14 DAY TRIAL // Security researcher Shadab Siddiqui provided us with proof to demonstrate that the large number of vulnerabilities having affected ThinkDigit.com could be exploited by an attacker not only to leak the site's internal path, but also to gain access to its entire database.
Think Digit is a popular website that offers news, reviews, downloads, videos and information on digital devices. Unfortunately, its administrators have been neglecting its security allowing for cross-site scripting (XSS), SQL Injections, and other vulnerabilities to expose the site and its customers.
These vulnerabilities could allow cybercriminals not only to hijack sessions and alter the site’s appearance, but also to gain access to the databases and steal information.
As the screenshots clearly demonstrate, these are not vulnerabilities that cannot be exploited. Instead they could be leveraged by an attacker to cause some serious damage.
We have notified Think Digit on March 3 and provided them with all the information needed to address the issues. So far they haven’t responded in any way, but Siddiqui tells us that the vulnerabilities have been patched up in the meantime.
Tech savvy users and security enthusiasts can check out the proof-of-concept provided by Siddiqui here.
