Tuesday, 10 December 2013

Don't register in www.topweddingsites.com | This website is vulnerable site | Very potential attacked by injector/Hacker

00:33    No comments

Tested on December 10, 2013


Technical Information for www.topweddingsites.com

Host IP: 72.32.233.241
Web Server: Apache/2.0.52 (Novell)
Powered-by: PHP/5.3.1
DB Server: MySQL
Current DB: vendors

Testing Method [methode rank & tools] :

I was checked http://www.topweddingsites.com/ using low rank  testing method that called as Google Dork. After getting a vulnerable parameter, followed by testing using sql injection tools that called as Havij.

Result : 

In the Users table contained the personal data of consumers / users including emails, password, credit card data etc. see image below!


The next test I focus only on the email and password fields, and the results http://www.topweddingsites.com has 19809 members [Count(*) of vendors.users is 19809]. And guess what i got?
 

NOTE : 

And what hacker can do with this?, Sometime people made same password for all account, how if http://www.topweddingsites.com/ members have same password between http://www.topweddingsites.com/ account and Email address?. When hacker can access your email, they can get any important info on your email such as Credit Card, Internet Banking etc.

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)