> > > >


Pentest web server UNS.AC.ID
cassaprodigy Offline
Coder
76 - 1,101
#1
11-29-2011, 02:47 PM
disclaimer :
ini di pentest hanya untuk memperbaiki IT security di indonesia .. kita mencari bug nnti akan kita laporkan ke admin .. dengan tidak bermaksud merusak sama sekali.

hasil crawl

login admin default .. ntah palsu apa gk

Code:
http://www.uns.ac.id/login.php

hmmm celah dapat di temukan di subdomain

Code:
http://lppm.uns.ac.id/sirine/penelitian.php?act=jenisp&kds=S07%27

error koneksi database...

Code:
http://www.uns.ac.id/direktori_sdm/

ada yang bisa menambahkan ?
saya tambahkan xss ..

Code:
http://www.uns.ac.id//news_event.php/%22%3Ch1%3E%28Ikonspirasi%20hacked%29%3C/h1%3E%3E
SQLI Injection

Code:
http://www.uns.ac.id//news_event.php?act=ars&arsBln=%24{injecthere}&idMn=1
(This post was last modified: 11-29-2011, 03:16 PM by cassaprodigy.)  
Find
Reply

THJC Offline
Linuxtivist
112 - 2,625
#2
11-29-2011, 09:22 PM
Hmmm sekedar saran saja sih om Smile
Lebih baik, show bugnya setelah ada kesepakatan dari pihak admin yang telah dihubungi terlebih dahulu.
kita mengedepankan etika terlebih dahulu Smile

Lajur cerita :
1. Kita menemukan BUG.
2. email admin.
3. Jika sudah ditanggapi, dan sudah ada kabar fix. baru share bugnya
4. Tunggu 1 minggu bila belum ditanggapi, jika blm ditanggapi. share bugnya.

Hanya sekedar saran Smile
Yang putih, yang seharusnya ber-aksi dan berbakat!
Linuxtivist blog
 
Website Find
Reply

shendo Offline
Share
6 - 160
#3
12-03-2011, 08:53 PM
POC nya gk sekalian zee??? Big Grin
shendo@IBT:~# whoami
root
shendo@IBT:~# id
uid=0(root) gid=0(root) groups=0(root)
shendo@IBT:~#_
 
Find
Reply

cassaprodigy Offline
Coder
76 - 1,101
#4
12-05-2011, 02:56 AM
weekkk aye bukan zee om shendo tpi m1rwan gnteng Sad
 
Find
Reply

Andre_Corleone Offline
Pentest Security Team
4 - 24
#5
12-06-2011, 01:14 PM
lupa cara nginject =)) suram
 
Find
Reply

shadowsmaker$ Offline
..:: Mantan Hacker ::..
6 - 74
#6
12-15-2011, 06:23 PM
(12-06-2011, 01:14 PM)Andre_Corleone Wrote: lupa cara nginject =)) suram

wkwkwkw ...
bisa aja dahhh lu oms Confused
shadowsmaker.net | shadowsmaker.info | shadowsmaker.com
 
Website Find
Reply

Junior Riau Offline
http://www.juniorriau.com
95 - 2,063
#7
06-04-2012, 08:34 AM
new report vulnerability of uns.ac.id

ada sekitar 49 vulner sqli ane temukan
jadi kita kut saran om thjc dulu atau bagaimana ni?

mhaap telat report ^_^
Junior IBTeam - official site
gained facebook account
(This post was last modified: 06-04-2012, 08:38 AM by Junior Riau.)  
Find
Reply

ekawithoutyou Away
just suramer
25 - 836
#8
06-04-2012, 09:02 AM
ikut saran om thjc dulu aje :p
kaborrrrrrrr Confused
Every Second, Every Minutes, Every Hours, Every Days Its Never End
 
Find
Reply

Junior Riau Offline
http://www.juniorriau.com
95 - 2,063
#9
06-04-2012, 09:08 AM
okdeh kalau ikut saran om thjc diumpet dulu aja listnya Big Grin
Junior IBTeam - official site
gained facebook account
 
Find
Reply

ekawithoutyou Away
just suramer
25 - 836
#10
06-04-2012, 09:19 AM
sep Confused
Every Second, Every Minutes, Every Hours, Every Days Its Never End
 
Find
Reply






Users browsing this thread: 1 Guest(s)