1. ##################################### HACKED BY TEAM T!g3R #################################
  2. REGITRAR GENERAL'S DEPARTMENT, GOVT OF SRILANKA
  3. MEMBERS : w3bd3f4c3r, n3ll@!s4mur@!, !nd!@nRuBuk, r00t, burn3r.
  4. WEBSITE : http://www.rgd.gov.lk/
  5. VULNERABLE : SQLi
  6. VULNERABLE LINK HIDDEN
  7. ######################################## PROOFS ############################################
  8.  
  9. PROOF THAT TABLES ACCESSED : http://i56.tinypic.com/2nv8rnp.png
  10. PROOF THAT USERS ACCESSED : http://i53.tinypic.com/xmvhxl.png
  11.  
  12.  
  13. #####################################SERVER DETAILS########################################
  14.  
  15.  
  16. Target: http://www.rgd.gov.lk/
  17. Host IP: 220.247.225.200
  18. Web Server: Apache/2.2.3 (Red Hat)
  19. Powered-by: PHP/5.2.10
  20. DB Server: MySQL >=5
  21. Resp. Time(avg): 1324 ms
  22. Current User: rgd_dbuser@localhost
  23. Sql Version: 5.0.77
  24. Current DB: rgdgov_rgdcms
  25. System User: rgd_dbuser@localhost
  26. Host Name: singhaya2.lk
  27. Installation dir: /usr/
  28. DB User: 'rgd_dbuser'@'localhost'
  29.  
  30. ################################## DATABASE NAMES ########################################
  31.  
  32. Data Bases: information_schema
  33. rgdgov_rgdcms
  34. rgdgov_search
  35. test
  36. test_db
  37.  
  38. ############################ TABLES NAMES OF DB rgdgov_rgdcms ###########################
  39.  
  40.  
  41. snippet_sin
  42. snippet_eng
  43. sinnews
  44. projects_history_sin
  45. projects_history
  46. newssin
  47. news
  48. lastupdate
  49. faqquestionssin
  50. faqquestions
  51. faqanswersin
  52. faqanswer
  53. engnews
  54. editdatasin
  55. editdataeng
  56. downloadsin
  57. download
  58. currentprojectssin
  59. currentprojects
  60. authteam
  61.  
  62. ############################# USER DETAILS OF DB rgdgov_rgdcms ###########################
  63.  
  64.  
  65. Data Found: id=1
  66. Data Found: uName=admin
  67. Data Found: pWord=admin123
  68. Data Found: uLevel=1
  69. Data Found: name=Main Administrator
  70.  
  71. Data Found: id=2
  72. Data Found: uName=englishadmin
  73. Data Found: pWord=admin123
  74. Data Found: uLevel=2
  75. Data Found: name=English Administrator
  76.  
  77. Data Found: id=3
  78. Data Found: uName=sinhalaadmin
  79. Data Found: pWord=admin123
  80. Data Found: uLevel=3
  81. Data Found: name=Sinhala Administrator
  82.  
  83. Data Found: id=4
  84. Data Found: uName=superadmin
  85. Data Found: pWord=rgadminsup
  86. Data Found: uLevel=1
  87. Data Found: name=Super Administrator
  88.  
  89. ################################# TABLES OF DB rgdgov_search #############################
  90.  
  91. temp
  92. sites
  93. site_category
  94. query_log
  95. pending
  96. links
  97. link_keyword
  98. keywords
  99. categories
  100. ########################### HACKED BY TEAM T!g3R #####################################