Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: THQ website has multiple SQL injection bugs, and a reflected XSS

From: Benji <me () b3nji com>
Date: Thu, 17 Jun 2010 15:53:00 +0100
rabble rabble rabble rabble rabble rabble rabble rabble rabble rabble
rabble rabble rabble rabble rabble rabble rabble rabble rabble rabble
rabble rabble rabble rabble rabble rabble rabble rabble rabble

On Wed, Jun 16, 2010 at 9:05 PM, Harry Balls <thqaredumbasses () yahoo com> wrote:

This is pretty much because I want to embarrass these assholes. See:
http://gamepolitics.com/2010/06/14/exec-thq-anti-used-game-initiative-could-make-everyone-happy

SQLi 1:
http://www.thq.com/us/mythq/register?contentType=GAMEALERT&alertGame='4896

This one is pretty obvious. It's an injection via $_GET. The funniest part
is that they don't just allow injection. They serve up the whole PHP source
of the page for you. Giving you table names, and the actual syntax of the
query being used.

SQLi 2:
The next one is an injection via POST in their registration form here:
http://www.thq.com/us/mythq/register

I used burpsuite to inject it by editing the HTTP requests but you can
probably just enter whatever you want right in the form. I used the UK
subdomain for testing: http://uk.thq.com/uk/mythq/register. This one also
shows the source.

Next one is your typical reflected XSS:

http://www.thq.com/us/search/index?keyw=%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E

I hope this is enough to put off anyone who was thinking of buying shit from
them.
Would you trust this company with your credit card information when they
can't even properly sanitize a registration form?
These probably aren't even the only security bugs on their site. This is
just after 10 minutes of pentesting. Do yourself a favor and stay far far
away from this company. They have no clue about security and obviously don't
give a shit about their customers.

BOYCOTT THQ


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: