User Controls
Posts by MrHigh
-
2016-09-02 at 4:17 AM UTC in Homeland SecurityLets pretend that Homeland Security and the FBI are actively investigation me. What precautions would be wise?
-
2016-09-02 at 4:12 AM UTC in The color of your hatI was called a grey hat hacker on another forum. Is that what I am? What are you?
-
2016-09-02 at 4:08 AM UTC in Here is an XXS I came accross
Yup, that's cross site scripting. I don't mean to come off as a pedant but the acronym is XSS, X for cross, SS for Site Scripting. Was XSS the vector employed to gain access to the DB?
It was not XSS and it was not SQL related. -
2016-08-30 at 11 PM UTC in Here is an XXS I came accrossWhile hacking those wildlife websites.
www.ar.wildlifelicense.com/ALS/error.php?action=.<br><br><form+method="get"+action="/page2"><button+type="submit">MR+HIGH</button></form><p><img+src="http://niggasin.space/images/banners/S2.png"> -
2016-08-27 at 4:03 AM UTC in Hack the Planet!Well some of these have obviously been reported. lulz
-
2016-08-27 at 4:02 AM UTC in On Monday I'm going to report five security holes
So Mr.High, what made you choose our little neck of the woods to come forward with this initially?
I was on Zoklet for a while. That's how I found this place.
Homeland Security and the FBI are investigating. -
2016-08-26 at 6:06 AM UTC in On Monday I'm going to report five security holesFour at once.
-
2016-08-26 at 6:06 AM UTC in On Monday I'm going to report five security holeshttp://nwpr.org/post/cyber-hack-shuts-down-hunting-fishing-license-sales-3-northwest-states
http://whas.iheart.com/articles/newsradio-840-whas-local-news-283307/kentucky-dpt-of-fish-and-wildlife-15047469/
http://www.seattletimes.com/sports/state-fish-and-wildlife-suspends-license-sales-due-to-possible-breach-in-computer-system/
http://www.spokesman.com/stories/2016/aug/25/fishing-free-in-washington-this-weekend/
http://www.opb.org/news/article/oregon-hunting-fishing-license-hack-sales-suspended/ -
2016-08-23 at 10:22 PM UTC in On Monday I'm going to report five security holesHere are the exact websites, hope you went fishing this summer...
2,435,452 - https://fishhunt.dfw.wa.gov
2,126,449 - https://app.fw.ky.gov
1,195,204 - https://or.outdoorcentral.us
788,064 - https://id.outdoorcentral.us
They are either down or have been fixed. I have others that have open security holes and some XXS and whatnot.
Keep watching that news Sophie and where is spectraL? -
2016-08-22 at 11:36 PM UTC in On Monday I'm going to report five security holes
I only came here for this.
Can you give us more information?
Yes.
These are the totals that I got from each website/state and what type of information I got.
2,435,452 - Washington
Name, DOB, Address, DL#, Last Four Digits of SSN, Height, Weight, and Eye Color. Some have email and/or phone.
2,126,449 - Kentucky
Name, DOB, Address, and Last Four Digits of SSN. Some have email and/or phone.
1,195,204 - Oregon
Name, DOB, Address, and DL#. Some have email and/or phone.
788,064 - Idaho
Name, DOB, Address, DL#, Full SSN, Height, Weight, Hair Color, and Eye Color. Some have email and/or phone.
Also, the admin from the site in Kentucky replied quickly and is one of the only two that patched the security hole. From the name, it was a female and she was thankful. I also contacted a couple of 'hacking news' sites and gave them the info.
From my understanding, they have a legal responsibility to let the people know that this has happened. And with that many people, it should make the news.
I'm also posting on the betabay for the kids. -
2016-08-22 at 1:58 PM UTC in On Monday I'm going to report five security holesReported Four today.
-
2016-08-20 at 4:43 AM UTC in On Monday I'm going to report five security holes
not the other two though?
As Lanny said. Itd be best pulled off using mules.Why are you reporting anything to the FBI? Aren't they like, the enemy?
I need it fixed so that the information stays private. It raises it's value.Have you considered the possibility that someone is designing these flaws on purpose and wants you to report them.
I did. But I check info at random and it all checked out.
Right now I'm sticking to betaBay, but I'm up for suggestions. -
2016-08-19 at 2:22 AM UTC in On Monday I'm going to report five security holesI know of security holes on several sites that deal with large amounts of PI and/or large amounts of transactions(ACH). I'm going to report five of these on Monday to the administrators and to random people like the FBI. It's over 7 million SSN and DL#. I'm only reporting the sites that I've already worked. The rest stay open for business.
Get ready... -
2016-04-04 at 4:38 AM UTC in Ooh La LaOoh La La!
-
2016-03-27 at 3:27 AM UTC in Ooh La La
Why would you come post about it here. Just keep it on the down low and exploit.
There's so many though... -
2016-03-27 at 3:26 AM UTC in jedis, chistians-- when they go to heavenniggasin.space/forum/half-baked/85666
-
2016-03-27 at 3:24 AM UTC in Hack the Planet!If I were in the process of pulling full information(full name, social security number, data of birth, drivers license, and other personal info) from a database in which I have found a security hole, and I have at least three to four more databases like it to pull information from, each containing anywhere from 500k to 1 million individuals personal information, in what way should I report the info after I have finished pulling the data?
My plan so far is to yank all of the data, and then on a special day that has some specific meaning(like 4-20, but that may be to soon due to myself finding more databases), report the security holes in detail to the administrators and at the same time, post a list of these websites on different forums so that others can take a stab at these websites themselves and possibly find the same security holes that I've found. This will give others a short time frame to find the same holes I've found and pull out some data for themselves.
What other ways of reporting these would make a big splash effect? -
2016-02-22 at 6:25 PM UTC in Ooh La La
Hey I'm calling the cops
Please do. I now now know of another. -
2016-02-22 at 6:24 PM UTC in Lanny - Do you know who seels CC around here? I cannot see any threads about it?I know someone that has a lot of SSN.
-
2016-01-29 at 1:01 AM UTC in Ooh La LaYet again, another government website vulnerable to my punishment. I love it!
