Saturday, 13 March 2010

SpiceNepal.com [mero mobile] Vulnerability

Its been a long time we haven't posted to this blog. Apparently, none of the members seem to be active these days including me. Maybe its because of lots of load works to do and other shits in our life. Anyway, this one is the disclosure of the security of spicenepal.com
I thought to publish it now because spicenepal.com or mero mobile has now turned to NCell already.

This might not be true at present but it is the data when the attack was done.

Host info:
Windows
Apache 2.2.12
PHP 5.3.0
MySQL version: 5.1.37

root: *CD6F0D95CC06845F457474160829CA31EA28A***
eshori: *13CC2012857387DA417378DAE0D32DB4FC729***
Last 3 bits changed for security purpose..

Tables:
PBXT_STATISTICS
bak_banner
bak_bannerclient
bak_bannertrack
bak_categories
bak_components
bak_contact_details
bak_content
bak_content_frontpage
bak_content_rating
bak_core_acl_aro
bak_core_acl_aro_groups
bak_core_acl_aro_map
bak_core_acl_aro_sections
bak_core_acl_groups_aro_map
bak_core_log_items
bak_core_log_searches
bak_groups
bak_menu
bak_menu_types
bak_messages
bak_messages_cfg
bak_migration_backlinks
bak_modules
bak_modules_menu
bak_newsfeeds
bak_plugins
bak_poll_data
bak_poll_date
bak_poll_menu
bak_polls
bak_prbt
bak_sections
bak_session
bak_stats_agents
bak_templates_menu
bak_users
bak_weblinks
jos_banner
jos_bannerclient
......... and much more. I was just too lazy to exploit it.
Anyway that was the disclosure of spicenepal.com. Have fun.

4 comments:

  1. cool dude. You got full dump of DB?

    ReplyDelete
  2. was it hacked? or its just JPT?

    ReplyDelete
  3. This comment has been removed by a blog administrator.

    ReplyDelete
  4. hey man stop sharing this types of fucking Dump. this is not enough for attack and System Down be a practical.

    ReplyDelete