[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Selling Exploit on Deep Web
- To: tig3rhack <tig3rhack@xxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Selling Exploit on Deep Web
- From: Julius Kivimäki <julius.kivimaki@xxxxxxxxx>
- Date: Sat, 22 Dec 2012 18:07:44 +0200
Aren't you a true master hacker trying (and failing) to DDoS sites and
posting XSS vulnerabilities on random sites to FD.
2012/12/22 tig3rhack <tig3rhack@xxxxxxxxxxx>
> Onion Bazaar is an online auction site, exploits are filled in by those
> who want to sell them, for hacktalk exploiting my dick.
>
> Ooops your site is down ho ho ho
>
> stupid idiot
>
> Il 21.12.2012 14:49 Luis Santana ha scritto:
> > Semen samples are just how we pay the bills, don't hold that against
> > us. Do you know how much you can get for over 9000 gallons of semen?
> > You can get a lot, a _whole_ lot.
> >
> > Anyway, I wasn't saying that the "Onion Bazaar" site was shit, simply
> > that the OP said it was a place to buy/sell exploits and yet not a
> > single exploit was available for sale; was a bit of the bait &
> > switch.
> >
> > <3 Benji, stop being so upset; you just survived the end of the world
> > man!
> >
> > On Dec 21, 2012, at 9:46 AM, Benji <me@xxxxxxxxx> wrote:
> >
> >> Not your website. The website you were somehow accusing of being
> >> shit based on it's lack of interesting information when obviously
> >> hacktalk is a plethora of information, expertise and semen samples.
> >>
> >> On Fri, Dec 21, 2012 at 2:44 PM, Luis Santana
> >> <hacktalk@xxxxxxxxxxxx> wrote:
> >>
> >>> Lulz? Sorry bro but uh, the main page runs SMF not WeBid so I'm not
> >>> really too sure where you pulled that from. Good job though, maybe
> >>> santa will give you some of his cookies for your effort.
> >>>
> >>> On Dec 21, 2012, at 5:26 AM, Benji <me@xxxxxxxxx> wrote:
> >>>
> >>>> Also genius, I know you're quick to kick things down because you
> >>>> are inept. However, I'd say after my whole 10 minute review of that
> >>>> code and a simple check with PHP that, that site is vulnerable to
> >>>> SQLi and by the look of it.
> >>>>
> >>>> If we take a look at latest WeBid code, specifically
> >>>> selleremails.php, we see them doing an array_merge from $_POST to
> >>>> $user>user_data (user_data being a trusted array it would appear).
> >>>>
> >>>> include 'includes/common.inc.php';
> >>>>
> >>>> if (!$user->is_logged_in())
> >>>> {
> >>>> $_SESSION['REDIRECT_AFTER_LOGIN'] = 'selleremails.php';
> >>>> header('location: user_login.php');
> >>>> exit;
> >>>> }
> >>>>
> >>>> // Create new list
> >>>> if (isset($_POST['action']) && $_POST['action'] == 'update')
> >>>> {
> >>>> $query = "UPDATE " . $DBPrefix . "users SET endemailmode = '" .
> >>>> $system->cleanvars($_POST['endemailmod']) . "',
> >>>> startemailmode = '" . $system->cleanvars($_POST['startemailmod'])
> >>>> . "',
> >>>> emailtype = '" . $system->cleanvars($_POST['emailtype']) . "'
> >>>> WHERE id = " . $user->user_data['id'];
> >>>> $system->check_mysql(mysql_query($query), $query, __LINE__,
> >>>> __FILE__);
> >>>> $ERR = $MSG['25_0192'];
> >>>> $user->user_data = array_merge($user->user_data, $_POST); //update
> >>>> the array
> >>>> }
> >>>>
> >>>> After staying up all night and working through this code, I came
> >>>> up with this test case:
> >>>>
> >>>> <?php
> >>>> $array1 = array("color" => "red");
> >>>> $array2 = array("color" => "test");
> >>>> $result = array_merge($array1, $array2);
> >>>> print_r($result);
> >>>> ?>
> >>>> Array
> >>>> (
> >>>> [color] => test
> >>>> )
> >>>>
> >>>> So as we can overwrite any array value, we have SQLi across the
> >>>> application. Maybe a first 0day for hacktalk.net [5]?
> >>>>
> >>>> I will take your 'hella l33t', print it out, and then shit on it.
> >>>>
> >>>> Suck my dick.
> >>>>
> >>>> On Fri, Dec 21, 2012 at 10:12 AM, Benji <me@xxxxxxxxx> wrote:
> >>>>
> >>>>> You say "n00bz" welcome, where is my assistance and the warm
> >>>>> atmosphere to embrace me into the world of script kiddy-ism? Oh,
> >>>>> and the obvious literary genius.
> >>>>>
> >>>>> On Fri, Dec 21, 2012 at 8:25 AM, Luis Santana
> >>>>> <hacktalk@xxxxxxxxxxxx> wrote:
> >>>>>
> >>>>>> Hella l33t bro, you can read an email address. Much propz
> >>>>>>
> >>>>>> On Dec 21, 2012, at 3:22 AM, Benji <me@xxxxxxxxx> wrote:
> >>>>>>
> >>>>>>> in other news, have you heard of the super cool site
> >>>>>>> hacktalk.net [5] where they almost have 1000 members?
> >>>>>>>
> >>>>>>> On Thu, Dec 20, 2012 at 3:13 PM, Luis Santana
> >>>>>>> <hacktalk@xxxxxxxxxxxx> wrote:
> >>>>>>>
> >>>>>>>> Not a single fucking exploit on the entire site. gg sir, gg
> >>>>>>>>
> >>>>>>>> On Dec 10, 2012, at 2:17 PM, tig3rhack@xxxxxxxxxxx wrote:
> >>>>>>>>
> >>>>>>>> > In Deep Web has created a new online site a few days ago
> >>>>>>>> that allows you
> >>>>>>>> > to sell even exploits, malware, etc. etc..
> >>>>>>>> > The site works like Ebay so everything is auctioned.
> >>>>>>>> >
> >>>>>>>> > you can get from tor: http://qatuopo4wmzkirlo.onion [1]
> >>>>>>>> >
> >>>>>>>> > Or by proxy (tor2web): https://qatuopo4wmzkirlo.tor2web.org
> >>>>>>>> [2]
> >>>>>>>> >
> >>>>>>>> > _______________________________________________
> >>>>>>>> > Full-Disclosure - We believe in it.
> >>>>>>>> > Charter:
> >>>>>>>> http://lists.grok.org.uk/full-disclosure-charter.html [3]
> >>>>>>>> > Hosted and sponsored by Secunia - http://secunia.com/ [4]
> >>>>>>>>
> >>>>>>>> _______________________________________________
> >>>>>>>> Full-Disclosure - We believe in it.
> >>>>>>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>>>>>>> [3]
> >>>>>>>> Hosted and sponsored by Secunia - http://secunia.com/ [4]
> >
> >
> >
> > Links:
> > ------
> > [1] http://qatuopo4wmzkirlo.onion/
> > [2] https://qatuopo4wmzkirlo.tor2web.org/
> > [3] http://lists.grok.org.uk/full-disclosure-charter.html
> > [4] http://secunia.com/
> > [5] http://hacktalk.net/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/