[OWASP-Bangalore] [Owasp-delhi] MySQL.com Vulnerable To Blind SQL Injection‏

prashant k v kvprashant at yahoo.com
Sun Mar 27 11:24:00 EDT 2011


Hi Jack,
Can you give us some hints on how you could find the vulnerability.

Regards
Prashant




________________________________
From: Jack H4xor <j4ckh4xor at gmail.com>
To: owasp-bangalore at lists.owasp.org; owasp-delhi at lists.owasp.org; 
owasp-mumbai at lists.owasp.org
Sent: Sun, March 27, 2011 1:06:30 PM
Subject: [Owasp-delhi] MySQL.com Vulnerable To Blind SQL Injection‏





---------------------------------------------------------------------------------------

[+] MySQL.com Vulnerable To Blind SQL Injection vulnerability
[+] Author: Jackh4xor @ w4ck1ng(http://www.jackh4xor.com)
[+] Disclosed To: 
http://www.hackerregiment.com/mysql-com-vulnerable-to-blind-sql-injection.html 

---------------------------------------------------------------------------------------


About MySQL.com :
--------------------------------------------------------------------------------------------------------------------


The Mysql website offers database software, services and support for your 
business, including the Enterprise server, the Network monitoring and advisory 
services and the production support. The wide range of products include: Mysql 
clusters, embedded database, drivers for JDBC, ODBC and Net, visual database 
tools (query browser, migration toolkit) and last but not least the MaxDB- the 
open source database certified for SAP/R3. The Mysql services are also made 
available for you. Choose among the Mysql training for database solutions, Mysql 
certification for the Developers and DBAs, Mysql consulting and support. It 
makes no difference if you are new in the database technology or a skilled 
developer of DBA, Mysql proposes services of all sorts for their customers. 

--------------------------------------------------------------------------------------------------------------------

                                   

Vulnerable Target  :   http://mysql.com/customers/view/index.html?id=1170
Host IP                  :   213.136.52.29
Web Server           :   Apache/2.2.15 (Fedora)
Powered-by           :   PHP/5.2.13
Injection Type        :   MySQL Blind
Current DB             :   web

Data Bases:    

information_schema
bk
certification
c?ashme
cust_sync_interim
customer
dbasavings
downloads
feedback
glassfish_interface
intranet
kaj
license_customers
manual
manual_search
mem
mysql
mysqlforge
mysqlweb
news_events
partner_t?aining
partners
partners_bak
phorum5
planetmysql
qa_contribution
quickpoll
robin
rp
sampo
sampo_interface
sessions
softrax
softrax_interim
solutions
tco
test
track
track_refer
wb
web
web_control
web_projects
web_training
webwiki
wordpress
zack

Current DB: web

Tables

xing_validation        
v_web_submissions      
userbk 
user_extra     

user  Columns: cwpid version lead_quality sfid industry address2 created 
last_modified lang notify newsletter gid title fax cell phone country zipcode 
state city address business company position lastname firstname passwd verified 
bounces email user_id

Click Here to Read More...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-bangalore/attachments/20110327/27893678/attachment.html 


More information about the OWASP-Bangalore mailing list