黑客爆PayPal SQL注入漏洞,大骂PayPal系统设计烂

phper 2013-07-26 116560人围观 ,发现 12 个不明物体 资讯

黑客原文翻译(节选):

今天我发现了一个MSSQL注入漏洞,对!你没听错,是PayPal.com的漏洞。

你知道,发现一个PayPal真他x的困难,非常多的高端黑客以及脚本小子都挖不出Paypal的漏洞…… 

基本上,他们的网站是一坨x,和狗x一样(小编:- -#)在网站上运行mysql扩展和msSQL是一个非常糟糕的决定,我的意思是,谁会让Linux和Windows共存? 

尽管我希望曝光Paypal的用户名、密码等东东,但是我们现在不想谈论这些。

英文原文

              /$$                  /$$$$$$           
| $$__  $$                    | $$                 /$$$_  $$          
| $$  \ $$  /$$$$$$   /$$$$$$$| $$   /$$ /$$$$$$$$| $$$$\ $$  /$$$$$$ 
| $$$$$$$/ /$$__  $$ /$$_____/| $$  /$$/|____ /$$/| $$ $$ $$ /$$__  $$
| $$__  $$| $$$$$$$$| $$      | $$$$$$/    /$$$$/ | $$\ $$$$| $$  \__/
| $$  \ $$| $$_____/| $$      | $$_  $$   /$$__/  | $$ \ $$$| $$      
| $$  | $$|  $$$$$$$|  $$$$$$$| $$ \  $$ /$$$$$$$$|  $$$$$$/| $$      
|__/  |__/ \_______/ \_______/|__/  \__/|________/ \______/ |__/   2011-present

                                                                  twitter.com/Reckz0r


      (                      )
      |\    _,--------._    / |
      | `.,'            `. /  |  xoxo
      `  '              ,-'   '       xoxo
       \/_         _   (     /xoxo
      (,-.`.    ,',-.`. `__,'      xoxo      xoxo
       |/#\ ),-','#\`= ,'.` |xoxo          xoxo
       `._/)  -'.\_,'   ) ))|    xoxo
       /  (_.)\     .   -'//            xoxo
      (  /\____/\    ) )`'\xoxo   xoxo    xoxo
       \ |V----V||  ' ,    \   xoxo       xoxo
        |`- -- -'   ,'   \  \      _____
 ___    |         .'    \ \  `._,-'     `-
    `.__,`---^---'       \ ` -'     lil' devil is shy as fuck under em' sheets omfg

       -.______  \ . /  ______,-
               `.     ,'            



-----

Today, I located a MSSQL injection vulnerability (yes, you heard that right) in PayPal.com (and you heard that right too), finding a vulnerability in PayPal.com is rare as fuckin' fuck. High-class security researchers from Offensive-Security and other gangwar-skiddie groups fail to locate anything in PayPal, but fear not, as I shall now jizz all over PayPal.


Basically, their site is full of shit, like total dogshit. Running mySQL-extensions and msSQL is a bad fuckin' idea, I mean, who the fuck would make Linux & Windows cuddle eachother? that's just absolutely nonsense!

Screenshot of the Vulnerability: http://t.co/LRMLQ5wSeT


Although, my main plan was to brutally expose PayPal infront of deh intertubez, leak all their usernames and passwords, and moar goodiez...but we're not gonna talk about it now.

I guess, this is pretty much it, folks!

regardz,
your old pal
reck

这些评论亮了

发表评论

已有 12 条评论

取消
Loading...
css.php