Skip to content

Top New Best Ask Show Jobs

CarbonHire.com – DB Details (opens in new tab)

(carbonhire.com)

2 pointsit20021911y ago1 comments

They sent me an email, I dont know even unsubscribe page is not working, surprise to me I can see all DB details over here. Tears in my eyes on seeing these details are exposed to public.

<code> <?php 02 03 define('CRONJOB', TRUE); 04 include("index.php"); 05 06 $email = isset($_GET['email']) ? $_GET['email'] : ""; 07 $hash = md5("carbon".$email); 08 setcookie("guid", $hash, time() + (10 * 365 * 24 * 60 * 60), "/", "carbonhire.com"); 09 //print_r($_COOKIE); 10 header("Location: http://hastrk1.com/serve?action=click&publisher_id=59998&site_id=47256&offer_id=274954", true, 302); 11 12 $link = mysql_connect('geniushire-real-1.cbuqrrbjabbr.us-east-1.rds.amazonaws.com', 'geniushire', ';kcvGayqe05t4!?'); 13 if (!$link) { 14 die('Could not connect: ' . mysql_error()); 15 } 16 17 mysql_select_db("geniushire_real_new", $link) or die('Could not select database.');$sql = "UPDATE gh_central SET cookie_id = '".$hash."' WHERE email = '".$email."'"; 18 if($email != ""){ 19 $sql = "UPDATE gh_central SET cookie_id = '".$hash."' WHERE email = '".$email."'"; 20 $r = mysql_query($sql); 21 } 22 ?>

</code>

CarbonHire.com – DB Details | Better HN

1 comments

it200219OP11y ago

They sent me an email, I dont know even unsubscribe page is not working, surprise to me I can see all DB details over here. Tears in my eyes on seeing these details are exposed to public.

<code> <?php 02 03 define('CRONJOB', TRUE); 04 include("index.php"); 05 06 $email = isset($_GET['email']) ? $_GET['email'] : ""; 07 $hash = md5("carbon".$email); 08 setcookie("guid", $hash, time() + (10 * 365 * 24 * 60 * 60), "/", "carbonhire.com"); 09 //print_r($_COOKIE); 10 header("Location: http://hastrk1.com/serve?action=click&publisher_id=59998&sit..., true, 302); 11 12 $link = mysql_connect('geniushire-real-1.cbuqrrbjabbr.us-east-1.rds.amazonaws.com', 'geniushire', ';kcvGayqe05t4!?'); 13 if (!$link) { 14 die('Could not connect: ' . mysql_error()); 15 } 16 17 mysql_select_db("geniushire_real_new", $link) or die('Could not select database.');$sql = "UPDATE gh_central SET cookie_id = '".$hash."' WHERE email = '".$email."'"; 18 if($email != ""){ 19 $sql = "UPDATE gh_central SET cookie_id = '".$hash."' WHERE email = '".$email."'"; 20 $r = mysql_query($sql); 21 } 22 ?>

</code>

j / k navigate · click thread line to collapse