It is the tax paying month again!

This time, I found something new. The “novice” sit besides me successfully use an very identical way to exploit the application.

Yes! The Hasilnet website is showing the MSSQL connection string when there is an error! *I leave it for you to reproduce the error*

Below is the thing that I manage to do a screen shot on it. According to the file name, it is very likely the DigiCert module is not properly coded!

 

 

Seeing from the IP itself, it does not looks like public IP. Tried to connect via MSSQL Management Studio but no luck. Tried all the IPs listing in whois search still no luck. Perhaps the database is not allow remote connection!

 

If the database do not allow that, perhaps we can think a way to go in via [your hacking methods here]

 

So, that’s what I can tell you. I am risking my blogger’s life to share this information with you. You better make sure that you are EDUCATED enough to apply the information for EDUCATIONAL use only :hahaha:

 

Happy hunting!

 

del.icio.us Tags: , ,

 

Technorati Tags: , ,
 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

RSS
Follow by Email