Foro de elhacker.net

Seguridad Informática => Nivel Web => Mensaje iniciado por: c0de.breaker en 17 Febrero 2010, 22:49 pm



Título: CNN Oracle SQL Injection
Publicado por: c0de.breaker en 17 Febrero 2010, 22:49 pm
CNN Oracle SQL Injection

CNN vulnerable to SQL Injection (http://isrteam.wordpress.com/2010/02/17/cnn-vulnerable-to-sql-injection/)
Citar

CNN

Vulnerable to Oracle Injection
#TinKode & skpx


Citar
CNN.com is among the world’s leaders in online news and information delivery. Staffed 24 hours, seven days a week by a dedicated staff in CNN’s world headquarters in Atlanta, Georgia, and in bureaus worldwide, CNN.com relies heavily on CNN’s global team of almost 4,000 news professionals. CNN.com features the latest multimedia technologies, from live video streaming to audio packages to searchable archives of news features and background information. The site is updated continuously throughout the day.

Website vulnerable: cgi.money.cnn.com (http://cgi.money.cnn.com/)

Informations:

(http://i49.tinypic.com/f9gs2a.png) (http://i49.tinypic.com/f9gs2a.png)



Citar
Version : Oracle9i Enterprise Edition Release 9.2.0.4.0 – Production

(http://i50.tinypic.com/nz3qm1.png) (http://i50.tinypic.com/nz3qm1.png)



Citar
Main Database : MONEYP1.TURNER.COM

(http://i50.tinypic.com/21j9mid.png) (http://i50.tinypic.com/21j9mid.png)



Citar
User : TIME_USR

(http://i47.tinypic.com/2iqzo6v.png) (http://i47.tinypic.com/2iqzo6v.png)



Citar
Owner : SYS

Columns from “Time_Owner.F500_2009“:

Citar
[1] RANK
[2] COMPANY_ID
[3] NAME
[4] REVENUE
[5] REVENUE_GROWTH
[6] PROFIT
[7] PROFIT_GROWTH
[8] PROF_PCT_REVENUE
[9] PROF_PCT_ASSETS
[10] PROF_PCT_EQUITY
[11] EPS_10YR_GROWTH
[12] TRI_10YR
[13] TRI
[14] EMPLOYEES
[15] EMPLOYEE_GROWTH

# Thanks, and have a nice day!
# TinKode