Topic: ecurrency exchange website hack (Read 1420 times)
goldux.com
What site was it?
I remove link in 1st post now that I am talking to admin. There is a job put on freelancer.com about this now.
admin contact me and then my conciseness get to me and I realize I should tried harder to get this to admin so I apologize to him and tell him the exact sqli point and how to temporary fix it until the code for this section is fixed.
admin contact me and then my conciseness get to me and I realize I should tried harder to get this to admin so I apologize to him and tell him the exact sqli point and how to temporary fix it until the code for this section is fixed.
Of course, vesperwillow.
Anyway, that site is full of shit - FPD, some leaks, index of's and other non-critical issues. I didn't made deep test (I didn't create account even, just 5-minutes browse) so there's small chance for blind sqli, but I REALLY doubt it.
Anyway, that site is full of shit - FPD, some leaks, index of's and other non-critical issues. I didn't made deep test (I didn't create account even, just 5-minutes browse) so there's small chance for blind sqli, but I REALLY doubt it.
Hamburger: 1
ITsTanked: 0
ITsTanked: 0
Admin reply me now finally. I tell him the flaw for free because it is his site.
Note somewhere that I owe You beer, Hamburger.
Hi,
Bull Sh..
This is my username Hamburger
You have my permission to publish my registered Full name, LTC balance, email address and password here as prove that it work.
Hamburger
Bull Sh..
This is my username Hamburger
You have my permission to publish my registered Full name, LTC balance, email address and password here as prove that it work.
Hamburger
So.. has this been proven or is it just using classic sql injection hoping it'll work?
And..... yeah. Quite an interesting thread you have here..
And..... yeah. Quite an interesting thread you have here..
Hope?
I get in and read all 104 tables and see 15k users so it work.
So.. has this been proven or is it just using classic sql injection hoping it'll work?
And..... yeah. Quite an interesting thread you have here..
And..... yeah. Quite an interesting thread you have here..
buyer not pay yet so relist
5 hour left
all are in md5. I add this to listing
are passwords in plaintext is what i want to know. not going to buy it, but just curious
Admin not respond so I sell to high bidder.
Jump to: