sexta-feira, 24 de agosto de 2012

Agência Espacial Europeia Vulnerável a SQL Injection

Foram colocadas ontem (23-08-2012) no pastbin informações relativas à exploração de uma falha de segurança (SQL Injection) no site da Agência Espacial Europeia por um grupo denominado NullCrew.

                                 _   _       _ _ _____                  
                                | \ | |     | | /  __ \                  
                                |  \| |_   _| | | /  \/_ __ _____      __
                                | . ` | | | | | | |   | '__/ _ \ \ /\ / /
                                | |\  | |_| | | | \__/\ | |  __/\ V  V /
                                \_| \_/\__,_|_|_|\____/_|  \___| \_/\_/  
                                  @OfficialNull
                                #######################################

Today is the rebirth of NullCrew.
I am here to finish what manst0rm, Zer0Pwn, IonCuber, ignit3 and airyz started.
You all thought it was the end, but you were wrong.

Let's start this show with the European Space Agency's Databases.

Target ==> http://giove.esa.int/
Vulnerability (MySQL Injection) ==> http://giove.esa.int/news.php?op=viewtopic&topic=6

Stay tuned for much more @OfficialNull ;)

    #######################################

Databases: 

information_schema
data_db
mysql
test
ws_db

Tables for: data_db

accumulated_coll_status  
core_products  
daily_qua_stats  
data_file  
data_type  
dsf_gallery  
dsf_traps  
fds_files  
gal_daily_qua_stats  
gal_qua_stats_giove_A  
gal_qua_stats_giove_B  
gal_weekly_deg_interv_qua_stats  
gal_weekly_qua_stats  
gnat_delay  
gnat_files  
gnat_histogram  
gnat_sessions  
gnat_stat_sess  
gnat_weekly_stats  
nagu_files  
origin  
osrt_files  
process  
scenario  
scenario_type  
session_type  
station_outages  
stations  
web_service  
web_settings  
weekly_deg_interv_qua_stats  
weekly_qua_stats

Tables for: ws_db

counter  
flags  
main  
menu  
pages  
queue  
referer  
stories  
topics
user_access
users_new
users_online

(No data in the Users tables).

MySQL Database data:

Host   User    Password
________________________________________________
127.0.0.1  root  
172.17.0.37  dsf_user  *E7D4552C7B4118EF6F5153625612A2CD78687CF0
gpcarc  dsf_user    7273d07d3af18ead
gpcarc  ws_user     49f4fb767378fae2
gpcdmz  dsf_user    dsf_password
gpcdmz  root  
localhost  root  
localhost  ws_user  *C14D1003FA56016D3557983B825094982EA083EB

Publicada por à(s)
Etiquetas: , , ,

Sem comentários:

Enviar um comentário

Subscrever: Enviar feedback (Atom)