India Times Is Not Secure At All

[cracker 0]

check out this video

http://72.55.136.14/hack.rmvb

i already informed india times about this security loop hole but they have not done any thing to fix

this loop hole other that adding password validating from server side!

now instead of password u need to enter

'or 1=1 --

on id to access any a/c

Edited March 29, 2007 by cracker

[KingofKalyan 0]

check out this video

http://72.55.136.14/hack.rmvb

i already informed india times about this security loop hole but they have not done any thing to fix

this loop hole other that adding password validating from server side!

now instead of password u need to enter

'1 or 1=1 --

on id to access any a/c

Lolzzzzz After all our desi website

[rEdshiFt 1]

Interesting.

[Honest 836]

Oh my God.

[copperco2 24]

dang.

and i have been even buying with my credit card..

double dang.

btw i just copied and pasted the video link.. is it safe to save on my laptop..!

and which is this file... i mean. what should i open t with..

Edited March 28, 2007 by copperco2

[petar 15]

REAL PLAYER

[MVP 3]

dang.

and i have been even buying with my credit card..

Hi,

Whats your indiatimes id?

[copperco2 24]

dang.

and i have been even buying with my credit card..

Hi,

Whats your indiatimes id?

mixed emotions...

REAL PLAYER

dont have one.. will it run in nokia multimedia player..

[Kunal Hemrajani 1]

@copperco...

no it wont..

as it is real media video file..

therefore to run it..u wil need a real player..

instead of installing the real player..

u can get a real player alternative...

jus google it..

[linuxguy 0]

check out this video

http://72.55.136.14/hack.rmvb

i already informed india times about this security loop hole but they have not done any thing to fix

this loop hole other that adding password validating from server side!

now instead of password u need to enter

'or 1=1 --

on id to access any a/c

didnt see the video. but this crack has been there for ages. dont post such info if you cant get people to listen to you... it will be misused. instead try contacting some newspaper or news channel who may listen to you. But beware, like what happened with Airtel, you may be termed as a "hacker" ( actually it should be a cracker but the media knows **** about what to call you ) and they may drag you to court and our very own Mumbai Cyber Police or whatever those losers are called might actually arrest you for "hacking" Indiatimes email accounts. Do whatever you want, but do it carefully.

This whole thread was a BIG mistake IMHO. Dont ever post working cracks on such a popular site. Use better judgement dear

Edited March 31, 2007 by linuxguy

[raccoon 53]

On the other hand it could warn users not to use such sites!

I'v always had a dislike for everthing about Indiatimes... one of the most unprofessionaly designed sites. The chat espeically, should get the 1st prize for worst java applet in the world!

[cracker 0]

i just found that India times email service is not secure they use url session which means session url of any user can easily be hijack by sending external link and small php script

function foo()
  {
  global $HTTP_REFERER;

	echo "Referrer is : $HTTP_REFERER";
  }

jsp

HTTP_REFERER		request.getHeader("Referer")

so guys don't use their email service

Edited March 31, 2007 by cracker

[cracker 0]

what a silly bug and that also in I>T college?