- Hacker Uses XSS and Google Street View Data to Determine Physical Location
- CAnCAn te iubim, CA CA tine nu gasim. Superfete.cancan.ro e de rahat
- Deface (?!?) pe Cotidianul.ro
- Virusi in clipuri video [how to]
- Cyber-Bullying – palma parinteasca a noului mileniu
- Christopher “moot” Poole: The case for anonymity online
- Wtf Avira?
- Some old story about tagged.com
- Pwning cam girls for fun
- Tabloshit
- Yahoo! again - XSS in Uncategorized (357 Visits)
- Yahoo! again - bad settings? in Uncategorized (252 Visits)
- Fanii nostri in Uncategorized (183 Visits)
- Frustrant in Uncategorized (146 Visits)
- La multi ani România, la multi ani românilor in Uncategorized (137 Visits)
- Weblog.ro - Shell via Local File Inclusion in Uncategorized (119 Visits)
- Yahoo! epic fail - permanent xss unleashed in Uncategorized (50 Visits)
- ... in Uncategorized (38 Visits)
- XSS Ownage - hi5 vs. Yahoo! + video in Uncategorized (2 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in Uncategorized (2 Visits)
- Hackersblog.org is now blog.rstcenter.com in (1770 Visits)
- O mica dar importanta precizare in (1371 Visits)
- Twitter in (805 Visits)
- This is the end in (776 Visits)
- Ce servicii de mail folositi? in (773 Visits)
- Un nou membru in (730 Visits)
- La multi ani România, la multi ani românilor in (718 Visits)
- Inca o pierdere de timp in (674 Visits)
- De reţinut in (634 Visits)
- Azi este ziua userilor hackersblog.org in (610 Visits)
- SMS scam (1) in (564 Visits)
- Dezinformare sau proasta informare? in (563 Visits)
- Hi5.com coders read this in (553 Visits)
- Phishing Raiffeisen cu atasament html in (516 Visits)
- Phishing Bancpost in (486 Visits)
- Si tentativele de phishing pot fi amuzante in (422 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (2707 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (2601 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (1143 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (1107 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (950 Visits)
- Virusi in clipuri video [how to] in (838 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (725 Visits)
- Yahoo! redirects - a big issue (with video) in (570 Visits)
- Internet vs. privacy (1) in (469 Visits)
- Ca musca in... in (435 Visits)
- RedTube.com ... The Free Sex Video Community in (12973 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (4921 Visits)
- libertatea.ro vulnerabil la (blind) sql injection in (2950 Visits)
- Pwning cam girls for fun in (2586 Visits)
- Telegraph.co.uk hacked, sql injection in (2546 Visits)
- Facebook hacked - sql injection in (2425 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (2406 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (1775 Visits)
- [Hacked]Bitdefender (Portugal) exposes sensitive customer data in (1743 Visits)
- Wtf Avira? in (1723 Visits)
- Christopher "moot" Poole: The case for anonymity online in (1495 Visits)
- Digital Photocopiers Loaded With Secrets in (1458 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (592 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (590 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (463 Visits)
- PRIVACY IS DEAD - GET OVER IT, Pt 01-34 (Recommended by Hackersblog ) in (396 Visits)
- Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (379 Visits)
- [Video] The History Of Hacking in (373 Visits)
- Email Security - Why You Should Encrypt Your Email - Part One in (368 Visits)
- The Story of DEFCON in (343 Visits)
- Deface - tuttoaffari.lastampa.it si citymusiclab.city.corriere.it in (3493 Visits)
- RNS vs. RAI - citizenreport.rai.it hacked. in (3300 Visits)
- Hi5 email finder si sfarsitul a tot ceea ce inseamna privacy in social networking in (2996 Visits)
- Se poate sparge parola de Yahoo? in (2572 Visits)
- Free SMS time, TrimiteSMS.ro in (2492 Visits)
- Planete-plus-intelligente.lemonde.fr defaced by R.N.S. in (2464 Visits)
- Gmail uber hacking in (2256 Visits)
- Camera de supraveghere a universitatii Alexandru Ioan Cuza din Iasi in (2255 Visits)
- Cancan.ro spart pentru a doua oara intr-o zi in (2252 Visits)
- Stiri cu antena3 in (2208 Visits)
Posted on February 9th, 2009
Articol scris atat in limba romana cat si in engleza. Already reported to bitdefender hq.
Later edit: bitdefender.pt is just a reseller for bitdefender products
It seems Kaspersky aren’t the only ones who need to secure their database. Bitdefender has the same problems.
The images speak for themselves. First we see the version, user and name of the Data Base.
Now let’s see the Admin userName, userPass, sessionID and lastlog.
Here’s an injection that returns thousands of lines where we see personal details of the customers, tabel vendas (sales table).
And last a part of the data from the table inscricoes(Newsletter)… thousands of email addresses, candy for possible spammers.
———————————————————————————–
Ro version :
Se pare ca nu doar kaspersky se confrunta cu securizarea propriei baze de date. Si bitdefender are aceasi probleme.
Imaginile vorbesc de la sine. Prima data sa vedem versiunea,userul si numele bazei de date.
Acum datele de logare a adminilor: userName, userPass, sessionID, si lastLog
Injectia afisand mii de linii de rezultat, sa vedem o parte din datele personale , tabel vendas
Si in final o parte din datele tabelului inscricoes (Abonamente)… mii de adrese email, o bomboana pentru posibilii spammeri





February 9th, 2009 at 10:06 am
Da nu imi pot da seama cum au pretentia sa produca sisteme de securitate daca nu sunt in stare sa isi securizeze propriile servere. Penal..
February 9th, 2009 at 11:01 am
[...] [Hacked]Bitdefender (Portugal) exposes sensitive customer data [...]
February 9th, 2009 at 11:57 am
site-ul nu apartine companiei BitDefender: http://whois.domaintools.com/bitdefender.pt
February 9th, 2009 at 12:05 pm
Poti intra pe bitdefender.com si sa selectezi direct de la ei de pe site (la language) bitdefender.pt. E al lor.
February 9th, 2009 at 12:12 pm
[...] Laman BitDefender Portugal Yang Di Ceroboh [via] [...]
February 9th, 2009 at 12:15 pm
oh my … mai inainte kaspersky si acum bit defenderu… oh noes… incredibil cum poti sa interoghezi bazele de date unor ‘giganti’ prin url, GET-uri nefiltrate… mysql_escape_string() FTW.
Bravo.
February 9th, 2009 at 12:34 pm
@2fingers pey acolo au si site-uri ale partenerilor
February 9th, 2009 at 12:51 pm
@andreea – Acum am vazut ca e la partners.
Totusi un mirror reprezinta compania. Un mirror cu probleme reprezinta compania intr-un mod negativ, mai ales cum e in cazul de fata. Cand esti companie de securitate si ai sigla pe un site afiliat care iti promoveaza doar produsele tale cat e de greu sa faci ii faci un minim de verificare a scripturilor?
Partener sau nu, datele userilor tot se afla acolo iar logo-ul firmei prezent pe tot site-ul confirma penibilitatea. Acum fiecare cititor poate sa traga singur concluziile asa cum doreste.
February 9th, 2009 at 3:16 pm
@TTDDOO – e baza de date a site-ului, nu a gigantului. E o mica diferenta. Daca ar fi doar un site de prezentare, spargerea ar echivala cu mazgalirea unui afis pe strada. Dar din pacate de pe un site ca asta se poate (mai mult sau mai putin) descarca un software de securitate. Care daca e compromis, poate afecta utilizatorii. (Softul ca atare e greu de injectat cu virusi, pt ca pp ca e semnat digital, dar o simpla redirectare catre un alt exe e suficienta pentru un user obisnuit)
@2fingers – decat sa stea sa verifice codul, mai bine le dadea un site gata facut la care doar sa schimbe textele. In felul asta respectau si manualul de corporate identity.
February 9th, 2009 at 3:38 pm
The website that was hacked http://www.bitdefender.pt doesnt belong to BitDefender but to a Distributor in Portugal. So any atempt to descredit the brand is uselless because the damage was done to a portugueses informatic company, not to the brand. I hope this clarifies the situation.
February 9th, 2009 at 5:00 pm
Wow using AOL to hack. Real Pros!
February 9th, 2009 at 5:06 pm
Any attempt to discredit the company is NOT useless. All I see there is a big BitDefender Logo the BitDefender.pt domain (btw. BitDefender is a registered Trade Mark), they don’t sell any other products … I don’t care it’s their partners or their own site. The impact is the same.
Imagine that someone would break into a franchise site of ING Bank (they don’t have partner sites, I’m just making a point), revealing customer data … Imagine them saying: Well … Ar … Yeah … well it’s not our site … they’re just partners.
February 9th, 2009 at 5:11 pm
Au dat jos site-ul
.
Site em manutenção!
Prometemos ser breves.
Pedimos desculpa pelo incómodo.
February 9th, 2009 at 6:00 pm
v`am dat mail cu asta? :-w
February 9th, 2009 at 6:10 pm
Caracal, am primit emailul tau in 7 februarie, insa unu stia deja despre vulnerabilitatea asta de mult timp, dar a asteptat ca cei de la BitDefender sa rezolve problema
February 9th, 2009 at 6:24 pm
[...] http://hackersblog.org/2009/02/09/hackedbitdefender-portugal-exposes-sensitive-customer-data/ [...]
February 9th, 2009 at 6:33 pm
:-< god damn it!
February 9th, 2009 at 10:34 pm
[...] Update: It seems that another security vendor has fallen into the very same problem – BitDefender (Portugal’s website) seems to be affected by a similar SQL injection problem according to Hacker’s Blog. [...]
February 10th, 2009 at 12:33 am
Putin off topic, dar ati ajuns vedete internationale. http://it.slashdot.org/article.pl?sid=09/02/08/2218256&from=rss
Check it
February 10th, 2009 at 10:04 am
[...] Postat in secu Initial a fost Kaspersky.Acum a venit randul lui BitDefender. Modus operandi? Acelasi deja desuet SQL injection. Aici sunt si screenshot-urile. [...]
February 10th, 2009 at 5:12 pm
Hackerii astia isi ascund ip-u cu aol? doar atat?
February 10th, 2009 at 5:18 pm
+ socks
February 10th, 2009 at 9:41 pm
[...] As with his last hack, unu originally posted this hack findings on HackersBlog. [...]
February 11th, 2009 at 5:38 am
[...] the hacker site claiming credit for the breach said on Monday that it had done the same compromise on the Portuguese Web site of antivirus provider [...]
February 11th, 2009 at 12:32 pm
[...] otro lado parece que Bitdefender también tiene su parte de los problemas de inyección SQL; hackersblog.org tiene varias capturas de pantalla que muestra [...]
February 11th, 2009 at 12:47 pm
[...] de Bit Defender, que ha sido atacada utilizando el mismo ataque de inyeccion SQL. En el sitio web hackersblog.org se muestran capturas de pantallas del [...]
February 11th, 2009 at 6:47 pm
[...] detalhes foram publicados no hackersblog.org, que publica informações sobre os problemas de segurança e também notifica os operadores do [...]
February 11th, 2009 at 7:47 pm
[...] [Hacked]Bitdefender (Portugal) exposes sensitive customer data [...]
February 11th, 2009 at 11:54 pm
[...] به همراه هزاران آدرس ایمیل در دسترس نفوذگر قرار گرفت(خبر هک شدن سایت Bitdefender – متن خبر در [...]
February 12th, 2009 at 4:36 am
[...] Hack BitDefender PT Post Hack Kaspersky [...]
February 12th, 2009 at 12:04 pm
[...] безопасности всех корпоративных сайтов компании. Подробнее Полная статья в Интернете: [...]
February 12th, 2009 at 1:30 pm
[...] please! iodus 12 Feb, 2009 Securitate Dupa Kaspersky si BitDefender, a venit timpul si celor de la F-Secure.com… vulnerabil la SQL Injection si la atacuri de tip [...]
February 12th, 2009 at 2:50 pm
[...] Detaliile sunt postate pe hackersblog.org, care publică informaţii despre problemele de securitate dar spune că va notifica operatorii site-ului şi nu va dezvălui informaţii sensibile. [...]
February 13th, 2009 at 2:05 pm
[...] Kaspersky antivirus but they also attacking another antivirus company with the same technic, BitDefender Antivirus and Security Company F-Secure. Its amaze me they can attack those site in a week.., hell yeah.. [...]
February 17th, 2009 at 11:52 pm
[...] aqui les dejo un post que encontre en HackersBlog acerca de un ataque a KasperSky, además, hay otro post de un ataque a BitDefender Portugal, los 2 atacados via SQL Inyection; aqui les dejo los [...]
February 18th, 2009 at 8:53 am
[...] forum@kaspersky.com e webmaster@kaspersky.com. Como não obteve qualquer resposta, decidiu então apresentar publicamente os seus [...]
February 20th, 2009 at 11:19 am
[...] a similar problem in Kaspersky Lab’s site, as well as in a partner site for security vendor BitDefender, and in the F-Secure Web [...]
February 26th, 2009 at 11:22 am
[...] against major antivirus companies. After the recent SQL injections in Kaspersky, BitDefender (here and here) and F-Secure the regular user might wonder in which company should they still [...]
May 1st, 2009 at 3:26 am
You know, is sad, but rather funny that people trying to sell you items to guard you on line security can not even protect themselves.
May 6th, 2009 at 3:23 pm
[...] pare ca da …. echipa care a dat clasa expertilor de la Symanctec , Bitdefender si Kaspersky se reintoarce si de data asta fac recrutari. Hackersblog.org recruteaza editori [...]
July 1st, 2009 at 8:25 pm
Hackers…
On the note of hacking…why not become a vigilante like in the movies…ultraviolet or batman…and have some fun. You can totally DOS the illegitimate spammers/scammers like wholesaledrugspass.com or http://www.onlinepillspro.com company websites…and trash their revenue flow. If you are a hacker just learning, enjoy learning on their systems. They spammers think they are smarter than the world…a good opportunity to f$%k-up a parasite. Its like casual gaming for hackers…
If you are really really good at hacking, find the source, get their info, distribute, hack into the spamming databases
and add them, etc…crush the peawods. Or, write a bot, that finds any site advertising with their fake contact numbers (1(210) 888-9089) and brutalize them. Of course to do it right it would need to avoid blogs discussing spammers/scammers.Sooo many options.
There is a time for vigilantes. It looks like hackers are the only ones with the opportunity to be a vigilante.
Below are just a few, likely easy, spammers to take out. Most of them are probably on the same severfarm…take em out with a DOs
and you take them all out.
And, when you are done taking them out…sent a notice to news sites and blogs and others about your terror on spammers…would make a great read for many.
****Love you Hackers!*****
SPAMMERS/SCAMMERS
wholesaledrugspass.com
http://www.onlinepillspro.com
amazing-drugs.com
pharmascop.com
http://www.ithecanadianmeds.com
http://www.supermedswell.com
http://www.spamhaus.org/statistics/spammers.lasso
December 7th, 2009 at 7:53 am
Unu I NEED UR MAIL ID