- Hacker Uses XSS and Google Street View Data to Determine Physical Location
- CAnCAn te iubim, CA CA tine nu gasim. Superfete.cancan.ro e de rahat
- Deface (?!?) pe Cotidianul.ro
- Virusi in clipuri video [how to]
- Cyber-Bullying – palma parinteasca a noului mileniu
- Christopher “moot” Poole: The case for anonymity online
- Wtf Avira?
- Some old story about tagged.com
- Pwning cam girls for fun
- Tabloshit
- Yahoo! again - XSS in Uncategorized (357 Visits)
- Yahoo! again - bad settings? in Uncategorized (252 Visits)
- Fanii nostri in Uncategorized (183 Visits)
- Frustrant in Uncategorized (146 Visits)
- La multi ani România, la multi ani românilor in Uncategorized (137 Visits)
- Weblog.ro - Shell via Local File Inclusion in Uncategorized (119 Visits)
- Yahoo! epic fail - permanent xss unleashed in Uncategorized (50 Visits)
- ... in Uncategorized (38 Visits)
- XSS Ownage - hi5 vs. Yahoo! + video in Uncategorized (2 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in Uncategorized (2 Visits)
- Hackersblog.org is now blog.rstcenter.com in (1770 Visits)
- O mica dar importanta precizare in (1371 Visits)
- Twitter in (805 Visits)
- This is the end in (776 Visits)
- Ce servicii de mail folositi? in (773 Visits)
- Un nou membru in (730 Visits)
- La multi ani România, la multi ani românilor in (718 Visits)
- Inca o pierdere de timp in (674 Visits)
- De reţinut in (634 Visits)
- Azi este ziua userilor hackersblog.org in (610 Visits)
- SMS scam (1) in (564 Visits)
- Dezinformare sau proasta informare? in (563 Visits)
- Hi5.com coders read this in (553 Visits)
- Phishing Raiffeisen cu atasament html in (516 Visits)
- Phishing Bancpost in (486 Visits)
- Si tentativele de phishing pot fi amuzante in (422 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (2707 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (2601 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (1143 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (1107 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (950 Visits)
- Virusi in clipuri video [how to] in (838 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (725 Visits)
- Yahoo! redirects - a big issue (with video) in (570 Visits)
- Internet vs. privacy (1) in (469 Visits)
- Ca musca in... in (435 Visits)
- RedTube.com ... The Free Sex Video Community in (12973 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (4921 Visits)
- libertatea.ro vulnerabil la (blind) sql injection in (2950 Visits)
- Pwning cam girls for fun in (2586 Visits)
- Telegraph.co.uk hacked, sql injection in (2546 Visits)
- Facebook hacked - sql injection in (2425 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (2406 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (1775 Visits)
- [Hacked]Bitdefender (Portugal) exposes sensitive customer data in (1744 Visits)
- Wtf Avira? in (1723 Visits)
- Christopher "moot" Poole: The case for anonymity online in (1495 Visits)
- Digital Photocopiers Loaded With Secrets in (1458 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (592 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (590 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (463 Visits)
- PRIVACY IS DEAD - GET OVER IT, Pt 01-34 (Recommended by Hackersblog ) in (396 Visits)
- Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (379 Visits)
- [Video] The History Of Hacking in (373 Visits)
- Email Security - Why You Should Encrypt Your Email - Part One in (368 Visits)
- The Story of DEFCON in (343 Visits)
- Deface - tuttoaffari.lastampa.it si citymusiclab.city.corriere.it in (3493 Visits)
- RNS vs. RAI - citizenreport.rai.it hacked. in (3300 Visits)
- Hi5 email finder si sfarsitul a tot ceea ce inseamna privacy in social networking in (2996 Visits)
- Se poate sparge parola de Yahoo? in (2572 Visits)
- Free SMS time, TrimiteSMS.ro in (2492 Visits)
- Planete-plus-intelligente.lemonde.fr defaced by R.N.S. in (2464 Visits)
- Gmail uber hacking in (2256 Visits)
- Camera de supraveghere a universitatii Alexandru Ioan Cuza din Iasi in (2255 Visits)
- Cancan.ro spart pentru a doua oara intr-o zi in (2252 Visits)
- Stiri cu antena3 in (2208 Visits)
Posted on March 6th, 2009
“Latest news, business, sport, comment, lifestyle and culture plus content from the Daily Telegraph and Sunday Telegraph newspapers and video from Telegraph” and an SQLi that allows full acces to ALL the databases of this famous newspaper.
Here are some of the database names and their version:
Users passwords are in plain view:
Besides numerous interesting tables there is one that contains email addresses of those receivingt he newsletter. A real treasure for spammers. In the syntax you can see there quite a bunch of them. I concatanated the 700.000th email address.
Later edit: if you are a member of telegraph.co.uk read this article too and follow the advice regarding passwords.
—–
RO Version
“Latest news, business, sport, comment, lifestyle and culture plus content from the Daily Telegraph and Sunday Telegraph newspapers and video from Telegraph”… si un sql injection, care permite full acces in toate bazele de date al respectivului ziar online.
Sa vedem o parte din denumirile bazelor de date cat si versiunea :
Parolele userilor sunt tinute in text clar:
Pe langa multe alte tabele interesante avem si una cu adresele de email, a celor inscrisi pentru newsletter. O adevarata comoara pentru potentialii spammeri.In sintaxa, sa vedeti numarul mare a celor inregistrati, am concatanat adresa de email cu numarul 700.000
March 6th, 2009 at 5:34 pm
Am si eu o intrebare, daca asa site-uri mari si renumite, care (cred) cheltie o gramada de bani, au asa vulnerabilitati, ce se intimpla cu site-urile de talie mica si medie?
March 6th, 2009 at 6:09 pm
this is not the live website… easy to compare by the pictures above.
March 6th, 2009 at 6:18 pm
yes it is one of the sections of the live website, with full access to all database’s tables
March 6th, 2009 at 6:52 pm
[...] have made some high profile web site compromises recently and today they posted evidence that they had compromised the website of the UK national daily newspaper, The [...]
March 6th, 2009 at 7:30 pm
Looks like this area of the site is no longer available
March 6th, 2009 at 11:10 pm
Hey guys, you are not really hackers, you are just simple php + mysql developers which find poorly written websites. That’s all I see from you, sql injection in php. Is that the best you guys can do?
March 6th, 2009 at 11:26 pm
Of course not. We are also able to eat tons of ice cream.
March 7th, 2009 at 12:38 am
Hmm… date on site says Tue 17 Feb 2009…
March 7th, 2009 at 12:41 am
..and Mon 23 Feb 2009… Robin Hood hacking?
March 7th, 2009 at 12:49 am
“We will do a full disclosure if the vulnerability isn’t patched in usefull time or if it’s been patched after the admin is contacted.”
http://www.hackersblog.org/about/
Sometimes we don’t have enough time to make all the screenshots and we make the rest of screenshots after a day or two.
March 7th, 2009 at 4:27 pm
[...] Romanian group, HackersBlog, has struck again and this time it is not an infosec firm. This time it is the website of the [...]
March 8th, 2009 at 10:48 pm
[...] Daily Telegraph’s web site has been compromised using an SQL injection attack, according to HackersBlog. It says: “Latest news, business, sport, comment, lifestyle and culture plus content from the [...]
March 9th, 2009 at 4:54 am
[...] I’m a bit stunned that an organisation the size of The Telegraph would store user passwords in plaintext, but, well … they do. [...]
March 9th, 2009 at 11:57 am
[...] claim attack over Daily Telegraph web site An ethical hacker from HackersBlog today claimed that he was able to carry out a SQL injection attack successfully and has got access [...]
March 9th, 2009 at 12:19 pm
[...] Daily Telegraph’s web site has been compromised using an SQL injection attack, according to HackersBlog. It says: “Latest news, business, sport, comment, lifestyle and culture plus content from the [...]
March 9th, 2009 at 1:00 pm
[...] Spotify’s breach last week, hackersblog has posted up proof that hackers have used the SQL injection technique to gain entry to the [...]
March 9th, 2009 at 1:20 pm
[...] goes unnoticed and if you let down your guard for a minute you can be front page news, like the Daily Telegraph (interestingly on the Guardian web site). In this case the method of attack is old chestnut, [...]
March 9th, 2009 at 1:37 pm
Thanks guys. There is a statement from Telegraph.co.uk’s CIO on my blog here: http://blogs.telegraph.co.uk/shane_richmond/blog/2009/03/09/hackersblog_and_telegraphcouk
March 9th, 2009 at 1:45 pm
With pleasure Shane.
March 9th, 2009 at 1:51 pm
[...] to a blog post at hackersblog.org , Telegraph.co.uk has been [...]
March 10th, 2009 at 12:39 am
felicitari, ati ajuns pe digg.
March 10th, 2009 at 4:39 am
[...] Daily Telegraph’s web site has been compromised using an SQL injection attack, according to HackersBlog. It says: “Latest news, business, sport, comment, lifestyle and culture plus content from the [...]
March 10th, 2009 at 4:23 pm
[...] reported on the register – grey hat hackers discovered an SQL injection vulnerability in the Daily Telegraph property website. Not only did their website allow malacious users to access information stored in their website but [...]
March 10th, 2009 at 4:41 pm
PRINT screen cu digg ?
March 13th, 2009 at 7:30 pm
I’m a tech security reporter for USA TODAY; I’d like to interview unu. Can anyone advise how I can get in touch with him? Thanks, Byron Acohido
March 13th, 2009 at 7:39 pm
You can contact him at hackersblog.org [at] gmail.com
March 14th, 2009 at 1:09 am
Many thanks, 2fingers
Byron
April 4th, 2009 at 7:47 am
The sign up page seems like a good hack http://my.telegraph.co.uk/signup1/
May 29th, 2009 at 3:03 am
[...] of afected users? It seems allot bigger than the first time, mostly because now we are talking full access on the server which allows data extraction of ALL [...]
April 15th, 2010 at 5:28 pm
[...] March 2009 the Telegraph’s system was also hacked, exposing the email addresses of registered users on part of its site. That hack also seems to have been done by a Romanian hacker – suggesting [...]
April 15th, 2010 at 6:39 pm
[...] March 2009 the Telegraph’s system was also hacked, exposing the email addresses of registered users on part of its site. That hack also seems to have been done by a Romanian hacker – suggesting [...]
April 15th, 2010 at 8:07 pm
[...] March 2009 the Telegraph’s system was also hacked, exposing the email addresses of registered users on part of its site. That hack also seems to have been done by a Romanian hacker – suggesting [...]
April 17th, 2010 at 12:01 am
BRAVOOOOO. Toata stima din partea mea. Sper ca nu va opriti aici? Ma sunt imbecili destui in lumea asta.
TOT RESPECTUL MEU
April 17th, 2010 at 5:00 am
[...] The Telegraph este tinta atacurilor de genul, in martie anul trecut, websitul a fost supus unui SQL injection si la scurt timp dupa alt articol pe Hackersblog arata cum websitul are mari probleme de [...]
April 17th, 2010 at 1:28 pm
BRAVO FRATIORII MEI. NU VA OPRITI AICI! RESPECT