- Apocalipsa dupa Nemessis
- Cand dorinta de afirmare depaseste granitele bunului simt – PaxNwo un leecher ordinar
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac?
- Experiment social II – andimoisescu.ro
- Pentru posteritate
- In curand…
- “Hot” de id-uri messenger
- Chiar ca sunteti retardati
- Ce nu se invata la scoala – Vendetta (6)
- Apocalipsa dupa Nemessis in (82 Visits)
- Ce servicii de mail folositi? in (28 Visits)
- This is the end in (23 Visits)
- Hackersblog.org is now blog.rstcenter.com in (17 Visits)
- Short news in (16 Visits)
- La multi ani România, la multi ani românilor in (16 Visits)
- Inca o pierdere de timp in (11 Visits)
- Azi este ziua userilor hackersblog.org in (11 Visits)
- Raportare vulnerabilitati in (9 Visits)
- Contact si vulns report in (7 Visits)
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac? in (229 Visits)
- Hi5.com coders read this in (28 Visits)
- SMS scam (1) in (21 Visits)
- Phishing Bancpost in (8 Visits)
- Dezinformare sau proasta informare? in (7 Visits)
- Phishing Raiffeisen cu atasament html in (5 Visits)
- Si tentativele de phishing pot fi amuzante in (5 Visits)
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta in (76 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (42 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (31 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (30 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (25 Visits)
- Virusi in clipuri video [how to] in (23 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (21 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (18 Visits)
- Yahoo! redirects - a big issue (with video) in (10 Visits)
- Ca musca in... in (9 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (124 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (73 Visits)
- Yahoo! epic fail - permanent xss unleashed in (71 Visits)
- Telegraph.co.uk hacked, sql injection in (53 Visits)
- RedTube.com ... The Free Sex Video Community in (43 Visits)
- Kaspersky Thailand hacked by TinKode in (38 Visits)
- Conquiztador Hacked Again in (33 Visits)
- Telegraph.co.uk hacked - when will they learn? in (31 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (28 Visits)
- In atentia BitDefender.com, SQL Injection in (26 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (26 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (20 Visits)
- Digital Photocopiers Loaded With Secrets in (15 Visits)
- Hacker Uses XSS and Google Street View Data to Determine Physical Location in (12 Visits)
- OWASP Phishing demo in (7 Visits)
- Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (7 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (6 Visits)
- Christopher "moot" Poole: The case for anonymity online in (6 Visits)
- Email Security - Why You Should Encrypt Your Email - Part One in (5 Visits)
- Owasp5005 Part1 - New zero-day browser exploits - ClickJacking in (5 Visits)
- Se poate sparge parola de Yahoo? in (259 Visits)
- phpBB.ro hacked in (82 Visits)
- Cand dorinta de afirmare depaseste granitele bunului simt - PaxNwo un leecher ordinar in (47 Visits)
- Experiment social in (46 Visits)
- Oare cum e pana la urma? in (40 Visits)
- "Hot" de id-uri messenger in (39 Visits)
- Experiment social II - andimoisescu.ro in (37 Visits)
- Ce nu se invata la scoala – Vendetta (6) in (37 Visits)
- Concurs fara premii in (36 Visits)
- Forumul Andreei Balan spart in (33 Visits)
Posted on February 9th, 2009
Articol scris atat in limba romana cat si in engleza. Already reported to bitdefender hq.
Later edit: bitdefender.pt is just a reseller for bitdefender products
It seems Kaspersky aren’t the only ones who need to secure their database. Bitdefender has the same problems.
The images speak for themselves. First we see the version, user and name of the Data Base.
Now let’s see the Admin userName, userPass, sessionID and lastlog.
Here’s an injection that returns thousands of lines where we see personal details of the customers, tabel vendas (sales table).
And last a part of the data from the table inscricoes(Newsletter)… thousands of email addresses, candy for possible spammers.
———————————————————————————–
Ro version :
Se pare ca nu doar kaspersky se confrunta cu securizarea propriei baze de date. Si bitdefender are aceasi probleme.
Imaginile vorbesc de la sine. Prima data sa vedem versiunea,userul si numele bazei de date.
Acum datele de logare a adminilor: userName, userPass, sessionID, si lastLog
Injectia afisand mii de linii de rezultat, sa vedem o parte din datele personale , tabel vendas
Si in final o parte din datele tabelului inscricoes (Abonamente)… mii de adrese email, o bomboana pentru posibilii spammeri
February 9th, 2009 at 10:06 am
Da nu imi pot da seama cum au pretentia sa produca sisteme de securitate daca nu sunt in stare sa isi securizeze propriile servere. Penal..
February 9th, 2009 at 11:01 am
[...] [Hacked]Bitdefender (Portugal) exposes sensitive customer data [...]
February 9th, 2009 at 11:57 am
site-ul nu apartine companiei BitDefender: http://whois.domaintools.com/bitdefender.pt
February 9th, 2009 at 12:05 pm
Poti intra pe bitdefender.com si sa selectezi direct de la ei de pe site (la language) bitdefender.pt. E al lor.
February 9th, 2009 at 12:12 pm
[...] Laman BitDefender Portugal Yang Di Ceroboh [via] [...]
February 9th, 2009 at 12:15 pm
oh my … mai inainte kaspersky si acum bit defenderu… oh noes… incredibil cum poti sa interoghezi bazele de date unor ‘giganti’ prin url, GET-uri nefiltrate… mysql_escape_string() FTW.
Bravo.
February 9th, 2009 at 12:34 pm
@2fingers pey acolo au si site-uri ale partenerilor
February 9th, 2009 at 12:51 pm
@andreea – Acum am vazut ca e la partners.
Totusi un mirror reprezinta compania. Un mirror cu probleme reprezinta compania intr-un mod negativ, mai ales cum e in cazul de fata. Cand esti companie de securitate si ai sigla pe un site afiliat care iti promoveaza doar produsele tale cat e de greu sa faci ii faci un minim de verificare a scripturilor?
Partener sau nu, datele userilor tot se afla acolo iar logo-ul firmei prezent pe tot site-ul confirma penibilitatea. Acum fiecare cititor poate sa traga singur concluziile asa cum doreste.
February 9th, 2009 at 3:16 pm
@TTDDOO – e baza de date a site-ului, nu a gigantului. E o mica diferenta. Daca ar fi doar un site de prezentare, spargerea ar echivala cu mazgalirea unui afis pe strada. Dar din pacate de pe un site ca asta se poate (mai mult sau mai putin) descarca un software de securitate. Care daca e compromis, poate afecta utilizatorii. (Softul ca atare e greu de injectat cu virusi, pt ca pp ca e semnat digital, dar o simpla redirectare catre un alt exe e suficienta pentru un user obisnuit)
@2fingers – decat sa stea sa verifice codul, mai bine le dadea un site gata facut la care doar sa schimbe textele. In felul asta respectau si manualul de corporate identity.
February 9th, 2009 at 3:38 pm
The website that was hacked http://www.bitdefender.pt doesnt belong to BitDefender but to a Distributor in Portugal. So any atempt to descredit the brand is uselless because the damage was done to a portugueses informatic company, not to the brand. I hope this clarifies the situation.
February 9th, 2009 at 5:00 pm
Wow using AOL to hack. Real Pros!
February 9th, 2009 at 5:06 pm
Any attempt to discredit the company is NOT useless. All I see there is a big BitDefender Logo the BitDefender.pt domain (btw. BitDefender is a registered Trade Mark), they don’t sell any other products … I don’t care it’s their partners or their own site. The impact is the same.
Imagine that someone would break into a franchise site of ING Bank (they don’t have partner sites, I’m just making a point), revealing customer data … Imagine them saying: Well … Ar … Yeah … well it’s not our site … they’re just partners.
February 9th, 2009 at 5:11 pm
Au dat jos site-ul
.
Site em manutenção!
Prometemos ser breves.
Pedimos desculpa pelo incómodo.
February 9th, 2009 at 6:00 pm
v`am dat mail cu asta? :-w
February 9th, 2009 at 6:10 pm
Caracal, am primit emailul tau in 7 februarie, insa unu stia deja despre vulnerabilitatea asta de mult timp, dar a asteptat ca cei de la BitDefender sa rezolve problema
February 9th, 2009 at 6:24 pm
[...] http://hackersblog.org/2009/02/09/hackedbitdefender-portugal-exposes-sensitive-customer-data/ [...]
February 9th, 2009 at 6:33 pm
:-< god damn it!
February 9th, 2009 at 10:34 pm
[...] Update: It seems that another security vendor has fallen into the very same problem – BitDefender (Portugal’s website) seems to be affected by a similar SQL injection problem according to Hacker’s Blog. [...]
February 10th, 2009 at 12:33 am
Putin off topic, dar ati ajuns vedete internationale. http://it.slashdot.org/article.pl?sid=09/02/08/2218256&from=rss
Check it
February 10th, 2009 at 10:04 am
[...] Postat in secu Initial a fost Kaspersky.Acum a venit randul lui BitDefender. Modus operandi? Acelasi deja desuet SQL injection. Aici sunt si screenshot-urile. [...]
February 10th, 2009 at 5:12 pm
Hackerii astia isi ascund ip-u cu aol? doar atat?
February 10th, 2009 at 5:18 pm
+ socks
February 10th, 2009 at 9:41 pm
[...] As with his last hack, unu originally posted this hack findings on HackersBlog. [...]
February 11th, 2009 at 5:38 am
[...] the hacker site claiming credit for the breach said on Monday that it had done the same compromise on the Portuguese Web site of antivirus provider [...]
February 11th, 2009 at 12:32 pm
[...] otro lado parece que Bitdefender también tiene su parte de los problemas de inyección SQL; hackersblog.org tiene varias capturas de pantalla que muestra [...]
February 11th, 2009 at 12:47 pm
[...] de Bit Defender, que ha sido atacada utilizando el mismo ataque de inyeccion SQL. En el sitio web hackersblog.org se muestran capturas de pantallas del [...]
February 11th, 2009 at 6:47 pm
[...] detalhes foram publicados no hackersblog.org, que publica informações sobre os problemas de segurança e também notifica os operadores do [...]
February 11th, 2009 at 7:47 pm
[...] [Hacked]Bitdefender (Portugal) exposes sensitive customer data [...]
February 11th, 2009 at 11:54 pm
[...] به همراه هزاران آدرس ایمیل در دسترس نفوذگر قرار گرفت(خبر هک شدن سایت Bitdefender – متن خبر در [...]
February 12th, 2009 at 4:36 am
[...] Hack BitDefender PT Post Hack Kaspersky [...]
February 12th, 2009 at 12:04 pm
[...] безопасности всех корпоративных сайтов компании. Подробнее Полная статья в Интернете: [...]
February 12th, 2009 at 1:30 pm
[...] please! iodus 12 Feb, 2009 Securitate Dupa Kaspersky si BitDefender, a venit timpul si celor de la F-Secure.com… vulnerabil la SQL Injection si la atacuri de tip [...]
February 12th, 2009 at 2:50 pm
[...] Detaliile sunt postate pe hackersblog.org, care publică informaţii despre problemele de securitate dar spune că va notifica operatorii site-ului şi nu va dezvălui informaţii sensibile. [...]
February 13th, 2009 at 2:05 pm
[...] Kaspersky antivirus but they also attacking another antivirus company with the same technic, BitDefender Antivirus and Security Company F-Secure. Its amaze me they can attack those site in a week.., hell yeah.. [...]
February 17th, 2009 at 11:52 pm
[...] aqui les dejo un post que encontre en HackersBlog acerca de un ataque a KasperSky, además, hay otro post de un ataque a BitDefender Portugal, los 2 atacados via SQL Inyection; aqui les dejo los [...]
February 18th, 2009 at 8:53 am
[...] forum@kaspersky.com e webmaster@kaspersky.com. Como não obteve qualquer resposta, decidiu então apresentar publicamente os seus [...]
February 20th, 2009 at 11:19 am
[...] a similar problem in Kaspersky Lab’s site, as well as in a partner site for security vendor BitDefender, and in the F-Secure Web [...]
February 26th, 2009 at 11:22 am
[...] against major antivirus companies. After the recent SQL injections in Kaspersky, BitDefender (here and here) and F-Secure the regular user might wonder in which company should they still [...]
May 1st, 2009 at 3:26 am
You know, is sad, but rather funny that people trying to sell you items to guard you on line security can not even protect themselves.
May 6th, 2009 at 3:23 pm
[...] pare ca da …. echipa care a dat clasa expertilor de la Symanctec , Bitdefender si Kaspersky se reintoarce si de data asta fac recrutari. Hackersblog.org recruteaza editori [...]
July 1st, 2009 at 8:25 pm
Hackers…
On the note of hacking…why not become a vigilante like in the movies…ultraviolet or batman…and have some fun. You can totally DOS the illegitimate spammers/scammers like wholesaledrugspass.com or http://www.onlinepillspro.com company websites…and trash their revenue flow. If you are a hacker just learning, enjoy learning on their systems. They spammers think they are smarter than the world…a good opportunity to f$%k-up a parasite. Its like casual gaming for hackers…
If you are really really good at hacking, find the source, get their info, distribute, hack into the spamming databases
and add them, etc…crush the peawods. Or, write a bot, that finds any site advertising with their fake contact numbers (1(210) 888-9089) and brutalize them. Of course to do it right it would need to avoid blogs discussing spammers/scammers.Sooo many options.
There is a time for vigilantes. It looks like hackers are the only ones with the opportunity to be a vigilante.
Below are just a few, likely easy, spammers to take out. Most of them are probably on the same severfarm…take em out with a DOs
and you take them all out.
And, when you are done taking them out…sent a notice to news sites and blogs and others about your terror on spammers…would make a great read for many.
****Love you Hackers!*****
SPAMMERS/SCAMMERS
wholesaledrugspass.com
http://www.onlinepillspro.com
amazing-drugs.com
pharmascop.com
http://www.ithecanadianmeds.com
http://www.supermedswell.com
http://www.spamhaus.org/statistics/spammers.lasso
December 7th, 2009 at 7:53 am
Unu I NEED UR MAIL ID