[Bug] SQL injection pada News Read ID (read.php?)

Post by **poni** » Sun May 30, 2010 10:06 pm

Komponen yang terdapat bug sql injection = read.php
DORK: inurl:"read.php?id="

POC

http://campus.sanook.com/inlove/read.php?id=132'
http://www.inspireyourworld.com/issue6/read.php?id=23'
http://www.wellerpools.com/news-read.php?id=16'

Post by **poni** » Sun May 30, 2010 10:46 pm

http://www.wellerpools.com/news-read.php?id=16'

Dapat deh login Admin + Pass :devil
Admin = chr1sty
Password : ************ cencored

Post by **shad.hckr** » Sun May 30, 2010 10:51 pm

waw... razia neh ceritanya ya mas pon... hehehehe... :ngakak: :ngakak: :ngakak:
but keren juga tuh CMS... :licik: :licik:

Post by **poni** » Sun May 30, 2010 10:58 pm

ada gr33tz untuk anda.. check it out

Code: Select all

http://www.wellerpools.com/testimonials.php

Btw. semua komponen bisa dimodifikasi. bahkan bisa upload shell.. tapi gue hanya sebatas edit testimonial.php saja.

Post by **poni** » Sun May 30, 2010 11:13 pm

shad.hckr wrote:waw... razia neh ceritanya ya mas pon... hehehehe... :ngakak: :ngakak: :ngakak:
but keren juga tuh CMS... :licik: :licik:

iya.. lagi ga ada kerjaan, masih banyak web yang vuln dengan konten tersebut. cek aja dorknya

demonbrando · Post by **demonbrando** » Sun May 30, 2010 11:29 pm

wah,abang poni mantep dah... :devil tapi sayangnya passwordnya di sensor??? :putusasa:

Post by **shad.hckr** » Sun May 30, 2010 11:36 pm

wekekeke..

Code: Select all

poni : Miss christy, we don`t do any harm on the system. Just put this message . so you may fix your web soon. thanks

Gr33tz:

   ^Family-Code^, ^rumput_kering^, 0x99/JerryMaheswara, Paman, XShadow, psychopath, fl3xu5, gblack, mas_agung, Jundi, ^_xfree_^, systemofadown, yadoy666
, Phychole, Wilmar_Kidz, 3xtr3m3b0y, Darkzzzz, Shad.hckr,  And You... the marvellous XCoders those change the Indonesian Undergorund scenes

Http://forum.xcode.or.id

keren mas.. =))

Xcode gak kalah ma agnes monica yang Go International.. :ngakak: :ngakak:

anjay · Post by **anjay** » Sun May 30, 2010 11:37 pm

mantabz om poni :love:

shinichi81 · Post by **shinichi81** » Mon May 31, 2010 10:16 am

upload dong bos poni POC-nya... :tapa: :tapa: :tapa: :tapa:

Post by **peniru** » Mon May 31, 2010 10:20 am

wih.. nambah lagi nih bhan belajar.... :love: :love:

tq kk poni..... :devil :devil

*Cyber Security Forum (X-code) - PT. Teknologi Server Indonesia

[Bug] SQL injection pada News Read ID (read.php?)

[Bug] SQL injection pada News Read ID (read.php?)

Re: [Bug] SQL injection pada News Read ID (read.php?)

Re: [Bug] SQL injection pada News Read ID (read.php?)

Re: [Bug] SQL injection pada News Read ID (read.php?)

Re: [Bug] SQL injection pada News Read ID (read.php?)

Re: [Bug] SQL injection pada News Read ID (read.php?)

Re: [Bug] SQL injection pada News Read ID (read.php?)

Re: [Bug] SQL injection pada News Read ID (read.php?)

Re: [Bug] SQL injection pada News Read ID (read.php?)

Re: [Bug] SQL injection pada News Read ID (read.php?)