Page 1 of 3

[Bug] SQL injection pada News Read ID (read.php?)

PostPosted: Sun May 30, 2010 10:06 pm
by poni
Komponen yang terdapat bug sql injection = read.php
DORK: inurl:"read.php?id="

POC
Code: Select all
http://campus.sanook.com/inlove/read.php?id=132'
http://www.inspireyourworld.com/issue6/read.php?id=23'
http://www.wellerpools.com/news-read.php?id=16'

Re: [Bug] SQL injection pada News Read ID (read.php?)

PostPosted: Sun May 30, 2010 10:46 pm
by poni
Image
http://www.wellerpools.com/news-read.php?id=16'

Image
Dapat deh login Admin + Pass :devil
Admin = chr1sty
Password : ************ cencored

Re: [Bug] SQL injection pada News Read ID (read.php?)

PostPosted: Sun May 30, 2010 10:51 pm
by shad.hckr
waw... razia neh ceritanya ya mas pon... hehehehe... :ngakak: :ngakak: :ngakak:
but keren juga tuh CMS... :licik: :licik:

Re: [Bug] SQL injection pada News Read ID (read.php?)

PostPosted: Sun May 30, 2010 10:58 pm
by poni
Image
ada gr33tz untuk anda.. check it out
Code: Select all
http://www.wellerpools.com/testimonials.php


Btw. semua komponen bisa dimodifikasi. bahkan bisa upload shell.. tapi gue hanya sebatas edit testimonial.php saja. :P

Re: [Bug] SQL injection pada News Read ID (read.php?)

PostPosted: Sun May 30, 2010 11:13 pm
by poni
shad.hckr wrote:waw... razia neh ceritanya ya mas pon... hehehehe... :ngakak: :ngakak: :ngakak:
but keren juga tuh CMS... :licik: :licik:


iya.. lagi ga ada kerjaan, masih banyak web yang vuln dengan konten tersebut. cek aja dorknya

Re: [Bug] SQL injection pada News Read ID (read.php?)

PostPosted: Sun May 30, 2010 11:29 pm
by demonbrando
wah,abang poni mantep dah... :devil tapi sayangnya passwordnya di sensor??? :putusasa:

Re: [Bug] SQL injection pada News Read ID (read.php?)

PostPosted: Sun May 30, 2010 11:36 pm
by shad.hckr
wekekeke..

Code: Select all
poni : Miss christy, we don`t do any harm on the system. Just put this message . so you may fix your web soon. thanks

Gr33tz:

   ^Family-Code^, ^rumput_kering^, 0x99/JerryMaheswara, Paman, XShadow, psychopath, fl3xu5, gblack, mas_agung, Jundi, ^_xfree_^, systemofadown, yadoy666
, Phychole, Wilmar_Kidz, 3xtr3m3b0y, Darkzzzz, Shad.hckr,  And You... the marvellous XCoders those change the Indonesian Undergorund scenes

Http://forum.xcode.or.id


keren mas.. =))

Xcode gak kalah ma agnes monica yang Go International.. :ngakak: :ngakak:

Re: [Bug] SQL injection pada News Read ID (read.php?)

PostPosted: Sun May 30, 2010 11:37 pm
by anjay
mantabz om poni :love:

Re: [Bug] SQL injection pada News Read ID (read.php?)

PostPosted: Mon May 31, 2010 10:16 am
by shinichi81
upload dong bos poni POC-nya... :tapa: :tapa: :tapa: :tapa:

Re: [Bug] SQL injection pada News Read ID (read.php?)

PostPosted: Mon May 31, 2010 10:20 am
by peniru
wih.. nambah lagi nih bhan belajar.... :love: :love:

tq kk poni..... :devil :devil