Difference between revisions of "Cyber Security: target SQL Injection Sederhana"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) (Created page with "Berikut ini adalah contoh '''file PHP sederhana''' untuk *testing* SQLMap. File ini memiliki '''form login''' palsu dengan '''kerentanan SQL Injection''' pada parameter `usern...") |
Onnowpurbo (talk | contribs) |
||
| (One intermediate revision by the same user not shown) | |||
| Line 12: | Line 12: | ||
$host = "localhost"; | $host = "localhost"; | ||
$user = "root"; | $user = "root"; | ||
| − | $pass = ""; | + | $pass = "123456"; |
$db = "sqlmap_test"; | $db = "sqlmap_test"; | ||
| Line 54: | Line 54: | ||
==Langkah Setup:== | ==Langkah Setup:== | ||
| − | + | Masuk ke mysql (asumsi password root 123456) | |
| + | |||
| + | mysql -u root -p123456 | ||
| + | |||
| + | Buat database `sqlmap_test` di MySQL: | ||
CREATE DATABASE sqlmap_test; | CREATE DATABASE sqlmap_test; | ||
| Line 67: | Line 71: | ||
INSERT INTO users (username, password) VALUES ('admin', 'admin123'); | INSERT INTO users (username, password) VALUES ('admin', 'admin123'); | ||
| − | + | Simpan file `vuln_login.php` ke dalam folder `/var/www/html/` di ubuntu 24.04 | |
| − | |||
==Pranala Menarik== | ==Pranala Menarik== | ||
* [[Cyber Security: AI]] | * [[Cyber Security: AI]] | ||
Latest revision as of 13:48, 22 April 2025
Berikut ini adalah contoh file PHP sederhana untuk *testing* SQLMap. File ini memiliki form login palsu dengan kerentanan SQL Injection pada parameter `username`, yang bisa kamu gunakan untuk percobaan dengan SQLMap.
PERINGATAN: Jangan gunakan ini di server publik. Ini hanya untuk testing secara lokal dan tujuan edukasi!
vuln_login.php
<?php
// Koneksi ke database (gunakan database lokal untuk testing)
$host = "localhost";
$user = "root";
$pass = "123456";
$db = "sqlmap_test";
$conn = mysqli_connect($host, $user, $pass, $db);
if (!$conn) {
die("Koneksi gagal: " . mysqli_connect_error());
}
if (isset($_GET['username'])) {
$username = $_GET['username'];
$password = $_GET['password'];
// VULNERABLE QUERY (raw input, tidak difilter)
$query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) > 0) {
echo "Login sukses!";
} else {
echo "Login gagal!";
}
} else {
?>
<form method="GET">
Username: <input type="text" name="username" /><br />
Password: <input type="password" name="password" /><br />
<input type="submit" value="Login" />
</form>
<?php
}
?>
SQLMap Command Contoh:
Jika file ini berjalan di `http://localhost/vuln_login.php`, kamu bisa menjalankan SQLMap:
sqlmap -u "http://localhost/vuln_login.php?username=test&password=test" --risk=3 --level=5 --dbs
Langkah Setup:
Masuk ke mysql (asumsi password root 123456)
mysql -u root -p123456
Buat database `sqlmap_test` di MySQL:
CREATE DATABASE sqlmap_test;
USE sqlmap_test;
CREATE TABLE users (
id INT AUTO_INCREMENT PRIMARY KEY,
username VARCHAR(50),
password VARCHAR(50)
);
INSERT INTO users (username, password) VALUES ('admin', 'admin123');
Simpan file `vuln_login.php` ke dalam folder `/var/www/html/` di ubuntu 24.04