Assorted Thoughts on Website Buying, Selling and Monetizing

How Flippa Was Hacked - Video

Rate this Entry

3 Comments

, July 21st, 2010 at 03:57 AM (949 Views)

Is-Hacked has released the video of how they hacked Flippa.

From earlier reports Flippa threatened to sue them if they released this video. I suspect that was sabre rattling. Even Flippa isn't that dumb to attract the negative publicity a law suit would inevitably do.

The vulnerability was simple, you could either click Forgot Password or Register. The email Flippa sends you contains a link that is designed to authenticate your email and contains a UserID in the url. To hack Flippa, you simply change the UserID. This can be to any UserID to find their profile info/private messages or as shown in the video an Administrator UserID.

They are taking questions and answering them on that blog post above.

Categories: ‎ Uncategorized

Email Blog Entry

« Prev Main Next »

Comments

hooperman - July 21st, 2010 04:13 AM
- Reply
Now that was a schoolboy error! tke71709 was right about substituting the user id.
Andy - July 30th, 2010 07:38 AM
- Reply
Oh my gorsh! How common is this vulnerability?

Even Flippa isn't that dumb to attract the negative publicity a law suit would inevitably do.

"The difference between genius and stupidity is genius has it's limits" Albert Einstein

Andy
Clinton - July 30th, 2010 10:23 AM
- Reply
Flippa's software is custom-built, isn't it?