United
- Yahoo! again - XSS in Uncategorized (357 Visits)
- Yahoo! again - bad settings? in Uncategorized (252 Visits)
- Fanii nostri in Uncategorized (183 Visits)
- Frustrant in Uncategorized (146 Visits)
- La multi ani România, la multi ani românilor in Uncategorized (137 Visits)
- Weblog.ro - Shell via Local File Inclusion in Uncategorized (119 Visits)
- Yahoo! epic fail - permanent xss unleashed in Uncategorized (50 Visits)
- ... in Uncategorized (38 Visits)
- XSS Ownage - hi5 vs. Yahoo! + video in Uncategorized (2 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/Hi5 (4) in Uncategorized (2 Visits)
- Ce servicii de mail folositi? in (121 Visits)
- Azi este ziua userilor hackersblog.org in (120 Visits)
- De reţinut in (117 Visits)
- Inca o pierdere de timp in (107 Visits)
- De tinut minte in (106 Visits)
- Twitter in (78 Visits)
- Un nou membru in (74 Visits)
- Interviu la Radio Lynx in (70 Visits)
- 2009 in (51 Visits)
- Editori noi. in (35 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam/mail (2) in (199 Visits)
- Ce nu se invata la scoala - Tipuri si tehnici spam (1) in (139 Visits)
- Ce nu se invata la scoala - (D)DOS (5) in (104 Visits)
- B7ackAnge7z (1)
- Nicu Calcea (1)
- andrasi zsolt (1)
- Ovidiu U (1)
- Dumitru (1)
- Andrei Rinea (1)
Posted on May 29th, 2009
It seems that some companies dont learn from their mistakes and continue to jeopardise the informations they have on their users.
We again talk about telegraph.co.uk and this time it seems it is possible to upload a shell which gives full access on their server. This is facilitated by an SQLi vulnerability. We cannot overlook the fact that even to this date, user passwords are in plain view, regardless of the fact that all experts in IT security recommend that ANY passwords should have a minimum encription.
Number of afected users? It seems allot bigger than the first time, mostly because now we are talking full access on the server which allows data extraction of ALL users data from all services offered by the site. This could mean millions of accounts. Last time, a single affected service of telegraph.co.uk allowed extraction of 700.000 accounts.
According to “unu”, he tried to start a dialog with someone in the company but it was ignored so he decided to send us all the information for a full disclosure.
We RECOMMEND to all registered users of telegraph.co.uk to change their passwords ASAP as soon as the problem is solved. In the meantime, change email passwords if those happen to be the same as the one used to log in to telegraph.co.uk . We also recommend to follow the advices listed here: here. Please read this too if you want to make an article about this.
The vuln is still active!
User host and password
version,database and user
+
/etc/passwd content (load_file is on)
First name, last name, email, address, date of birth + password (plain text)
Another table from db:
First name, last name, address password (plain text)
DB5_data – main db of the website
Submitted by unu
May 29th, 2009 at 12:35 am
I already noticed with my own experience some big companies discarding huge security leaks. Well…
May 29th, 2009 at 12:36 am
May 29th, 2009 at 12:50 am
hhahahahhahahahashahahhahahahahahhahahahhhahahahah: )))))))))))) =))))))))
)) =))))
May 29th, 2009 at 12:53 am
lol hahahahahahhahaha
))))))))))))))))))))))))
May 29th, 2009 at 1:01 am
May 29th, 2009 at 1:50 am
Tabela cu emailurile pt newsletter nu se afla pe acolo(din ce cautai eu), so ghinion spammeri!
In schimb, se gasesc foarte multe databases-uri, iar cineva rauvoitor ar putea face mult rau.
Sa speram ca “specialistii” englezi vor remedia rapid vulnerabilitatea.
May 29th, 2009 at 2:55 am
I know the company who produced this lousy website… they well deserve these problems because of their attitude and development habits/management.
May 29th, 2009 at 3:05 am
I suspect that the data you see is not related to Telegraph itself. It may well be that this domain (stats.telegraph.co.uk) is provided by the company I mentioned earlier but the data in the database relates to other projects of that company rather than Telegraph itself.
May 29th, 2009 at 3:14 am
It’s the main database of the Telepgraph according to unu. They have everything in there, probably beta (or other) projects too.
May 29th, 2009 at 4:19 am
Hmm I doubt it however I do not argue it cannot be true. The DB names you’ve listed are clients of the company responsible for the vulnerability. Seems to me that this subdomain provides some iframes for Telegraph along with other websites (hence those other DB databases listed) for the company responsible.
If you contacted Telegraph, would you mind describing what was their response this time?
May 29th, 2009 at 12:12 pm
Hi Jay,
I came across this thread and would like to discuss this with you in a bit more detail if you dont mind?
I work with both the Telegraph and the 3d party company i beleive you are referring. It would be good to understand the issue and see if there is anything i/we can do to resolve the issue.
Please contact me on dkhendy509@hotmail.co.uk
Thanks
May 29th, 2009 at 1:09 pm
Urmeaza a 3 oara? (cica e cu noroc atunci) =))
May 29th, 2009 at 1:10 pm
Good job unu and HB !
May 29th, 2009 at 1:34 pm
Can you confirm they’ve fixed the problem now?
And I stand behind my claim that it doesn’t contain Telegraph’s own user data.
May 29th, 2009 at 2:04 pm
Se pare ca au rezolvat problema.
Unu, asteptam a treia buba.
May 29th, 2009 at 3:11 pm
Jay…1. If you read the article carefully, you noticed that I did mention I wrote them emails but to no avail. I asked to speak to someone in their IT dept. ( I even wrote to Paul Cheesbrough) and still got no answer
2. In vain you still hope that the injection didnt give full access to users data on the site. I have to dissapoint you. DB5_data it the main data base. The one that has all the data of the users. Accessing this DB you can access the clients. If you look closely, you can see in the the first article on hackersblog http://www.hackersblog.org/2009/03/06/telegraphcouk-hacked-sql-injection/) that DB5_data is the name of one of those databases. That same database is circled in the image in this article.If that database belonged to the Telegraph back then, I dont see how it could belong to someone else now. Especially since we talk about a subdomain of telegraph.co.uk.
May 29th, 2009 at 4:01 pm
Hi Guys
It seems you guys have been looking further into this. I am unsure at what capacity however i am now in contact with the Telegraph so would be greatful to have your insight into the situation and maybe look to recruit your expertise to resolve it, as they are keen to sort this asap.
Please do contact me dkhendy509@hotmail.co.uk
Thanks,
Daniel
June 3rd, 2009 at 6:54 am
[...] одновременно с отчетом XSSed сайт HackersBlog опубликовал детали уязвимости к SQL-инъекциям, которую команда его хакеров обнаружила [...]
June 4th, 2009 at 12:54 am
Did they reply already??