Saat melakukan Injection pada target maka sering kita temui pesan-pesan error, dari pesan-pesan inilah yang nantinya menuntun kita lebih jauh meng explorasi si target nantinya.
berikut kategori database berdasarkan pesan error yang disampaikan.
Pesan Error MySQL
pesan ini ciri-cirinya mengandung kata mysql_result()
Warning: mysql_result() [function.mysql-result]: Unable to jump to row 0 on MySQL result index 4 in /mnt/web1/21/26/51171226/htdocs/Afrika/AnbieterEng.php on line 15
Sample : http://www.africa-travel-service.com/AnbieterEng.php?ID=4173&Land=SouthAfrica'
[You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''6822''' at line 1
/emails/index.asp, line 27
Sample : http://www.chilliwebsites.com/emails/index.asp?siteid=92&id=6822'
Pesan Error Microsoft Access
pesan ini ciri-cirinya mengandung kata [Microsoft][ODBC Microsoft Access Driver]
Error Diagnostic Information
ODBC Error Code = 37000 (Syntax error or access violation)
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'ID ='.
Sample : http://www.taravanayachtclub.com/yachtClub.cfm?action=photoGallery&sub=photo&id=15'
Pesan Error Jet Database
pesan ini ciri-cirinya mengandung kata Microsoft JET Database Engine
Microsoft JET Database Engine error '80040e10'
No value given for one or more required parameters.
/clients/vns/directory/business.asp, line 36
Sample : http://www.sepiasolutions.com/clients/vns/directory/business.asp?lang=Viet&ID=bbgrqzhy
Pesan Error MSSQL
pesan ini ciri-cirinya mengandung kata [Microsoft][ODBC SQL Server Driver]
Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC SQL Server Driver][SQL Server]Unclosed quotation mark before the
character string ''.
/news.asp, line 52
Pesan Error PosgreSQL
pesan ini ciri-cirinya mengandung kata pg_exec, pg_data pg_something
Warning: pg_exec() [function.pg-exec]: Query failed: ERREUR: entr?e manquante de la clause FROM pour la table > LINE 1: ... fjoint_fjoint AS fj FROM fjoint, fjointart WHERE fjointdos.... ^ in /web/wwwasts/www/smarty_commun/inc/navig_smarty.php on line 40
Sample : http://asts.asso.fr/site/dos.php?id=75'
Pesan Error Oracle
pesan ini ciri-cirinya mengandung kata [ ORA- ]
Warning: ociparse(): OCIParse: ORA-01756: quoted string not properly terminated in /home/www/html/inn/noticias/_index.php on line 5
Sample : http://www3.inn.cl/noticias/index.php?id=2372'
Setelah mengetahui pesan error si target, maka langkah berikutnya ada ditangan anda. menggunakan teknik apa yang tepat untuk mengeksplorasi si target.
Ref.:
- uncle google
- devilzcode
0 komentar:
Posting Komentar