Empezaremos explicando la falla que ocurre en uno de los games que se integran en la web de facebook, lo que podemos encontrar ahi es un BuG de SQL injections y un FPD, donde podemos obtener los datos de las BD que ocupa el game pero se pueden hacer mas cosas por ahi.
=====================================
SQL Injection:
DATOS:
DATABASES :
- Information_Schema
- lucygames
- test
VERSION : 5.0.51a-24+lenny3
USER : lucygames_user@localhost
MAGIC_QUOTES_GPC: On
DATA DIR: /var/lib/mysql
BASE DIR: /usr
TEMP DIR: /tmp
OS: debian-linux-gnu
=====================================
TABLAS:
- Dipendenti
- Giochi Stipendi
- test_games
- test
- lucygames_userpoints
- lucygames_favorites
- lucygames_tracking
- lucygames_games
- lucygames_history
- lucygames_comments
- lucygames_profiletab_log
=====================================
Full Path Disclosure:
/home/webdomains/www/cdn.lucygames.com/htdocs/social-apps/lucygames/include/db.php
=====================================
SQL Injection:
DATOS:
DATABASES :
- Information_Schema
- lucygames
- test
VERSION : 5.0.51a-24+lenny3
USER : lucygames_user@localhost
MAGIC_QUOTES_GPC: On
DATA DIR: /var/lib/mysql
BASE DIR: /usr
TEMP DIR: /tmp
OS: debian-linux-gnu
=====================================
TABLAS:
- Dipendenti
- Giochi Stipendi
- test_games
- test
- lucygames_userpoints
- lucygames_favorites
- lucygames_tracking
- lucygames_games
- lucygames_history
- lucygames_comments
- lucygames_profiletab_log
=====================================
Full Path Disclosure:
No hay comentarios:
Publicar un comentario