[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] MySQL.com Vulnerable To Blind SQL Injection Vulnerability
- To: Cal Leeming <cal@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-disclosure] MySQL.com Vulnerable To Blind SQL Injection Vulnerability
- From: Guilherme Scombatti <guiscombatti@xxxxxxxxx>
- Date: Sun, 27 Mar 2011 18:41:55 -0300
pangolin or havij?
lol
On Sun, Mar 27, 2011 at 8:54 AM, Cal Leeming <cal@xxxxxxxxxxxxxxxx> wrote:
> lmao.
>
> Was this accomplished using standard pattern from sqlmap, or did you make
> your own?
>
> On Sun, Mar 27, 2011 at 6:46 AM, Jack haxor <jackh4xor@xxxxxxxxxxx> wrote:
>
>>
>>
>> ---------------------------------------------------------------------------------------
>> [+] MySQL.com Vulnerable To Blind SQL Injection vulnerability
>> [+] Author: Jackh4xor @ w4ck1ng
>> [+] Site: http://www.jackh4xor.com
>>
>> ---------------------------------------------------------------------------------------
>>
>> About MySQL.com :
>>
>> --------------------------------------------------------------------------------------------------------------------
>>
>> The Mysql website offers database software, services and support for your
>> business, including the Enterprise server, the Network monitoring and
>> advisory services and the production support. The wide range of products
>> include: Mysql clusters, embedded database, drivers for JDBC, ODBC and Net,
>> visual database tools (query browser, migration toolkit) and last but not
>> least the MaxDB- the open source database certified for SAP/R3. The Mysql
>> services are also made available for you. Choose among the Mysql training
>> for database solutions, Mysql certification for the Developers and DBAs,
>> Mysql consulting and support. It makes no difference if you are new in the
>> database technology or a skilled developer of DBA, Mysql proposes services
>> of all sorts for their customers.
>>
>> --------------------------------------------------------------------------------------------------------------------
>>
>>
>>
>> Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170
>> Host IP : 213.136.52.29
>> Web Server : Apache/2.2.15 (Fedora)
>> Powered-by : PHP/5.2.13
>> Injection Type : MySQL Blind
>> Current DB : web
>>
>> Data Bases:
>>
>> information_schema
>> bk
>> certification
>> c?ashme
>> cust_sync_interim
>> customer
>> dbasavings
>> downloads
>> feedback
>> glassfish_interface
>> intranet
>> kaj
>> license_customers
>> manual
>> manual_search
>> mem
>> mysql
>> mysqlforge
>> mysqlweb
>> news_events
>> partner_t?aining
>> partners
>> partners_bak
>> phorum5
>> planetmysql
>> qa_contribution
>> quickpoll
>> robin
>> rp
>> sampo
>> sampo_interface
>> sessions
>> softrax
>> softrax_interim
>> solutions
>> tco
>> test
>> track
>> track_refer
>> wb
>> web
>> web_control
>> web_projects
>> web_training
>> webwiki
>> wordpress
>> zack
>>
>> Current DB: web
>>
>> Tables
>>
>> xing_validation
>> v_web_submissions
>> userbk
>> user_extra
>>
>> user Columns: cwpid version lead_quality sfid industry address2 created
>> last_modified lang notify newsletter gid title fax cell phone country
>> zipcode state city address business company position lastname firstname
>> passwd verified bounces email user_id
>>
>> us_zip_state
>> us_area_state
>> unsub_log
>> trials
>> trial_external_log
>> trial_data
>> trial_alias
>> training_redirect
>> tag_blacklist
>> tag_applied
>> tag
>> support_feeds_DROP
>> support_entries_DROP
>> states
>> snapshots_builds
>> snapshots
>> sakilapoints
>> regions
>> quote_customer
>> quote
>> quicklinks
>> promo
>> product_releases
>> position
>> partner
>> paper_lead
>> paper_details_options
>> paper_details_old
>> paper_details
>> paper
>> newsletter_unsub
>> nav_sites
>> nav_items
>> mysql_history
>> mirror_status
>> mirror_country
>> mirror_continent
>> mirror
>> mailing_list_member
>> mailing_list
>> locks
>> lead_validity_rules
>> lead_source_xref
>> lead_source_external
>> lead_source
>> lead_routing_rule
>> lead_rep
>> lead_old
>> lead_note
>> lead_extra_old
>> lead_extra_new
>> lead_extra
>> lead_companies
>> lead_campaign_member
>> lead
>> language_strings
>> language_modules
>> imagecache
>> hall_of_fame
>> g_search_term
>> g_search_data
>> g_blog_data
>> forum_comment
>> forms
>> field_xref
>> field_options
>> field_match
>> email_blacklist
>> email_a_friend
>> drpl_manual_review
>> drpl_denied
>> drpl_check_log
>> drpl_cache
>> customer_meta_sets
>> customer_meta_set
>> customer_meta
>> customer
>> coupon_product
>> coupon_campaign_attribute
>> coupon_campaign
>> coupon
>> country
>> countries
>> campaign_type
>> campaign_topic
>> campaign_score
>> campaign_listdata
>> campaign_detail
>> business
>> bounces
>>
>> Database : mysql
>> Table:
>>
>> user_info
>>
>> user Column: Update_pri Insert_priv Select_priv Password User Host
>>
>> time_zone_transition_type
>> time_zone_transition
>> time_zone_name
>> time_zone_leap_second
>> time_zone
>> tables_priv
>> slow_log
>> ?ervers
>> procs_priv
>> proc
>> plugin
>> ndb_binlog_index
>> inventory
>> host
>> help_topic
>> help_relation
>> help_keyword
>> help_category
>> general_log
>> func
>> event
>> db
>> columns_priv
>>
>>
>> # mysql.user Data
>>
>> Password User Host
>> wembaster %
>> monitor 10.%
>> sys %
>> sys localhost
>> *06581D0A5474DFF4D5DA3CE0CD7702FA52601412 forumread %
>> *0702AEBF8E92A002E95D40247776E1A67CD2CA3F wb %
>> *2A57F767D29295B3CB8D01C760D9939649483F85 flipper 10.%
>> *32F623705BFFFE682E7BD18D5357B38EF8A5BAA9 wordpress %
>> *66A905D4110DF14B41D585FDBCE0666AD13DD8C1 nagios %
>> *704EB56151317F27573BB4DDA98EDF00FFABAAF8 root localhost
>> *ED1BDC19B08FD41017EE180169E5CEB2C77F941A mysqlforge %
>> *FD75B177FFEC3590FE5D7E8459B3DDC60AE8147B webleads 10.%
>> 00680dd718880337 olof %
>> 077f61a849269b62 qa_r %
>> 077f61a849269b62 qa_rw %
>> 077f61a849269b62 qa_adm %
>> 0c2f46ba6b87d4ea trials_admin 10.%
>> 1856b9b03b5a6f47 cacti %
>> 19519e95545509b5 certification %
>> 1a39dcad63bbc7a6 gf_mschiff %
>> 2277fd7d562ec459 webslave localhost
>> 2277fd7d562ec459 webslave %
>> 304404b114b5516c planetmysql_rw %
>> 35e376451a87adb0 planetmysql_ro %
>> 4e203d581b756a93 webmaster localhost
>> 4e203d581b756a93 webmaster %
>> 4e93479179a8ec93 sysadm %
>> 575ec47e16c7e20e phorum5 %
>> 575ec47e16c7e20e lenz %
>> 5f340ec40a706f64 robin %
>> 61113da02d2c97a5 regdata %
>> 616075f256f111ba myadmin 10.100.6.44
>> 61711eea3de509ac merlin 127.0.0.1
>> 6302de0909a369a1 ebraswell %
>> 6b72b2824cc7f6fe mysqlweb %
>> 6ffd2b17498cdd44 zack %
>> 70599cf351c6f591 repl %
>> 740284817e3ed5a8 webwiki %
>> 74c5529b41a97cc2 web_projects
>>
>> Databsae: web_control
>>
>> Table:
>> system
>> system_command
>> service_request
>> run_control
>> request_daemon
>> rebuild_server
>> rebuild_queue
>> rebuild_control
>> quarterly_lead_report
>> newsletter_log
>> newsletter_control
>> ips
>> hosts Columns:notes description name
>> dns_servers Columns: name internal ip
>>
>>
>> Database: certification
>>
>> Tables:
>> signup
>> corpcustomers
>> certexamdata
>> certcandidatedata
>> certaccess
>>
>>
>> Database: wordpress
>>
>> Tables:
>>
>> wp_4_term_taxonom
>> wp_4_term_relationships
>> wp_4_posts
>> wp_4_postmeta
>> wp_4_options
>> wp_4_links
>> wp_4_comments
>> wp_3_terms
>> wp_3_term_taxonomy
>> wp_3_term_relationships
>> wp_3_posts
>> wp_3_postmeta
>> wp_3_options
>> wp_3_links
>> wp_3_comments
>> wp_2_terms
>> wp_2_term_taxonomy
>> wp_2_term_relationships
>> wp_2_posts
>> wp_2_postmeta
>> wp_2_options
>> wp_2_links
>> wp_2_comments
>> wp_1_terms
>> wp_1_term_taxonomy
>> wp_1_term_relationships
>> wp_1_posts
>> wp_1_postmeta
>> wp_1_options
>> wp_1_links
>> wp_1_comments
>> wp_11_terms
>> wp_11_term_taxonomy
>> wp_11_term_relationships
>> wp_11_posts
>> wp_11_postmeta
>> wp_11_options
>> wp_11_links
>> wp_11_comments
>> wp_10_terms
>> wp_10_term_taxonomy
>> wp_10_term_relationships
>> wp_10_posts
>> wp_10_postmeta
>> wp_10_options
>> wp_10_links
>> wp_10_comments
>> remove_queries
>>
>>
>>
>> Database: bk
>>
>> Table:
>> wp_backupterm_taxonomy
>> wp_backupterm_relationships
>> wp_backupposts
>> wp_backuppostmeta
>> wp_backupoptions
>> wp_backuplinks
>> wp_backupcomments
>>
>>
>>
>> -----------------------------------------------------------------------------------
>> Signed : Jackh4xor ! [image: Smile]
>>
>> Greetz : rooto, Mr.52, zone-hacker, w4ck1ng
>>
>> (In)Security
>>
>> -------------------------------------------------------------------------------------
>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/