- Apocalipsa dupa Nemessis
- Cand dorinta de afirmare depaseste granitele bunului simt – PaxNwo un leecher ordinar
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac?
- Experiment social II – andimoisescu.ro
- Pentru posteritate
- In curand…
- “Hot” de id-uri messenger
- Chiar ca sunteti retardati
- Ce nu se invata la scoala – Vendetta (6)
- Apocalipsa dupa Nemessis in (82 Visits)
- Ce servicii de mail folositi? in (28 Visits)
- This is the end in (23 Visits)
- Hackersblog.org is now blog.rstcenter.com in (17 Visits)
- Short news in (16 Visits)
- La multi ani România, la multi ani românilor in (16 Visits)
- Inca o pierdere de timp in (11 Visits)
- Azi este ziua userilor hackersblog.org in (11 Visits)
- Raportare vulnerabilitati in (9 Visits)
- Contact si vulns report in (7 Visits)
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac? in (229 Visits)
- Hi5.com coders read this in (28 Visits)
- SMS scam (1) in (21 Visits)
- Phishing Bancpost in (8 Visits)
- Dezinformare sau proasta informare? in (7 Visits)
- Phishing Raiffeisen cu atasament html in (5 Visits)
- Si tentativele de phishing pot fi amuzante in (5 Visits)
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta in (76 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (42 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (31 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (30 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (25 Visits)
- Virusi in clipuri video [how to] in (23 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (22 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (18 Visits)
- Yahoo! redirects - a big issue (with video) in (10 Visits)
- Ca musca in... in (9 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (124 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (73 Visits)
- Yahoo! epic fail - permanent xss unleashed in (71 Visits)
- Telegraph.co.uk hacked, sql injection in (53 Visits)
- RedTube.com ... The Free Sex Video Community in (43 Visits)
- Kaspersky Thailand hacked by TinKode in (38 Visits)
- Conquiztador Hacked Again in (33 Visits)
- Telegraph.co.uk hacked - when will they learn? in (31 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (28 Visits)
- In atentia BitDefender.com, SQL Injection in (26 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (26 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (21 Visits)
- Digital Photocopiers Loaded With Secrets in (15 Visits)
- Hacker Uses XSS and Google Street View Data to Determine Physical Location in (12 Visits)
- Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (8 Visits)
- OWASP Phishing demo in (7 Visits)
- Owasp5005 Part1 - New zero-day browser exploits - ClickJacking in (6 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (6 Visits)
- Christopher "moot" Poole: The case for anonymity online in (6 Visits)
- Email Security - Why You Should Encrypt Your Email - Part One in (5 Visits)
- Se poate sparge parola de Yahoo? in (259 Visits)
- phpBB.ro hacked in (82 Visits)
- Cand dorinta de afirmare depaseste granitele bunului simt - PaxNwo un leecher ordinar in (47 Visits)
- Experiment social in (46 Visits)
- Oare cum e pana la urma? in (40 Visits)
- "Hot" de id-uri messenger in (39 Visits)
- Experiment social II - andimoisescu.ro in (37 Visits)
- Ce nu se invata la scoala – Vendetta (6) in (37 Visits)
- Concurs fara premii in (36 Visits)
- Forumul Andreei Balan spart in (33 Visits)
Posted on December 23rd, 2008
Dupa ce, cu putin timp in urma, site-ul concurent (trafic.ro) avea diverse probleme din cauza carora se zvonea ca multi clienti vor migra catre sati , uite ca si aici apar vulnerabilitati serioase ce priveste siguranta site-ului. Deci direct sau indirect si in monitorizarea traficului internet. Cum traficul in ziua de azi inseamna bani, ma intreb pe viitor, noi in cine se ne incredem ?
Va prezint tabelele bazei de date :
+—————————-
| administrative_users
| automailer
| brat_audit_statuses
| brat_cd_2008_produse_media
| brat_certificate_data
| brat_certificate_flows
| brat_certificate_statuses
| brat_certificate_transcripts
| brat_certificates
| brat_circulation_areas
| brat_emails
| brat_frequences
| brat_sites
| brat_statuses
| brat_users
| cifre_difuzare
| cifre_difuzare_comments
| cifre_difuzare_sumar
| cifre_difuzare_trimestre
| consiliul_administrativ
| document_categories
| documents
| guests
| members_advertising_agencies
| members_advertising_clients
| members_outdoor_agencies
| members_publishers
| members_sales_house
| members_web_editors
| month
| news
| newsletter
| observation_audit
| publications
| sati_categories
| sati_certificates
| sati_certificates_daily
| sati_certificates_weekly
| sati_classes
| sati_comments
| sati_companies
| sati_editors
| sati_editors_groups
| sati_faqs
| sati_news
| sati_site_aliases
| sati_site_codes_suppliment
| sati_sites
| sati_subcategories
| sati_web
| sesizari
| sesizari_categories
| settings
| sna_circulation_areas
| sna_circulation_areas_publication
| sna_results
| sna_results_publication
| transcripts
+—————————
Si cireasa de pe tort este desigur tabelul cu datele de logare a adminilor (parolele lor fiind, cum altfel, decat in text clar):
+————————–+——————–+————–+—————+
| email | name | password | username |
+————————–+——————–+————–+—————+
| arina@brat.ro | Arina Ureche | brXXXX | arina |
| adrian@brat.ro | Adrian Motirlichie | leXXXX | motz |
| catalin_ilea@brat.ro | Catalin Ilea | muXXXX | catalin |
| sorina_buzatu@brat.ro | Sorina Buzatu | sorXXXX | sorina_buzatu|
| daniel_secarea@brat.ro | Daniel Secarea | nilXXXX | daniels |
| constantin_popa@brat.ro | Constantin Popa | 12cXXXX | costi_popa |
| zsombor.zsuffa@aliat.net | Zsombor Zsuffa | winXXXX | zsombor |
| emanuel.socol@aliat.net | Emanuel Socol | robXXXX | buscador |
| client_service@brat.ro | Costi Mocanu | costXXXX | costi_mocanu|
+————————–+———————+—————+————-+
December 23rd, 2008 at 6:19 pm
Incurcati site-ul SATI (CMS-ul de 2 lei) cu aplicatia ce ruleaza pe serverele din Germania (heatmap).
Acolo sunt tinute datele despre trafic.
Oricu, nu e normal ca astfel de vulnerabilitati sa existe si sper sa le rezolve.
December 27th, 2008 at 9:15 am
deci d`asta a picat sati de craciun si n-a inregistrat nici un vizitator … lol
January 5th, 2009 at 11:41 am
Niste… distrusi.
N-ai cu cine… dom’le.
January 5th, 2009 at 12:25 pm
Salut,
Trafic.ro nu a avut probleme de securitate a datelor niciodata.
Motivele plecarii unor site-uri catre sati sunt doar motive “politice”, in niciun caz motive tehnice.
Iti urez un an 2009 superb!
January 5th, 2009 at 3:23 pm
Salut,
Erau niste articole legate de o “mica” penetrare a sistemului trafic.ro prin luna octombrie. Daca nu ma insel si piticu – http://www.piticu.ro – a postat respectiva stire. Probabil de aici a aparut si referirea la trafic.ro.
Un an bun si pentru tine Ionut.
January 19th, 2009 at 1:23 pm
[...] 1. Nesigur : Cititi pe HackersBlog despre asta [...]
June 2nd, 2009 at 3:38 pm
[...] Si, fara legatura cu subiectul: Cum a venit Mos Craciun la Sati.ro. [...]
June 14th, 2009 at 1:28 am
de criptare in md5 e grea…