ThinkDigit Site Hacked

[FilledVoid]

I must say good work. Definitely will keep the slackers in the Development Firm on their toes . However, what tuxfan said is true.

Section 43(a) : Penalty for damage to computer, computer system, etc.- If any person without permission of the owner or any other person who is in charge of a computer, computer system or computer network,- accesses or secures access to such computer, computer system or computer network downloads, copies or extracts any data, computer data base information from such computer, computer system or computer network including information or data held or stored in any removable storage medium.

Under the IT Act you need not prove intent to become liable. On the contrary everyone appreciates efforts taken by white-hat hackers which demonstrate flaws in their software / network as rohan did.

 

[victor_rambo]

Thanks Kiran, FilledVoid and Tux bhaiyya!

 

[Ecko]

GR8 Job
Though I'm a little late at congratz
Keep Going
Someone hack Indian Army Website They Consider IT Engineers not as Engineers (Personal Grudge )

 

[victor_rambo]

GR8 Job
Though I'm a little late at congratz
Keep Going
Someone hack Indian Army Website They Consider IT Engineers not as Engineers (Personal Grudge )

Thanks.
Looks like u are an Army Officer

 

[phreak0ut]

Good job. Did you get the exploit from somewhere or did you write the exploit yourself? oh, by the way, why don't you put this news as an Announcement?

 

[victor_rambo]

Good job. Did you get the exploit from somewhere or did you write the exploit yourself? oh, by the way, why don't you put this news as an Announcement?

Every decent PHP programmer is aware of the exploit. Can't reveal anything more.

 

[phreak0ut]

Every decent PHP programmer is aware of the exploit. Can't reveal anything more.

It's such a simple exploit?? seriously??? Then, why didn't the admins patch the site?

 

[victor_rambo]

It's such a simple exploit?? seriously??? Then, why didn't the admins patch the site?

It was not that simple. An UNEXPECTED variation was used. The routine method failed to work. Ofcourse, all these info is useless until I disclose some other details, which I am not gonna do.

What I actually suspect to be the reason for this exploit being successful is something else, but I still cannot justify to myself so as why the coder must have used that method.

 

[tuxfan]

Thanks for your concern mate. But I know the loopholes which I am obviously not discussing out here

And yeah, in the Court of Law, Intention DOES matter. They say:
"If a doctor gives a medicine with an intention to harm the patient, the doctor is a criminal even if the medicine does not cause harm. In the same way, if a doctor gives a poison with the intention of curing the ailment, it is not a crime."

Obviously you have to have something to PROVE your intention, which I already have.

Yup, intention does matter in case of a crime - mens rea - thats what its called. But thats a generic proposition, not law. FilledVoid has pointed out the applicable provision of the IT Act. The key words here are "accesses or secures access". It does not talk about intention. Just gain access and you violate the law. IMHO, provision needs to be re-worded.

I am glad that it has been taken in the right spirit by Digit. Don't expect everyone to be sensible enough. Be aware of the law before you plunge in hacking other sites as someone suggested here. Ignorance of law is no excuse.

OFF TOPIC:
Just a small question on mens rea aka intention. What if I go to a place to kill "A" and accidently kill "B"? I never intended to kill "B"!

 

[victor_rambo]

Yup, intention does matter in case of a crime - mens rea - thats what its called. But thats a generic proposition, not law. FilledVoid has pointed out the applicable provision of the IT Act. The key words here are "accesses or secures access". It does not talk about intention. Just gain access and you violate the law. IMHO, provision needs to be re-worded.

I am glad that it has been taken in the right spirit by Digit. Don't expect everyone to be sensible enough. Be aware of the law before you plunge in hacking other sites as someone suggested here. Ignorance of law is no excuse.

You have mentioned only one clause. But I have a legal point that will defeat every other clause you say! Now don't expect me to spill the beans here

You see, you are aware of the clause, but I am aware of its loopholes because i have not disclosed each and every fact related to the case in public.

 

[tuxfan]

You have mentioned only one clause. But I have a legal point that will defeat every other clause you say! Now don't expect me to spill the beans here

You see, you are aware of the clause, but I am aware of its loopholes because i have not disclosed each and every fact related to the case in public.

Spill the beans?! Thats called sharing of knowledge! A law is not a secret treaty or map to a treasure We tried to enlighten you by showing you something. Now it's your turn to reciprocate

What if I say "you have committed a crime, don't ask how/what/why because I can't spill the beans"!!

 

[victor_rambo]

Spill the beans?! Thats called sharing of knowledge! A law is not a secret treaty or map to a treasure We tried to enlighten you by showing you something. Now it's your turn to reciprocate

What if I say "you have committed a crime, don't ask how/what/why because I can't spill the beans"!!

lol.........bachhe ki jaan le lego kya........

 

[Faun]

Even if its ASP, the same exploit wud work

yours was a xss exploit ?

and what else actually aprat from this ?

I really hav to look through all this, if time permits

 

[tuxfan]

lol.........bachhe ki jaan le lego kya........

Bachcha? Who's a bachcha here? You? Me?

C'mon! What so secretive about a few legal provisions?

 

[Ecko]

Thanks.
Looks like u are an Army Officer

Are yaar ye profile pic galti se meri statement ke saath match ho gayi
I'm not a ARMY OFFICER neither I want my next 7 generation to be part of it
I know they are excellent,brainy,courageous & possess qualities unmatched but let them do their job & let us do ours (Pun Intended)
I'm changing it now

ONTopic :If U Are you holding lectures for SQL Javascript Injection do adjust me 2

 

[victor_rambo]

Are yaar ye profile pic galti se meri statement ke saath match ho gayi
I'm not a ARMY OFFICER neither I want my next 7 generation to be part of it
I know they are excellent,brainy,courageous & possess qualities unmatched but let them do their job & let us do ours (Pun Intended)

ONTopic :If U Are you holding lectures for SQL Javascript Injection do adjust me 2

 

[Ecko]

Yaar U must have got excited(on hacking)happy(after posting here)cheerful(after reading comments)& last but not the least irritated(replying to all)

 

[victor_rambo]

^
One thousand one hundred and ten

 

[blueshift]

IndusNet ki toh poll khol di tune... wah!!

 

[tuxfan]

Rohan, did you miss my post? I just wonder why you are not willing to discuss legal provision about hacking after actually hacking?

If you wish, I can try and get opinion of Mr. Krishna Dhamapurkar, Investigation Office, Cyber Crime Cell at Mumbai or his boss Mr. M. Pawar, Inspector, In-charge of Cyber Crime Cell at Mumbai. May be I can call up or email a link of this thread with a request to post their opinions.