Today guy from InSecurity.Ro named sway1990 found again a critical vulnerability (MySQL Injection) in their website.
The Hacker News

Some extracted informations:
  • Version – ( 5.1.41-3ubuntu12.10 )
    Main DB – ( c1eset )
    HostName – ( web.axelsoft.ro )
    User – ( c1eset@localhost )
DataBases:
  • information_schema
    c1eset
Tables of main db:
  • concurs
    country
    eventsro
    joom_banner
    joom_bannerclient
    joom_bannertrack
    joom_categories
    joom_components
    joom_contact_details
    joom_content

    joom_core_log_searches
    joom_groups,
    joom_jce_extensions
    joom_jce_groups

    joom_users
    joom_weblinks
    jos__sessions
    jos_banner
Administrator Account:
  • username=admin
  • password=51f9a6e361a03aee324bcc73fe8ab4a5:xt69awFsqAyvglBMcbtvq9HopIAnQ1jF
  • email=emil@nod32.ro
  • usertype=Super Administrator



News Source : Kai Farmer

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.