ecurrency exchange website hack

[ITsTanked]

Admin not respond so I sell to high bidder.

[og kush420]

are passwords in plaintext is what i want to know. not going to buy it, but just curious

[ITsTanked]

all are in md5.  I add this to listing

[ITsTanked]

5 hour left

[ITsTanked]

buyer not pay yet so relist

[vesperwillow]

So.. has this been proven or is it just using classic sql injection hoping it'll work?

And..... yeah. Quite an interesting thread you have here..

[ITsTanked]

So.. has this been proven or is it just using classic sql injection hoping it'll work?

And..... yeah. Quite an interesting thread you have here..

Hope?
I get in and read all 104 tables and see 15k users so it work.

[hamburger]

Hi,

Bull Sh..

This is my username Hamburger

You have my permission to publish my registered Full name, LTC balance, email address and password here as prove that it work.

Hamburger

[uoyeparannog]

Note somewhere that I owe You beer, Hamburger.

[ITsTanked]

Admin reply me now finally.  I tell him the flaw for free because it is his site. 

[vesperwillow]

Hamburger: 1
ITsTanked: 0

[uoyeparannog]

Of course, vesperwillow.
Anyway, that site is full of shit - FPD, some leaks, index of's and other non-critical issues. I didn't made deep test (I didn't create account even, just 5-minutes browse) so there's small chance for blind sqli, but I REALLY doubt it.

[ITsTanked]

I remove link in 1st post now that I am talking to admin.  There is a job put on freelancer.com about this now.

admin contact me and then my conciseness get to me and I realize I should tried harder to get this to admin so I apologize to him and tell him the exact sqli point and how to temporary fix it until the code for this section is fixed.   

[joesmoe2012]

    What site was it?     

[uoyeparannog]

goldux.com