Well, I don't mean to hack it. But, only a little curiosity is needed for this hack. So, I can't resist the offer from Mizostore.com .
This time I'm gonna mixed this article with Mizo language so that more people can understand!
Mizostore.com te hian an security hi lo ngai pawimawh deuh se ka duh vang chauh a ni!
They are responsible for handling the works of Mizo artiste who trust them to handle their work.
Sumdawnna atana an tih ngawr ngawr erawh chu a la ni lo mai thei. Mizo ten hla kan inpekchhawn dan ah hma kan sawn zel theih nan a an hla te online a zuar mai chauh an nih hlawm ka ring a. Mizostore.com a hla upload tu te ka en hian he website a hla upload/zawrh a innghat an awm chu ka ring chiah lo a. Chuvangin Website siam tu te lam in siamthat nan a he post hi ziak ka ni.
Hope they could fix this! :D :D
Blue Wave Records lamin "Ka zei an ti" tih hla kha Mizostore.com ah a lei theih dawn tih an tarlan ka lo hmu ve a. Mizostore.com chu ka han enchiang a. Web Developer ka nih ve avangin PHP Framework "Laravel" an hmang tih ka hre thei a. PHP source code hmu thei lo mah ila HTML source tal chu kan en teh ang ka ti a.
Ka han en chuan an web server chhung a an hla dah danah chuan pattern a awm a.
Lei hma a an hla sample ho chu
/uploads/audio/album tih folder chhungah hian album id hrang hrang a awm a. 1-intro, 2-intro, 3-intro, 4-intro, 5-intro, ... ti hian a kal chho zel a. Chung album folder chhung ah chuan hla sample chu an dah zel a. a hnuai a screenshot hian a ti chiang thei awm e.
Remkimi hla "Zoawi Lelte A Fam Ta" tih chu Rs. 10 ka lei a.
Ka han download dawn chuan a file link chu ka enchiang leh a. He ti hian a lo awm a.
WOW! WOW! WOW! a nih chuan
Tichuan folder dang ka han en leh a.
Hei erawh chu access ka nei ve ta hauh lo mai. Hetah chuan a tha rih e.
Tichuan, Triau Trackx ho Album , ( Mizostore album id - 24 ) a vaia hla 14 awmna chu ka han en leh chhin a, "Bang tawh r'u" tih hla chu cheng 10 bawk in ka han lei leh rawih mai a.
Remkimi hla ka tih ang tho chuan album 24 (Triau Trackx) chhunga hla zawng zawng chu ka nei kim vek mai.
Well, it basically means that once you bought a song from any album, you also bought the other songs.
I really do not mean to act in a offensive manner, but a defensive manner. I hope mizostore.com guys see this and fix this before more songs are uploaded to the website.
After I read all the Policies of mizostore, I do not find anything that prevents me from doing this, I make this post.
Mizo ten kan zithiamte hla kan thehdarh sak dan hi thlak ka duh ve tak zet a. Hah taka an siam music te a thlawn a lo inpek chhawn hi a tha lo hle in ka hre bawk (An phal a nih chuan thuhran!).
Hralh tura website lama an dah te pawh him se ka duh bawk.
And once again, offesnsive zawng ni lo defensive zawng a min ngaihsak ngei pawh ka beisei.
Fimkhur Rawh!
This time I'm gonna mixed this article with Mizo language so that more people can understand!
Mizostore.com te hian an security hi lo ngai pawimawh deuh se ka duh vang chauh a ni!
They are responsible for handling the works of Mizo artiste who trust them to handle their work.
Sumdawnna atana an tih ngawr ngawr erawh chu a la ni lo mai thei. Mizo ten hla kan inpekchhawn dan ah hma kan sawn zel theih nan a an hla te online a zuar mai chauh an nih hlawm ka ring a. Mizostore.com a hla upload tu te ka en hian he website a hla upload/zawrh a innghat an awm chu ka ring chiah lo a. Chuvangin Website siam tu te lam in siamthat nan a he post hi ziak ka ni.
Hope they could fix this! :D :D
Blue Wave Records lamin "Ka zei an ti" tih hla kha Mizostore.com ah a lei theih dawn tih an tarlan ka lo hmu ve a. Mizostore.com chu ka han enchiang a. Web Developer ka nih ve avangin PHP Framework "Laravel" an hmang tih ka hre thei a. PHP source code hmu thei lo mah ila HTML source tal chu kan en teh ang ka ti a.
Ka han en chuan an web server chhung a an hla dah danah chuan pattern a awm a.
Lei hma a an hla sample ho chu
/uploads/audio/album/24-intro/Hmalam_i_pan_ang.mp3 tiang hian an dah a./uploads/audio/album tih folder chhungah hian album id hrang hrang a awm a. 1-intro, 2-intro, 3-intro, 4-intro, 5-intro, ... ti hian a kal chho zel a. Chung album folder chhung ah chuan hla sample chu an dah zel a. a hnuai a screenshot hian a ti chiang thei awm e.
 |
| Album chhung a hla list lanna page HTML Source |
Remkimi hla "Zoawi Lelte A Fam Ta" tih chu Rs. 10 ka lei a.
Ka han download dawn chuan a file link chu ka enchiang leh a. He ti hian a lo awm a.
http://www.mizostore.com/downloads/song/37/Zoawi_Lelte_a_fam_ta.mp3WOW! WOW! WOW! a nih chuan
/downloads/song/37/ tih folder chhunga hla awm hi chu ka ta ani vek mai lo maw? ka tia. Ka han enchiang a. Remkimi hla pakhat zawk "Ka chul zo (live)" chu http://www.mizostore.com/downloads/song/37/Ka_chul_zo_(Live).mp3 ti in awlsam em em in ka download ve thei ta reng mai a. Cheng 10 man kha a thlawm in ka download thei reng mai.Tichuan folder dang ka han en leh a.
http://www.mizostore.com/downloads/song/15/A_Kut_Phah_Ropui.mp3Hei erawh chu access ka nei ve ta hauh lo mai. Hetah chuan a tha rih e.
 |
| Wow! Well Done! |
Tichuan, Triau Trackx ho Album , ( Mizostore album id - 24 ) a vaia hla 14 awmna chu ka han en leh chhin a, "Bang tawh r'u" tih hla chu cheng 10 bawk in ka han lei leh rawih mai a.
Remkimi hla ka tih ang tho chuan album 24 (Triau Trackx) chhunga hla zawng zawng chu ka nei kim vek mai.
 |
| Ka lei tawh zawng zawng |
Well, it basically means that once you bought a song from any album, you also bought the other songs.
I really do not mean to act in a offensive manner, but a defensive manner. I hope mizostore.com guys see this and fix this before more songs are uploaded to the website.
After I read all the Policies of mizostore, I do not find anything that prevents me from doing this, I make this post.
Mizo ten kan zithiamte hla kan thehdarh sak dan hi thlak ka duh ve tak zet a. Hah taka an siam music te a thlawn a lo inpek chhawn hi a tha lo hle in ka hre bawk (An phal a nih chuan thuhran!).
Hralh tura website lama an dah te pawh him se ka duh bawk.
And once again, offesnsive zawng ni lo defensive zawng a min ngaihsak ngei pawh ka beisei.
Fimkhur Rawh!
Hello Lalbiaknia,
ReplyDeleteFirst, None Offence Taken.
It would have been a vary smart move if you send us an appropriate email from the Contact Us page of Mizostore.com before going public. We could have fix it and be very thankful for your curiosity and talent.
If you have send us an email and we do nothing, its totally upto you to do whatever your want. But whatever you are doing now, it is not a very SMART move BUDDY!!! We can update our Terms & Conditions as necessary which become effective immediately, so be very careful in how you use mizostore resources.
We have been in this business for a while now and it looks like you understand its value as well. This could take a toll on our artist which are still reluctant to go online business which we have work hard for a while now.
So in the future, please do send us an email if you find any BUG before going public. This apply not only to mizostore, but to any other vendor in this business who will feel the same.
Thank You for Using Mizostore
Hi Lancis Software,
DeleteFirstly, Thank You for your response and sorry for going public before a proper information.
I understand the value of an artist's work and really appreciate that you create this website where they can sell their work easily.
The reason why I make this post, as I said on the post itself, is that the creator be aware of a little more security than what they do right now. That is why, I shared only to Facebook Groups - Mizo Web Developer & Designer and All Mizo Web/Wap Masters - to aware them (othe Mizo Web Devlopers) of this kind of vulnerability.
And also, as of the time I create this post, there was no Terms which prevents me from doing this (as I said in the post), I only make the post. So, no modified policies can undo the thing.
I really don't mean to make a bad effect on music industry. I just want to aware the music industry to
make sure that the platform on which they do their business is safe and that the web developers be more careful.
I apologise if this cause any harm to you. As of my recent vulnerability scanning, I think the rest of the websites are quite safe and not harmful for the artiste.
Hope you can fix the problem soon. Will be really happy to help.
The BUG is fixed. Thank you.
ReplyDeleteAwle... ngaih loh lamah in loh ngaih loh ka beisei... :D Good luck! Sorry for the INAPPROPRIATE MOVE!
DeleteLancis Software : Sorry to interrupt in middle, but don't you people think that there should be a reward for this genius Sundaya Lalbiaknia who's saved you and your company from such a big loophole. Since you are running an online venture then you might have heard of the bounty rewards!!! I understand that his move was just to bring to picture how vulnerability could have brought you to big ruins, he hasn't done anything of the sort. So, I think you should credit the guy who saved your company from attacks.!!!
ReplyDelete