Hello Guys,

Am sorry it takes me time to post another NOob Site that contains alot of Nigerian Customer's information with out a proper security. Anyway my previous project was Unilag Web Database which i already contacted the Admin clean the loop hole. now i have come again with another interesting one you wont believe it. This is HITV with over 100,000 customers what do you find in HITV DBS:

Customer Name;Address;Phone;Email;Smartcard; sentive part of it, there Password.
Admin Password, Latest News and fixtures.

Please carefully read below for the database being expose here

##############################
Host IP: 67.23.129.193 #
Web Server: Apache #
Powered-by: PHP/5.2.9 #
DB Server: MySQL >=5 #
Current DB: d60732183 #
Data Bases: information_schema #
d60732183 #
,

Please do not contact me for selling of customers info, as i do not hack to steal, i hack for fun and to proof a hacking Sin.

Peace.

MADHACKER: WEB SECURIRY REPORTER.

madhacker:

Hello Guys,

Am sorry it takes me time to post another NOob Site that contains alot of Nigerian Customer's information with out a proper security. Anyway my previous project was Unilag Web Database which i already contacted the Admin clean the loop hole. now i have come again with another interesting one you wont believe it. This is HITV with over 100,000 customers what do you find in HITV DBS:

Customer Name;Address;Phone;Email;Smartcard; sentive part of it, there Password.
Admin Password, Latest News and fixtures.

Please carefully read below for the database being expose here

##############################
Host IP: 67.23.129.193 #
Web Server: Apache #
Powered-by: PHP/5.2.9 #
DB Server: MySQL >=5 #
Current DB: d60732183 #
Data Bases: information_schema #
d60732183 #
,

Please do not contact me for selling of customers info, as i do not hack to steal, i hack for fun and to proof a hacking Sin.

Peace.

MADHACKER: WEB SECURIRY REPORTER.

GOOD, YOU TOOK THE ADVICE. DO THE SAME FOR THESE FOLKS. THIS IS A SERVICE THAT YOU ARE OFFERING THEM. YOU HAVE THE RIGHT TO CHARGE THEM FOR IT. STILL, I DO NOT BELIEVE YOU SHOULD POST THEIR DETAILS HERE ON NAIRALAND. WHAT IF SOME OTHER MALICIOUS HACKER USES THIS INFORMATION YOU HAVE HACKED TO DAMAGE THEIR SITE? SEE, THIS IS AKIN TO TERRORISM. YOU MAY HAVE GOOD INTENTIONS BUT YOUR METHODS ARE WRONG.

Thanks,


is it still a crime if i post a proof of insecure server on here so that other programmer can seek my assistance penetrating there website for better tomorrow of Nigeria in the world of programming?

MadHacker: Web Security Reporter.

DO NOT POST YOUR PROOF TO THE PUBLIC EYE IS WHAT I MEAN. GIVE OUT YOUR EMAIL ADDRESS AND TELL PROGRAMMERS THE SERVICES YOU ARE OFFERING. THE SERIOUS ONES WILL SURELY MAIL YOU AND YOU CAN MAIL THEM THE PROOF IN PRIVATE.
MARKETING YOUR SELF IS NOT A CRIME! BUT DO NOT COMPROMISE YOUR POTENTIAL CUSTOMERS. YOU COULD PROVE TO THE ADMIN THAT THE WEBSITE IS VULNERABLE BY TEMPORARILY TAKING IT DOWN([i]AFTER YOU HAVE INFORMED THEM [/i]THAT YOU WILL PROVE IT TO THEM ,THAT IS) AND THERE IS NO WAY THAT THEY WILL NOT SEEK YOUR SERVICES! I SEE YOU MAKING A GOOD AMOUNT OF CASH WITH THIS!

Great.

Another knowledge is token anyway, but there should be public reviews were by those upcoming programmer's security interest people can develop there skills.

MadHacker: Web Security Reporter.

you can make that happen bro, make the first move and others will follow. . .

Seriously sometimes some of the webmasters don't ever say more than thanks. I guess a simple reward, though not always required is good. I've hacked some Nigerian sites like who wants to be a millionaire online game before using XSS and after telling them about it, they never really called back. Can u send me your e-mail. I'LL like you to help me check out some of my sites.

Seriously sometimes some of the web owners
don't ever say more than thanks. I guess a simple reward, though not always required is good. I've hacked some Nigerian sites like who wants to be a millionaire online game before using XSS and after telling them about it, they never really called back. Can u send me your e-mail. I'LL like you to help me check out some of my sites.

here we go, i use icq and yahooo my Yahoo id is timwalshz@yahoo.com

carefull bro, some naija company are so dumb that instead of giving you a job, they'll get you busted.
i know what im saying, carefull

those of ya who wanna hack, contact me for FREE E-BOOK, the only payment i need is THANK YOU
logtenimation@gmail.com

You are probably playing in their honeynet/honeypot. If you can do a DDOS attack on them and give us the link,I will ascribe you a good hacker!

@denzel: thank you. Wise saying.

@madhaker. Find something much more productive to do. XSS is cheap. you are no hacker but an attacKer, i wont hail you.

Just words? No proof? No hint? Shame on you.

hi,saw ur post on the net ,pls how can i be an hacker lk u.pls i am andrew.08034595985

I saw your first post, ignored it but I strongly would advice you to tone down your choice of words when writing and not sound arrogant. Be careful how you thread. From my experience, I have on my own time tested several web applications in Nigeria and found security vulnerabilities. The best course is to get in touch with them and follow through. You can post about the issue in general terms and ask for suggestions on how to go about contacting the organizations and how to help them.

I have gotten in touch with several companies, some accusing me that I am the hacker. But who cares. Some have invited me for security talks all expense paid, flight hotel , but never went for the presentation. Not that I was afraid of a backlash. It would have even been worse for the companies if I had gone and tried to pull a fast one against me. You have to know how to handle these situations.

It is until after you have talked with the company and they listening to fix the issue then, after you have verified it has been fixed, you can release the information you had. Since it is no longer an issue. My personal process goes something like this.

Test > if security vulnerability is found > contact company > continue contacting until i get an audience > wait over several weeks > check back > if still exists > contact again and ask for updates on steps taken > wait several weeks again > if no positive steps are been considered > escalate > ask for public opinion, maybe someone reading could have an insider to push things > if resolved > ask for permission to post about the issue depending on the company's line of business > if not fix this is a tough one you can release info to pressure company be careful with this though.

Your discoveries are nothing if you do not see the companies making the necessary changes.

If you are taking this route for recognition, well you have not portrayed the type of character someone would like to work with.

Cool down the tempo

@OP, I really don't understand what your point is?
Are you thinking this through at all?

So are you simply assuming that people in the company check Nairaland forums constantly just in case someone posts vulnerabilities about their system?
Why not just contact them, tell them you did a "net-audit" of their system and discovered certain vulnerabilities but that they would have to compensate you for your troubles before you make these vulnerabilities known to them. Making sure of course, to inform them what [b]could [/b]happen if "other" less-gracious "net-auditors" came accross the same vulnerabilities that you found.

You seriously ought to be careful with this and STOP posting this stuff as it is in fact a CRIME as you are essentially aiding and abetting possible cyber crime by other script-kiddies. If you discover a vulnerability, deal with the company, and let it end there.

You may one day find that you've bitten off more than you can chew with this attitude of yours.

most likely a script kiddie here making noise. hard to imagine you understanding the intricacies of networking when you cant seem to string words together correctly

Scriptkiddie most def

Make una no make this guy vex go do wetin ino wan do b4.

As professionals ourselves, We are simply advising him on the best way to go about things. Advise that would be assimilated hassle-free in a mature mind without offence.
If he vexes because of that, it only goes to prove the point that others posted that he's nothing but a script kiddie.

f.cuking script kiddie. . .Plus iKnw dis is whts going thru yo mind 'I 4m a l33t h4ck3r. .n0b0dY fCuks wv m3. .All th3s3 w3bs1te d3sign3rs ar3 n00bs. .and as a pr0 h4ck3r, iCan Bleep wv 4nY s1t3 cos i 4m M4dh4ck3r'. .followed by a smirk up yo face.

Go get a life dude. . .And 1 more thing. . .Its Old news. . .The SQLI is an old one. . . https://www.nairaland.com/nigeria/topic-327247.0.html

Lotta advices dude. . .

1.) Learn the mechanism behind d tool u using. . ur result looks Havijs Dyu knw aw it works? No. . Dyu know if its backdoored? No. . . Can yhu do SQLI manually? No. . . Blind SQLI? No. . . PostgreSQLI? No. .Oracle? No. .Can yhu dump d whole dbs manually? No . . Can you insert rows/columns? No. . Can yhu do full defacement with your result? No. .cos your result gives you access to the DB NOT the cpanel Can yhu program in any lang, Python, Perl or Ruby? No. . .

2.) Came across the vuln 2yrs ago , sent a mail to all d email addies in the 'admincustomer' table. . Waited endlessly for a reply or the vuln getting patched buh saw none. .Had to give up on 'em. Wht 'm trynna say is, you shoulda sent 'em a mail NOT publicly disclose their details. UNAUTHORIZED ACCESS TO DOCUMENTS IN ANY ONLINE SCENARIO is HACKING. .Nigeria has got Cyber laws man and if i were to be put on yo case, u'll prolly be cooling off yo heels in some rather dark corner

Aiite, iKnow 'm sounding 2 harsh, buh i passed thru dis. . Hackin in2 sites & disclosing their details publicly. Twas one of my escapades (here on NL) dat almost got me locked up. . .Did random hacking, disclosed publicly, den contacted the company. .After series of online meetings and asking to see me in person to help patch d vuln, i succumbed. .Went 2 the company, and lo & behold iWas to attend a conference meeting of which d company's legal adviser was present. . .Before iKuld say Jack, all the laws iHad broken were tabled b4 me. . cuttin d lng story short, iHad to sign a NDA and also patch the Vuln F.O.C.

If u've not been given permission, do NOT attempt ANYTHING on a Web Server. U broke lotta rules mhan. .Best thing is WIPE OFF EVERY TRACE OF YHU ON NET cos trust me 20yrs frm now u can still be prosecuted for this.

@SlyRox You're the man. tell him

@Slyrox,
Feel ya, was in a similar situation, got invited to meet with a major financial organization in Lag, but chose not to go cos of security concerns, however, I wrote to them on on to fix their system, and after several months of wondering, and I checked again lo and behold my recommendations were implemented.

It is unpredictable what could have happened, but it is also good to have a backup plan just in case you find yourself in a similar situation.

kodewrita:

@SlyRox You're the man. tell him

Yes bo$$. . .Am following yo footsteps.

Cactus:

@Slyrox,
Feel ya, was in a similar situation, got invited to meet with a  major financial organization in Lag, but chose not to go cos of security concerns,

I understand yhu bro. .Guess twas 'cos of 'Fear of the Unknown'. .One can't predict these organizations. Buh another thing, if i was to continue this way, how will i get paid?

Slyr0x please come and teach me hacking, I want to hack Hitv and Unilag

denzel2009:

Slyr0x please come and teach me hacking, I want to hack Hitv and Unilag

loooooool

Slyr0x:

loooooool

Cos of the OP,I have started watching CBT nuggetts on CEH to see things from the hacker's perspectives.

denzel2009:

Cos of the OP,I have started watching CBT nuggetts on CEH to see things from the hacker's perspectives.

#OnPoint man. .Funny thing is 'em l33t h4x0rs neva watched such.

Check this(he got arrested later on tho) --> http://www.zone-h.org/archive/notifier=agd_scorp


Anoda story that's worth reading and bookmarking --> http://www.wired.com/techbiz/people/magazine/17-01/ff_max_butler?currentPage=1

@Slyr0x You are god




Your post was nabbed by Mr Bot Bitchass

hacking is not new, facebook gets hack all the time and it gets fixed.
i know a lot of peeps here on NL who have been able to detect security hole in corporate websites and have notified those concerned.

coming here to post this lets u off as a script kiddie

webdezzi:

hacking is not new

YES

webdezzi:

facebook gets hackED all the time

NO

webdezzi:

i know a lot of peeps here on NL who have been able to detect security hole in corporate websites and have notified those concerned.

coming here to post this lets u off as a script kiddie

DOUBLE YES

Mobinga:

@Slyr0x You are god




Your post was nabbed by Mr Bot Bitchass

Lool. .God is God. . .We all are mini-gods The bot chowin ppl's posts is d reason y we dnt have many people participating in d Webmasters Board anymore. . .Quite Sad.

@denzel, check the "Show the last posts of this person" link on my profile. .Got a link for you.