lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Thu, 17 Jun 2010 15:53:00 +0100
From: Benji <me@...ji.com>
To: Harry Balls <thqaredumbasses@...oo.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: THQ website has multiple SQL injection bugs,
	and a reflected XSS

rabble rabble rabble rabble rabble rabble rabble rabble rabble rabble
rabble rabble rabble rabble rabble rabble rabble rabble rabble rabble
rabble rabble rabble rabble rabble rabble rabble rabble rabble

On Wed, Jun 16, 2010 at 9:05 PM, Harry Balls <thqaredumbasses@...oo.com> wrote:
> This is pretty much because I want to embarrass these assholes. See:
> http://gamepolitics.com/2010/06/14/exec-thq-anti-used-game-initiative-could-make-everyone-happy
>
> SQLi 1:
> http://www.thq.com/us/mythq/register?contentType=GAMEALERT&alertGame='4896
>
> This one is pretty obvious. It's an injection via $_GET. The funniest part
> is that they don't just allow injection. They serve up the whole PHP source
> of the page for you. Giving you table names, and the actual syntax of the
> query being used.
>
> SQLi 2:
> The next one is an injection via POST in their registration form here:
> http://www.thq.com/us/mythq/register
>
> I used burpsuite to inject it by editing the HTTP requests but you can
> probably just enter whatever you want right in the form. I used the UK
> subdomain for testing: http://uk.thq.com/uk/mythq/register. This one also
> shows the source.
>
> Next one is your typical reflected XSS:
>
> http://www.thq.com/us/search/index?keyw=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E
>
> I hope this is enough to put off anyone who was thinking of buying shit from
> them.
> Would you trust this company with your credit card information when they
> can't even properly sanitize a registration form?
> These probably aren't even the only security bugs on their site. This is
> just after 10 minutes of pentesting. Do yourself a favor and stay far far
> away from this company. They have no clue about security and obviously don't
> give a shit about their customers.
>
> BOYCOTT THQ
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ