ExploitHub confirms breach
Posted on 13 December 2012.
Bookmark and Share
ExploitHub.com, the well-known online marketplace where one can buy exploit code for disclosed vulnerabilities, has confirmed that its web application server was compromised, but that no confidential or sensitive data was stolen during the attack.

A group called "Inj3ct0r Team", which apparently runs a rival online exploit market, claimed responsibility for the attack. To prove they did it, they published a small part of a database they found on the server.

"The exploit information provided in Inj3ct0r's attack announcement text file and SQL dump consists of exploit names, prices, the dates they were submitted to the market, the Authors' IDs, and the Authors' usernames, all of which is publicly available information retrievable from the web application's normal browse and search functions; this is not private information and it was already publicly accessible by simply searching the product catalog through the website," ExploitHub commented the leak.

"The server was compromised through an accessible install script that was left on the system rather than being removed after installation, which was an embarrassing oversight on our part."

"Being a high profile target, the ExploitHub endures attacks daily. Due to this high level of risk, the ExploitHub system is architected in such a manner as to drastically limit and contain the impact of a successful compromise of its public-facing component, the web application server, to prevent the further compromise of any valuable product data such as exploit code," they explained.

"Current assessment of the attack indicates that the impact was limited to compromise of data from only the web application server which does not house exploit code or other product data," they concluded, and added that they will continue the investigation into the matter.







Spotlight

Dissecting the unpredictable DDoS landscape

Posted on 23 April 2014.  |  DDoS attacks are now more unpredictable and damaging than ever, crippling websites, shutting down operations, and costing millions of dollars in downtime, customer support and brand damage, according to Neustar.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Apr 23rd
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //