Tz tuanze hacking jamaaani

[bs0d]

login.php
<?php
$Host= '192.168.1.8',Welcome to TANESCO ;
$Dbname= 'app';
$User= 'yyy';
$Password= 'xxx';
$Schema = 'test';

$Conection_string="host=$Host dbname=$Dbname user=$User password=$Password";

/* Connect with database asking for a new connection*/
$Connect=pg_connect($Conection_string,$PGSQL_CONNECT_FORCE_NEW);

/* Error checking the connection string */
if (!$Connect) {
echo "Database Connection Failure";
exit;
}

$query="SELECT user_name,password from $Schema.members where user_name='".$_POST['user_name']."';";

$result=pg_query($Connect,$query);
$row=pg_fetch_array($result,NULL,PGSQL_ASSOC);

$user_pass = md5($_POST['pass_word']);
$user_name = $row['user_name'];

if(strcmp($user_pass,$row['password'])!=0) {
echo "Login failed";
}
else {
# Start the session
session_start();
$_SESSION['USER_NAME'] = $user_name;
echo "<head> <meta http-equiv=\"Refresh\" content=\"0;url=home.php\" > </head>";
}
?

 

[snipa]

bs0d
.
Kwanin mnajaribu ku fool vichwa vya watu wazi wazi hiv???
.
.
.

 

[UncleJoe]

bs0d
.
Kwanin mnajaribu ku fool vichwa vya watu wazi wazi hiv???
.
.
.

jamaa muongo... website ya tanesco inatumia joomla. joomla hawana login.php wala home.php hata bila kuwa mtaalamu sana...

njia nzuri ya kuhack joomla sites ni kupitia vulnerable extensions

 

[CYBERTEQ]

.
Umetoa ushauri mzuri sana kiongozi pale juu
.
Ila unapo elekeza hiyo kitu jf ni masyala yenye u serious ndani yake......
.
Ukiwa na maana hawezi ku i hack hii forum achana na hiyo kitu kabisa .....
.
.
Umeiona hii 'or'1=1'
.
.

Hahahhaa, JF atakesha, siyo kwamba haiwezekani, INAWEZEKANA, lakini yeye atazeeka!

 

[ethicx]

Being script kid ni tatizo kwakweli