Author

Topic: ecurrency exchange website hack (Read 1445 times)

member
Activity: 72
Merit: 10
Drunk Lunatic
September 12, 2013, 03:54:18 PM
#15
goldux.com
hero member
Activity: 882
Merit: 501
Ching-Chang;Ding-Dong
September 12, 2013, 11:12:16 AM
#14
    What site was it?     
newbie
Activity: 54
Merit: 0
September 11, 2013, 06:47:24 PM
#13
I remove link in 1st post now that I am talking to admin.  There is a job put on freelancer.com about this now.

admin contact me and then my conciseness get to me and I realize I should tried harder to get this to admin so I apologize to him and tell him the exact sqli point and how to temporary fix it until the code for this section is fixed.   
member
Activity: 72
Merit: 10
Drunk Lunatic
September 11, 2013, 04:15:30 PM
#12
Of course, vesperwillow.
Anyway, that site is full of shit - FPD, some leaks, index of's and other non-critical issues. I didn't made deep test (I didn't create account even, just 5-minutes browse) so there's small chance for blind sqli, but I REALLY doubt it.
hero member
Activity: 616
Merit: 500
September 11, 2013, 01:36:28 PM
#11
Hamburger: 1
ITsTanked: 0
newbie
Activity: 54
Merit: 0
September 11, 2013, 01:05:17 PM
#10
Admin reply me now finally.  I tell him the flaw for free because it is his site. 
member
Activity: 72
Merit: 10
Drunk Lunatic
September 10, 2013, 08:52:39 PM
#9
Note somewhere that I owe You beer, Hamburger.
full member
Activity: 241
Merit: 107
September 10, 2013, 06:29:30 PM
#8
Hi,

Bull Sh..

This is my username Hamburger

You have my permission to publish my registered Full name, LTC balance, email address and password here as prove that it work.

Hamburger
newbie
Activity: 54
Merit: 0
September 10, 2013, 02:07:41 PM
#7
So.. has this been proven or is it just using classic sql injection hoping it'll work?

And..... yeah. Quite an interesting thread you have here..

Hope?
I get in and read all 104 tables and see 15k users so it work.
hero member
Activity: 616
Merit: 500
September 10, 2013, 01:42:19 PM
#6
So.. has this been proven or is it just using classic sql injection hoping it'll work?

And..... yeah. Quite an interesting thread you have here..
newbie
Activity: 54
Merit: 0
September 10, 2013, 10:10:04 AM
#5
buyer not pay yet so relist
newbie
Activity: 54
Merit: 0
September 09, 2013, 11:54:47 AM
#4
5 hour left
newbie
Activity: 54
Merit: 0
September 08, 2013, 08:43:00 PM
#3
all are in md5.  I add this to listing
full member
Activity: 1050
Merit: 110
September 08, 2013, 07:17:04 PM
#2
are passwords in plaintext is what i want to know. not going to buy it, but just curious
newbie
Activity: 54
Merit: 0
September 08, 2013, 05:18:50 PM
#1
Admin not respond so I sell to high bidder.
Jump to: