Archive for Syriantalent.com

Syriantalent.com: Hacked

Posted in SQL injection with tags , , , on October 14, 2010 by Xacker

A while ago my company email received a job employment website advertisement. I bookmarked their URL and paid them a visit that day, by the end of the day they were all dancing of joy.

I had total control over their website but I’m not into destroying people’s work and ruining their lives.. nah I ain’t seriously 😛 .. so I only altered the “Privacy Statement” page which contains bullsh!t about people’s data being safe and all as members passwords were stored as plain-text.

Any attacker who gets through their security measures can have a copy of every member phone number, email, password, personal data, CVs, personal pictures.. etc.

The funny part is that I know (and you should too) that most people use one password.. two passwords at max for.. listen to this.. for EVERYTHING!

I’ts not easy to remember 5 passwords or more, me for example use two passwords, one for registration at some random or non-important website; the other I use for my personal email & important websites to me (my blog, my ArabTeam2000 password.. etc)

I’ve tried couple of passwords on registered members personal emails, some worked, some didn’t (perhaps they’ve changed it since the last time they have registered with the website).

One of my friends had an account their, I was able to login to his Hotmail account and he was like “Oh man! please don’t do anything, I have private stuff there you know.. I trust you dude .. completely” 😀

Finally, if you take a second look at the picture up there and notice the date of the attack, it happened 15 days ago.. here is how much safety you get from them: http://www.syriantalent.com/pages.php?sectionid[]=6&pageid=19&lang=en

Enjoy, and stay tuned for a “Job.sy: Hacked” news 😉

update (26/10/2010): have you waited too long? 😉 check out: https://xacker.wordpress.com/2010/10/26/job-sy-hacked/

Advertisements