A tweaker has large leaks, exposed in Welovesafe.nl, a website for young people. Via a sql injection, among other things, e-mail addresses and encrypted passwords are retrieved. Also Zoutzuur.com it appears vulnerable.
Tweakers.net got tweaker Glennox the message that Welovesafe.nl, a website that focuses on young people between 12 and 16 years, is prone to sql-injections. The informer let us know that the entire database of the website is to read. Among the data are approximately 18,000 e-mail addresses, and hashed passwords. The database of Zoutzuur.com a website on the same server runs as Welovesafe.nl, seems prone to similar sql-injections.
Glennox to say both the owner and the administrator of Welovesafe.nl, respectively, The Young Venture Group and Interact Media, more than a month ago about the problem approached. Furthermore, would the site administrator Glennox have requested against payment of the holes in the cms-system close to a carpenter, but he would the bid have been rejected because it is too low. He was also supposed to hear have been that the owners have no budget to make the holes in the cms to be sealed. “All of this is already a month ago and the website is still as leaky as a basket. Therefore, I am looking for now is the publicity.”
Boudewijn Willekes of Interact Media, the company that the cms behind Welovesafe.nl and Zoutzuur.com in management, confirms that four weeks ago there has been contact with a person who is the susceptibility to sql injections in the web sites told. “He has us partially helped to resolve the issue. I went there from that the problems were over.” Willekes says the problems as fast as possible to remedy the problem. At the time of writing is Welovesafe.nl from the air removed; Zoutzuur.com is still accessible.