Kamis, 21 Juli 2011

ASBISINDO (SQL Injection)


Sebelumnya saya meminta maaf kepada bapak admin web tersebut dan maaf atas kelancangan saya ini. Saya hanya cuman lagi lewat2 website tsb dan menemukan hal ini :

InternalError

ADODB_Exception: mysql error: [1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '')' at line 1] in EXECUTE("SELECT * FROM sb_members WHERE email='admin' AND pwd=md5(''or 1=1--')")

#0 /home/asbsindo/public_html/framework/Data/adodb/adodb.inc.php(874): adodb_throw('mysql', 'EXECUTE', 1064, 'You have an err...', 'SELECT * FROM s...', false, Object(ADODB_mysql))
#1 /home/asbsindo/public_html/framework/Data/adodb/adodb.inc.php(848): ADOConnection->_Execute('SELECT * FROM s...', false)
#2 /home/asbsindo/public_html/framework/Data/TAdodb.php(114): ADOConnection->Execute('SELECT * FROM s...')
#3 /home/asbsindo/public_html/admin/application/global/AdminUser.php(124): TAdodb->__call(Array, Array)
#4 /home/asbsindo/public_html/admin/application/global/AdminUser.php(124): TAdodb->Execute('Execute', Array)
#5 /home/asbsindo/public_html/admin/application/UserModule/LoginPage.php(25): AdminUser->login('SELECT * FROM s...')
#6 /home/asbsindo/public_html/framework/TComponent.php(550): LoginPage->onClickLoginBtn('admin', ''or 1=1--')
#7 /home/asbsindo/public_html/framework/Web/UI/WebControls/TButton.php(192): TComponent->raiseEvent(Object(TButton), Object(TEventParameter))
#8 /home/asbsindo/public_html/framework/Web/UI/WebControls/TButton.php(176): TButton->onClick('OnClick', Object(TButton), Object(TEventParameter))
#9 /home/asbsindo/public_html/framework/Web/UI/TPage.php(1005): TButton->raisePostBackEvent(Object(TEventParameter))
#10 /home/asbsindo/public_html/framework/Web/UI/TPage.php(950): TPage->handlePostBackEvent('')
#11 /home/asbsindo/public_html/framework/TApplication.php(483): TPage->execute()
#12 /home/asbsindo/public_html/admin/index.php(5): TApplication->run()
#13 {main}

Sayapun kurang tau maksud dari perintah diatas dan apa web tsb bisa di SQL Injection yah ? mohon maaf nih saya memang kurang paham dunia tsb, hehehee piss

1 komentar:

Anonim mengatakan...

cobalah tuk bijak....ego itu harus direm bos....jgn seenak jidat dewe...anda mungkin merasa jago pintar..tapi inget bos masih ada yg lebih...kepintaran itu hanyalah ALLAH SEMATA...internet sehat itu lebih baik......