[Tutorial] SQLi for dummies

Forum untuk membahas semua tentang web hacking mulai dari footprint, scanning, gain access, escalate previlege, exploit,cover track, backdoors sampai mengamankan web

Moderators: Paman, Xshadow, indounderground, NeOS-01

Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
User avatar
exops
Posts: 106
Joined: Sat Mar 07, 2009 1:03 pm
Location: Djogja
Contact:

Re: [Tutorial] SQLi for dummies

Post by exops » Tue Jun 30, 2009 9:19 am

Xshadow wrote: @exops
dah ada dalam packet sob :)
sory brow, no 4 bacanya ga teliti nih.. :)

file dah didownload & dah sempet dicoba pake WAMP
sekalian mo sharing nih..

spy ga terlalu ribet, di file SQL aku tambahin

Code: Select all

CREATE DATABASE IF NOT EXISTS XCODE;
USE XCODE;
jd tinggal import doank, database & tabel nya lgs kebentuk
oki_machine wrote:kak aqu mw nanya nih
aqukan pke wamp server yg apachenya versi 2.2.11 dan mysql nya versi 5.1.33 trus folder htdocsnya bkan di c:\program file\htdocs tpi di C:\wamp\bin\apache\Apache2.2.11\htdocs
utk folder 1 itu, naruhnya bukan di folder wamp\bin\apache\Apache2.2.11\htdocs,
tp di folder wamp\www

cara aksesnya :
bisa pake : http://127.0.0.1/1/
ato http://localhost/1/

yg jd pertanyaan :
waktu diklik Go!
munculnya :
hostname,$con->username,$con->password); $strSql = "SELECT events_name,events_long_description FROM `ms_events` WHERE events_id=".$_GET["id"]." AND status=1;"; $rs2=$rs->CreateResultSet($strSql,$con->databasename); while($row = $rs2->getRow()) { ?>

knp ya ? :roll:
Semakin banyak memberi, semakin banyak menerima
Image
http://exops.info

User avatar
Xshadow
Posts: 482
Joined: Thu May 31, 2007 8:01 pm
Location: http://captureflags.com
Contact:

Re: [Tutorial] SQLi for dummies

Post by Xshadow » Tue Jun 30, 2009 3:39 pm

abdurrm wrote:tutorial nya pake ini:
http://www.xcode.or.id/forum2/viewtopic ... 99&t=35297
kalo mau yang sebenarnya coba:
http://www.excellentdevelopment.com/ (g ada password nya, cuma buat latihan)

Semoga membantu.
@moderator, tolong ingatkan kalo ada yang salah
tutorialnya juga bener... atau download saja yf magazine nomer 12 ada gambarnya juga soalnya
kalo mau yang sebenernya ditahan dolo... ini bahas yang localhost.. ok... jadi gak usah muluk2... pesan error dbs aja mungkin ente juga gak hapal :lol: mari kita belajar di local dolo :D
exops wrote:
Xshadow wrote: @exops
yg jd pertanyaan :
waktu diklik Go!
munculnya :
hostname,$con->username,$con->password); $strSql = "SELECT events_name,events_long_description FROM `ms_events` WHERE events_id=".$_GET["id"]." AND status=1;"; $rs2=$rs->CreateResultSet($strSql,$con->databasename); while($row = $rs2->getRow()) { ?>

knp ya ? :roll:
ente kurang teliti lagi mungkin sob... apa phpmyadmin ente dikasih password?
lagian itu bukan pesan error... module ini sudah saya tes berkali2 di komputer winsvck and linux...
[X]perimental [S]ynthetic [H]umanoid [A]ssembled for [D]estruction and [O]nline [W]arfare

User avatar
exops
Posts: 106
Joined: Sat Mar 07, 2009 1:03 pm
Location: Djogja
Contact:

Re: [Tutorial] SQLi for dummies

Post by exops » Tue Jun 30, 2009 4:17 pm

Xshadow wrote: ente kurang teliti lagi mungkin sob... apa phpmyadmin ente dikasih password?
ga ada passwordnya bos..

tp dah ketahuan kok masalahnya :mrgreen:

Code: Select all

<?
diganti dengan

Code: Select all

<?php
TQ..
Semakin banyak memberi, semakin banyak menerima
Image
http://exops.info

User avatar
Xshadow
Posts: 482
Joined: Thu May 31, 2007 8:01 pm
Location: http://captureflags.com
Contact:

Re: [Tutorial] SQLi for dummies

Post by Xshadow » Tue Jun 30, 2009 6:51 pm

exops wrote:
Xshadow wrote: ente kurang teliti lagi mungkin sob... apa phpmyadmin ente dikasih password?
ga ada passwordnya bos..

tp dah ketahuan kok masalahnya :mrgreen:

Code: Select all

<?
diganti dengan

Code: Select all

<?php
TQ..
sepertinya sama dech
<? = <?php
:roll:
[X]perimental [S]ynthetic [H]umanoid [A]ssembled for [D]estruction and [O]nline [W]arfare

User avatar
abit doang
Posts: 212
Joined: Wed Mar 19, 2008 3:51 pm
Location: cd ../
Contact:

Re: [Tutorial] SQLi for dummies

Post by abit doang » Wed Jul 01, 2009 6:03 am

Cuma pendapat..
Xamp & wamp emang sering bermasalah, mending pake paket AppServ...
Trus, masalah <? Atau <?php, memang pada bebrapa home server berpengaruh... Klo pengen aman, ya pake <?php...

[semua cuma pengalaman Q loh... boleh d apus.. Tapi jangan d bann..]
Yaa ALLAH, kayakanlah kami semua, agar kami dapat berbagi lebih banyak lagi :)
dan berilah kepada kami, jodoh yg terbaik dari sisiMU.
aamiin.. :D

http://abid912.wordpress.com/
http://maniak-online.blogspot.com/

aa_ezha
Posts: 66
Joined: Fri May 23, 2008 10:25 pm
Location: Tangerang - Palembang
Contact:

Re: [Tutorial] SQLi for dummies

Post by aa_ezha » Thu Jul 02, 2009 2:07 pm

Xshadow wrote:
exops wrote:
Xshadow wrote: ente kurang teliti lagi mungkin sob... apa phpmyadmin ente dikasih password?
ga ada passwordnya bos..

tp dah ketahuan kok masalahnya :mrgreen:

Code: Select all

<?
diganti dengan

Code: Select all

<?php
TQ..
sepertinya sama dech
<? = <?php
:roll:
biasanya seh..
klo yang <?php
itu untuk syntax paling awal tuk file yang berekstensikan *.php

tapi klo <? doang..
biasanya disisipin di file *.html atau lainnya.. :D
FOLLOW THE RULES OR RULES WILL HOLLOW YOU
Image

User avatar
shad.hckr
Posts: 555
Joined: Mon Sep 29, 2008 4:48 am
Location: /home/sh4dhckr
Contact:

Re: [Tutorial] SQLi for dummies

Post by shad.hckr » Sat Jul 04, 2009 6:26 am

@atas
simbol <? atau <?php itu kalo mau bisa di eksekusi harus disimpan di file *.php kalo yang lain tar ga berfungsi. dianggapnya cuman text biasa.
maaf itu koment dari newbie.. brgkali salah tolong dibenerin.. :">

chi_writer
Posts: 2
Joined: Fri Jan 30, 2009 3:24 pm

Re: [Tutorial] SQLi for dummies

Post by chi_writer » Mon Jul 06, 2009 3:32 am

kalo dibikin online bisa gak yah?
soalnya ane nyoba bikin online di [url]http://chi_writer.0fees.net[/url]

User avatar
Free
Posts: 14
Joined: Wed Nov 12, 2008 2:52 pm
Contact:

Re: [Tutorial] SQLi for dummies

Post by Free » Sun Jul 26, 2009 5:55 pm

mas kmaren xampp ku aku kasih pass
trus muncul gni setalh di go

Code: Select all

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'root'@'localhost' (using password: NO) in C:\Program Files\xampp\htdocs\1\Config\MySqlConnection.php on line 15
Access denied for user 'root'@'localhost' (using password: NO) Error no:1045
gmana neh ?

User avatar
Xshadow
Posts: 482
Joined: Thu May 31, 2007 8:01 pm
Location: http://captureflags.com
Contact:

Re: [Tutorial] SQLi for dummies

Post by Xshadow » Tue Jul 28, 2009 2:21 am

Free wrote:mas kmaren xampp ku aku kasih pass
trus muncul gni setalh di go

Code: Select all

Warning: mysql_connect() [function.mysql-connect]: Access denied for user 'root'@'localhost' (using password: NO) in C:\Program Files\xampp\htdocs\1\Config\MySqlConnection.php on line 15
Access denied for user 'root'@'localhost' (using password: NO) Error no:1045
gmana neh ?
bro... coba setting ulang MySqlConnection.php
mungkin dia butuh password :)
[X]perimental [S]ynthetic [H]umanoid [A]ssembled for [D]estruction and [O]nline [W]arfare

Post Reply

Return to “Web Hacking”