Форум АНТИЧАТ - Black market for zero day vulnerabilities

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)

- Forum for discussion of ANTICHAT (https://forum.antichat.xyz/forumdisplay.php?f=72)

- - Black market for zero day vulnerabilities (https://forum.antichat.xyz/showthread.php?t=90322)

Black market for zero day vulnerabilities

Black market for zero day vulnerabilities still thriving

Цитата:

One would assume that popular sources for zero day vulnerabilities+Poc’s such as Full-Disclosure, Bugtraq or Milw0rm are the primary sources for obtaining responsibly or irresponsibly released flaws. They’d be wrong. The black market for zero day vulnerabilities and the concept of over-the-counter (OTC) trade of zero day flaws, has been gradually developing itself through the last couple of years.

Let’s take a brief retrospective of the black market for zero day vulnerabilities, and review a recently launched underground shop for zero day vulnerabilities, currently offering 15 zero day vulnerabilities affecting popular web applications in order to execute successful XSS or SQL injection attacks, with prices ranging from $10 to $300.

Цитата:

Which products are they targeting? Currently offered zero days affect multiple versions of the following web applications :

- All versions of PHP Fusion
- WHMCompleteSolution
- PHP Nuke
- PunBB
- Tiki Wiki
- BMForum
- Invision Power Board
- YaBB
- PunBB
- e170 Plugin Calendar
- vBulletin v3.6 + ICQ Mod
- vBulletin v3.6 + GVideo Mod
- vBulletin v3.6 + Youtube Mod
- vBulletin v3.6 + LJ Mod
- Zen Cart

The most expensive is the $300 SQL injection flaw affecting all versions of PHP Fusion, which can be exploited on a large scale since there are over 2.5 million instances of it on the web, and even if the stats are conservative this hit list building approach through search engines reconnaissance has always been there, with the most recent proof of its usability were the massive SQL injections attacks.

Next to their current inventory, the service is also offering zero day vulnerabilities on demand charging the following prices :

“- Remotely upload shell - $120
- Remote file inclusion on request - $100
- Remote SQL injection - $70
- Passive and Active XSS for $10 and $40 respectively”.

More Info About:

Код:

http://blogs.zdnet.com/security/?p=2108

Цитата:

- All versions of PHP Fusion
- WHMCompleteSolution
- PHP Nuke
- PunBB
- Tiki Wiki
- BMForum
- Invision Power Board
- YaBB
- PunBB
- e170 Plugin Calendar
- vBulletin v3.6 + ICQ Mod
- vBulletin v3.6 + GVideo Mod
- vBulletin v3.6 + Youtube Mod
- vBulletin v3.6 + LJ Mod
- Zen Cart

looks like expdb.cc... but why the author of the blog post doesnt want to reveal the address of the "black market"? ExpDB.cc could become more popular... anyway my congrats to the developers of the site and the researchers of the web-apps - their creation has been seen by the guys from zdnet.com

They are not bitches.. because if only they leaved there link to the name of this shop, people would have decided that it is just stupid advertisement.

(sorry for bad english)

Цитата:

Сообщение от b00zy_c0d3r

They are not bitches.. because if only they leaved there link to the name of this shop, people would have decided that it is just stupid advertisement.

(sorry for bad english)

people would have decided that the post on zdnet.com was buyed by Russian black market expdb.cc? hmm... i can hardly believe it, there are some other reasons...

maybe the reason is to open the eyes of some FBI agent , maybe someone want to close that site,closed like dark market