Exclusive: Vulnerability in Public.gr endangers user accounts

[alert variation=”alert-info”] Ένας αναγνώστης του iGuRu.gr επικοινώνησε μαζί μας και μας απέστειλε ένα ολοκληρωμένο PoC (Proof of ) εκμετάλλευσης ευπάθειας στο Public.gr. Vulnerability permits theft of personal data.[/ alert]

Theft of personal data on a site of this kind is considered to be something that should not be underestimated by the managers of the online market.

iGuRu.gr has contacted Rublic.gr and is awaiting a response from the administrators or the technical service. As of this writing the technique of Rublic has not contacted us.

The friend researcher Taso_X, the blog manager pentestlibrary.blogspot.gr says:
I recently found a weakness in www.rublic.gr which certainly affects many large Greek sites that promise us security in our markets and many others.
Indeed, my purpose is good-natured and I did not know who to communicate with in the public, and it was very likely that they did not give me any special significance.
I have not changed their data. It is a passive attack and concerns the users in their weakness to manage properly (edited) a process.
The message is followed by the full PoC available at iGuRu.gr, but we will not post it as there is a risk of violating Public.gr accounts.
The details of the attack will only be available to the Web Developers of the company.
public insurance
See what they are writing at public.gr about protecting your data.

 http://www.public.gr/prostasia-prosopikon-dedomenon

In accordance with Ρublic you should not be afraid of anything.

Easy and Secure Transactions

You can pay for your order either with a free cash on delivery when you receive it or by using s/ debit card through secure procedures 

Of course, the above does not apply as the researcher managed to gain access to a trial (own) account. We should mention and emphasize the obvious: vulnerabilities of this kind should be addressed immediately by website administrators especially if they store personal user data on their.
Considering that online security is the responsibility of all of us, recognizing the urgency and importance of this case, which seems to be of the highest priority, we publish this article, hoping for the immediate response of the stakeholders.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.087 registrants.

alertblogspothttppublic insuranceserver

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).