Author

Topic: Warning Do not use MinerTechonogies until they fix a vunerability (Read 398 times)

newbie
Activity: 36
Merit: 0
I saw their site and checked it out. Some of you here may know me for my Web Security jobs I do and how I find some errors or major vulnerabilities and in return I help the person and get it fixed. Of course for a bounty reward.

Anywho I came across MinerTechnologies (dot com) website and found a few vunerabilities.

I was able to exploit and grab a few listings. [This may be a bit technical and what I am about to post is for people who actual knows what this is]

Code:
/********/********/hosting/www/users/********/sites/mining.minertechnologies.com/www/
_ddn_intercept_2_=d6cb032a3cf0b023a25749********

The Admin Pass: a08b4cdacdfc01e049085375efef1926********** (Removed this so people dont try to crack it)

After finding this out I contacted their site via their chat and as you know most people don't like hearing this so they came up with some bogus stuff. He said stuff that showed he didn't know much about vulnerabilities so I decided to just leave a public announcement for anyone planning on buying from them. [I tried telling them to direct me to someone who actually knows security etc and they just closed chat on me in a rude manner] All I was doing was trying to tell them to fix this and that to patch it up but I guess they are going to ignore it.

They need to fix up their site before anyone thinks about buying from them.

Update: I contacted them and they said it was not their hashed password (I would verify it but I don't want to be breaking any legal issues)

Update: The Vulnerability I tested on the site gave an error to their checkout allowing dumping of data

http://i.gyazo.com/efa27a4e6f831b32c4d42895567ae743.png
Jump to: