A mobile site from Pakistan has been hacked by two web hackers, zer0Freak
and VipVince, revealing almost 30,000+ personal phone numbers and countless
personal messages from almost 27,000 users.
The website had 7000 users active everyday constantly sending SMS and
socializing causing a 16000+ visits per day
The admin panel of the website recently had 3000 un-confirmed SMS and the
administrator was to have had 10000+ contacts in his list.
VipVince and zer0Freak didn’t put too much effort into hackingthe site, in
fact, it took them less than 10 min to bypass and extract the databases
Website was * http://www.smsfree.pk * < http://www.smsfree.pk >
*Vulnerability Status:*
- Type: Union Based WAF Bypassing SQL Injection
- Website: www.smsfree.pk
- Status: Unfixed
- Researcher: VipVince & zer0Freak
*Shoutouts:*
*Team Intra, Zer0Lulz*
*Submitted by:*
*Zer0Freak ( http://www.zerofreak.blogspot.com )
CodeName: z3r0fr34k
VipVince ( Team Intra)
CodeName: VipVince*