- Apocalipsa dupa Nemessis
- Cand dorinta de afirmare depaseste granitele bunului simt – PaxNwo un leecher ordinar
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac?
- Experiment social II – andimoisescu.ro
- Pentru posteritate
- In curand…
- “Hot” de id-uri messenger
- Chiar ca sunteti retardati
- Ce nu se invata la scoala – Vendetta (6)
- Apocalipsa dupa Nemessis in (81 Visits)
- Ce servicii de mail folositi? in (28 Visits)
- This is the end in (23 Visits)
- Hackersblog.org is now blog.rstcenter.com in (17 Visits)
- Short news in (16 Visits)
- La multi ani România, la multi ani românilor in (15 Visits)
- Inca o pierdere de timp in (11 Visits)
- Azi este ziua userilor hackersblog.org in (10 Visits)
- Raportare vulnerabilitati in (9 Visits)
- Contact si vulns report in (7 Visits)
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac? in (229 Visits)
- Hi5.com coders read this in (28 Visits)
- SMS scam (1) in (21 Visits)
- Phishing Bancpost in (8 Visits)
- Dezinformare sau proasta informare? in (7 Visits)
- Si tentativele de phishing pot fi amuzante in (5 Visits)
- Phishing Raiffeisen cu atasament html in (4 Visits)
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta in (76 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (41 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (30 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (29 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (25 Visits)
- Virusi in clipuri video [how to] in (23 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (21 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (17 Visits)
- Yahoo! redirects - a big issue (with video) in (10 Visits)
- Ca musca in... in (9 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (123 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (72 Visits)
- Yahoo! epic fail - permanent xss unleashed in (71 Visits)
- Telegraph.co.uk hacked, sql injection in (52 Visits)
- RedTube.com ... The Free Sex Video Community in (42 Visits)
- Kaspersky Thailand hacked by TinKode in (37 Visits)
- Conquiztador Hacked Again in (33 Visits)
- Telegraph.co.uk hacked - when will they learn? in (29 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (27 Visits)
- In atentia BitDefender.com, SQL Injection in (26 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (24 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (20 Visits)
- Digital Photocopiers Loaded With Secrets in (15 Visits)
- Hacker Uses XSS and Google Street View Data to Determine Physical Location in (12 Visits)
- OWASP Phishing demo in (7 Visits)
- Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (7 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (6 Visits)
- Christopher "moot" Poole: The case for anonymity online in (6 Visits)
- Owasp5005 Part1 - New zero-day browser exploits - ClickJacking in (5 Visits)
- [Video] The History Of Hacking in (5 Visits)
- Se poate sparge parola de Yahoo? in (258 Visits)
- phpBB.ro hacked in (82 Visits)
- Cand dorinta de afirmare depaseste granitele bunului simt - PaxNwo un leecher ordinar in (47 Visits)
- Experiment social in (46 Visits)
- "Hot" de id-uri messenger in (39 Visits)
- Oare cum e pana la urma? in (39 Visits)
- Experiment social II - andimoisescu.ro in (37 Visits)
- Ce nu se invata la scoala – Vendetta (6) in (37 Visits)
- Concurs fara premii in (36 Visits)
- Forumul Andreei Balan spart in (33 Visits)
Posted on March 6th, 2009
“Latest news, business, sport, comment, lifestyle and culture plus content from the Daily Telegraph and Sunday Telegraph newspapers and video from Telegraph” and an SQLi that allows full acces to ALL the databases of this famous newspaper.
Here are some of the database names and their version:
Users passwords are in plain view:
Besides numerous interesting tables there is one that contains email addresses of those receivingt he newsletter. A real treasure for spammers. In the syntax you can see there quite a bunch of them. I concatanated the 700.000th email address.
Later edit: if you are a member of telegraph.co.uk read this article too and follow the advice regarding passwords.
—–
RO Version
“Latest news, business, sport, comment, lifestyle and culture plus content from the Daily Telegraph and Sunday Telegraph newspapers and video from Telegraph”… si un sql injection, care permite full acces in toate bazele de date al respectivului ziar online.
Sa vedem o parte din denumirile bazelor de date cat si versiunea :
Parolele userilor sunt tinute in text clar:
Pe langa multe alte tabele interesante avem si una cu adresele de email, a celor inscrisi pentru newsletter. O adevarata comoara pentru potentialii spammeri.In sintaxa, sa vedeti numarul mare a celor inregistrati, am concatanat adresa de email cu numarul 700.000
March 6th, 2009 at 5:34 pm
Am si eu o intrebare, daca asa site-uri mari si renumite, care (cred) cheltie o gramada de bani, au asa vulnerabilitati, ce se intimpla cu site-urile de talie mica si medie?
March 6th, 2009 at 6:09 pm
this is not the live website… easy to compare by the pictures above.
March 6th, 2009 at 6:18 pm
yes it is one of the sections of the live website, with full access to all database’s tables
March 6th, 2009 at 6:52 pm
[...] have made some high profile web site compromises recently and today they posted evidence that they had compromised the website of the UK national daily newspaper, The [...]
March 6th, 2009 at 7:30 pm
Looks like this area of the site is no longer available
March 6th, 2009 at 11:10 pm
Hey guys, you are not really hackers, you are just simple php + mysql developers which find poorly written websites. That’s all I see from you, sql injection in php. Is that the best you guys can do?
March 6th, 2009 at 11:26 pm
Of course not. We are also able to eat tons of ice cream.
March 7th, 2009 at 12:38 am
Hmm… date on site says Tue 17 Feb 2009…
March 7th, 2009 at 12:41 am
..and Mon 23 Feb 2009… Robin Hood hacking?
March 7th, 2009 at 12:49 am
“We will do a full disclosure if the vulnerability isn’t patched in usefull time or if it’s been patched after the admin is contacted.”
http://www.hackersblog.org/about/
Sometimes we don’t have enough time to make all the screenshots and we make the rest of screenshots after a day or two.
March 7th, 2009 at 4:27 pm
[...] Romanian group, HackersBlog, has struck again and this time it is not an infosec firm. This time it is the website of the [...]
March 8th, 2009 at 10:48 pm
[...] Daily Telegraph’s web site has been compromised using an SQL injection attack, according to HackersBlog. It says: “Latest news, business, sport, comment, lifestyle and culture plus content from the [...]
March 9th, 2009 at 4:54 am
[...] I’m a bit stunned that an organisation the size of The Telegraph would store user passwords in plaintext, but, well … they do. [...]
March 9th, 2009 at 11:57 am
[...] claim attack over Daily Telegraph web site An ethical hacker from HackersBlog today claimed that he was able to carry out a SQL injection attack successfully and has got access [...]
March 9th, 2009 at 12:19 pm
[...] Daily Telegraph’s web site has been compromised using an SQL injection attack, according to HackersBlog. It says: “Latest news, business, sport, comment, lifestyle and culture plus content from the [...]
March 9th, 2009 at 1:00 pm
[...] Spotify’s breach last week, hackersblog has posted up proof that hackers have used the SQL injection technique to gain entry to the [...]
March 9th, 2009 at 1:20 pm
[...] goes unnoticed and if you let down your guard for a minute you can be front page news, like the Daily Telegraph (interestingly on the Guardian web site). In this case the method of attack is old chestnut, [...]
March 9th, 2009 at 1:37 pm
Thanks guys. There is a statement from Telegraph.co.uk’s CIO on my blog here: http://blogs.telegraph.co.uk/shane_richmond/blog/2009/03/09/hackersblog_and_telegraphcouk
March 9th, 2009 at 1:45 pm
With pleasure Shane.
March 9th, 2009 at 1:51 pm
[...] to a blog post at hackersblog.org , Telegraph.co.uk has been [...]
March 10th, 2009 at 12:39 am
felicitari, ati ajuns pe digg.
March 10th, 2009 at 4:39 am
[...] Daily Telegraph’s web site has been compromised using an SQL injection attack, according to HackersBlog. It says: “Latest news, business, sport, comment, lifestyle and culture plus content from the [...]
March 10th, 2009 at 4:23 pm
[...] reported on the register – grey hat hackers discovered an SQL injection vulnerability in the Daily Telegraph property website. Not only did their website allow malacious users to access information stored in their website but [...]
March 10th, 2009 at 4:41 pm
PRINT screen cu digg ?
March 13th, 2009 at 7:30 pm
I’m a tech security reporter for USA TODAY; I’d like to interview unu. Can anyone advise how I can get in touch with him? Thanks, Byron Acohido
March 13th, 2009 at 7:39 pm
You can contact him at hackersblog.org [at] gmail.com
March 14th, 2009 at 1:09 am
Many thanks, 2fingers
Byron
April 4th, 2009 at 7:47 am
The sign up page seems like a good hack http://my.telegraph.co.uk/signup1/
May 29th, 2009 at 3:03 am
[...] of afected users? It seems allot bigger than the first time, mostly because now we are talking full access on the server which allows data extraction of ALL [...]
April 15th, 2010 at 5:28 pm
[...] March 2009 the Telegraph’s system was also hacked, exposing the email addresses of registered users on part of its site. That hack also seems to have been done by a Romanian hacker – suggesting [...]
April 15th, 2010 at 6:39 pm
[...] March 2009 the Telegraph’s system was also hacked, exposing the email addresses of registered users on part of its site. That hack also seems to have been done by a Romanian hacker – suggesting [...]
April 15th, 2010 at 8:07 pm
[...] March 2009 the Telegraph’s system was also hacked, exposing the email addresses of registered users on part of its site. That hack also seems to have been done by a Romanian hacker – suggesting [...]
April 17th, 2010 at 12:01 am
BRAVOOOOO. Toata stima din partea mea. Sper ca nu va opriti aici? Ma sunt imbecili destui in lumea asta.
TOT RESPECTUL MEU
April 17th, 2010 at 5:00 am
[...] The Telegraph este tinta atacurilor de genul, in martie anul trecut, websitul a fost supus unui SQL injection si la scurt timp dupa alt articol pe Hackersblog arata cum websitul are mari probleme de [...]
April 17th, 2010 at 1:28 pm
BRAVO FRATIORII MEI. NU VA OPRITI AICI! RESPECT
January 25th, 2011 at 2:40 pm
sql injection, asta o cunoaste toata lumea care stie limbajul php , sql. nu e greu,