These files contain ColdFusion source code.
#123 flash chat tricks how to
(If that happens you're basically boned anyway, not much around that.īy the way, to know how to view the PHP file contents, you can use this code: You can't use that persay to get into the config file, but it would show potential threats if someone got into server anyway. Browsers are made to process the commands of PHP before display, so if no commands, nothing to show. To see view the PHP files there in lies the catch.
#123 flash chat tricks full
This file gives you the keys to that forum, including FULL ADMIN access to the database. Most sites with forums run a PHP message base. To skip the technical discussion, this configuration file contains both a username and a password for an SQL database. This search brings up sites with "config.php" files. Some lists are bigger than others, all are fun. This file gives a list of (crackable) passwords, usernames and email addresses for DCForum and for DCShop (a shopping cart program(!!!). Not all of these pages are administrator's access databases containing usernames, passwords and other sensitive information, but many are! And much adminstrated passwords and user passwords, a lot of emails and the such too…ĭCForum's password file. An attacker can also search for 'filetype:pwd users'. Today, there are still vulnerable servers found with Google.Īn attacker can simply take advantage from administrators who 'forget' to set up the policies for Frontpage extensions. In the late 90's people thought they where hardcore by defacing sites with Frontpage. Microsoft Frontpage extensions appear on virtually every type of scanner. "index of/" "ws_ftp.ini" "parent directory" WS_FTP.ini is a configuration file for a popular win32 FTP client that stores usernames and weakly encoded passwords. It uses "parent directory" to avoid results other than directory listings. To see results just write in the () search engine the bangbus or search is a cleanup of a previous entry by J0hnny. This is a query to get inline passwords from search engines (not just Google), you must type in the query followed with the the domain name without the.
#123 flash chat tricks software
This searches the password for "Website Access Analyzer", a Japanese software that creates webstatistics. But the file containing the password might be encrypted to decrypt the file download the program " john the ripper". very nice clean search results listing !! I magine with me that you can steal or know the password of any web site designed by "Frontpage". To see results just write in the () search engine the code:įrontpage. Probably one of the best exploits I have seen in a long time, when I did it there were about 20 vulnerable computers, just recently there was 4 so I hope whitehats got to this before anyone else. Don't forget - even if they have taken the file offline, use the "cache:FULL_URL/wsftp.ini" to see the contents. Just copy/paste the text into your own WS FTP ini file and you're good as gold (assuming you're using the same version). Ws_ftp.ini is a configuration file for a popular FTP client that stores usernames, (weakly) encoded passwords, sites and directories that the user can store for later reference. Excellent tricks and techniques of Google Hacks
0 kommentar(er)
