Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Reckz0r. Show all posts

Reckz0r identified POST SQL Injection vulnerability in Twitter

The hacker Reckz0r who recently breached the CNN website has identified a Post based SQL injection vulnerability in Twitter support page.

'Referrer' parameter in the api_general form located at the support.twitter.com is vulnerable to SQLi. 

Although the vulnerability allow hacker to extract confidential data from Twitter, hacker didn't do involve in any malicious activities because he don't want his account to get suspended.

The screenshot provided by the hacker:



" vulnerability lies in http://support.twitter.com/forms/submitted?regarding=api_general - You see, there might be dozens of vulnerabilities lying in support.twitter.com. We can inject hidden boxes in this kind of atmosphere. " hacker said.

Hacker @Reckz0r breached CNN website and posted fake articles

*Update*: Cyber War news reports the leak is fake.


Few days back, a hacker with twitter handle @Reckz0r claimed to have breached the CNN website and leaked data.

The data published in the pastebin (http://pastebin.com/YQLv6t3E) includes server&database details, login credentials of 9 accounts that contain usernames and encrypted passwords.

"because they're a bunch of f**ng faggots trying to spread false news, your 9/11 is our 24/7. I strongly respect the Palestinian brotherhood, and it seems like CNN is on Israel's side. and you do know one thing;" He stated as reason for the attack.

He also claimed to have posted four fake articles on edition.cnn.com. We are not able to verify his claim.


The hacker also provided the screenshot of the fake article he posted : "Bill gates horrifies children by injecting poison into their buttocks". The articles has been removed.

He also said he identified Local File inclusion vulnerability in VeriSign.com