This is my first attempt at writing something. I apologize if something goes wrong