Difference between revisions of "DVWA: Check SQLi vulnerability"

From OnnoWiki
Jump to navigation Jump to search
 
Line 18: Line 18:
  
 
snort rules untuk mendeteksi
 
snort rules untuk mendeteksi
 +
 +
alert tcp any any -> 192.168.0.100 80 (msg:"0'='0"; content:"0%27%3D%270"; nocase; classtype:web-application-attack; sid:1000023;)
 +
alert tcp any any -> 192.168.0.100 80 (msg:"1'='1"; content:"1%27%3D%271"; nocase; classtype:web-application-attack; sid:1000024;)
 +
alert tcp any any -> 192.168.0.100 80 (msg:"2'='2"; content:"2%27%3D%272"; nocase; classtype:web-application-attack; sid:1000025;)
 +
alert tcp any any -> 192.168.0.100 80 (msg:"3'='3"; content:"3%27%3D%273"; nocase; classtype:web-application-attack; sid:1000026;)
 +
alert tcp any any -> 192.168.0.100 80 (msg:"4'='4"; content:"4%27%3D%274"; nocase; classtype:web-application-attack; sid:1000027;)
 +
alert tcp any any -> 192.168.0.100 80 (msg:"5'='5"; content:"5%27%3D%275"; nocase; classtype:web-application-attack; sid:1000028;)
 +
alert tcp any any -> 192.168.0.100 80 (msg:"6'='6"; content:"6%27%3D%276"; nocase; classtype:web-application-attack; sid:1000029;)
 +
alert tcp any any -> 192.168.0.100 80 (msg:"7'='7"; content:"7%27%3D%277"; nocase; classtype:web-application-attack; sid:1000030;)
 +
alert tcp any any -> 192.168.0.100 80 (msg:"8'='8"; content:"8%27%3D%278"; nocase; classtype:web-application-attack; sid:1000031;)
 +
alert tcp any any -> 192.168.0.100 80 (msg:"9'='9"; content:"9%27%3D%279"; nocase; classtype:web-application-attack; sid:1000032;)

Latest revision as of 20:55, 31 March 2017

Berikut ini kita akan menggunakan DVWA SQLi. Siapkan DVWA:

Untuk mencek SQLi vulnerability, seorang hacking kadang menyelipkan perintah berikut.

1' or '0'='0
1' or '1'='1
1' or '2'='2
1' or '3'='3
1' or '4'='4
%' or '0'='0


Deteksi SNORT

snort rules untuk mendeteksi

alert tcp any any -> 192.168.0.100 80 (msg:"0'='0"; content:"0%27%3D%270"; nocase; classtype:web-application-attack; sid:1000023;)
alert tcp any any -> 192.168.0.100 80 (msg:"1'='1"; content:"1%27%3D%271"; nocase; classtype:web-application-attack; sid:1000024;)
alert tcp any any -> 192.168.0.100 80 (msg:"2'='2"; content:"2%27%3D%272"; nocase; classtype:web-application-attack; sid:1000025;)
alert tcp any any -> 192.168.0.100 80 (msg:"3'='3"; content:"3%27%3D%273"; nocase; classtype:web-application-attack; sid:1000026;)
alert tcp any any -> 192.168.0.100 80 (msg:"4'='4"; content:"4%27%3D%274"; nocase; classtype:web-application-attack; sid:1000027;)
alert tcp any any -> 192.168.0.100 80 (msg:"5'='5"; content:"5%27%3D%275"; nocase; classtype:web-application-attack; sid:1000028;)
alert tcp any any -> 192.168.0.100 80 (msg:"6'='6"; content:"6%27%3D%276"; nocase; classtype:web-application-attack; sid:1000029;)
alert tcp any any -> 192.168.0.100 80 (msg:"7'='7"; content:"7%27%3D%277"; nocase; classtype:web-application-attack; sid:1000030;)
alert tcp any any -> 192.168.0.100 80 (msg:"8'='8"; content:"8%27%3D%278"; nocase; classtype:web-application-attack; sid:1000031;)
alert tcp any any -> 192.168.0.100 80 (msg:"9'='9"; content:"9%27%3D%279"; nocase; classtype:web-application-attack; sid:1000032;)