Dating Psychos web site is asking to be hacked
Mikey 14 commentsLadies and Gentlemen, if I may draw your attention to this comment left by reader krnlpanick: "noticed no one was able to have fun anymore, so here you go-- a little bit of sql injection for you all to play with".
That's right, if it wasn't lame enough that Dating Psycho were vulnerable to my simple CSS exploits, it turns out they are vulnerable to SQL injection. So what can you do with this? You can delete the database if you have the skills. Not that I am encouraging anyone to delete the Dating Psychos database. That would be wrong if I were to encourage someone to delete the Dating Psychos database. I mean just because they prey on innocent people and exploit minors is no reason to delete the Dating Psychos database. Yes deleting the Dating Psycho database would be wrong, so don't delete the Dating Psychos database. Did I mention the Dating Psychos database is vulnerable to being deleted?
I hate to imagine how this would pan out for them if say, someone posted this new information on say Slashdot or . The Dating Psycho's web site might be in real trouble. Not that I am encouraging that sort of thing.
But if you go and do some malice damage, say you do delete the Dating Psychos database, let it be known that I did nothing to encourage it :-)
And on an unrelated topic, here is an SQL Injection cheat sheet.
Gina Squitieri
Thursday 1st May 2008 | 12:16 PMhaaa! Michael, you're a crack-up.
Here's version #2:
"Not that I AM ENCOURAGING someone to DELETE the Dating Psychos database!"
Anders
Thursday 1st May 2008 | 12:20 PMSomeone needs to spearhead this before they plug the hole. Im spreading the word.
Rodney
Thursday 1st May 2008 | 11:44 PMYou know what's truly funny is the guy who "coded" this site does it for a living, apparently.
krnlpanick
Friday 2nd May 2008 | 12:21 AMhahaha!
The plot continues to thicken... This guy is into some pretty wierd porn too... Seriously? Scooby doo and Daphne?
http://resentment.org/misc/animeporn/?1209658811
krnlpanick
Friday 2nd May 2008 | 12:23 AM...in response to this comment by krnlpanick. not that I am suggesting anything, but it would be rather funny to change the names of all of the psychos to J-Dog
FuzzyBunny
Friday 2nd May 2008 | 12:39 AMCheck it out...J-Dog got posted on his own site...
http://datingpsychos.com/view_psycho.html?psycho_id=1502
krnlpanick
Friday 2nd May 2008 | 02:45 AMYou can use the SQL Injection mentioned above on any site that shows the "Powered by Logik Software" graphic.
Hacker
Friday 2nd May 2008 | 05:18 PMI noticed they have a few celebrities on the site now.
http://www.datingpsychos.com/view_psycho.html?psycho_id=1418
I`m surprised he hasn`t tried to have this one removed.
Rodney
Monday 5th May 2008 | 10:45 AM...in response to this comment by krnlpanick. Such as their own site:
http://www.logiksoftware.com/myaccount.html
or this list of sites:
Which, interestingly, uses a template and graphics from OpenSourceWebDesign (oswd.org):
http://www.oswd.org/design/preview/id/2876
Rather than any actual work done by them. So in effect logik software just used someone else template and graphics and then wrote their own code, which is completely buggy and insecure.
Real quality work, guys...
bumblebee
Tuesday 6th May 2008 | 10:45 AMhi a friend of mine has her profile up on this page and it is causing her quiet some distress. we are not good at IT related issues, does any code exist that we can use to delete her profile?
We tried holding down a key for about 30 seconds, but that just moves the profile over and you can still see it if you scroll across. Any help would be appreciated.
bobby1234
Monday 19th May 2008 | 01:20 PM...in response to this comment by Rodney. the sites he developed (i.e. customers) might not be happy knowing that their host and designer is behind the datingpsychos site... maybe we can email them and let them know what they are associating with.
not to mention how unsecure the sites are??!!
krnlpanick
Wednesday 8th October 2008 | 02:30 PMhey - guess who's back -- back again...
try this url to get a whole detailed view of his database schema - and some default sql that is probably used in every site he has done...
http://www.datingpsychos.com/sql/.
Rodney
Thursday 1st May 2008 | 12:13 PMDeleting it would be very wrong. Dropping or truncating it, on the other hand....
C'mon people, it's a joke!