To view the list of links, please access this site using Tor Browser.
If you’re seeing this message, access is restricted for regular browsers.
Already using Tor? If you are sure you’re currently in Tor Browser, proceed to our .onion version:
* in https://torhoo.cc/go.php?u=TDJRdlEyRm1aVVJ5WldGaw==#
> Secure & Anonymous
Lmao. Why not 'security-driven' like Versus? Same level of security, even though it took me like 10 minutes for Versus back then.
dumpliwoard5qsrrsroni7bdiishealhky4snigbzfmzcquwo3kml4id DOT onion /image/3ba4df87fe395c5c.png
Well, took 3 minutes to find this.
https://torhoo.cc/go.php?u=TDNVdlJtRnBiazExYzJVPQ==#
https://torhoo.cc/go.php?u=TDNVdlRXVjRhV05oYmtaaGFtbDBZUT09#
https://torhoo.cc/go.php?u=TDNVdlFtVmhibE53Y205MWRBPT0=#
https://torhoo.cc/go.php?u=TDNVdlIyOXNhV0YwYUcxaGNtdGxkRkJT#
Incompetent retards.
Your little Endgame WAF does not protect you from everything if your code sucks balls extremely.
Also, soft deletes on a dark web market? (This means a record like a user in this example is only marked as deleted, but not actually removed from the database) This better be because it dispatches a job for real deletions later.
And why is this all referring to the username as email? I feel like this horrible script was used for something else before.
10 comments
https://torhoo.cc/go.php?u=TDNVdlNIVm5RblZ1ZEdWeQ==# delete that subdread. This is just shameful.
https://torhoo.cc/go.php?u=TDNVdmNtVjBZWEprY3pFPQ==#
Firstly, thank you for your comments. We did mention that this is launch day and that there are some adaptations and progress that is to be made with input from our community.
First point about the SQL Injection.. What did you succeed in doing? As from what we can see you only received an error? Not a big issue.
Second point, about the ''soft deletes'' the system purges deleted items.
I wouldn't call that incompetent.. let me know if you find anything of real value. Would always be happy to give you a bounty reward for good sportmanship
I will look over this shortly, but if there are any sort of SQL injections present, that is absolutely incompetent, SQL injections should not be occurring in 2025. I'll give it the benefit of the doubt in this moment as these things have to be verified with us for me to be able to do anything, but with the onion being down right now, it does tell me a lot...
https://torhoo.cc/go.php?u=TDNVdmNtVjBZWEprY3pFPQ==#
I welcome your verdict after you check, we are happy discuss any matters and will forward you a message
Onion will be back up shortly after internal checks
To be verified
Onion is up and SQL verified failed.
*
I feel like this horrible script was used for something else before.
Saw the market yesterday on Pitch and within minutes it was obvious they have other security issues too not only SQL injections. Seems very much repurposed badly. Given their poor attempt at corporate response too to you and https://torhoo.cc/go.php?u=TDNVdmNtOXZkQT09# indeed does tell a lot.
I wouldn't call that incompetent.. let me know if you find anything of real value.
Actually he's right it isn't incompetent. It's beyond incompetent to think SQL injection isn't anything of real value or has no impact. I wouldn't have bothered to commented if it wasn't for that statement. But there's something about dismissive comments when trying to present real knowledge I find truly repulsive.
Hug said it well such security issues shouldn't be present at all nowadays. https://torhoo.cc/go.php?u=TDNVdmNtOXZkQT09# said it prepared statements have existed for many years now any beginner PHP book has them.
I wish I could say anything positive about the situation. Only good thing I can say is at least we got a topic and gem quote for https://torhoo.cc/go.php?u=TDJRdlJISmxZV1J0YjIxbGJuUno=# https://torhoo.cc/go.php?u=TDNVdlFtVmxiSHBsWW5WaQ==#
Onion is up and SQL verified failed.
SQL verified failed.
It seems like you don't understand the severity of that error message. That error message appearing means your code is vulnerable to SQL injection. It doesn't matter if they exfiltrated any data because they didn't need to. They proved it is vulnerable which is more than enough. You need to audit your code immediately and use prepared statements every time you include user input in a SQL query. This is basic developer knowledge. By the way just hiding the error isn't going to do much of anything if that is what you did. Blind SQL injection would still be possible.
I understand the context of the error message, the code is already being audited we work around the clock to make sure that we hold the higest standards of practice. Thank you for your message and are taking this as a quick learning curve
Everyone gets Flair in this sub. What would you like?