FabSwingers.com mobile

Already registered?
Login here

Back to forum list
Back to Swingers Chat

POF hacked

Jump to newest
 

By (user no longer on site) OP   
over a year ago

Plenty of Fish was "hacked" this week, so change your password to something else, and also of course never use the same password for any site!

Does fab store passwords and other details in plain text?

Anyhow pof made the numpty mistake of not using parametrised sql command builder, so you could do the "little bobby tables" exploit on them!

cheers!

Reply privatelyReply in forumReply +quote
 

By (user no longer on site)
over a year ago

Wondered why when logging into afore mentioned site...it said my password had expired! now I know reason, thanks for letting me know...

Reply privatelyReply in forumReply +quote
 

By *harpDressed ManMan
over a year ago

Here occasionally, but mostly somewhere else


"

Anyhow pof made the numpty mistake of not using parametrised sql command builder, so you could do the "little bobby tables" exploit on them!

"

We're lucky that you're here to explain that.

I'm sure we can all learn from this.

Reply privatelyReply in forumReply +quote
 

By (user no longer on site)
over a year ago

so as a result of this hacking, do you think i'll get more emails fromh ot, single guys then? i wouldnt see a downside if that happened

Reply privatelyReply in forumReply +quote
 

By (user no longer on site)
over a year ago


"

not using parametrised sql command builder, so you could do the "little bobby tables" exploit on them!

cheers!"

Yeah,I was thinking the exact same thing

Reply privatelyReply in forumReply +quote
 

By (user no longer on site) OP   
over a year ago

Heh, sorry!

Basically SQL is the "language" you talk to the database in. so:

SELECT UserName FROM users

gets all the users names from the users table. With me so far?

Well you can add filters on so you only find what you are after:

SELECT UserName FROM users WHERE Age18 AND Age40 AND Gender=Female

and so on.

But those filters come from what the user picks and/or settings and so if you are not careful and do your back end programming properly, clever users can change these parameters so that 18 could become:

'; SELECT Password FROM users;'

Which in the case of pof resulted in the password been returned for all users.

It's known as an SQL injection exploit. Scarily common on many sites.

Anyhow as a rule of thumb I never use my exact dob or postcode on any site just in case. For the extra paranoid you could set up different hotmail accounts!

Reply privatelyReply in forumReply +quote
 

By (user no longer on site) OP   
over a year ago


"so as a result of this hacking, do you think i'll get more emails fromh ot, single guys then? i wouldnt see a downside if that happened "

Well if you moved closer to me, I'd message you every day

Reply privatelyReply in forumReply +quote
 

By (user no longer on site)
over a year ago

I too wondered why i had to change the password which i've been using for a while, and naughtily i do tend to use the same or variations of it on other sites.

Thanks for the explanation.

Reply privatelyReply in forumReply +quote
 

By (user no longer on site)
over a year ago

It would seem many POF members are on here too.....do you swing on both sites or date and swing separately?

Reply privatelyReply in forumReply +quote
 

By (user no longer on site) OP   
over a year ago


"It would seem many POF members are on here too.....do you swing on both sites or date and swing separately? "

I just keep a look out for single women in my area. I think they are all hiding on wehatesinglemenandarelesbians.com

Reply privatelyReply in forumReply +quote
 

By *entadreadMan
over a year ago

Essex


"Heh, sorry!

Basically SQL is the "language" you talk to the database in. so:

SELECT UserName FROM users

gets all the users names from the users table. With me so far?

Well you can add filters on so you only find what you are after:

SELECT UserName FROM users WHERE Age18 AND Age40 AND Gender=Female

and so on.

But those filters come from what the user picks and/or settings and so if you are not careful and do your back end programming properly, clever users can change these parameters so that 18 could become:

'; SELECT Password FROM users;'

Which in the case of pof resulted in the password been returned for all users.

It's known as an SQL injection exploit. Scarily common on many sites.

Anyhow as a rule of thumb I never use my exact dob or postcode on any site just in case. For the extra paranoid you could set up different hotmail accounts! "

You missed the * from Users, mate.

Reply privatelyReply in forumReply +quote
 

By *harpDressed ManMan
over a year ago

Here occasionally, but mostly somewhere else


"

You missed the * from Users, mate. "

...And a fair amount of irony...

Reply privatelyReply in forumReply +quote
 

By (user no longer on site) OP   
over a year ago


"

You missed the * from Users, mate.

...And a fair amount of irony..."

Irony, I just wear my clothes creased instead!

as for the "* from", the exploit only works for a single specified field! (search youtube and you'll find a vid of the exploit - which is now fixed btw)

Reply privatelyReply in forumReply +quote
 

By *thwalescplCouple
over a year ago

brecon

Now, just been on, at first it asked for us to reset our password, but when I ignored that I could log on with my old password....

call me cynical, maybe the warning page is the hack?

Reply privatelyReply in forumReply +quote
 

By (user no longer on site) OP   
over a year ago

Nah, the log in page is just there to make you change your password, but the system will still authenticate against the old password.

Do change it though as I *hope* it means the new passwords are encrypted...

Reply privatelyReply in forumReply +quote
 

By *uicy_ruit3Man
over a year ago

portsmouth

I can't believe that in this day and age, a massive site like PoF would be sending out regular weekly e-mails with a password in plain text. It really beggars belief that the security was so lapse.

The guy who runs it sounds like a bit of a nutter as well

Hopefully this will have given them a kick up the backside and to hire a security expert who knows what they're doing

Reply privatelyReply in forumReply +quote
 

By *ruitWoman
over a year ago

near kings lynn

If I am on a dating site and meet someone that I would meet agaion and plan to then I wont swing at the same time as that is cheating.

Reply privatelyReply in forumReply +quote
 

By (user no longer on site)
over a year ago


"It would seem many POF members are on here too.....do you swing on both sites or date and swing separately? "

i just try and get as much sex as possible, dont care which site is comes from

Reply privatelyReply in forumReply +quote
 

By (user no longer on site)
over a year ago

will do thanks ElLongo

Reply privatelyReply in forumReply +quote
 

By (user no longer on site) OP   
over a year ago


"I can't believe that in this day and age, a massive site like PoF would be sending out regular weekly e-mails with a password in plain text. It really beggars belief that the security was so lapse.

The guy who runs it sounds like a bit of a nutter as well

Hopefully this will have given them a kick up the backside and to hire a security expert who knows what they're doing"

You'd be amazed at what I have seen sites store in their database (big and small). Many store critical data in plain text (passwords, home phone numbers and the like). One even stored credit card details and the CVV (3 digit security code) in plain text. We promptly deleted all that data then informed them about breaching several PCI guidelines/rules!

Reply privatelyReply in forumReply +quote
 

By *edhotminxWoman
over a year ago

Turn left at the Singing Ringing Tree


"The guy who runs it sounds like a bit of a nutter as well"

I read an article about the man who set up POF on the internet, a very interesting read. He's allegedly nicknamed his own site 'Plenty of Losers'.

Reply privatelyReply in forumReply +quote
 
 

By *arambarMan
over a year ago

swindon

Hahaha - I got the Little Bobby Tables reference

xkcd rawks

Reply privatelyReply in forumReply +quote
Post new Message to Thread
back to top