Join us FREE, we're FREE to use
Web's largest swingers site since 2006.
Already registered?
Login here
Back to forum list |
Back to Swingers Chat |
Jump to newest |
Reply privately | Reply in forum | Reply +quote |
| |||
Reply privately | Reply in forum | Reply +quote |
" Anyhow pof made the numpty mistake of not using parametrised sql command builder, so you could do the "little bobby tables" exploit on them! " We're lucky that you're here to explain that. I'm sure we can all learn from this. | |||
Reply privately | Reply in forum | Reply +quote |
| |||
Reply privately | Reply in forum | Reply +quote |
" not using parametrised sql command builder, so you could do the "little bobby tables" exploit on them! cheers!" Yeah,I was thinking the exact same thing | |||
Reply privately | Reply in forum | Reply +quote |
| |||
Reply privately | Reply in forum | Reply +quote |
"so as a result of this hacking, do you think i'll get more emails fromh ot, single guys then? i wouldnt see a downside if that happened " Well if you moved closer to me, I'd message you every day | |||
Reply privately | Reply in forum | Reply +quote |
| |||
Reply privately | Reply in forum | Reply +quote |
| |||
Reply privately | Reply in forum | Reply +quote |
"It would seem many POF members are on here too.....do you swing on both sites or date and swing separately? " I just keep a look out for single women in my area. I think they are all hiding on wehatesinglemenandarelesbians.com | |||
Reply privately | Reply in forum | Reply +quote |
"Heh, sorry! Basically SQL is the "language" you talk to the database in. so: SELECT UserName FROM users gets all the users names from the users table. With me so far? Well you can add filters on so you only find what you are after: SELECT UserName FROM users WHERE Age18 AND Age40 AND Gender=Female and so on. But those filters come from what the user picks and/or settings and so if you are not careful and do your back end programming properly, clever users can change these parameters so that 18 could become: '; SELECT Password FROM users;' Which in the case of pof resulted in the password been returned for all users. It's known as an SQL injection exploit. Scarily common on many sites. Anyhow as a rule of thumb I never use my exact dob or postcode on any site just in case. For the extra paranoid you could set up different hotmail accounts! " You missed the * from Users, mate. | |||
Reply privately | Reply in forum | Reply +quote |
" You missed the * from Users, mate. " ...And a fair amount of irony... | |||
Reply privately | Reply in forum | Reply +quote |
" You missed the * from Users, mate. ...And a fair amount of irony..." Irony, I just wear my clothes creased instead! as for the "* from", the exploit only works for a single specified field! (search youtube and you'll find a vid of the exploit - which is now fixed btw) | |||
Reply privately | Reply in forum | Reply +quote |
| |||
Reply privately | Reply in forum | Reply +quote |
| |||
Reply privately | Reply in forum | Reply +quote |
| |||
Reply privately | Reply in forum | Reply +quote |
| |||
Reply privately | Reply in forum | Reply +quote |
"It would seem many POF members are on here too.....do you swing on both sites or date and swing separately? " i just try and get as much sex as possible, dont care which site is comes from | |||
Reply privately | Reply in forum | Reply +quote |
Reply privately | Reply in forum | Reply +quote |
"I can't believe that in this day and age, a massive site like PoF would be sending out regular weekly e-mails with a password in plain text. It really beggars belief that the security was so lapse. The guy who runs it sounds like a bit of a nutter as well Hopefully this will have given them a kick up the backside and to hire a security expert who knows what they're doing" You'd be amazed at what I have seen sites store in their database (big and small). Many store critical data in plain text (passwords, home phone numbers and the like). One even stored credit card details and the CVV (3 digit security code) in plain text. We promptly deleted all that data then informed them about breaching several PCI guidelines/rules! | |||
Reply privately | Reply in forum | Reply +quote |
"The guy who runs it sounds like a bit of a nutter as well" I read an article about the man who set up POF on the internet, a very interesting read. He's allegedly nicknamed his own site 'Plenty of Losers'. | |||
Reply privately | Reply in forum | Reply +quote |
| |||
Reply privately | Reply in forum | Reply +quote |
Post new Message to Thread |
back to top |