We are closing registration and public forum view to Paid & Private in 16 days! CLICK HERE to register FREE.
Create an account  

For users privacy, our last domains: CarderHack.com and OmertaHack.net are moved to CardingTeam.ws

Deposit & Withdraw | About Verified Sellers and Escrow | Advertise | Scam Report | Tracking Number Details | ICQ: 717039384

carding forums carding forums
carding forums carding forums
carding forums Paid adv expire in 48 days
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Tutorial] Source Code Disclosure [/Tutorial]

What is Source Code Disclosure?

This is a kind of exploits that is very easy & tricky .... That you actually exploit the PDF downloading system to download such other suspec. files from the web server!

This is a google dork that can be used to capture such Vulnerabilities


Alright so here is the requirements :
1-Old exp. in PHP ( not very important )
2-Old exp. in SQL commands.. ( very important )

Okay here we go ,
Lets say we found a URL tat allows PDF downloading ..


We will ignore the popup downloading box And start playing abit with the URL so we can find the Suspec. PHP files ...!


Now lets notice if theres a downloading popup , If there is then you are lucky to find the PHP file on the first Directory...! If not Then keep searching in the directories like this




Alright After we download this PHP file we are going to check codes in it .. In my case i found


Okay lets keep going ... Now as you see the download.php file has a config file but thats not the config file we want , We want one that is actually attached to the sql database of them ... Like some login boxes etc..

Lets say we found an admin page login


Okay now you need a FF Add-on called FireBug , Once you install it and restart your FF

Go to the admin login page and right click and click on Inspect Element
Then click on HTML Then start looking for some thing familiar to this

<form method="POST" action=Some Directory here/>

Now this is the config file we want to download to fetch the sql informations!

In my Case


After downloading this file Open it to view the source code! Now you will be able to view the sql connection information , Most of you will actually give up by seeing localhost , Well theres still a chance to connect

Open up cmd.exe and type

mysql -h SITEIP -u USERNAME -p

Now you are connected Theres alot of ways to get your PHP shell script up !
Paid adv. expire in 31 days
CLICK to buy Advertisement !

    Verified & Trusted WesternUnion / MoneyGram / Bank - Transferring -WorldWide [ MTCN in 3 hours ]

Forum Jump: