How i did the PBS + BBC Hacks - The WongZ - Charrie Wong

1. _______ _ __ __ ______
2. |__ __| | \ \ / / |___ /
3. | | | |__ ___ \ \ /\ / /__ _ __ __ _ / /
4. | | | '_ \ / _ \ \ \/ \/ / _ \| '_ \ / _` | / /
5. | | | | | | __/ \ /\ / (_) | | | | (_| |/ /__
6. |_| |_| |_|\___| \/ \/ \___/|_| |_|\__, /_____|
7. __/ |
8. |___/
9.  
10. How we did The BBC + PBS Hacks.
11. and how you can 2..
12.  
13. BBC -
14.  
15. The BBC has never suffered from a hack (publicly) before, i was crawling the site for vuln's for the last 2 hours MANUALLY as the site itself is so ridicolously huge it would take hours for a scanner to return a worthy vulnerability..
16.  
17. I noticed that the CBBC website had a number of flash ad's, a search tool etc etc and tried at first to exploit the search bar with XSS (but i failed :/ ) i then moved on to a search results page which i noticed looked like a vuln but wasn't 1 (quite yet) i then used different search terms until i found a SQLi vulnerability which showed up in Havij (please keed in your mind i was doing the PBS and FBI attack as well).
18.  
19. PBS -
20.  
21. PBS has thousands of ptential vulnerabilities its just most of them don't work and its taking the manual time to get through and check each link then see if it can exploited manually then sticking it in Havij pro...
22. Once i had got a vulnerability link i couldn't auto-detect a keyword which meant i had to manually do the exploit (at first) until i manually found it, then it was just a case of hooking it upto Havij and spending an hour or so getting the admin passes, decrypting etc..
23.  
24.  
25.  
26. I will not be releasing the FBI hack as then i really would get v& but those of you that are smart will realise how i did it...