Heist, New Exploit Discovered by Security Researchers !

procoder Level X³

August 4, 2016, 7:03 am

Write the reason you're deleting this FAQ

Heist, New Exploit Discovered by Security Researchers !

Over the years we’ve seen a lot of different exploits that can be used to attack websites , actually an exploit it’s just a “way” to bypass your site security directly from your site or indirectly through third parties website (in this case through ads). The latest exploit discovered by security researchers is called heist (Http Encrypted information Stolen through TCP-Windows ), which is capable to attack secured websites (https) using only a javascript code which might be hidden in any ads. This can be prevented only if you disable third party cookies in your browser, also since this “exploit” is discovered I’m sure that browsers and other companies will release a security patch for that.

Comments

Please login or sign up to leave a comment

Join

Cristian

Thanks for the information on all of this! Hope Chrome will develop an update as fast as possible so we can all be safe.

10 years ago

Are you sure you want to delete this post?

procoder

Yeah i'm sure they will patch it very soon, at least chrome should do that because it's the only browser that i'm using lol

10 years ago

Are you sure you want to delete this post?

idealmike

Yeah I was reading about this last night. It came up on my News app on my phone (iOS) and it was saying basically that HTTPS/TLS isn't secure at all until this has been fixed and that the only way of securing yourself for now is to block all cookies but that's not really a good workaround as you need cookies enabled sometimes to be able to login and stay logged in on a site. The other option was to disable all ads showing which I do anyway using AdBlock. But it's quite scary to think that your data and anything you punch into your PC can be intercepted and used nefariously. I really hope they come up with a fix soon otherwise this is/could lead to some serious implications and we may just end up hearing horror stories of people who have had their data and even ID stolen/replicated. Scary stuff!

10 years ago

Are you sure you want to delete this post?

Everett

I have seen this, and it's quite alarming. Just how long has this been going on for? You'd think with all the updates these days that people would be able to find exploits more efficiently. There was the SSL exploit which effected thousands to millions of websites, and now this "new" Heist exploit..

10 years ago

Are you sure you want to delete this post?

SEOClerks

Heist, New Exploit Discovered by Security Researchers !

Heist, New Exploit Discovered by Security Researchers !

Comments

Please login or sign up to leave a comment

Cristian

procoder

idealmike

Everett

Invalid SQL

Expensive SQL

Suspicious SQL

Match	Count	SQL	Script
SELECT * FROM `questions` as q JOIN categories_faq as c ON q.catid=c.CATID WHERE (q.status=1 OR (q.status=2 AND userid='') ) AND q.quesid='18624'	1	SELECT q.*, c.seo as CatSEO, c.name as CatName, c.parentid FROM `questions` as q JOIN categories_faq as c ON q.catid=c.CATID WHERE (q.status=1 OR (q.status=2 AND userid='') ) AND q.quesid='18624'	/opt/clerks-staging/docroot/viewfaq.php 496 () ()
SELECT * FROM seoclerks.members WHERE USERID='377074'	1	SELECT * FROM seoclerks.members WHERE USERID='377074'	/opt/clerks-staging/docroot/include/functions/includes/member.php 445 GetAllUserDetails() ()
SELECT * FROM categories_faq WHERE CATID='55'	1	SELECT CATID, seo, name, metatitle, h2header, metakeywords, metadescription, metaheader, parentid, image_name FROM categories_faq WHERE CATID='55'	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() GetCategorySeoFromType()
SELECT * FROM seoclerks.members WHERE USERID=377074	1	SELECT googleplus_profile FROM seoclerks.members WHERE USERID=377074	/opt/clerks-staging/docroot/include/functions/main.php 16914 GetGooglePlusProfileFromId() ()
SELECT * FROM ratings_faq as r, seoclerks.members as m WHERE r.USERID=m.USERID AND r.upvote=1 AND r.PID=18624 LIMIT 5	1	SELECT m.username FROM ratings_faq as r, seoclerks.members as m WHERE r.USERID=m.USERID AND r.upvote=1 AND r.PID=18624 LIMIT 5	/opt/clerks-staging/docroot/include/functions/main.php 17159 GetVoters() ()
SELECT * FROM answers a, seoclerks.members b WHERE a.quesid='18624' AND a.userid=b.USERID and b.status='1' AND a.status=1 ORDER BY a.combined_votes DESC, a.date_answered asc	1	SELECT a.answer, a.USERID, a.upvotes, a.downvotes, a.ansid, a.parentid, a.combined_votes, a.date_answered, b.username, b.userlevel, b.profilepicture FROM answers a, seoclerks.members b WHERE a.quesid='18624' AND a.userid=b.USERID and b.status='1' AND a.status=1 ORDER BY a.combined_votes DESC, a.date_answered asc	/opt/clerks-staging/docroot/viewfaq.php 1245 () ()
SELECT * FROM ratings_faqanswers as r, seoclerks.members as m WHERE r.USERID=m.USERID AND r.upvote=1 AND r.PID=103063 LIMIT 5	1	SELECT m.username FROM ratings_faqanswers as r, seoclerks.members as m WHERE r.USERID=m.USERID AND r.upvote=1 AND r.PID=103063 LIMIT 5	/opt/clerks-staging/docroot/include/functions/main.php 17159 GetVoters() ()
SELECT * FROM ratings_faqanswers as r, seoclerks.members as m WHERE r.USERID=m.USERID AND r.upvote=1 AND r.PID=103250 LIMIT 5	1	SELECT m.username FROM ratings_faqanswers as r, seoclerks.members as m WHERE r.USERID=m.USERID AND r.upvote=1 AND r.PID=103250 LIMIT 5	/opt/clerks-staging/docroot/include/functions/main.php 17159 GetVoters() ()
SELECT * FROM ratings_faqanswers as r, seoclerks.members as m WHERE r.USERID=m.USERID AND r.upvote=1 AND r.PID=103078 LIMIT 5	1	SELECT m.username FROM ratings_faqanswers as r, seoclerks.members as m WHERE r.USERID=m.USERID AND r.upvote=1 AND r.PID=103078 LIMIT 5	/opt/clerks-staging/docroot/include/functions/main.php 17159 GetVoters() ()
SELECT * FROM ratings_faqanswers as r, seoclerks.members as m WHERE r.USERID=m.USERID AND r.upvote=1 AND r.PID=103177 LIMIT 5	1	SELECT m.username FROM ratings_faqanswers as r, seoclerks.members as m WHERE r.USERID=m.USERID AND r.upvote=1 AND r.PID=103177 LIMIT 5	/opt/clerks-staging/docroot/include/functions/main.php 17159 GetVoters() ()
UPDATE questions SET total_views = total_views + 1 WHERE quesid='18624'	1	UPDATE questions SET total_views = total_views + 1 WHERE quesid='18624'	/opt/clerks-staging/docroot/include/functions/main.php 1765 update_Faqviewcount() ()
SELECT * FROM questions WHERE quesid!='18624' AND status='1' AND (question like '%Heist, Exploit Discovered Security Researchers ! %' OR question like '%Heist,%' OR question like '%Exploit%' OR question like '%Discovered%' OR question like '%Security%' OR question like '%Researchers%') -- ORDER BY RAND() LIMIT 15	1	SELECT quesid, question, seo, userid FROM questions WHERE quesid!='18624' AND status='1' AND (question like '%Heist, Exploit Discovered Security Researchers ! %' OR question like '%Heist,%' OR question like '%Exploit%' OR question like '%Discovered%' OR question like '%Security%' OR question like '%Researchers%') -- ORDER BY RAND() LIMIT 15	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() ()
SELECT * FROM seoclerks.members WHERE USERID='272' limit 1	1	SELECT profilepicture FROM seoclerks.members WHERE USERID='272' limit 1	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_get_member_profilepicture()
SELECT * FROM seoclerks.members WHERE USERID='315856' limit 1	1	SELECT profilepicture FROM seoclerks.members WHERE USERID='315856' limit 1	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_get_member_profilepicture()
SELECT * FROM seoclerks.members WHERE USERID='8812' limit 1	1	SELECT profilepicture FROM seoclerks.members WHERE USERID='8812' limit 1	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_get_member_profilepicture()
SELECT * FROM members_ledger WHERE script='/opt/clerks-staging/docroot/viewfaq.php' AND querystring LIKE '%id=18624%' AND added>=UNIX_TIMESTAMP(NOW())-1200 GROUP BY USERID	1	SELECT USERID, username FROM members_ledger WHERE script='/opt/clerks-staging/docroot/viewfaq.php' AND querystring LIKE '%id=18624%' AND added>=UNIX_TIMESTAMP(NOW())-1200 GROUP BY USERID	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() ()
SELECT * FROM categories	1	SELECT * FROM categories	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() parseRedundantQueriesCache()
select * from categories_software order by name asc	1	select * from categories_software order by name asc	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_GetSoftwareCategories()
select * from categories_wanttobuy order by name asc	1	select * from categories_wanttobuy order by name asc	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_get_wantcategories()
select * from categories_wanttotrade order by name asc	1	select * from categories_wanttotrade order by name asc	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_get_tradecategories()
SELECT * FROM seoclerks.members WHERE USERID='134.png'	1	SELECT profilepicture FROM seoclerks.members WHERE USERID='134.png'	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() getUserProfileImage()
SELECT * FROM seoclerks.members WHERE USERID='377074.png'	1	SELECT profilepicture FROM seoclerks.members WHERE USERID='377074.png'	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() getUserProfileImage()
SELECT * FROM seoclerks.members WHERE USERID='272.jpg'	1	SELECT profilepicture FROM seoclerks.members WHERE USERID='272.jpg'	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() getUserProfileImage()
SELECT * FROM seoclerks.members WHERE USERID='2951.jpg'	1	SELECT profilepicture FROM seoclerks.members WHERE USERID='2951.jpg'	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() getUserProfileImage()
select * from categories_faq order by name asc	1	select * from categories_faq order by name asc	/opt/clerks-staging/docroot/libraries/adodb5/adodb.inc.php 1899 CacheExecute() insert_GetFaqCategories()