Dating Psychos web site is asking to be hacked

Mikey 14 comments
  • Cyber Crime
  • Bullying
Dating Psychos web site is asking to be hacked

Ladies and Gentlemen, if I may draw your attention to this comment left by reader krnlpanick: "noticed no one was able to have fun anymore, so here you go-- a little bit of sql injection for you all to play with".

That's right, if it wasn't lame enough that Dating Psycho were vulnerable to my simple CSS exploits, it turns out they are vulnerable to SQL injection. So what can you do with this? You can delete the database if you have the skills. Not that I am encouraging anyone to delete the Dating Psychos database. That would be wrong if I were to encourage someone to delete the Dating Psychos database. I mean just because they prey on innocent people and exploit minors is no reason to delete the Dating Psychos database. Yes deleting the Dating Psycho database would be wrong, so don't delete the Dating Psychos database. Did I mention the Dating Psychos database is vulnerable to being deleted?

I hate to imagine how this would pan out for them if say, someone posted this new information on say Slashdot or . The Dating Psycho's web site might be in real trouble. Not that I am encouraging that sort of thing.

But if you go and do some malice damage, say you do delete the Dating Psychos database, let it be known that I did nothing to encourage it :-)

And on an unrelated topic, here is an SQL Injection cheat sheet.

Check this out.

Not a Member!

Rodney

Thursday 1st May 2008 | 12:13 PM

Deleting it would be very wrong. Dropping or truncating it, on the other hand....

C'mon people, it's a joke!

Reply | Comment URL | Top
Not a Member!

Gina Squitieri

Thursday 1st May 2008 | 12:16 PM

haaa! Michael, you're a crack-up.

Here's version #2:

"Not that I AM ENCOURAGING someone to DELETE the Dating Psychos database!"

Reply | Comment URL | Top
Not a Member!

Anders

Thursday 1st May 2008 | 12:20 PM

Someone needs to spearhead this before they plug the hole. Im spreading the word.

Reply | Comment URL | Top
Not a Member!

Thursday 1st May 2008 | 08:25 PM

You rock.

Reply | Comment URL | Top
Not a Member!

Rodney

Thursday 1st May 2008 | 11:44 PM

You know what's truly funny is the guy who "coded" this site does it for a living, apparently.

Reply | Comment URL | Top
Not a Member!

krnlpanick

Friday 2nd May 2008 | 12:21 AM

hahaha!

The plot continues to thicken... This guy is into some pretty wierd porn too... Seriously? Scooby doo and Daphne?

http://resentment.org/misc/animeporn/?1209658811

Reply | Comment URL | Top
Not a Member!

krnlpanick

Friday 2nd May 2008 | 12:23 AM

...in response to this comment by krnlpanick. not that I am suggesting anything, but it would be rather funny to change the names of all of the psychos to J-Dog

Reply | Comment URL | Top
Not a Member!

FuzzyBunny

Friday 2nd May 2008 | 12:39 AM

Check it out...J-Dog got posted on his own site...
http://datingpsychos.com/view_psycho.html?psycho_id=1502

Reply | Comment URL | Top
Not a Member!

krnlpanick

Friday 2nd May 2008 | 02:45 AM

You can use the SQL Injection mentioned above on any site that shows the "Powered by Logik Software" graphic.

Reply | Comment URL | Top
Not a Member!

Hacker

Friday 2nd May 2008 | 05:18 PM

I noticed they have a few celebrities on the site now.
http://www.datingpsychos.com/view_psycho.html?psycho_id=1418
I`m surprised he hasn`t tried to have this one removed.

Reply | Comment URL | Top
Not a Member!

Rodney

Monday 5th May 2008 | 10:45 AM

...in response to this comment by krnlpanick. Such as their own site:
http://www.logiksoftware.com/myaccount.html

or this list of sites:


Which, interestingly, uses a template and graphics from OpenSourceWebDesign (oswd.org):

http://www.oswd.org/design/preview/id/2876

Rather than any actual work done by them. So in effect logik software just used someone else template and graphics and then wrote their own code, which is completely buggy and insecure.

Real quality work, guys...

Reply | Comment URL | Top
Not a Member!

bumblebee

Tuesday 6th May 2008 | 10:45 AM

hi a friend of mine has her profile up on this page and it is causing her quiet some distress. we are not good at IT related issues, does any code exist that we can use to delete her profile?
We tried holding down a key for about 30 seconds, but that just moves the profile over and you can still see it if you scroll across. Any help would be appreciated.

Reply | Comment URL | Top
Not a Member!

bobby1234

Monday 19th May 2008 | 01:20 PM

...in response to this comment by Rodney. the sites he developed (i.e. customers) might not be happy knowing that their host and designer is behind the datingpsychos site... maybe we can email them and let them know what they are associating with.

not to mention how unsecure the sites are??!!

Reply | Comment URL | Top
Not a Member!

krnlpanick

Wednesday 8th October 2008 | 02:30 PM

hey - guess who's back -- back again...

try this url to get a whole detailed view of his database schema - and some default sql that is probably used in every site he has done...

http://www.datingpsychos.com/sql/.

Reply | Comment URL | Top

Add a comment

Login to Rusty Lime

Not registered? | Forgot your Password? Cancel Login