Cognitive and Scientific Brainology
Face - detect,track,recognize,extract features,learn emotions,character animation.
Archives for: February 2009, 03
eJobs.ro - SQL in-FUCK-jected!
eJobs.ro security hacked screwed again - execution with cool-blooded SQL injection
Yes boyz and pretty girlz, eJobs.ro gets it again into the face and gives away 1.3 Mln resumes and personal information! More - passwords in clear, not at least hashed…
My two cents on this:
1. Nice work from the guys here - HackersBlog.org
2. Some of my early whistle-blowers to the ejobs.ro here (ejobs XSS1) and here (ejobs XSS2) - seems like they have either deaf or inexistent security assesment team… Too pitty for them…
3. It seems that the method used by the guys was in one of my earliest attack methods which I left asside for some dumb reasons. eJobs.ro Attack Vectors file
The below is what I was exercising back then, and the similar attack vector is what the guys really used to SQL-inject (the below is not working already for obvious reasons… 
)
Code:
4. Also, if you go specifically to http://ejobs.ejobs.ro (yes, double times ejobs, it is not a typo!) you will see an internal eJobs position posting. The interesting details I have highlighted below:
Till next time, enhance your
Knowledge of Secure Programming Best Practices
Tags: ejobs, ejobs.ro, ejobs ro, ejobs.ro sql injection, ejobs.ro sqli, ejobs.ro hacked, ejobs.ro hackuit, ejobs.ro security, ejobs.ro spart, ejobs.ro database, ejobs.ro baza de date, ejobs.ro CVuri
google.com - malware problem
google.com - malware problem
As many might recall the Google’s glitch to tag every single site as malware site. More details are:
- @ Google Blogs (fcuk - I think someone will get pretty fudged up in the ase at Google for this human-error, since it was necessary for one of the biggest corporations VP to officially give explanations and appologies - those who worked or are working for some kind of corporations know this kind of price…)
- @ StopBadware.org
One of the most nicest things is
Google to tag itself (i.e. Google) as malware
.
Philosophically speaking, Google being a source of trust for a wide majority of people/systems AND in the same times tagging itself as malware (even though for a very small amount of time AND by “mistake” - I would love to believe that it was a mass-social-experiment ) - doesn’t it raises the question of old classes of computer-field (and not only) problems “Chain of trust and breaking the chain of trust?!”
Here is my screenshot 
:
Tags: google malware, google is malware, google stopbadware
zveriu_biz 
686769 
Projects
cetatenie.roCognitive and Scientific Brainology
A deep dive into brain's curiosities
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| << < | Current | > >> | ||||
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| 8 | 9 | 10 | 11 | 12 | 13 | 14 |
| 15 | 16 | 17 | 18 | 19 | 20 | 21 |
| 22 | 23 | 24 | 25 | 26 | 27 | 28 |
Friends
Categories
- All
- ACSA (1)
- AskAmit (11)
- Conference (2)
- DailySpammer (11)
- Fun (7)
- In real life (8)
- On the web (22)
- GSM (2)
- Hardware (12)
- RFID (1)
- Security (4)
- Software (26)
Archives
- January 2012 (3)
- November 2011 (2)
- June 2011 (1)
- February 2011 (3)
- October 2010 (1)
- June 2010 (1)
- May 2010 (1)
- April 2010 (2)
- February 2010 (2)
- January 2010 (4)
- November 2009 (1)
- October 2009 (1)
- More...
Misc
XML Feeds
What is RSS?
