Indonesian Back|Track Team
SQLi Sqlmap.py - Printable Version

+- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum)
+-- Forum: Penetration Testing Os (https://www.indonesianbacktrack.or.id/forum/forum-170.html)
+--- Forum: Backtrack (https://www.indonesianbacktrack.or.id/forum/forum-171.html)
+---- Forum: BackTrack 5 (https://www.indonesianbacktrack.or.id/forum/forum-74.html)
+----- Forum: BackTrack 5 tutorial (https://www.indonesianbacktrack.or.id/forum/forum-82.html)
+----- Thread: SQLi Sqlmap.py (/thread-713.html)

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19


RE: SQLi Sqlmap.py - andriestifler - 09-04-2011

mau tanya mas

misal ini
http://forum.id-backtrack.com/showthread.php?tid=713&page=2

kan sqli mesti kudu ada "=2" yaa?

dan untuk cek ada bugs apa tidak tinggal ditambah (') tanpa tanda kurung.

nah kalo kagak ada gmn mas?


RE: SQLi Sqlmap.py - koecroet - 09-08-2011

om kalo udah dapet trus cara masuknya gimana ya?


RE: SQLi Sqlmap.py - L-icious - 10-10-2011

wah jalan bro
tinggal nyari admin login nya aja neh xixixi


RE: SQLi Sqlmap.py - L-icious - 10-11-2011

(10-10-2011, 09:50 PM)Liyan Oz Wrote:
(10-10-2011, 09:02 PM)L-icious Wrote: wah jalan bro
tinggal nyari admin login nya aja neh xixixi

iya ... bikinn aja pake script php hehehhee

ada sih script python nya
tp ga jalan di BT5 >.<


RE: SQLi Sqlmap.py - THJC - 10-11-2011

(10-11-2011, 02:54 PM)L-icious Wrote:
(10-10-2011, 09:50 PM)Liyan Oz Wrote:
(10-10-2011, 09:02 PM)L-icious Wrote: wah jalan bro
tinggal nyari admin login nya aja neh xixixi

iya ... bikinn aja pake script php hehehhee

ada sih script python nya
tp ga jalan di BT5 >.<

Dishare dong om Smile
Di thread baru lagi Smile


RE: SQLi Sqlmap.py - rajatega - 10-12-2011

root@bt:/pentest/database/sqlmap# python sqlmap.py -u http://ap-iti.academic-portal.net//catalog.php?id=129 --dbs

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 22:52:23

[22:52:23] [INFO] using '/pentest/database/sqlmap/output/ap-iti.academic-portal.net/session' as session file
[22:52:29] [INFO] testing connection to the target url
[22:52:29] [CRITICAL] page not found (404)
[22:52:29] [WARNING] HTTP error codes detected during testing:
404 (Not Found) - 1 times

kalo keluar kaya gini maksudnya apa kk...??
maaf sebelumya maklum pengguna baru...


RE: SQLi Sqlmap.py - Junior Riau - 10-12-2011

(10-12-2011, 12:00 AM)rajatega Wrote: root@bt:/pentest/database/sqlmap# python sqlmap.py -u http://ap-iti.academic-portal.net//catalog.php?id=129 --dbs

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 22:52:23

[22:52:23] [INFO] using '/pentest/database/sqlmap/output/ap-iti.academic-portal.net/session' as session file
[22:52:29] [INFO] testing connection to the target url
[22:52:29] [CRITICAL] page not found (404)
[22:52:29] [WARNING] HTTP error codes detected during testing:
404 (Not Found) - 1 times

kalo keluar kaya gini maksudnya apa kk...??
maaf sebelumya maklum pengguna baru...

itu ada error 404 ==>> berarti page not found katanya alias g ketemu halam dari link tersebut,, boleh ijin ane tes inject?

perhatikan link url nya,, ada double "/" sebelum catalog.php


RE: SQLi Sqlmap.py - betefive - 10-12-2011

om... tanya satu donk.. target apakah harus berdomain .net, .com, .co.id, atau domain yg biasa kita temukan secara umum ya? kalo misalnya domain nya .ac.id bisa ga ya?




RE: SQLi Sqlmap.py - THJC - 10-12-2011

Domain secara umum om..
karena dia scan php/bug2nya..


RE: SQLi Sqlmap.py - cassaprodigy - 10-12-2011

(09-04-2011, 03:36 PM)andriestifler Wrote: mau tanya mas

misal ini
http://forum.id-backtrack.com/showthread.php?tid=713&page=2

kan sqli mesti kudu ada "=2" yaa?

dan untuk cek ada bugs apa tidak tinggal ditambah (') tanpa tanda kurung.

nah kalo kagak ada gmn mas?

klo gk ada berarti gk vulrn situsnya bro terhadap sql injection .. tapi banyak cara menuju roma

(09-08-2011, 09:44 PM)koecroet Wrote: om kalo udah dapet trus cara masuknya gimana ya?

liat komen di bwah ente .. tinggal nyari login admin tuh Tongue