EvilZone
Hacking and Security => Hacking and Security => : kdzsnake October 03, 2012, 10:44:58 PM
-
OK so I am a little new to this, and I have used a SQL injection to this website:
http://www.swanstone.com/ (http://www.swanstone.com/)
After the injection I got this information:
Client Jonathan Fore admin@swanstone.com User: Jonathan Pass: ForeJune
Admin (No Name) (No Email) User: admin Pass: swan2010
Now I am stuck, I tried to enter both credentials into cpanel but it didn't work (Yes the admin menu is here: http://www.swanstone.com/ (http://www.swanstone.com/)cpanel/)
And Yes I am just doing this for practice I have no intention right now except to practice!
Thanks!
-
Hello.
You have extracted CMS passwords, not Cpanel. Storing cpanel password in the database does not make sense.
Keep looking for the cms , like /cms /admin and so on.
-
OOk Thanks
Hello.
You have extracted CMS passwords, not Cpanel. Storing cpanel password in the database does not make sense.
Keep looking for the cms , like /cms /admin and so on.
What could be a way to find the url to the CMS login?
Staff note: edit your posts, please.
-
What could be a way to find the url to the CMS login?
first dont doubel post...
2 cpanel dossent store the password in the same db as the rest of the content as far as i know for security reasons
install an addon named wappalizer its for firefox. its a easy drop down menu with information about the site cms, os, php v, webserver, analytics, framework and so on
find the cms by addon or source of page or layout.
check where the login is from cmd source.
if there is no login consider uploading a shell via sql injection