- Apocalipsa dupa Nemessis
- Cand dorinta de afirmare depaseste granitele bunului simt – PaxNwo un leecher ordinar
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac?
- Experiment social II – andimoisescu.ro
- Pentru posteritate
- In curand…
- “Hot” de id-uri messenger
- Chiar ca sunteti retardati
- Ce nu se invata la scoala – Vendetta (6)
- Apocalipsa dupa Nemessis in (82 Visits)
- Ce servicii de mail folositi? in (28 Visits)
- This is the end in (23 Visits)
- Hackersblog.org is now blog.rstcenter.com in (17 Visits)
- Short news in (16 Visits)
- La multi ani România, la multi ani românilor in (16 Visits)
- Inca o pierdere de timp in (11 Visits)
- Azi este ziua userilor hackersblog.org in (11 Visits)
- Raportare vulnerabilitati in (9 Visits)
- Contact si vulns report in (7 Visits)
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac? in (229 Visits)
- Hi5.com coders read this in (28 Visits)
- SMS scam (1) in (21 Visits)
- Phishing Bancpost in (8 Visits)
- Dezinformare sau proasta informare? in (7 Visits)
- Phishing Raiffeisen cu atasament html in (5 Visits)
- Si tentativele de phishing pot fi amuzante in (5 Visits)
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta in (76 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (41 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (30 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (29 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (25 Visits)
- Virusi in clipuri video [how to] in (23 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (21 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (18 Visits)
- Yahoo! redirects - a big issue (with video) in (10 Visits)
- Ca musca in... in (9 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (123 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (73 Visits)
- Yahoo! epic fail - permanent xss unleashed in (71 Visits)
- Telegraph.co.uk hacked, sql injection in (53 Visits)
- RedTube.com ... The Free Sex Video Community in (43 Visits)
- Kaspersky Thailand hacked by TinKode in (38 Visits)
- Conquiztador Hacked Again in (33 Visits)
- Telegraph.co.uk hacked - when will they learn? in (31 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (28 Visits)
- In atentia BitDefender.com, SQL Injection in (26 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (25 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (20 Visits)
- Digital Photocopiers Loaded With Secrets in (15 Visits)
- Hacker Uses XSS and Google Street View Data to Determine Physical Location in (12 Visits)
- OWASP Phishing demo in (7 Visits)
- Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (7 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (6 Visits)
- Christopher "moot" Poole: The case for anonymity online in (6 Visits)
- Owasp5005 Part1 - New zero-day browser exploits - ClickJacking in (5 Visits)
- [Video] The History Of Hacking in (5 Visits)
- Se poate sparge parola de Yahoo? in (259 Visits)
- phpBB.ro hacked in (82 Visits)
- Cand dorinta de afirmare depaseste granitele bunului simt - PaxNwo un leecher ordinar in (47 Visits)
- Experiment social in (46 Visits)
- Oare cum e pana la urma? in (40 Visits)
- "Hot" de id-uri messenger in (39 Visits)
- Experiment social II - andimoisescu.ro in (37 Visits)
- Ce nu se invata la scoala – Vendetta (6) in (37 Visits)
- Concurs fara premii in (36 Visits)
- Forumul Andreei Balan spart in (33 Visits)
Posted on May 19th, 2009
“Unu”, the ex HackersBlog member that stole the spotlight with his findings in internet security has come up with a new, very interesting finding. He gained access to personal data of a very large website.
According to unu, over 8.000.000 (that 8 followed by 6 zeros!! 8 Millions) member accounts of gamespot.com have been at the mercy of anyone who could take advantage of them by means of SQLi. In the mail sent to us, “unu” says that using that SQLi anyone could extract client details such as: home address, DOB, email, and more. He backs up his claims with screenshots on personal deatils of user 2.800.000. Passwords were not in plain sight in this case so gamespot.com users can feel safe (sic).
This Vuln could have been an extremely serious threat for gamespot users but, according to “unu” the problem is now solved and the parameter that allowed data extraction was sanitized and case is closed.
May 19th, 2009 at 7:57 pm
bravo ba
what will be next? 
) hacking wikipedia? :p 
)
May 19th, 2009 at 9:14 pm
Imi pare bine ca ” Unu is back ” . Parca nu e la fel fara el
May 19th, 2009 at 9:32 pm
I’m just wondering if this vulnerability was lost in in some bad hands…
That’s a BIG database
May 20th, 2009 at 6:52 pm
Bine ati revenit dar sincer … tema este asa dezordonata nu stiu unde si ce sa citesc si e foarte obositoare va rog sa puneti tema initiala … este mult mai PROFI ca sa zic asa negra si simplu de navigat .
May 20th, 2009 at 8:49 pm
Oare cati bani o fi facut Unu pana acum din SQLi ?
)
)
Numai din astea 8 mil de date, se pot face cateva sute de mii de $.
Mi se pare foarte interesant cum reuseste el sa gaseasca vulnerabilitati prin site-urile astea mari, ca de exemplu eu pana acuma nu am reusit un SQLi in vreun site cu mai mult de 150k useri. Probabil nu caut eu unde trebuie
Bravo lui, stima din partea mea !
May 20th, 2009 at 8:57 pm
Ce revenire “linistita” ai avut
) Welcome back 
May 20th, 2009 at 9:02 pm
0 Blackie
May 20th, 2009 at 9:21 pm
@Shocker
Mi-e greu sa cred asta. Cel putin nu cred ca daca cineva ar avea ocazia sa faca “ceva” bani din chestia asta, nu ar face-o.
Poate numai daca ar avea deja destul de multi, incat sa nu-si mai faca griji pt ziua, luna, anul urmator.
Dar, cine stie, poate asa e, ca tine.
May 20th, 2009 at 9:38 pm
Nu toti romanii sunt hoti Blackie.
May 20th, 2009 at 10:19 pm
@2fingers
Nu toti. Decat cei nevoiti sa fie – 90%.
Nu sunt hot, nu am facut nici macar $1 prin aceste metode, dar asa cum zisei si mai sus, daca ajungi sa te gandesti la ziua de maine ca nu ai ce cheltui, incep sa-ti vina tot felul de “idei”.
Unii se lasa purtati de idei, unii au foarte mult noroc si reusesc totul in cativa ani, chiar MUNCIND ! (dar astia sunt foarte putini), altii se umilesc muncind cate 30 ani pt familie, o casa si o masina.
May 20th, 2009 at 10:30 pm
Nu a zis nimeni ca esti hot Blackie. Unu face asta pentru ca este pasiunea lui, nu ca sa castige bani.
May 25th, 2009 at 2:41 am
[...] have posted a couple of stories this month, one regarding a SQL injection vulnerability at gamespot.com which exposed the personal details of 8 million subcribers. From previous postings, you can do the [...]