Warning !Dont Use Tochka Free Market! Compromised.

Hey.

Recently found a SQL injection on Tochka Free Market which makes it possible to dump all users and the whole Database -

I havent yet have time to it as i am working on a much bigger project right now .. Sure someone else like LE may have done it or maby not because its a shit market . Well you allways need to use your brain and never use the same passwords everywhere, just like hansa now the feds are using theese passwords to drain customers wallet / Vendor Wallets over at Dream Market. Btw I'm 100% Sure there is alot of honeypots setup just to try your passwords on difrent site.

Proof http://uploads.im/Nj6DK.png

Contcated Tochka Admin no response for 3-4 days remove it from the super list. https://www.deepdotweb.com/marketplace-directory/listing/t%E2%80%A2chka-free-market/

Stay cool everyone. Coming more soon


Comments


[8 Points] ilikestoaskquestions:

Are you assuming SQL Injection because it says "invalid syntax". From what I can tell it is just a ParseInt error saying that the string "5'" is invalid syntax as an integer.

Also lol @ CAPTCHA resolver


[7 Points] None:

That’s not any proof, and a real SQL injection would have gotten way more information than that


[5 Points] HardC0r3:

So you found the users table with this?


[4 Points] AI-Bourne:

Licensed to CompuTeach hmm... I'd blur that out OP since I can see it's Single Use. Lol rip OpSEC BTW this is not SQL Injection it's just unsanitized parsing.


[3 Points] t0mcheak:

Coming more soon

no thanks .. disgusting


[3 Points] None:

Cools


[2 Points] y0ur3a434lh4ck3r:

lol

you are the real skillzy for sure

only someone with no skills try to use a 'proof' without any proof in it xD

the picture actually shows nothing, if you want some help understanding what you see there, let me know :)

but please keep doing, you always make me laugh :D

lol @ anonimag.es/image/JT9s69C XD


[4 Points] sharpshooter789:

LOL! This is some newb ass shit. That isn't even real proof. My boi Trump would call this fake news. Post exploit or a DB dump or GTFO.


[2 Points] EatSheets:

Did the tradeRoute cancel shit ever get fixed?


[2 Points] izza123:

Lmao you downloaded burp last week and all of a sudden you think your a leet hax0r?

This is not a vulnerability you have found lol you have posted no proof of anything