Just though i would show you guys somthing being that i know there is no threat to the corperation really by you seeing this

https://www.downeast.ca/intranet/

It is relativly easy injection but i want to see who breaks it first if your up to the challange .. you do not have to reveal what method of injection you used or the string

but i will know if you did it or not by you providing the Username in the upper right and the access level

the person who figures it out will be greeted with a bunch of aliant/downeast crapola access to hundreds of cellular unlock codes / programming instructions

and mainly a bunch of useless shit

i mainly wanted to point this out because i think its funny how a big corperation like aliant / downeast leaves them selves vulnerable to SQL injection

cheers and happy injecting,
warweed

PS to the mods if this in in appropriate i understand shoudl you wish to close / delete and sorry for the post

I've never really understood SQL injection very well. I have read quite a bit about it, but have never been successful in executing one.

I gave it a go, but to be honest I was just entering random SQL strings that I remembered. ' 1=1 etc.

Would you be able to point me to some resources to help me, where did you learn from?

Blind SQL injection isn't going to help too much here. It might not even be a form injection. You could be an injection via POST/GET. I'll wait this out to see if anyone else gets it first.

it is most certainly a form injection and it is not a complex one ;)

Hint:

look up SQL Injection cheat sheets

if not one gets it by 8-9pm GMT -7 i will just post it but wargasm is on the right track ;)

it is most certainly a form injection and it is not a complex one ;)

Hint:

look up SQL Injection cheat sheets

if not one gets it by 8-9pm GMT -7 i will just post it but wargasm is on the right track ;)


Mmmmkay. I didn't really look at it. I was just throwing out ideas

warweed, can you give us until tommorow... I'd actually like to mess with this when I get home from work.

sure :)

and browny point to who ever gets to the online order managment :P

there it's kinda cool because you can pull up rescent orders including cust name addy and esn

http://img.photobucket.com/albums/v343/FearOfLonelyDogs/done.jpg

http://img.photobucket.com/albums/v343/FearOfLonelyDogs/done.jpg

Well, someone got it. :D

then again, this is the guy that wrote the SQL thread that I enjoyed. Now, don't give it away. Maybe point people in the right direction.

Heh well.. Pointers eh?

It's really basic stuff. Like... Really basic injection.

You're gonna have to do better than that to stomp me!

Heh well.. Pointers eh?

It's really basic stuff. Like... Really basic injection.

You're gonna have to do better than that to stomp me!

Yeah... pointers... Let's turn it into a learning experience. I know I'm not too good at SQL injection. I CAN do it... just with a lot of frustration sometimes. It'd be beneficial to a lot of people.

Well you're not going to learn advance SQL injection from cheat sheets, but it will help you with this challenge. Read my paper, it may be in there.

lol indeed but cheers on getting it

sure :)

and browny point to who ever gets to the online order managment :P

there it's kinda cool because you can pull up rescent orders including cust name addy and esn

http://img247.imageshack.us/img247/6862/orderapprovalhn7.png

http://img253.imageshack.us/img253/545/ordereditingfy9.png

Is that good enough for ya? ;)

naw thats not really impressive because that in the pending bussiness card orders for down east

http://i33.tinypic.com/qrxmvc.jpg

not secure once your in the intranet :P
http://i33.tinypic.com/qrxmvc.jpg

try somthing like this
http://i36.tinypic.com/25z1rbb.jpg

or if you really want somthing

http://i33.tinypic.com/9i93px.jpg

http://i35.tinypic.com/11v3c40.jpg

http://img.photobucket.com/albums/v689/Maddman/downeast.jpg
Thanks for that. Interesting.

Security Clearance Level 1:

http://img401.imageshack.us/img401/6733/shotas8.png

Meh, I've done real SQL injections like this, and it's never THAT easy usually. IIRC (I don't like to fuck with MSSQL), it's something like having 1=1--, then you continue to add each field you get like password, and continue to grab each table (looks like only 2 columns require fetching here) until you have all the information. Bleh.

http://i43.photobucket.com/albums/e351/expendable_youth/downeast.jpg

Thought it would be harder than that, thanks for this thread warweed. I'll have a play around with the site later on.

cheers :)

Sweet, that was easy! :D

http://upload-fast.com/files/ccf22dc6fde363765ebd3c686fd1539d.PNG (http://upload-fast.com/?url=ccf22dc6fde363765ebd3c686fd1539d.PNG)

Alright, reading this got me interested...

tried entering 1=1-- and ' into URL and user/pass fields, but it just went back to default.asp

Oh well, back to google.

lol http://i37.tinypic.com/m8pgtu.jpg

http://i70.photobucket.com/albums/i91/O__RLY/SQLinject.jpg


I had more trouble with this then I should have. Well, constantly being interrupted at work, and over thinking it could be blamed for it.... LAWL.

Alright, reading this got me interested...

tried entering 1=1-- and ' into URL and user/pass fields, but it just went back to default.asp

Oh well, back to google.



Hahahahahahhahahahahaha, fucking noob. First off, an injection HAS to begin with a '

Try combining the two FIRST, then go from there. It's MSSQL, not MYSQL also, remember.

Hahahahahahhahahahahaha, fucking noob. First off, an injection HAS to begin with a '

Try combining the two FIRST, then go from there. It's MSSQL, not MYSQL also, remember.

Aww clover. You could be nice for a change ;)

We all started out at the bottom of the chain once.

Lol, organising criminal activity on totse. Have fun with your b&.

Hahahahahahhahahahahaha, fucking noob. First off, an injection HAS to begin with a '

Try combining the two FIRST, then go from there. It's MSSQL, not MYSQL also, remember.

Gotta learn somehow.

*Tries again*

Edit: Wow, I think I'm actually getting somewhere now...I was entering 1=1-- and ' in completely wrong places...

Gotta learn somehow.

*Tries again*

Edit: Wow, I think I'm actually getting somewhere now...I was entering 1=1-- and ' in completely wrong places...

anything' or 'x'='x

Gotta learn somehow.

*Tries again*

Edit: Wow, I think I'm actually getting somewhere now...I was entering 1=1-- and ' in completely wrong places...


Learn to code. All a 'hacker' is is a sensible coder, you can't just become a 1337 h4x0r by learning how to do ancient exploits that have been out so long that any programmer with a half a brain could patch in about 2.5 seconds...

I'm starting to wonder if I'm doing this right again...

I ended up trying this:

'union select passwords,null from username

got an error having to do with the number of columns.

I read to keep adding nulls until you stopped getting the error.

But it seems no matter how many nulls I add, it still gives that error.

Bah, probably something really stupid.

Learn to code. All a 'hacker' is is a sensible coder, you can't just become a 1337 h4x0r by learning how to do ancient exploits that have been out so long that any programmer with a half a brain could patch in about 2.5 seconds...

Alright, I'll look up mssql commands.

The only thing I've been really successful in learning is how to script/code is doom 3 weapons, machines, enemies, etc.

Alright, I'll look up mssql commands.

The only thing I've been really successful in learning is how to script/code is doom 3 weapons, machines, enemies, etc.

Afterward, read this. It goes through the basic approaches to SQL injection.

www.unixwiz.net/techtips/sql-injection.html

thanks for the great link :)

thou alot of people are over thinking with trying to call tables and such

it is a rather simple injection

-HINT: it always returns true ;)


try looking up a SQL injection cheat sheet

it is rather simple somthing like OR 'x'='x but not quite that :P but same principal

Lol, organising criminal activity on totse. Have fun with your b&.
This.

Alright alirght who was the wise ass who changed the user to Duck_Head :P

Alright alirght who was the wise ass who changed the user to Duck_Head :P
hahah lol that was me

Edit: Damn! they changed it back to Micmac

hurm when did you change it and do you mind me asking what string "you" used or you can email me owner at warweed dot com

I know nothing about coding, SQL Injections or anything a mile within the range of hacking but I know this:

This thread is full of premium win.

Thanks for that man, good fun... We should set up more of these...

http://i38.tinypic.com/24x1cmr.png

This.

It's a learning experience. There's nothing being damaged.

Would anyone else like to provide some easy basic sql injectable sites as examples ?

Would anyone else like to provide some easy basic sql injectable sites as examples ?

Ummm... none can be posted. Yet.

Ummm... none can be posted. Yet.

Oh lol, I see where this is going.

.... :(

Would anyone else like to provide some easy basic sql injectable sites as examples ?

Just to let you know, I am looking, I just haven't found any yet.

How did you come about finding downeast?

Also, is there somewhere private we(people who managed the first injection) can share strings we used? I'm curious how the other guy changed the username. Based on the amount of hits this thread has had though, don't think we'll be sharing much in here.

...I'm curious how the other guy changed the username...

If you get access to an account with security clearance level 1, you can change account settings.

Legalities


I've been looking around, but haven't really found any good, solid information on this matter.


What exactly are the legal ramifications of what we are doing? I've found papers regarding SQL injection into search bars, and that seems to be a gray area; but you will come out on top, so long as you don't modify anything.

However what we are doing it very different to search bars. Anyone have any ideas on what the sentence would be if you were tracked down?

I imagine it would be quite a lengthy and costly process to find someone, and if nothing was damaged then they probably wouldn't bother. But hypothetically, lets just say they have money to blow, and they do track you. Anyone know what would happen?

Legalities


I've been looking around, but haven't really found any good, solid information on this matter.


What exactly are the legal ramifications of what we are doing? I've found papers regarding SQL injection into search bars, and that seems to be a gray area; but you will come out on top, so long as you don't modify anything.

However what we are doing it very different to search bars. Anyone have any ideas on what the sentence would be if you were tracked down?

I imagine it would be quite a lengthy and costly process to find someone, and if nothing was damaged then they probably wouldn't bother. But hypothetically, lets just say they have money to blow, and they do track you. Anyone know what would happen?

Federal prison, in the US of A. But they never track anyone down, because it never gets reported.

Federal prison, in the US of A. But they never track anyone down, because it never gets reported.

I see. Where did you get that information? I'd like to look at some cases if you know of any.

Thanks for the reply.

I see. Where did you get that information? I'd like to look at some cases if you know of any.

Thanks for the reply.



http://www.google.com/search?hl=en&client=firefox-a&rls=org.mozilla:en-US:official&hs=924&sa=X&oi=spell&resnum=0&ct=result&cd=1&q=State+court+records&spell=1

;) might help

If you get access to an account with security clearance level 1, you can change account settings.

http://img75.imageshack.us/img75/1152/lolwutlt7.jpg

LOL. That was retardedly easy? I can't believe I didn't think of that until now.

EDIT: I think this account has full admin privileges, I can edit the President of the company's info if I want. This is seriously the worst site security I have ever come across, I mean holy shit.

If you guys want to have some real fun, the columns here are:

password,empid,name,Dept1,Dept2,Dept3,Dept4,Dept5, Dept6,Dept7,SecurityLevel

Is this really just an insanely insecure site? I thought it was kind of a "hack this site" sort of deal. LOL!

I didn't even need SQL injection to get level 1 access, the person who programmed this website must be borderline retarded.

Oh wow, that is indeed one insecure site. Hey, and aren't those auction goods on the Home page lovely? At least, I assume it's for a charity auction. I especially like the "Little Bit O' Everything" accessory pack. And the hand-knitted brown scarf at the top... Priceless!

glad yall like it and no i got access a loooong time ago

aliant / downeast piggy back off bell canadas CDMA cellular network ... when i first found it i would access the order center and find peoples names addresses ect. enough to verify there mobile account then i would pose as a store rep have trouble up dateing the customers ESN in "rapsody" there dealer program and would ask them to then they ask for dealer codes and such which again are on the downeast page ... along with programming codes for various cdma phones


so i would reprogram my shit phone with a new number every couple of hours some times days :)




PS if everyone wants to share there strings you can email them to owner@warweed.com and i shall compile a list at the end of next week :)

and post it on my personal site and share the link but not as to whom used what or so on .. or just give me details in the email if you want your name posted or not ect..

-warweed

I didn't even need SQL injection to get level 1 access, the person who programmed this website must be borderline retarded.



haha sssssshhh and yes i would have to agree

well i rather say this is intresting how many people have viewed this page

Go nuts ! :) if anyone comes across somthing intresting let me knwo :) http://www.google.ca/search?hl=en&q=inurl%3A%2Fadmin%2Flogin.asp&meta=

well i rather say this is intresting how many people have viewed this page

Didn't even think the entire NS&H section got this many hits in a month. Anyone know if other forums been linking to this, or other sections on totse?


I use a different google search to find vulnerable sites. Get a good return on them, but google doesn't let me view many pages of results. It knows what I'm trying to do, so stops me :(

Anyone know of a workaround?

EDIT:
Nevermind, found a way of getting around it.

Just used a different version of google. Much more sites to play with now :)

Here's a joke of a site, not exactly interesting, but none the less.

http://www.pathwaystocollege.net

which part is "intresting" /admin/ ?

which part is "intresting" /admin/ ?

Sites pretty dull, but:
http://pathwaystocollege.net/collegereadiness/toolbox/index.asp

Online psychiatry website was a bit more interesting. Leave you to find that one yourself though, the url is about as obvious as it gets ;) I think the passwords are stored in plaintext....

=O

http://www.dacaar.org/dacaar.asp?id=%27%20or%20%27%201=1--

=O

http://www.dacaar.org/dacaar.asp?id=%27%20or%20%27%201=1--




Microsoft OLE DB Provider for ODBC Drivers error '80040e14'
[Microsoft][ODBC Microsoft Access Driver] Syntax error (missing operator) in query expression 'id=' or ' 1=1--'.
/dacaar.asp, line 326




??????

I get that message.. i tried deleting the 'onsubmit= return check(this.password)' (of the original website mentioned by warweed), but no luck. Any hints?

Originally Posted by Expl0itz View Post
=O

http://www.dacaar.org/dacaar.asp?id=...%20%27%201=1--

I get this message after putting a ' in the search box.

Microsoft OLE DB Provider for ODBC Drivers error '80040e14'

[Microsoft][ODBC Microsoft Access Driver] Syntax error in query expression 'tekst like '%'%' UNION ALL select dato,name,id,news from newssystem where news like '%'%''.

/dacaar.asp, line 402

what is it your trying to acheive ?

thne we can work towards that ?

Sorry, my posts were a bit muddled. I would like to login into the site you mention. (Downeast intranet), People keep stating the "1=1 --". But i haven't been able to get in. I have looked at the source code, and deleted the "onsubmit=" command which checks the password, though still no luck. Can someone give me any HINTS, don't actually tell me how to do it.

Thanks

Sorry, my posts were a bit muddled. I would like to login into the site you mention. (Downeast intranet), People keep stating the "1=1 --". But i haven't been able to get in. I have looked at the source code, and deleted the "onsubmit=" command which checks the password, though still no luck. Can someone give me any HINTS, don't actually tell me how to do it.

Thanks

Don't think anyone can offer any more specific hints, without revealing the answer. You're on the right tracks though. I would suggest you google for 'SQL injection cheat sheets' / cheet sheets. The answer is in one of the first results.

I see what you mean by how close i was... though the code changing in source is not necessary for this website.

http://i37.tinypic.com/ir8irt.jpg

Another one bites the dust?

Mods Please lock this thread and reffer to SQL INJECTION pt 2.

For those who gave up thanks for playing the injection was a very simple form injection

1' OR '1'='1

alternativly if the webadmin was not extremly extremly retarded he also would not have made a web development account with admin privs. with the authentication as test:test

Cheers and thanks for playing see next thread

http://i157.photobucket.com/albums/t45/t1337/Screenshot.png

and another one