 I found online tool that scans site for vulnerabilities using their 'foundation' option I was surprised to see users emails listed for all to see with link to profiles ... "Email addresses were disclosed throughout the web application" This tool also points out other issues ... Surely data like this should not be available like this?! DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
Not only did I scan one of my own sites BUT I also just scanned Boonex just to see what happened and WTF, it's the same! DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
potentially every dolphin site is effected and millions of users emails are in public domain ! DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
Only let members view profiles, not the public? http://ModMyCMS.com --> Dolphin Hacks &Mods |
You might have installed an extension in your browser. That scanner scans the website as you and if you are logged in as admin of course everything is on your fingertips. Its actually not appears very helpful. so much to do.... |
It requires the installation of the app into a browser. The question is... is the app safe? :) Edit: Oh, ok, Prashank spotted it before me. :) |
lol thats a really good question, i installed it then uninstalled it after checking it out. It requires the installation of the app into a browser. The question, is the app safe?
so much to do.... |
:) Since I haven't installed and tried it, I don't know how or if the email leak is true or serious enough. Detective, have you got some screenshots? Also, does anyone know about this app/site more? I presume it couldn't be that hard to make people install application in order to HARVEST emails, masquerading as a diagnostic tool? Since I tried few google searches and I never stumbled on my site's emails?
lol thats a really good question, i installed it then uninstalled it after checking it out. It requires the installation of the app into a browser. The question, is the app safe?
|
I think this is a serious issue! If I can access all this information as easy as this >> hackers and similar will think it's a treasure chest ... This tool is showing me and other people information's easily that I assume is protected and I work my ass off to protect !! This is a big security issue for everyone... DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
sorry to anyone who's email is shown here BUT I have to show this !!! DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
above ^^ is just small example! Right now have access to thousands and thousands of Boonex users emails even though users will not want me to have them .... If I was a bad guy I could use this information for many different uses, sell the information's and possibly launch attacks ! You all think your information is safe when in-fact right now I have proved it's not! DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
it does not matter ... private or public all this information is public anyway!
Only let members view profiles, not the public?
DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
I hear you BUT ... even if you was logged in and emails are protected from public >> this tool still makes private data public ! You might have installed an extension in your browser. That scanner scans the website as you and if you are logged in as admin of course everything is on your fingertips. Its actually not appears very helpful.
DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
This is quite indigestible! I hear you BUT ... even if you was logged in and emails are protected from public >> this tool still makes private data public !
so much to do.... |
Within 2 min's of registering and using tool SSOOOOOO much private data is publicly available as shown in my screenshot above! To me this is somewhat outrageous ... users could potentially sue webmasters for not making their data protected AND such data in public opens doors to many other possible issues !
This is quite indigestible! I hear you BUT ... even if you was logged in and emails are protected from public >> this tool still makes private data public !
DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
look at my screenshot !! Right now I personally have access to every person's email at Boonex ... This includes emails of user at every /any webmaster's dolphin site I choose to target!! VERY SERIOUS I SAY ! :) Since I haven't installed and tried it, I don't know how or if the email leak is true or serious enough. Detective, have you got some screenshots? Also, does anyone know about this app/site more? I presume it couldn't be that hard to make people install application in order to HARVEST emails, masquerading as a diagnostic tool? Since I tried few google searches and I never stumbled on my site's emails?
lol thats a really good question, i installed it then uninstalled it after checking it out. It requires the installation of the app into a browser. The question, is the app safe?
DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
When I scanned Boonex I saw my own personal emails (that I didn't want in public) clearly visible several times! I know this tool works and is correct with findings !! DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
It depends on where the email is located. https://www.deanbassett.com |
umm, I think Deano may be right and I am causing fuss for nothing SORRY to all if I am wrong! Maybe Boonex should remove this thread ?! I will keep testing my own sites and come back .... DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
GOOD NEWS .... ALL YOUR SITES AND DATA ARE SAFE AND I AM CLEARLY A MENTAL CASE! BOONEX PLEASE REMOVE THIS THREAD, I THOUGHT THIS WAS BIG ISSUE AND DON'T MEAN TO CAUSE WORRY FOR NOTHING ... DedicatedServer4You.com -- BIGGEST Range of Dedicated Servers at the Lowest Price! |
I think I'll leave this here as a testament.
Slow clap BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
The additional info was requested regarding this issue. It was delay because of weekends. Rules → http://www.boonex.com/terms |
