Archive | August, 2010

The Pirate Bay Open to SQL Injection Attacks?

17 Aug

This from an old friend of mine on the private “guys list” mailing list.

So,  I was trying to get a couple of E-books from the pirate bay.

http://thepiratebay.org/torrent/5362753

The pdf I downloaded did not work, so I put up a comment and I noticed they were not un-escaping single quotes.

So I tried a double quote in the comment and it gave an error.

So I tried this in the comment box

“; SELECT * FROM `users` —

And it didn’t break.  I’m pretty sure it selected all the users.  Didn’t print them out, but it selected them.

So, what I’m saying is.  Thepiratebay.org is currently wide open to sql injection attacks.

Have fun, let me know what you do.

Is this news? Maybe not. This article outlines how TPB was hacked over a month ago. Close the door man! It’s wide open.

Swine Flu Tracker

Swine Flu News and Information

Grown Up Book Reports

Book reviews with a healthy dollop of snark

Ethan McCarty

Digital strategy | Social business | People-centric biznology

%d bloggers like this: