Sunday, February 5, 2012

TinKode-US Army full disclosure


US Army full disclosure

Posted by isrtinkode on February 19, 2010
                                                                         _
                                /\                                    (_) |
                               /  \   _ __ _ __ ___  _   _   _ __ ___  _| |
                              / /\ \ | '__| '_ ` _ \| | | | | '_ ` _ \| | |
                             / ____ \| |  | | | | | | |_| |_| | | | | | | |
                            /_/    \_\_|  |_| |_| |_|\__, (_)_| |_| |_|_|_|
                                                      __/ |
                                                     |___/
                                              #full disclosure@c0de.breaker
#Informations:
First Army was established on August 10, 1918 as a field army when sufficient American military manpower had arrived in France during World War I. As an element of the American Expeditionary Force (AEF) in the latter stages of World War I it was the first of three field armies established under the AEF. Serving in its ranks were many figures who later played important roles in World War II. First Army was inactivated in April 1919.
Few time ago I found a website vulnerable to MSSQL Injection (www.onestop.army.mil)… But today I tested another website, and in 2 minutes i found a vulnerable parameter.
Vulnerable link: www.first.army.mil
Testing:


Main Informations:
#Version: Microsoft SQL Server 2005 - 9.00.4035.00 (Intel X86) Nov 24 2008 13:01:59 Copyright (c) 1988-2005 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
#User: Vacancyuser
#Principal Database: FirstArmyVacancies
#Server Name: GIcensoredL02
#Server: Microsoft-IIS/6.0
Version:
All databases from webserver:
[1] FirstArmyVacancies
[2] master
[3] tempdb
[4] model
[5] msdb
[6] ReportServer
[7] ReportServerTempDB
[8] gis_production
[9] 1st_Army_East
[10] FirstArmy_ATLevel_Training
[11] BESMgmt3
[12] 68W
[13] FirstArmy_Common
[14] G5MOB
[15] SpotlightManagementFramework
[16] HQ_Apps
[17] SurgeonsCTT
[18] TrainingOperationsPlanner
[19] UnitMilestone
[20] WheelsUpDown
[21] GFI
[22] CommandersTrainingTool
[23] NetPerfMon
[24] fsweb
Tables from “fsweb” database:
[1] Categories
[2] BuddyList
[3] ApptTypes
[4] DistanceList
[5] AppointmentBook_Properties
[6] AppointmentBook_Locations
[7] Appointmentbook_Holidays
[8] AppointmentBook
[9] AliasChart
[10] Abreviations
[11] UserActivityLog
[12] websafeFONTS
[13] PortalPageContent
[14] ValidFileTypes
[15] VerificationQuestions
[16] websafeFontSize
[17] Ziplist
[18] TimeSchedule
[19] POC
[20] SystemClearance
[21] CELL_CONFTABLE
[22] Messages
[23] States
[24] PortalPageData
[25] portalMENUS
[26] PortalGroups
Columns from table_name “POC
[1] UserName
[2] ClientID
[3] PortalWebsite
[4] Prefix
[5] FirstName
[6] MiddleName
[7] LastName
[8] Suffix
[9] Email
[10] regEmail
[11] Expertise
[12] Fax
[13] City
[14] State
[15] Zip
[16] DisplayZip
[16] Address1
[17] Address2
[18] Phone
[19] Cell
[20] Author
[21] Password
[22] ClearanceLevel
[23] Notes
[24] BranchofService
[25] Ext
[26] RegistrationNumber
[27] LastLogin
[28] FailedLogins
[29] ActiveLogins
[30] VerificationQuestion1
[31] VerificationResponse1
[32] VerificationQuestion2
I want to say, i didn’t extract anything from any database like username,passwords,adresses,etc

0 comentarii:

Post a Comment