Home »Unlabelled » Hacking PHP 4.4 sites in 20 seconds
Hacking PHP 4.4 sites in 20 seconds
Now here is a real hacking tutorial in which I am going to hack a real website,and that too in less than 20 seconds.and I am not kidding. Actually sites with PHP 4.4 have a SQL injection vulnerability in them which makes their Admin control panel easily accessible,and I mean in one big shot,you will be admin of that site.
Remember,this tutorial is applicable on PHP4.4 machines with Apache running in parallel with them.Also,since I will be hacking REAL websites,I will not be displaying their URL’s or else I will be gunned down (by law of course :P).It will be partial in nature,that is I WILL not be teaching each and everything to you,I assume you know basics of SQL injection/PHP injection/Google searching.
In the mean time,here is how you can start -
Step 1 – Search for them
Yep,make a Google dork to find sites running Apache and PHP 4.4 . Its quite easy.
Step 2 – Scan them
Start by scanning them using Nmap,Do and intense scan and find the open ports. If you find port 2000 open,then you have almost got it. most websites running PHP4.4 have this port for admin login.
Now just login using port 2000 ie -
http://www.website.com:2000
and you will be comfortably login into admin page like this -
Step 3 – Hack them
Now in the fields,you have to type -
username – admin
password – a’ or 1=1 or ‘b
domain - a’ or 1=1 or ‘b
and press go,you will login into admin
voila..you have hacked into admin. Actually sites based on PHP 4.4 have the vulnerability in them that they are vulnerable to SQL injection.It will literally take 20 seconds.
I hope that was informative :P go learn something.
Cheers!
This post was written by:
Adnan Anjum - who has written 1000+ posts on hackguide4u.
Adnan Anjum is a professional Geek. Follow him on Twitter or email him
Share your views...
1 Respones to "Hacking PHP 4.4 sites in 20 seconds"
sence you know how to hack a 4.4 PHP how about a up to date PHP server? can you try this site?
http://classicaat.x10.mx/admin.php
been trying to get into it to refresh the cron tab so the game will actually work again...the guy didnt add his email for the admin email so tht i cud tell him about the problem...so i was going to do it for him lol
if you can help out PLZ PLZ help me
thanks
November 15, 2010 at 10:19 PM
Post a Comment