[Link Removed]Asociatia Romana a Bancilor are probleme?

[EN] Turkish hackers breach US Army servers

[EN] PC-pwning infection hits 30,000 legit websites

Finally the last reported vuln is patched, and we can post new infos about the third SQL Injection vulnerability in Orange websites.

Now we are talking about  190 000+ exposed accounts with passwords stored in plain text.

schema_name + version_user_database

User, email and pass (in plain text)

Submitted by unu.

Patched by Orange.fr staff.

After orange.co.uk it looks like Sugababes website is another victim of daemien curiosity.

A post on RST (if you are outside of Romania click here) show us some info’s to prove that intrusion is real:
Read the rest of this entry»

It seems that some companies dont learn from their mistakes and continue to jeopardise the informations they have on their users.

We again talk about telegraph.co.uk and this time it seems it is possible to upload a shell which gives full access on their server. This is facilitated by an SQLi vulnerability. We cannot overlook the fact that even to this date, user passwords are in plain view, regardless of the fact that all experts in IT security recommend that ANY passwords should have a minimum encription.
Read the rest of this entry»

First of all “unu” is not anymore a publisher from HackersBlog team. Please read this before you publish an article about us in newspapers.

HackersBlog is just an online newspaper. We are not testing websites anymore and we are not involved in finding vulnerabilities exposed here. We receive mails with vulns and screenshots, and “unu” is just one of the guys that report vulns for our articles because… this is his hobby, I think.

Thank you for understanding.

http://www.alienhackers.com/

After my initial post where I was asking the staff of orange.co.uk for their contact details one of the vulns was already found by someone else and posted on RST forum. I am sorry they could not wait at least one day but nobody can stop people from making full disclosure at their own perusal. This could be a lesson for those site owners who do not think that having an email address where they could receive such as “your website has be breached” is important. We often wait 2 days sometimes just to find out who we should talk to and then wait another 2 for them to solve it. I dont find this very professional especially when we talk about a company of this size. We are talking about protecting their private data… But who are we to judge them?

You can find the screenshot from RST here (only romanian ips can acces this page so you can use a romanian proxy if you want to see the discussions) and here.

Initially this article was like this:

daemien reported a new vuln in a page that belongs to Orange. This time it is Orange.co.uk.

Here would follow some images and tables extracted from their data base but the image already posted on RST is pretty self descriptive.

We would like to thank daemien for this report.

PS: we hope the other vuln newly found will be fixed before any such issue would rise again.

Versiunea in limba romana o puteti gasi aici.

Read the rest of this entry»

Orange.fr

Orange.co.uk

Your website has some problems and we can’t find any contact address to report security issues.

Thank you.