It is the tax paying month again!
This time, I found something new. The "novice" sit besides me successfully use an very identical way to exploit the application.
Yes! The Hasilnet website is showing the MSSQL connection string when there is an error! *I leave it for you to reproduce the error*
Below is the thing that I manage to do a screen shot on it. According to the file name, it is very likely the DigiCert module is not properly coded!
Seeing from the IP itself, it does not looks like public IP. Tried to connect via MSSQL Management Studio but no luck. Tried all the IPs listing in whois search still no luck. Perhaps the database is not allow remote connection!
If the database do not allow that, perhaps we can think a way to go in via [your hacking methods here]
So, that's what I can tell you. I am risking my blogger's life to share this information with you. You better make sure that you are EDUCATED enough to apply the information for EDUCATIONAL use only
Happy hunting!
Theme design by Jelle Druyts
Pick a theme: BlogXP business calmBlue Candid Blue dasBlog dasblogger DirectionalRedux Discreet Blog Blue Elegante essence Just Html MadsSimple Mobile Mono Movable Radio Blue Movable Radio Heat nautica022 orangeCream Portal Project84 Project84Grass Slate Sound Waves Tricoleur useit.com Voidclass2
Powered by: newtelligence dasBlog 2.1.8102.813
The entries in my blog are solely my opinions and do not represent the thoughts, intentions, plans or strategies of any third party, including my employer, except where explicitly stated. Needless to say, a blog is a snapshot in time. Over time, as I interact with the community at large and/or learn more about various topics, my thoughts and opinions are subject to change. As such you should not consider out of date posts to reflect my current thoughts and opinions.
© Copyright 2008, Kok mING
E-mail
Keep this blog alive with PayPal!