What Next?

[kdzsnake]

OK so I am a little new to this, and I have used a SQL injection to this website:
http://www.swanstone.com/


After the injection I got this information:

Code: [Select]

Client    Jonathan Fore    admin@swanstone.com  User: Jonathan   Pass: ForeJune
Admin     (No Name)    (No Email)  User: admin  Pass: swan2010
Now I am stuck, I tried to enter both credentials into cpanel but it didn't work (Yes the admin menu is here: http://www.swanstone.com/cpanel/)


And Yes I am just doing this for practice I have no intention right now except to practice!

Thanks!

[Simba]

Hello.

You have extracted CMS passwords, not Cpanel. Storing cpanel password in the database does not make sense.

Keep looking for the cms , like /cms /admin and so on.

[kdzsnake]

OOk Thanks

Hello.

You have extracted CMS passwords, not Cpanel. Storing cpanel password in the database does not make sense.

Keep looking for the cms , like /cms /admin and so on.

What could be a way to find the url to the CMS login?

Staff note: edit your posts, please.

[relax]

What could be a way to find the url to the CMS login?

first dont doubel post...
2 cpanel dossent store the password in the same db as the rest of the content as far as i know for security reasons
install an addon named wappalizer its for firefox. its a easy drop down menu with information about the site cms, os, php v, webserver, analytics, framework and so on

find the cms by addon or source of page or layout.

check where the login is from cmd source.

if there is no login consider uploading a shell via sql injection