SQL bnl.gov Hacked
by hojatking - June 10, 2020 at 07:32 AM
#1
bnl.gov Hacked

Bug: SQL Injection


PoC:

Quote:web server operating system: Windows 8.1 or 2012 R2
web application technology: ASP.NET, Microsoft IIS 8.5, ASP
back-end DBMS: Microsoft SQL Server 2012
available databases [8]:
[*]CONTRACTS
[*]master
[*]model
[*]msdb
[*]SM_WebEdition
[*]tempdb
[*]USERS
[*]WEBREG

Quote:web server operating system: Windows 8.1 or 2012 R2
web application technology: ASP.NET, Microsoft IIS 8.5, ASP
back-end DBMS: Microsoft SQL Server 2012
Database: USERS
[4 tables]
+-----------------+
| AD_LOOKUP_VW    |
| AD_PERSONS_VW  |
| OraAllEmployees |
| OraDB2PS_DATA_V |
+-----------------+

Quote:web server operating system: Windows 8.1 or 2012 R2
web application technology: ASP.NET, Microsoft IIS 8.5, ASP
back-end DBMS: Microsoft SQL Server 2012
Database: USERS
Table: OraAllEmployees
[4 columns]
+--------+---------+
| Column | Type    |
+--------+---------+
| Expr1  | varchar |
| Expr2  | varchar |
| Expr3  | varchar |
| Expr4  | varchar |
+--------+---------+

Quote:web server operating system: Windows 8.1 or 2012 R2
web application technology: ASP.NET, Microsoft IIS 8.5, ASP
back-end DBMS: Microsoft SQL Server 2012
Database: USERS
[4 tables]
+------------------+
| AD_LOOKUP_VW    |
| AD_PERSONS_VW    |
| OraAllEmployees  |
| OraDB2PS_DATA_VW |
+------------------+

Database: USERS
Table: OraAllEmployees
[4 columns]
+--------+---------+
| Column | Type    |
+--------+---------+
| Expr1  | varchar |
| Expr2  | varchar |
| Expr3  | varchar |
| Expr4  | varchar |
+--------+---------+

Database: USERS
Table: OraDB2PS_DATA_VW
[3 columns]
+--------+----------+
| Column | Type    |
+--------+----------+
| Expr1  | varchar1 |
| Expr2  | varchar  |
| Expr3  | varchar  |
+--------+----------+

Database: USERS
Table: AD_PERSONS_VW
[12 columns]
+---------------------+----------+
| Column              | Type    |
+---------------------+----------+
| department          | nvarchar |
| distinguishedNamea  |
| employeeNumber      | nvarchar |
| extensionAttribute9 | nvarchar |
| facsimileTel        |
| givenName          | nvarchar |
| ipPhone            | nvarchar |
| mail                | nvarchar |
| managerc            |
| sAMAccountName      | nvarchar |
| sn                  | nvarchar |
| streetAddress      | nvarchar |
+---------------------+----------+

Database: USERS
Table: AD_LOOKUP_VW
[3 columns]
+----------------+----------+
| Column        | Type    |
+----------------+----------+
| DOMAINUSER    | nvarchar |
| EMAIL          | nvarchar |
| EMPLOYEENUMBER | nvarchar |
+----------------+----------+
Reply
#2
mind sharing the injection point?
Reply
#3
(June 10, 2020 at 07:45 AM)secretsquirell Wrote: mind sharing the injection point?

I hacked it 4 months ago and was sold

patched vulnerability

Database link (sqlmap): https://gofile.io/d/cH5NVB
Reply
#4
(June 10, 2020 at 07:54 AM)hojatking Wrote:
(June 10, 2020 at 07:45 AM)secretsquirell Wrote: mind sharing the injection point?

I hacked it 4 months ago and was sold

patched vulnerability

Database link (sqlmap): https://gofile.io/d/cH5NVB


The link seems to be dead
Reply
#5
ccccccooooooooooooolllllllllllllll
Reply
#6
(June 10, 2020 at 04:13 PM)soyuz Wrote:
(June 10, 2020 at 07:54 AM)hojatking Wrote:
(June 10, 2020 at 07:45 AM)secretsquirell Wrote: mind sharing the injection point?

I hacked it 4 months ago and was sold

patched vulnerability

Database link (sqlmap): https://gofile.io/d/cH5NVB


The link seems to be dead

https://gofile.io/d/czoQFZ
Reply
#7
ccccccooooooooooooolllllllllllllll
This forum account is currently banned. Ban Length: Permanent (N/A).
Ban Reason: Copy and pasting other users' threads.
Reply
#8
(June 10, 2020 at 04:32 PM)hojatking Wrote:
(June 10, 2020 at 04:13 PM)soyuz Wrote:
(June 10, 2020 at 07:54 AM)hojatking Wrote:
(June 10, 2020 at 07:45 AM)secretsquirell Wrote: mind sharing the injection point?

I hacked it 4 months ago and was sold

patched vulnerability

Database link (sqlmap): https://gofile.io/d/cH5NVB


The link seems to be dead

https://gofile.io/d/czoQFZ

Thanks, but is the dump file meant to be empty?
Reply
#9
dump folder empty... RIP!
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
DTRA - Military Lugara BioLab - moh.gov.ge bakililar 30 4,519 October 03, 2020 at 03:24 AM
Last Post: Birsakqwe
CSV Free sdat.dat.maryland.gov scraping DB master data 0 602 September 20, 2020 at 01:45 AM
Last Post: master data
chinese Water department gov 2020 leak dataking 11 2,508 August 26, 2020 at 04:36 AM
Last Post: whyseu

 Users browsing this thread: 1 Guest(s)