Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/jayabaya/public_html/info/infoisi.php on line 6 MySQL v4 is so tiring, so i left it for now.There is a directory called info there. So let's check it out.
admin/ 01-Jun-2008 02:39 -
connect.php 21-Dec-2007 08:36 1k
info_lead.php 15-Feb-2006 14:02 1k
infoisi.php 05-Aug-2004 09:10 2k
infolist.php 28-Jan-2004 09:42 1k Wow, there is an admin directory in the info dir? An idiot developer must be blamed here. ok check the admin directory,
Parent Directory 01-Jun-2008 02:39 -
connect.php 21-Dec-2007 08:36 1k
info_delete.php 28-Jan-2004 09:42 1k
info_edit1.php 20-Jan-2005 12:08 2k
info_edit2.php 28-Jan-2004 09:42 2k
info_edit3.php 28-Jan-2004 09:42 1k
infoform.php 20-Jan-2005 12:38 2k
infoinput.php 28-Jan-2004 09:42 1k Try them one by one. The interesting one is the info_edit2.php. You can edit any info in that site with this. try http://www.jayabaya.ac.id/info/admin/info_edit2.php?id=3 You can add a javascript into the title or the body of this info. But unfortunately, you can't upload a shell to bring more destruction :(
0 comments:
Post a Comment