Simak baik - baik.
1. Silahkan buka tools Havij anda, jika belum punya bisa di download Havij versi 1.15 Free disini
2. Masukkan link target ke kolom target lalu klik "Analyze"
NB : Masukkan bagian url yang berakhiran id=angka untuk di inject, bukan indexnya
Contoh : www.site.com/index.asp?id=123 seperti contoh yang ada di havijnya
3. Di bagian bawah, proses scan akan berjalan untuk mencari databasenya. Selama proses scanning, Havij akan berstatus Analyzing Target. Jika proses scan selesai, Havij akan berstatus I'm IDLE.
4. Jika Havij sudah berstatus I'm IDLE tekan tables, setelah itu klik "Get DBs"
5. Tunggu prosesnya, jika sudah silahkan anda klik "Get Tables"
6. Nah disitu nanti akan ada beberapa table, coba anda tebak ada dimana letak admin dan passwordnya, jika anda sudah merasa menemukannya anda centang lalu klik "Get Column"
7. Jika sudah nanti anda akan menemukan data yang anda cari seperti username dan password. Anda centang keduanya lalu klik "Get Data" untuk melihat username dan passwordnya
9. Dan kini anda sudah masuk ke admin panel web target tersebut ^_^
DAN BERIKUT INI KUMPULAN KUMPULAN WEBSITE YANG insaalloh VULN TERHADAP HAVIJ
http://www.georgiaquickstart.org/features.php?featureID=b6149f5f5159a4e2d6a90db90e9ff631'
http://www.killerreviews.com/dispfeature.php?featureid=1195'
http://www.developer.am/php/smarty/?page=smarty-template-resources'
http://www.destinationcumbria.co.uk/airactivity.cfm?id=6'
http://hackerhavenforum.com/showthread.php?tid=635'
http://www.wildflowersmich.org/index.php?menu=11'
http://www.tfm.co.jp/ka/index.php?blogid=2012-11&archive=Array&page=2'
http://www.sqebd.com/vb/showthread.php?t=5137'
http://ashiyane.org/forums/showthread.php?t=39272&page=3'
http://www.aor.ca/html/products.php?id=80'
http://www.mtiadventurewear.com/products.php?id=7'
http://www.kevinmurphy.com.au/products/newstuff_productdetail.php?id=143'
http://www.bcspeakers.com/page.php?id=13'
http://www.hotm-il.com/vb/showthread.php?t=11427'
http://www.bbhcsd.org/index.php?site=ms'
http://www.civiced.org/index.php?page=middle_school'
http://www.hispanicheritage.org/youth_int.php?sec=193'
http://www.markfickett.com/stuff/artPage.php?id=371'
http://cathedralhillpress.com/book.php?id=1'
http://zenunderwater.com/products.php?prodID=4'
http://www.nichegardens.com/catalog/item.php?id=1911'
http://www.nethistoria.com.br/index.php?secao=conteudo.php&sc=2&id=1098'
http://www.aprelium.com/forum/viewtopic.php?t=12748'
http://www.irwinhunter.com.au/products.php?prodid=45'
http://www.simkits.com/product.php?prodid=614'
http://docs.dhtmlx.com/doku.php?id=dhtmlxgrid%3Astep_3_loading_data_server_side_support_for_smart_rendering'
http://rebuildingtogetherhouston.org/estore/product.php?productid=16134&cat=248&page=1'
http://www.maverickentertainment.cc/films.php?CategoryID=9'
http://www.rustytinroof.com/category.php?CategoryID=838'
http://www.rockettheme.com/forum/index.php?f=612&t=163069&rb_v=viewtopic'
http://www.drbaran.org/?p=1148'
http://www.aljyyosh.com/vb/showthread.php?t=17432'
http://www.essentialirish.com/product.php?intProductID=238'
http://www.karltoomey.com/product.php?intProductID=77'
http://www.bbhcsd.org/index.php?site=ms'
http://www.civiced.org/index.php?page=middle_school'
http://hackerhavenforum.com/showthread.php?tid=635'
http://www.bigrivergrille.com/index.php?pg=location&sub=loc&location_id=22'
http://www.jaypark.com/bbs/board.php?tbl=e_notice&mode=VIEW&num=13&chr=eng&category&findType&findWord&sort1&sort2&page=2'
http://jaypark.com/bbs/board.php?tbl=e_notice&mode=VIEW&num=25&chr=eng&category&findType&findWord&sort1&sort2&page=1'
http://www.elmmotors.ie/car-details.php?ID=10'
http://www.kreinik.com/kshop/product.php?productid=111'
http://www.ivc-ev.de/live/index.php?page_id=92'
http://hackerhavenforum.com/showthread.php?tid=635'
http://silverspoonva.com/index2.php?v=v1'
http://www.crisiswear.com/index2.php?v=v1'
http://www.peakartandframe.com/index2.php?v=v1'
http://crowerrart.com/index2.php?v=v1'
http://www.markkano.com/index2.php?v=v1'
http://joshvietti.com/index2.php?v=v1'
http://www.michaelboard.com/index2.php?v=v1'
http://widynphotography.com/index2.php?v=v1'
http://freshfromthekitchenllc.com/index2.php?v=v1'
http://www.mavsports.com/event.php?catid=1'
http://www.ohiodar.org/c/index.php?cid=4058'
http://hackerhavenforum.com/showthread.php?tid=635'
http://www.witchcraft.nu/newsitem.php?id=330'
http://www.hotm-il.com/vb/showthread.php?t=11427'
http://www.v4-team.com/cc/showthread.php?t=7137'
http://hackerhavenforum.com/showthread.php?tid=635'
http://www.sqebd.com/vb/showthread.php?t=5137'
http://www.smarty.net/forums/viewtopic.php?t=171'
http://www.jamesfennell.com/gallery.php?id=5'
http://ashiyane.org/forums/showthread.php?t=39272&page=3'
http://www.drbaran.org/?p=1148'
http://www.sy-team.com/cc/showthread.php?t=300'
http://www.hotm-il.com/vb/showthread.php?t=11427'
http://www.b4kurd.net/vb/showthread.php?t=1945
Tidak ada komentar:
Posting Komentar