Dragon Force (Malaysia)

Group Tempur DragonForce & Rilekscrew

Apakah itu Vuln atau vulnerable ??

Salam sejahtera semua .. pembaca pembaca yang setia tu ..

ok.. hari ni saya nak terangkan apa itu vuln .. sebenarnya nama panjang dia vulnerable ..

jadi saya nak gunakan singkatan Vuln .. supaya senang ..

ok … cuba korang perhatikan website ni ..

http://dr-vb.co.il/articles/articles.php?page=%277
http://www.avicom.co.il/page.php?id=5
http://www.interlab.co.il/results.php?cat1=7&cat2=30&p=1
http://www.turtle.co.il/product_info.php?products_id=303
http://www.imaba.co.il/travel_page.php?pid=148
http://www.kehila1.org.il/dev/activities?organizer=407
http://www.yasam.co.il/item_h.php?id=234
http://www.people-source.com.my/jobdetails.php?id=87
http://www.ittv.com.my/web/shopping/supplier.php?id_supplier=3
http://haematology.org.my/portal/?page_id=216
http://shop.ameenbooks.com.my/index.php?p=110
http://5g.my/bizqna/index.php?q=node%2F38
http://www.the8unit.com.my/artistes.php?aid=6]
http://www.moyu.com.my/news.php?n=97%29
http://www.petsplace.com.my/proddetail.php?prod=CF4004
http://chinese2.cari.com.my/viewthread.php?action=printable&tid=1320092
http://www.kupon.my/index.php?page=viewbus&bus=6

ok .. cuba semak beberapa website tu .. korang perasan tak perkataan:

“”You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ” at line ?? “”

ok .. itu maksut nya vuln .. kebanyakan website .. kalau kita nak tahu dia vuln atau tidak .. masukan simbol ‘ pada hujung primeter ..

ok .. apa pulak primeter tu ??

ok .. primeter adalah number yang dekat hujung link sesuatu pelayan tu . contoh macam website ni .. vuln dalam webhosting joomla\

http://ricc.uthm.edu.my/en/component/alphacontent/1-berita.html?ordering=3&limit=10

kita tengok selepas perkataan

1-berita.html?ordering=3&limit=10

nampak limit=10 ..

ok .. number 10 itu adalah primeter …

sekerang letak simbol ni dekat hujung primeter tu ‘

> ‘

ok … maka akan keluar perkataan

“”You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ” at line ?? “”

ok.. itu adalah vuln jika sesuatu server itu mengunakan database mysql ..

jangan pulak korang nak cuba dekat bolgspot .. sebab blogspot tak ade database .. hack google dulu .. baru hack blogspot .. heheh🙂

ok .. vuln itu tadi ialah kelemahan sesuatu website sehingga kita dapat mencuri data data yang sangat penting seperti user_db .. pass_db

maksut nya username sesuatu website dan password sesuatu website … sehingga kita dapat masuk ke dalam perumah sesuatu pelayan tersebut ..

itu la maksut vulnerable …

ok .. ni website vuln yang saya cari ..

http://www.selangor.gov.my/kualalangat/main.php?Content=sections&SubSectionID=63&Sec
www.jkm.gov.my/index.php?option=com_jdownloads&Itemid=314&task=summary&color=green
http://www.ilpmrg.gov.my/index.php?option=com_content&view=article&id=55%3Akursus-induksi-modul-umum-a-khusus-tahun-2011&catid=36%3Aaktiviti–program-terkini&lang=en
http://www.klass.edu.my/activities/index.php?option=com_fabrik&task=viewTableRowDetails&Itemid=267&fabrik=10&rowid=42&_cursor=28&_total=186&tableid=10
http://login.hsnzkt.gov.my/?plugin_calendar_month=02&plugin_calendar_year=1884&pr_content=4
http://www.bintuluro.sarawak.gov.my/page.php?id=56+Order+1+&menu_id=0&sub_id=112
http://www.midcom.sarawak.gov.my/modules/web/page.php?id=12
http://www.kuis.edu.my/ictconf/index.php/index.php?option=com_jumi&fileid=6%27&id=48%27
http://ricc.uthm.edu.my/component/alphacontent/2-ppi.html?ordering=11&limitstart=0&limit=10&lang=en
http://jknpahang.moh.gov.my/v3/html/default.php?select=root_morenews
http://bendahari.upsi.edu.my/index.php/en/component/search/myupsi?searchphrase=any&ordering=newest&limit=5&start=-25
http://www.ilpmrg.gov.my/index.php?option=com_content&view=archive&year=2011&month=06&lang=en
http://www.dbp.gov.my/lamandbp/main.php?Content=articles
http://bendahari.upsi.edu.my/index.php/en/component/search/tharga?searchphrase=any&ordering=newest&limit=5&start=50
http://www.kpps.sarawak.gov.my/page_print.php?id
http://www.nreb.gov.my/modules/web/page.php?id
http://btpnkedah.edu.my/pergerakan/index.php?option=com_chronoconnectivity&Itemid=55

kalau korang rajin… inject la …

– EC –

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: