Saturday, 5 December 2009 multiple SQLi and XSS vulnerabilities

Myrepublica is one of the newer magazines and the site is their online site. They usually do news update and hence the site provides recent news and happenings easily to the website visitors... But, again they are not secured and suffer from normal SQLi injection vulnerabilities.
Here are some dumps from the table users.
Username: password: emailid


Sample screenshot:

Some fucking notes to them:
1) Don't fucking keep plain passes in DB
2) Don't fucking make re-use of the same password
3) Read sam207's article on securing this vulnerability...
4) You're giving us the location of admin panels. fuck you... learn the sense of security.

Sorry but you are so lame that I had to deface you. No offense to myrepublica team(actually I like your newspaper), this message is to the developers of the site....
EDIT: I also found the site search system to be vulnerable to cross site scripting vulnerability.
Thank you!!!

No comments:

Post a Comment