Main Advertising vulnerable to SQLI by lionaneesh !
What I can do [Power]:-
One of the best advertising companies in the world which is even used by megaupload is vulnerable to SQLi.
Loinaneesh found a database in which the hits to a particular link was entered (this is most probably used for counting the revenue). I can change and increase or decrease the ad revenue of a particular site.
| Target: | |
| DATABASE : | MSSQL 2005 |
| Method: | GET |
DATABASE : portals
| DATABASE : PDATAortals | |
| Table Name | Columns |
| Formats | |
| domain_new | |
| Categories | |
| domains | |
| bannersImp1 | |
| sampleAPP | |
| bannersImp | |
| change | |
| articleGroups | |
| t_jiaozhu | |
| specialTables | |
| TablesLinks | |
| tabella1 | |
| Gestionale | |
| contents | |
| Luckypot | |
| Totalementfemme | |
| OfferPages | |
| OfferCategory | |
| offersUK | |
| DisplayImp | |
| display | |
| articles | |
| winawin | |
| Admas | |
| SoapDGT | |
| dtproperties | |
| Impression | |
| Banners | |
| rubricatest | |
| searchOff | |
| myShoppoint | |
| avatar | |
| tracking | |
| ShoppointCom | |
| tablesImp | |
| TableGroups | |
| SitesPages | |
| Guestbook | |
| SitesDomain | |
| Sites | URL siteName Image idDomains ID Date checkit Active |
| Search | |
| Programs | |
| pages | |
| News | |
| landingPagesOffer | |
| landingPages | |
DATABASE : master
| DATABASE : master | |
| Table Name | Columns |
| SubCategories | |
| SessionHandle | |
| UserDetail | WebsiteAddress UserType Status Password LogonTime LogonDate LoginID LastName ID Gender FirstName Email Country ConfirmedDate Age |
| MSreplication_options | |
| spt_values | |
| spt_monitor | |
| tracking | |
| tablesImp | |
| t_jiaozhu | |
| specialTables | |
| searchOff | |
| sampleAPP | |
| rubricatest | |
| pages | |
| myShoppoint | |
| landingPagesOffer | |
| landingPages | |
| domains | |
| domain_new | |
| contents | |
| change | |
| bannersImp1 | |
| bannersImp | |
| avatar | |
| articles | |
| articleGroups | |
| TablesLinks | |
| TableGroups | |
| SitesPages | |
| SitesDomain | |
| Sites | |
| ShoppointCom | |
| Search | |
| Programs | |
| News | |
| Impression | |
| Guestbook | |
| Formats | |
| Categories | |
| Banners | |
| spt_fallback_usg | |
| spt_fallback_dev | |
| spt_fallback_db | |
I have also found a table with 463526 emails and another table with 300000 emails I am not publishing these emails for confidentiality reasons..
Other databases :-
tempdb
model
msdb
reportServer
sitebuilder
email
And tons of more..
Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.
