rol.ro again |

Most Commented

Loading....

Apocalipsa dupa Nemessis in (81 Visits)
Ce servicii de mail folositi? in (27 Visits)
This is the end in (22 Visits)
Hackersblog.org is now blog.rstcenter.com in (17 Visits)
Short news in (16 Visits)
La multi ani România, la multi ani românilor in (15 Visits)
Inca o pierdere de timp in (10 Visits)
Azi este ziua userilor hackersblog.org in (10 Visits)
Raportare vulnerabilitati in (8 Visits)
Update in (7 Visits)
Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac? in (228 Visits)
Hi5.com coders read this in (28 Visits)
SMS scam (1) in (21 Visits)
Phishing Bancpost in (7 Visits)
Dezinformare sau proasta informare? in (7 Visits)
Si tentativele de phishing pot fi amuzante in (5 Visits)
Phishing Raiffeisen cu atasament html in (4 Visits)
Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta in (75 Visits)
[Utilitare] Suna gratis de pe internet sau de pe iPhone in (41 Visits)
Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (30 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (29 Visits)
Ce nu se invata la scoala - (D)DOS (5) in (24 Visits)
Virusi in clipuri video [how to] in (22 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (20 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (17 Visits)
Yahoo! redirects - a big issue (with video) in (10 Visits)
Ca musca in... in (9 Visits)
usa.kaspersky.com hacked ... full database acces , sql injection in (123 Visits)
Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (72 Visits)
Yahoo! epic fail - permanent xss unleashed in (69 Visits)
Telegraph.co.uk hacked, sql injection in (52 Visits)
RedTube.com ... The Free Sex Video Community in (41 Visits)
Kaspersky Thailand hacked by TinKode in (37 Visits)
Conquiztador Hacked Again in (32 Visits)
Telegraph.co.uk hacked - when will they learn? in (29 Visits)
F-Secure.com - SQL Injection + Cross Site Scripting in (27 Visits)
Ziua userilor - sinu.utcluj.ro in (26 Visits)
Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (24 Visits)
Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (20 Visits)
Digital Photocopiers Loaded With Secrets in (15 Visits)
Hacker Uses XSS and Google Street View Data to Determine Physical Location in (12 Visits)
OWASP Phishing demo in (7 Visits)
Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (7 Visits)
Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (6 Visits)
Christopher "moot" Poole: The case for anonymity online in (6 Visits)
Owasp5005 Part1 - New zero-day browser exploits - ClickJacking in (5 Visits)
[Video] The History Of Hacking in (5 Visits)
Se poate sparge parola de Yahoo? in (255 Visits)
phpBB.ro hacked in (81 Visits)
Cand dorinta de afirmare depaseste granitele bunului simt - PaxNwo un leecher ordinar in (47 Visits)
Experiment social in (46 Visits)
Oare cum e pana la urma? in (39 Visits)
"Hot" de id-uri messenger in (38 Visits)
Experiment social II - andimoisescu.ro in (37 Visits)
Ce nu se invata la scoala – Vendetta (6) in (37 Visits)
Concurs fara premii in (36 Visits)
Forumul Andreei Balan spart in (32 Visits)

Top Users

Archives

Loading....

rol.ro again

Posted by unu in English News

Posted on February 15th, 2009

Deoarece de nenumarate ori am vorbit despre rol.ro , despre insecuritatea bazei lor de date nu voi mai dezbate pe larg subiectul.
Deoarce de nenumarate ori am vorbit despre nesimtirea lor pentru modul cum isi trateaza userii, pe cei inregistrati , din moment ce iar permit full acces la baza de date, la datele personale ale acestora, acum doar voi mai trage inca un semnal de alarma. Degeaba le-am trimis emailuri –din auzite si altii au mai facut asta– n-au luat nicio masura concreta. Au securizat doar parametrul semnalizat , fara sa ia cea mai banala masura de siguranta: sa interzica functia select, union sau and. Din nou o singura interogare afiseaza pana in 10.000 de rezultate, randuri de date.

Din poza se vad denumirile bazelor de date de pe server. Mai pe romaneste se pot accesa toate sectiunile ce tin de rol.ro (antivirus, bancuri, bilete, bursa, calendar, cazare, gsm, imobiliare, jocuri, forum, ziare, turism, vremea,etc..TOT)

Userii chiar n-au nicio vina, asa ca nu voi mai publica poze cu datelel lor personale. In schimb voi arata fara blurare parolele de logare a userilor mysql

March 5, 2009 -- Ziua userilor – rol.ro
December 5, 2008 -- Rol.ro romania online sql injection
February 23, 2011 -- Concurs fara premii
August 30, 2010 -- Deface (?!?) pe Cotidianul.ro
April 21, 2010 -- France2.fr – France4.fr – in asteptarea atacului?

7 Responses to “rol.ro again”

zoso Says:
February 15th, 2009 at 10:57 am
daca poti, sterge-le bazele de emailuri.
Claudel Says:
February 15th, 2009 at 1:56 pm
doar un bolovan ca tine poate concepe asemenea an-uri
azd Says:
February 15th, 2009 at 2:45 pm
auch!
theStick Says:
February 15th, 2009 at 3:32 pm
o sa vi se sparga in cap niste oale din cauza ca faceti asta, pregatiti-va.
vlad Says:
February 16th, 2009 at 2:34 pm
+1 pentru zoso , ati face un bine romanilor daca le-ati sterge baza de e-mailuri )
Cd-MaN Says:
February 16th, 2009 at 4:56 pm
Pe partea pozitiva: macar au limitari pe IP-urile de unde se pot conecta utilizatorii mai privilegiati.
Ionut G. Stan Says:
February 17th, 2009 at 11:08 pm
Nu stiu daca ati descoperit si vreo vulnerabilitate de remote file inclusion la ei. Daca nu, v-o spun eu. Aveti email-ul meu.

Subscribe to our Feed

N/A Subscribers (Feedburner)

Entries RSS

Comments RSS

Related Posts

7 Responses to “rol.ro again”

Leave a Reply