International Herald Tribune (iht.nytimes.com) Sql Injection |

Most Commented

Loading....

Apocalipsa dupa Nemessis in (82 Visits)
Ce servicii de mail folositi? in (28 Visits)
This is the end in (23 Visits)
Hackersblog.org is now blog.rstcenter.com in (17 Visits)
Short news in (16 Visits)
La multi ani România, la multi ani românilor in (16 Visits)
Inca o pierdere de timp in (11 Visits)
Azi este ziua userilor hackersblog.org in (11 Visits)
Raportare vulnerabilitati in (9 Visits)
Contact si vulns report in (7 Visits)
Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac? in (229 Visits)
Hi5.com coders read this in (28 Visits)
SMS scam (1) in (21 Visits)
Phishing Bancpost in (8 Visits)
Dezinformare sau proasta informare? in (7 Visits)
Phishing Raiffeisen cu atasament html in (5 Visits)
Si tentativele de phishing pot fi amuzante in (5 Visits)
Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta in (76 Visits)
[Utilitare] Suna gratis de pe internet sau de pe iPhone in (41 Visits)
Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (31 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (29 Visits)
Ce nu se invata la scoala - (D)DOS (5) in (25 Visits)
Virusi in clipuri video [how to] in (23 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (21 Visits)
Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (18 Visits)
Yahoo! redirects - a big issue (with video) in (10 Visits)
Ca musca in... in (9 Visits)
usa.kaspersky.com hacked ... full database acces , sql injection in (123 Visits)
Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (73 Visits)
Yahoo! epic fail - permanent xss unleashed in (71 Visits)
Telegraph.co.uk hacked, sql injection in (53 Visits)
RedTube.com ... The Free Sex Video Community in (43 Visits)
Kaspersky Thailand hacked by TinKode in (38 Visits)
Conquiztador Hacked Again in (33 Visits)
Telegraph.co.uk hacked - when will they learn? in (31 Visits)
F-Secure.com - SQL Injection + Cross Site Scripting in (28 Visits)
In atentia BitDefender.com, SQL Injection in (26 Visits)
Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (25 Visits)
Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (20 Visits)
Digital Photocopiers Loaded With Secrets in (15 Visits)
Hacker Uses XSS and Google Street View Data to Determine Physical Location in (12 Visits)
OWASP Phishing demo in (7 Visits)
Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (7 Visits)
Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (6 Visits)
Christopher "moot" Poole: The case for anonymity online in (6 Visits)
Owasp5005 Part1 - New zero-day browser exploits - ClickJacking in (5 Visits)
[Video] The History Of Hacking in (5 Visits)
Se poate sparge parola de Yahoo? in (259 Visits)
phpBB.ro hacked in (82 Visits)
Cand dorinta de afirmare depaseste granitele bunului simt - PaxNwo un leecher ordinar in (47 Visits)
Experiment social in (46 Visits)
Oare cum e pana la urma? in (40 Visits)
"Hot" de id-uri messenger in (39 Visits)
Experiment social II - andimoisescu.ro in (37 Visits)
Ce nu se invata la scoala – Vendetta (6) in (37 Visits)
Concurs fara premii in (36 Visits)
Forumul Andreei Balan spart in (33 Visits)

Top Users

Archives

Loading....

International Herald Tribune (iht.nytimes.com) Sql Injection

Posted by unu in English News

Posted on February 17th, 2009

news, analysis, opinion and breaking news… and a sql injection vulnerability. International Herald Tribune is the global edition of the New York Times. A site and newspaper read by millions world wide.

I discovered an unsecured parameter which allows access to the data base.

Lets see the version, user and name of the database as well as all the other available data bases.

Besides the wealth of information in the database we also found an interesting table containing login details of 161 affiliates, editors, reporters and other associates of the famed newspaper

I will continue with other newspapers soon.

Romanian version:

International news, analysis, opinion and breaking news… and a big sql injection vulnerability. International Herald Tribune is the global edition of the New York Times.
Un ziar foarte citit , o pagina web mult accesata. Problema este la un parametru prost sanitizat care permite acces la baza de date. Sa vedem versiunea, userul, numele bazei de date cat si db disponibile.

Pe langa celelalte date ce tin de site-ul web, mai avem un table interesant. Datele de logare a 161 de colaboratori, editori, etc al renumitului ziar.

Voi continua cu alte ziare de renume..

February 23, 2011 -- Concurs fara premii
August 30, 2010 -- Deface (?!?) pe Cotidianul.ro
April 21, 2010 -- France2.fr – France4.fr – in asteptarea atacului?
December 24, 2009 -- Forumul Andreei Balan spart
December 22, 2009 -- Fun cu NemoExpres.ro

5 Responses to “International Herald Tribune (iht.nytimes.com) Sql Injection”

theStick Says:
February 17th, 2009 at 3:45 pm
bravo baieti, o sa ajungeti iar pe slashdot
Nabukad Says:
February 17th, 2009 at 6:30 pm
hai odată cu whitehouse.gov, norad.mil, nasa.gov…
Andre3000 Says:
February 17th, 2009 at 11:33 pm
nu ca aia sunt suparaciosi, nu stiu de gluma si se iau de noi )
Flo Says:
February 21st, 2009 at 11:36 am
ma mir ca situri de talie internationala de care a auzit tot prostul sunt vulnerabile la SQL injection. Au platit bani cacalau la developeri puturosi.
crow Says:
February 21st, 2009 at 12:41 pm
Bravo baieti !

Subscribe to our Feed

N/A Subscribers (Feedburner)

Entries RSS

Comments RSS

Related Posts

5 Responses to “International Herald Tribune (iht.nytimes.com) Sql Injection”

Leave a Reply