########################################
# Website: www.moneyimg.com
# Date: 11.07.11
# Bug: SQLi (SQL Injection)
########################################
Money Image is a website similar to Image shack :)
Click here for demo
Fix your input validation fellas !
Cheers,
Kish
Showing posts with label SQL Injection. Show all posts
Showing posts with label SQL Injection. Show all posts
Monday, July 11, 2011
Wednesday, August 26, 2009
Advisory Updates: Q2 2009, and a bit more...
Even though a spectacular hack was pulled off on Imageshack, they've not fixed their bug yet.
The lazy developers behind the Indian Premier League (oh reely??) have not fixed their XSS and SQLi bugs either... In 2009 if you want to see a demo, of a site allowing "delete method" in databases please visit them :))
ZDNet that writes the special 0-day column, apart from regular security ramblings is "yet" to fix their bug, and Dancho danchev, one of the authors from their team is still replying to mail...
Adobe atleast fixed their bug even though it was late, and I applaud their security team / devs for their store.
Electronic arts and blogarama haven't fixed their bugs just like the others, no I am not surprised
Probably, I'll write the next / final advisory update for this year in 3 to 4 months from now... Keep your eyes open !
Cheers :)
Kish
The lazy developers behind the Indian Premier League (oh reely??) have not fixed their XSS and SQLi bugs either... In 2009 if you want to see a demo, of a site allowing "delete method" in databases please visit them :))
ZDNet that writes the special 0-day column, apart from regular security ramblings is "yet" to fix their bug, and Dancho danchev, one of the authors from their team is still replying to mail...
Adobe atleast fixed their bug even though it was late, and I applaud their security team / devs for their store.
Electronic arts and blogarama haven't fixed their bugs just like the others, no I am not surprised
Probably, I'll write the next / final advisory update for this year in 3 to 4 months from now... Keep your eyes open !
Cheers :)
Kish
Wednesday, July 8, 2009
Hakin9 - Issue (03/2009) - Review
Thanks to the Hakin9 Team for sending me a copy for review. This issue of Hakin9 comes with a new set of articles on various topics such as Bruteforce, Malware analysis, and Examining malicious PDF documents.
Unless you're just starting off or don't know about bruteforce you can skip the introduction to the article, but the relevance of information is really good in terms of description of various types of attacks. The article talks about the latest technique called GPU cracking.
There's also another interesting article detailing the reverse engineering of digital certificate on Windows. Web security enthusiasts are not left out, with an article covering burp proxy's intruder with examples.
For the system administrators there's some constructive information in the article on defeating AVs. There's additionally the CD that comes along with the magazine features Ad-aware anniversary edition (free) along with a few demo-games such as Portsign, which is a hacker game similar to Uplink from Introversion software.
Apart from these there's the usual book review on "IPv6 Security" from Cisco Press, a section on emerging threats, a few ads spread out through the magazine, and a good interview from Nicholas Percoco, the head of Spiderlabs, Trustwave's research team.
Unless you're just starting off or don't know about bruteforce you can skip the introduction to the article, but the relevance of information is really good in terms of description of various types of attacks. The article talks about the latest technique called GPU cracking.
There's also another interesting article detailing the reverse engineering of digital certificate on Windows. Web security enthusiasts are not left out, with an article covering burp proxy's intruder with examples.
For the system administrators there's some constructive information in the article on defeating AVs. There's additionally the CD that comes along with the magazine features Ad-aware anniversary edition (free) along with a few demo-games such as Portsign, which is a hacker game similar to Uplink from Introversion software.
Apart from these there's the usual book review on "IPv6 Security" from Cisco Press, a section on emerging threats, a few ads spread out through the magazine, and a good interview from Nicholas Percoco, the head of Spiderlabs, Trustwave's research team.
Wednesday, April 29, 2009
SQLi and XSS vulnerabilities in IPL website
###################################
# Website: www.iplt20.com
# (includes spoils from pulselive.com)
# Bug: XSS, and SQLi
# IPL T20 - Indian(or is it English) Premier League
# Date: 29.04.09
###################################
Vuln URL: hxxp://www.iplt20.com
Click here for SQLi demo
There were also 26 injectable spots other than this, and there's XSS in URI, Path, and Forms, can't post too many screenshots... you see ;)
What's more you can insert, update, and delete tables in their DB :))
Happy hunting, Cheers!
# Website: www.iplt20.com
# (includes spoils from pulselive.com)
# Bug: XSS, and SQLi
# IPL T20 - Indian(or is it English) Premier League
# Date: 29.04.09
###################################
Vuln URL: hxxp://www.iplt20.com
Click here for SQLi demo
There were also 26 injectable spots other than this, and there's XSS in URI, Path, and Forms, can't post too many screenshots... you see ;)
What's more you can insert, update, and delete tables in their DB :))
Happy hunting, Cheers!
Subscribe to:
Posts (Atom)