Tested on December 10, 2013
Technical Information for www.fxtraders.eu
Host IP: 93.157.96.51
Web Server: Apache/2
Powered-by: PHP/5.3.25
DB Server: MySQL >=5
Current DB: fxtraders_main
Testing Method [methode rank & tools] :
I was checked http://www.fxtraders.eu/ using low rank testing method that called as Google Dork. After getting a vulnerable parameter, followed by testing using sql injection tools that called as Havij.
Result :
In
the eng_subcribe table contained the personal data of consumers / users
including emails, hash [ password hashes] etc, even when password on hash pattern it can be decrypt by some decryption tools,. see image below!
The next test I focus only on the email and password fields, and the results http://www.fxtraders.eu/ only have 22 members [Count(*) of fxtraders_main.eng_subscribe is 22]
NOTE :
And
what hacker can do with this?, Sometime people made same password for
all account, how if http://www.fxtraders.eu/ members have same
password between http://www.fxtraders.eu/ account and Email
address?. When hacker can access your email, they can get any important
info on your email such as Credit Card, Internet Banking etc.
Tested on December 10, 2013
Technical Information for www.topweddingsites.com
Host IP: 72.32.233.241
Web Server: Apache/2.0.52 (Novell)
Powered-by: PHP/5.3.1
DB Server: MySQL
Current DB: vendors
Testing Method [methode rank & tools] :
I was checked http://www.topweddingsites.com/ using low rank testing method that called as Google Dork. After getting a vulnerable parameter, followed by testing using sql injection tools that called as Havij.
Result :
In the Users table contained the personal data of consumers / users including emails, password, credit card data etc. see image below!
The next test I focus only on the email and password fields, and the results http://www.topweddingsites.com has 19809 members [Count(*) of vendors.users is 19809]. And guess what i got?
NOTE :
And what hacker can do with this?, Sometime people made same password for all account, how if http://www.topweddingsites.com/ members have same password between http://www.topweddingsites.com/ account and Email address?. When hacker can access your email, they can get any important info on your email such as Credit Card, Internet Banking etc.