- Hacker Uses XSS and Google Street View Data to Determine Physical Location
- CAnCAn te iubim, CA CA tine nu gasim. Superfete.cancan.ro e de rahat
- Deface (?!?) pe Cotidianul.ro
- Virusi in clipuri video [how to]
- Cyber-Bullying – palma parinteasca a noului mileniu
- Christopher “moot” Poole: The case for anonymity online
- Wtf Avira?
- Some old story about tagged.com
- Pwning cam girls for fun
- Tabloshit
- Yahoo! again - XSS in Uncategorized (357 Visits)
- Yahoo! again - bad settings? in Uncategorized (252 Visits)
- Fanii nostri in Uncategorized (183 Visits)
- Frustrant in Uncategorized (146 Visits)
- La multi ani România, la multi ani românilor in Uncategorized (137 Visits)
- Weblog.ro - Shell via Local File Inclusion in Uncategorized (119 Visits)
- Yahoo! epic fail - permanent xss unleashed in Uncategorized (50 Visits)
- ... in Uncategorized (38 Visits)
- XSS Ownage - hi5 vs. Yahoo! + video in Uncategorized (2 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in Uncategorized (2 Visits)
- Hackersblog.org is now blog.rstcenter.com in (1770 Visits)
- O mica dar importanta precizare in (1371 Visits)
- Twitter in (805 Visits)
- This is the end in (777 Visits)
- Ce servicii de mail folositi? in (773 Visits)
- Un nou membru in (730 Visits)
- La multi ani România, la multi ani românilor in (718 Visits)
- Inca o pierdere de timp in (675 Visits)
- De reţinut in (634 Visits)
- Azi este ziua userilor hackersblog.org in (610 Visits)
- SMS scam (1) in (564 Visits)
- Dezinformare sau proasta informare? in (563 Visits)
- Hi5.com coders read this in (553 Visits)
- Phishing Raiffeisen cu atasament html in (516 Visits)
- Phishing Bancpost in (486 Visits)
- Si tentativele de phishing pot fi amuzante in (422 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (2707 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (2601 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (1143 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (1107 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (950 Visits)
- Virusi in clipuri video [how to] in (838 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (725 Visits)
- Yahoo! redirects - a big issue (with video) in (570 Visits)
- Internet vs. privacy (1) in (469 Visits)
- Ca musca in... in (435 Visits)
- RedTube.com ... The Free Sex Video Community in (12973 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (4921 Visits)
- libertatea.ro vulnerabil la (blind) sql injection in (2950 Visits)
- Pwning cam girls for fun in (2586 Visits)
- Telegraph.co.uk hacked, sql injection in (2547 Visits)
- Facebook hacked - sql injection in (2425 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (2406 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (1775 Visits)
- [Hacked]Bitdefender (Portugal) exposes sensitive customer data in (1744 Visits)
- Wtf Avira? in (1723 Visits)
- Christopher "moot" Poole: The case for anonymity online in (1495 Visits)
- Digital Photocopiers Loaded With Secrets in (1458 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (592 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (590 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (463 Visits)
- PRIVACY IS DEAD - GET OVER IT, Pt 01-34 (Recommended by Hackersblog ) in (396 Visits)
- Oldies but goodies - Freedom Downtime - The Story of Kevin Mitnick in (379 Visits)
- [Video] The History Of Hacking in (373 Visits)
- Email Security - Why You Should Encrypt Your Email - Part One in (368 Visits)
- The Story of DEFCON in (343 Visits)
- Deface - tuttoaffari.lastampa.it si citymusiclab.city.corriere.it in (3493 Visits)
- RNS vs. RAI - citizenreport.rai.it hacked. in (3300 Visits)
- Hi5 email finder si sfarsitul a tot ceea ce inseamna privacy in social networking in (2996 Visits)
- Se poate sparge parola de Yahoo? in (2572 Visits)
- Free SMS time, TrimiteSMS.ro in (2492 Visits)
- Planete-plus-intelligente.lemonde.fr defaced by R.N.S. in (2464 Visits)
- Gmail uber hacking in (2256 Visits)
- Camera de supraveghere a universitatii Alexandru Ioan Cuza din Iasi in (2255 Visits)
- Cancan.ro spart pentru a doua oara intr-o zi in (2252 Visits)
- Stiri cu antena3 in (2208 Visits)
Posted on May 29th, 2009
It seems that some companies dont learn from their mistakes and continue to jeopardise the informations they have on their users.
We again talk about telegraph.co.uk and this time it seems it is possible to upload a shell which gives full access on their server. This is facilitated by an SQLi vulnerability. We cannot overlook the fact that even to this date, user passwords are in plain view, regardless of the fact that all experts in IT security recommend that ANY passwords should have a minimum encription.
Number of afected users? It seems allot bigger than the first time, mostly because now we are talking full access on the server which allows data extraction of ALL users data from all services offered by the site. This could mean millions of accounts. Last time, a single affected service of telegraph.co.uk allowed extraction of 700.000 accounts.
According to “unu”, he tried to start a dialog with someone in the company but it was ignored so he decided to send us all the information for a full disclosure.
We RECOMMEND to all registered users of telegraph.co.uk to change their passwords ASAP as soon as the problem is solved. In the meantime, change email passwords if those happen to be the same as the one used to log in to telegraph.co.uk . We also recommend to follow the advices listed here: here. Please read this too if you want to make an article about this.
The vuln is still active!
User host and password
version,database and user
+
/etc/passwd content (load_file is on)
First name, last name, email, address, date of birth + password (plain text)
Another table from db:
First name, last name, address password (plain text)
DB5_data – main db of the website
Submitted by unu
May 29th, 2009 at 12:35 am
I already noticed with my own experience some big companies discarding huge security leaks. Well…
May 29th, 2009 at 12:36 am
May 29th, 2009 at 12:50 am
hhahahahhahahahashahahhahahahahahhahahahhhahahahah: )))))))))))) =))))))))
)) =))))
May 29th, 2009 at 12:53 am
lol hahahahahahhahaha
))))))))))))))))))))))))
May 29th, 2009 at 1:01 am
May 29th, 2009 at 1:50 am
Tabela cu emailurile pt newsletter nu se afla pe acolo(din ce cautai eu), so ghinion spammeri!
In schimb, se gasesc foarte multe databases-uri, iar cineva rauvoitor ar putea face mult rau.
Sa speram ca “specialistii” englezi vor remedia rapid vulnerabilitatea.
May 29th, 2009 at 2:55 am
I know the company who produced this lousy website… they well deserve these problems because of their attitude and development habits/management.
May 29th, 2009 at 3:05 am
I suspect that the data you see is not related to Telegraph itself. It may well be that this domain (stats.telegraph.co.uk) is provided by the company I mentioned earlier but the data in the database relates to other projects of that company rather than Telegraph itself.
May 29th, 2009 at 3:14 am
It’s the main database of the Telepgraph according to unu. They have everything in there, probably beta (or other) projects too.
May 29th, 2009 at 4:19 am
Hmm I doubt it however I do not argue it cannot be true. The DB names you’ve listed are clients of the company responsible for the vulnerability. Seems to me that this subdomain provides some iframes for Telegraph along with other websites (hence those other DB databases listed) for the company responsible.
If you contacted Telegraph, would you mind describing what was their response this time?
May 29th, 2009 at 12:12 pm
Hi Jay,
I came across this thread and would like to discuss this with you in a bit more detail if you dont mind?
I work with both the Telegraph and the 3d party company i beleive you are referring. It would be good to understand the issue and see if there is anything i/we can do to resolve the issue.
Please contact me on dkhendy509@hotmail.co.uk
Thanks
May 29th, 2009 at 1:09 pm
Urmeaza a 3 oara? (cica e cu noroc atunci) =))
May 29th, 2009 at 1:10 pm
Good job unu and HB !
May 29th, 2009 at 1:34 pm
Can you confirm they’ve fixed the problem now?
And I stand behind my claim that it doesn’t contain Telegraph’s own user data.
May 29th, 2009 at 2:04 pm
Se pare ca au rezolvat problema.
Unu, asteptam a treia buba.
May 29th, 2009 at 3:11 pm
Jay…1. If you read the article carefully, you noticed that I did mention I wrote them emails but to no avail. I asked to speak to someone in their IT dept. ( I even wrote to Paul Cheesbrough) and still got no answer
2. In vain you still hope that the injection didnt give full access to users data on the site. I have to dissapoint you. DB5_data it the main data base. The one that has all the data of the users. Accessing this DB you can access the clients. If you look closely, you can see in the the first article on hackersblog http://www.hackersblog.org/2009/03/06/telegraphcouk-hacked-sql-injection/) that DB5_data is the name of one of those databases. That same database is circled in the image in this article.If that database belonged to the Telegraph back then, I dont see how it could belong to someone else now. Especially since we talk about a subdomain of telegraph.co.uk.
May 29th, 2009 at 4:01 pm
Hi Guys
It seems you guys have been looking further into this. I am unsure at what capacity however i am now in contact with the Telegraph so would be greatful to have your insight into the situation and maybe look to recruit your expertise to resolve it, as they are keen to sort this asap.
Please do contact me dkhendy509@hotmail.co.uk
Thanks,
Daniel
June 3rd, 2009 at 6:54 am
[...] одновременно с отчетом XSSed сайт HackersBlog опубликовал детали уязвимости к SQL-инъекциям, которую команда его хакеров обнаружила [...]
June 4th, 2009 at 12:54 am
Did they reply already??
April 15th, 2010 at 5:32 pm
[...] later posting in May on the Hackersblog site suggested that there was a weakness on the Telegraph site that allowed it to be hacked repeatedly. [...]
April 17th, 2010 at 1:58 pm
Romania va iubeste pentru ce ati facut cu siteul englezilor