CCAvenue.com Payment Gateway Vulnerable SQL Injection
- Thread starter Sushubh
- Start date
- Replies 3
- Views 1,820
ohhhhhh.. whole list of passwords is given!
---------- Post added at 06:39 AM ---------- Previous post was at 06:38 AM ----------
those seem to be admin users!
PLEASE DONT TRY THOUGH, as otherwise u can land up in jail!
---------- Post added at 06:40 AM ---------- Previous post was at 06:39 AM ----------
i have used ccavenue for making certain payments. i hope this injection has not leaked serious stuff.
---------- Post added at 06:42 AM ---------- Previous post was at 06:40 AM ----------
Something wrong.. Servery type says Apache UNIX but SQL server it says as MS SQL! Now thats not possible!
---------- Post added at 06:45 AM ---------- Previous post was at 06:42 AM ----------
Many passwords are so easy!! It can be cracked even without any hacking, just by trial and error!
---------- Post added at 06:39 AM ---------- Previous post was at 06:38 AM ----------
those seem to be admin users!
PLEASE DONT TRY THOUGH, as otherwise u can land up in jail!
---------- Post added at 06:40 AM ---------- Previous post was at 06:39 AM ----------
i have used ccavenue for making certain payments. i hope this injection has not leaked serious stuff.
---------- Post added at 06:42 AM ---------- Previous post was at 06:40 AM ----------
Something wrong.. Servery type says Apache UNIX but SQL server it says as MS SQL! Now thats not possible!
---------- Post added at 06:45 AM ---------- Previous post was at 06:42 AM ----------
Many passwords are so easy!! It can be cracked even without any hacking, just by trial and error!
CCAvenue denies hacking attack - NDTVGadgets.com
So the CRACK is a fake. As i said, apache and mssql made no sense
they said apache version is different then reported. passwords are not stored in plain text either.
dont know the reality though! but as of now i give benefit of doubt to ccavenue
---------- Post added at 07:07 PM ---------- Previous post was at 07:05 PM ----------
Btw Jboss versions reported are matching with actual! It cud be that ccavenue hid the actual version after the hack! pendulum switches!
---------- Post added at 07:09 PM ---------- Previous post was at 07:07 PM ----------
it cud be that their frontend is on apache and backend is on windows machine running ms-sql.
So the CRACK is a fake. As i said, apache and mssql made no sense
they said apache version is different then reported. passwords are not stored in plain text either.
dont know the reality though! but as of now i give benefit of doubt to ccavenue
---------- Post added at 07:07 PM ---------- Previous post was at 07:05 PM ----------
Btw Jboss versions reported are matching with actual! It cud be that ccavenue hid the actual version after the hack! pendulum switches!
---------- Post added at 07:09 PM ---------- Previous post was at 07:07 PM ----------
it cud be that their frontend is on apache and backend is on windows machine running ms-sql.
