Ziare.com, login cu orice user, chiar fara a stii parola sau… userul |

Most Commented

Loading....

Apocalipsa dupa Nemessis in (166 Visits)
Ce servicii de mail folositi? in (86 Visits)
This is the end in (84 Visits)
Hackersblog.org is now blog.rstcenter.com in (58 Visits)
Raportare vulnerabilitati in (58 Visits)
News in (55 Visits)
La multi ani România, la multi ani românilor in (55 Visits)
Un nou membru in (54 Visits)
De reţinut in (54 Visits)
So... lol in (51 Visits)
Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac? in (777 Visits)
SMS scam (1) in (97 Visits)
Hi5.com coders read this in (93 Visits)
Dezinformare sau proasta informare? in (77 Visits)
Si tentativele de phishing pot fi amuzante in (76 Visits)
Phishing Bancpost in (74 Visits)
Phishing Raiffeisen cu atasament html in (71 Visits)
[Utilitare] Suna gratis de pe internet sau de pe iPhone in (228 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (187 Visits)
Ce nu se invata la scoala - (D)DOS (5) in (164 Visits)
Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta in (162 Visits)
Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (154 Visits)
Virusi in clipuri video [how to] in (148 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (129 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (127 Visits)
Ca musca in... in (87 Visits)
Internet vs. privacy (1) in (60 Visits)
Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (734 Visits)
usa.kaspersky.com hacked ... full database acces , sql injection in (544 Visits)
RedTube.com ... The Free Sex Video Community in (185 Visits)
Yahoo! epic fail - permanent xss unleashed in (155 Visits)
In atentia BitDefender.com, SQL Injection in (148 Visits)
Telegraph.co.uk hacked, sql injection in (138 Visits)
No comment - o2.co.uk (forum) in (135 Visits)
Facebook hacked - sql injection in (131 Visits)
eJobs.ro si peste 1.300.000 de conturi cu date personale in (130 Visits)
F-Secure.com - SQL Injection + Cross Site Scripting in (124 Visits)
Hacker Uses XSS and Google Street View Data to Determine Physical Location in (97 Visits)
Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (94 Visits)
Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (71 Visits)
Digital Photocopiers Loaded With Secrets in (63 Visits)
[Video] The History Of Hacking in (47 Visits)
Christopher "moot" Poole: The case for anonymity online in (45 Visits)
OWASP Phishing demo in (34 Visits)
Owasp5005 Part1 - New zero-day browser exploits - ClickJacking in (33 Visits)
Email Security - Why You Should Encrypt Your Email - Part One in (32 Visits)
Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (31 Visits)
Se poate sparge parola de Yahoo? in (752 Visits)
Forumul Andreei Balan spart in (308 Visits)
phpBB.ro hacked in (291 Visits)
Camera de supraveghere a universitatii Alexandru Ioan Cuza din Iasi in (153 Visits)
Experiment social in (145 Visits)
Experiment social II - andimoisescu.ro in (136 Visits)
Doua cu Netbridge si una cu Hi5 in (115 Visits)
Cand dorinta de afirmare depaseste granitele bunului simt - PaxNwo un leecher ordinar in (110 Visits)
Site-ul Inspectoratului General al Politiei Romane (igpr.ro) a fost spart in (108 Visits)
Ce nu se invata la scoala – Vendetta (6) in (107 Visits)

Top Users

Archives

Loading....

Ziare.com, login cu orice user, chiar fara a stii parola sau… userul

Posted by Shocker in English News

Posted on November 6th, 2008

Da, ati citit bine. Pagina de login a arhicunoscutului site ziare.com are ceva probleme cu filtrarea datelor, astfel daca vrem sa tragem in piept login systemul, folosim ca user admin' or 1='1 iar ca parola orice combinatie de caractere si… atat. Veti fi logat pe un cont aparent aleator (zic aparent pentru ca nu e chiar aleator, nu am stat sa studiez fenomenul, se incarca foarte greu siteul si paginile sunt prost realizate, se misca greu browserul… insa pare ca te-ar loga pe userul ultimei persoane care s-a logat pe site, desi nu bag mana in foc).

Cateva exemple: