Jul 08

Semak senarai PLKN, website easily can be hacked

announcement, malaysia, news, Programming No Comments »

I suspect they hired juniors to handle their PLKN list as it easily be hacked. Proof is here.

http://www.khidmatnegara.gov.my/interaktif.asp

Error Type:
Microsoft JET Database Engine (0x80040E14)

Here we could determine they are using Access Database, so by referring to http://www.krazl.com/blog/?p=3 , you could start practicing your hacking skill.

Enjoy!

written by ™ ķЯαž£ ™ \\ tags: , , , , , , ,

Jan 07

IT audit website not so “audited”? SQL injection re-visited

Uncategorized No Comments »

What happen if organisation that promoting IT audit is not so ‘audited’ in term of security? by refering to here
you start hack their website.  Enjoy.

  • Error Type:
    Microsoft OLE DB Provider for SQL Server (0x80040E14)
    Line 1: Incorrect syntax near ‘%’.
    /search.asp, line 71

  • Browser Type:
    Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14

  • Page:
    POST 73 bytes to /search.asp

  • POST Data:
    keyword=%27and+1+in+%28SELECT+%40%40SERVERNAME%29&submit.x=14&submit.y=16

    • written by ™ ķЯαž£ ™ \\ tags: , , , , , , , ,

    Aug 19

    Maybank2u fake website : art of programming

    2008, announcement, backdoor, bank, company, computer, hack, hacker, hot, Programming No Comments »

    today I encounter very interesting way of phishing website. They totally using CSS of original website and have same UI. this is dangerous as any layman will taken the bite and accidently given freely their login.

    *phishing website

    http://www.maybank2u-member.com/verify.html


    whois maybank2u-member.com ??
    http://whois.domaintools.com/maybank2u-member.com

      Domain Name………. maybank2u-member.com
    Creation Date…….. 2008-08-19
    Registration Date…. 2008-08-19
    Expiry Date………. 2009-08-19
    Organisation Name…. Geoffrey Mitchell
    Organisation Address. P O Box 99800
    Organisation Address.
    Organisation Address. EmeryVille
    Organisation Address. 94662
    Organisation Address. CA
    Organisation Address. US

    Admin Name……….. PrivateRegContact Admin
    Admin Address…….. P O Box 99800
    Admin Address……..
    Admin Address…….. EmeryVille
    Admin Address…….. 94662
    Admin Address…….. CA
    Admin Address…….. US
    Admin Email………. 
    Admin Phone………. +1.5105952002
    Admin Fax…………

    Tech Name………… PrivateRegContact TECH
    Tech Address……… P O Box 99800
    Tech Address………
    Tech Address……… EmeryVille
    Tech Address……… 94662
    Tech Address……… CA
    Tech Address……… US
    Tech Email……….. 
    Tech Phone……….. +1.5105952002
    Tech Fax………….
      Name Server………. yns1.yahoo.com
    Name Server………. yns2.yahoo.com

    compare to original website:
    https://www.maybank2u.com.my/mbb/scripts/mbb_login.jsp?do=Login

    Nowdays it seems yahoo.com are liabilities to this phishing website. Anyone want to get rich fast and sue yahoo.com??

    written by ™ ķЯαž£ ™ \\ tags: , , , , ,

    Previous Entries

    Alexa