Blind SQL Injection ...

thej4ck

thej4ck

New member
saya menemukan url:
http://www.vulnerablesite.com/pegawai/index.php?p_page=8&act=pegawai_all&f_field=nama&f_key= -->normal

pada var p_page nilai d ganti -8
http://www.vulnerablesite.comd/pegawai/index.php?p_page=-8&act=pegawai_all&f_field=nama&f_key=

menjadi SQL error :
Warning: mysql_data_seek() [function.mysql-data-seek]: Offset -225 is invalid for MySQL result index 6 (or the query data is unbuffered) in /home/Targt/public_html/lib/file_library.php on line 409

:D:D:D:D

apakah site ini jg vulnerable SQLi??? gmn cara memasukkan EVILcode???
krn saya pake order+by+2(number) tetep g bisa... >:'(
mohon pencerahan kk master disini..
 
Bls: Blind SQL Injection ...

thej4ck said:
saya menemukan url:
http://www.vulnerablesite.com/pegawai/index.php?p_page=8&act=pegawai_all&f_field=nama&f_key= -->normal

pada var p_page nilai d ganti -8
http://www.vulnerablesite.comd/pegawai/index.php?p_page=-8&act=pegawai_all&f_field=nama&f_key=

menjadi SQL error :
Warning: mysql_data_seek() [function.mysql-data-seek]: Offset -225 is invalid for MySQL result index 6 (or the query data is unbuffered) in /home/Targt/public_html/lib/file_library.php on line 409

:D:D:D:D

apakah site ini jg vulnerable SQLi??? gmn cara memasukkan EVILcode???
krn saya pake order+by+2(number) tetep g bisa... >:'(
mohon pencerahan kk master disini..
Click to expand...

coba pake schemafuzz nya python...kalau bener2 vuln pasti ntar dapet darkcode nya:mad:):mad:):mad:)
 
You must log in or register to reply here.
Back
Top