|
Title: ecurrency exchange website hack Post by: ITsTanked on September 08, 2013, 10:18:50 PM Admin not respond so I sell to high bidder.
Title: Re: ecurrency exchange website hack Post by: og kush420 on September 09, 2013, 12:17:04 AM are passwords in plaintext is what i want to know. not going to buy it, but just curious
Title: Re: ecurrency exchange website hack Post by: ITsTanked on September 09, 2013, 01:43:00 AM all are in md5. I add this to listing
Title: Re: ecurrency exchange website hack Post by: ITsTanked on September 09, 2013, 04:54:47 PM 5 hour left
Title: Re: ecurrency exchange website hack Post by: ITsTanked on September 10, 2013, 03:10:04 PM buyer not pay yet so relist
Title: Re: ecurrency exchange website hack Post by: vesperwillow on September 10, 2013, 06:42:19 PM So.. has this been proven or is it just using classic sql injection hoping it'll work?
And..... yeah. Quite an interesting thread you have here.. Title: Re: ecurrency exchange website hack Post by: ITsTanked on September 10, 2013, 07:07:41 PM So.. has this been proven or is it just using classic sql injection hoping it'll work? And..... yeah. Quite an interesting thread you have here.. Hope? I get in and read all 104 tables and see 15k users so it work. Title: Re: ecurrency exchange website hack Post by: hamburger on September 10, 2013, 11:29:30 PM Hi,
Bull Sh.. This is my username Hamburger You have my permission to publish my registered Full name, LTC balance, email address and password here as prove that it work. Hamburger Title: Re: ecurrency exchange website hack Post by: uoyeparannog on September 11, 2013, 01:52:39 AM Note somewhere that I owe You beer, Hamburger.
Title: Re: ecurrency exchange website hack Post by: ITsTanked on September 11, 2013, 06:05:17 PM Admin reply me now finally. I tell him the flaw for free because it is his site.
Title: Re: ecurrency exchange website hack Post by: vesperwillow on September 11, 2013, 06:36:28 PM Hamburger: 1
ITsTanked: 0 Title: Re: ecurrency exchange website hack Post by: uoyeparannog on September 11, 2013, 09:15:30 PM Of course, vesperwillow.
Anyway, that site is full of shit - FPD, some leaks, index of's and other non-critical issues. I didn't made deep test (I didn't create account even, just 5-minutes browse) so there's small chance for blind sqli, but I REALLY doubt it. Title: Re: ecurrency exchange website hack Post by: ITsTanked on September 11, 2013, 11:47:24 PM I remove link in 1st post now that I am talking to admin. There is a job put on freelancer.com about this now.
admin contact me and then my conciseness get to me and I realize I should tried harder to get this to admin so I apologize to him and tell him the exact sqli point and how to temporary fix it until the code for this section is fixed. Title: Re: ecurrency exchange website hack Post by: joesmoe2012 on September 12, 2013, 04:12:16 PM What site was it?
Title: Re: ecurrency exchange website hack Post by: uoyeparannog on September 12, 2013, 08:54:18 PM goldux.com
|