黑客爆PayPal SQL注入漏洞,大骂PayPal系统设计烂
黑客原文翻译(节选):
今天我发现了一个MSSQL注入漏洞,对!你没听错,是PayPal.com的漏洞。
你知道,发现一个PayPal真他x的困难,非常多的高端黑客以及脚本小子都挖不出Paypal的漏洞……
基本上,他们的网站是一坨x,和狗x一样(小编:- -#)。在网站上运行mysql扩展和msSQL是一个非常糟糕的决定,我的意思是,谁会让Linux和Windows共存?
尽管我希望曝光Paypal的用户名、密码等东东,但是我们现在不想谈论这些。
英文原文
/$$ /$$$$$$
| $$__ $$ | $$ /$$$_ $$
| $$ \ $$ /$$$$$$ /$$$$$$$| $$ /$$ /$$$$$$$$| $$$$\ $$ /$$$$$$
| $$$$$$$/ /$$__ $$ /$$_____/| $$ /$$/|____ /$$/| $$ $$ $$ /$$__ $$
| $$__ $$| $$$$$$$$| $$ | $$$$$$/ /$$$$/ | $$\ $$$$| $$ \__/
| $$ \ $$| $$_____/| $$ | $$_ $$ /$$__/ | $$ \ $$$| $$
| $$ | $$| $$$$$$$| $$$$$$$| $$ \ $$ /$$$$$$$$| $$$$$$/| $$
|__/ |__/ \_______/ \_______/|__/ \__/|________/ \______/ |__/ 2011-present
twitter.com/Reckz0r
( )
|\ _,--------._ / |
| `.,' `. / | xoxo
` ' ,-' ' xoxo
\/_ _ ( /xoxo
(,-.`. ,',-.`. `__,' xoxo xoxo
|/#\ ),-','#\`= ,'.` |xoxo xoxo
`._/) -'.\_,' ) ))| xoxo
/ (_.)\ . -'// xoxo
( /\____/\ ) )`'\xoxo xoxo xoxo
\ |V----V|| ' , \ xoxo xoxo
|`- -- -' ,' \ \ _____
___ | .' \ \ `._,-' `-
`.__,`---^---' \ ` -' lil' devil is shy as fuck under em' sheets omfg
-.______ \ . / ______,-
`. ,'
-----
Today, I located a MSSQL injection vulnerability (yes, you heard that right) in PayPal.com (and you heard that right too), finding a vulnerability in PayPal.com is rare as fuckin' fuck. High-class security researchers from Offensive-Security and other gangwar-skiddie groups fail to locate anything in PayPal, but fear not, as I shall now jizz all over PayPal.
Basically, their site is full of shit, like total dogshit. Running mySQL-extensions and msSQL is a bad fuckin' idea, I mean, who the fuck would make Linux & Windows cuddle eachother? that's just absolutely nonsense!
Screenshot of the Vulnerability: http://t.co/LRMLQ5wSeT
Although, my main plan was to brutally expose PayPal infront of deh intertubez, leak all their usernames and passwords, and moar goodiez...but we're not gonna talk about it now.
I guess, this is pretty much it, folks!
regardz,
your old pal
reck