Page 1 of 1

[ask] sql injection method post

PostPosted: Tue Dec 22, 2015 12:01 am
by mafia46
malem gan,

gan ane mau nanya tentang sql injection pake method post, misal kita nemu form login yang vulnerable sql injection.
form login tsb bisa kita bypass login nya.
trus kita mau load file pake form html yg kita bikin, misal gini :

<form action="http://target.com/apps/history_page/history/getDataHistoryid" method="post">
Exploit : <input type="text" name="no_id">
<input type="submit">
</form>

pertanyaan ane, kalo misal kita mau load_file semacam password db misalnya dari form yg kita bikin tadi, sedangkan kita gak tau kolomnya itu gimana query nya ya gan.

apa bisa langsung pake union select gitu ??

terima kasih.