Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
thnThe Hacker NewsTHN:E539E0C91DCE2D68FA7CB83BF18DD9A1
HistoryApr 13, 2011 - 12:26 p.m.

Main Advertising vulnerable to SQLI by lionaneesh !

2011-04-1312:26:00
The Hacker News
thehackernews.com
6
JSON

Main Advertising vulnerable to SQLI by**lionaneesh **!

The Hacker News

One of the best advertising companies in the world which is even used by megaupload is vulnerable to SQLi.

What I can do [Power]:-

Loinaneesh found a database in which the hits to a particular link was entered (this is most probably used for counting the revenue). I can change and increase or decrease the ad revenue of a particular site.

Target:

|

https://click1.mainadv.com/ad.asp?id=%Inject_Here%609

β€”|β€”

DATABASE :

|

MSSQL 2005

Method:

|

GET

DATABASE : portals

DATABASE : PDATAortals****

Table Name****

|

Columns

Formats****

|

domain_new****

|

Categories****

|

domains****

|

bannersImp1****

|

sampleAPP****

|

bannersImp****

|

change****

|

articleGroups****

|

t_jiaozhu****

|

specialTables****

|

TablesLinks****

|

tabella1****

|

Gestionale****

|

contents****

|

Luckypot****

|

Totalementfemme****

|

OfferPages****

|

OfferCategory****

|

offersUK****

|

DisplayImp****

|

display****

|

articles****

|

winawin****

|

Admas****

|

SoapDGT****

|

dtproperties****

|

Impression****

|

Banners****

|

rubricatest****

|

searchOff****

|

myShoppoint****

|

avatar****

|

tracking****

|

ShoppointCom****

|

tablesImp****

|

TableGroups****

|

SitesPages****

|

Guestbook****

|

SitesDomain****

|

Sites****

|

URL siteName Image idDomains ID Date checkit Active

Search****

|

Programs****

|

pages****

|

News****

|

landingPagesOffer****

|

landingPages****

|

DATABASE : master

DATABASE : master****

Table Name****

|

Columns

SubCategories

|

SessionHandle

|

UserDetail

|

WebsiteAddress UserType Status Password LogonTime LogonDate LoginID LastName ID Gender FirstName Email Country ConfirmedDate Age

MSreplication_options

|

spt_values

|

spt_monitor

|

tracking

|

tablesImp

|

t_jiaozhu

|

specialTables

|

searchOff

|

sampleAPP

|

rubricatest

|

pages

|

myShoppoint

|

landingPagesOffer

|

landingPages

|

domains

|

domain_new

|

contents

|

change

|

bannersImp1

|

bannersImp

|

avatar

|

articles

|

articleGroups

|

TablesLinks

|

TableGroups

|

SitesPages

|

SitesDomain

|

Sites

|

ShoppointCom

|

Search

|

Programs

|

News

|

Impression

|

Guestbook

|

Formats

|

Categories

|

Banners

|

spt_fallback_usg

|

spt_fallback_dev

|

spt_fallback_db

|

I have also found a table with 463526 emails and another table with 300000 emails I am not publishing these emails for confidentiality reasons…

Other databases :-

tempdb

model

msdb

reportServer

sitebuilder

email

And tons of more…

JSON