Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Inj3ct0r Team. Show all posts

Reflected XSS in Vulnerability-Lab site(vulnerability-lab.com)


The Inj3ct0r team has found Reflected Cross Site scripting(XSS) vulnerability in the official website of Vulnerability-Lab.

The subdomain of Vulnerability Lab (video.vulnerability-lab.com/) that host video demo of exploits, has been found to be vulnerable to the non-persistent XSS security flaw.


vulnerability lab xss


The inj3ct0r team provided us the POC for the vulnerability :
173.0.61.44/video/?s="><script>alert("Inj3ct0r Team found Xss on vulnerability-lab")</script>&x=7&y=8
The above code will display a popup with the text "Inj3ct0r Team found Xss on vulnerability-lab".  At first the URL confused me, it points to some other IP.

 But I visit "video.vulnerability-lab.com" website and verified the security flaw by entering the script .  It seems like the result is being loaded from the above mentioned IP address.


"We know already about the issue 3 week ago."The vulnerability Lab team has responded. "The issue is not exploitable ... its fake because the issue is located in the website were no login is in use even if it is wordpress."

"The module and the video blog itself was secured ... only the update made the vulnerable module back available."

ExploitHub.com hacked by Inj3ct0r Team and stole private exploits worth $24233


The Inj3ct0r team who provide ultimate database of exploits and vulnerabilities and a great resource for vulnerability researchers , has hacked into the ExploitHub.com(competitor of 1337day).

In an email sent to EHN, the team claimed that they have stolen private exploits worth around $242333.

"Today (December 11th), the Inj3ct0r Team has hacked http://exploithub.com and we like to add a small line here ' This is for Educational Purpose Only'  " The Team.

They also have leaked some data compromised from the server which includes the list of column names and details about the private exploits.
"I am very much surprised when he learned of Magento eCommerce Software and search /install/

1) We scan server and site
2) We reinstall Magento CMS https://www.exploithub.com/install/ <= We reinstall Magento CMS
3) Upload shell and phpinfo https://www.exploithub.com/phpinfo.php
4) Back all files and database.
5) Upload piece of the database https://www.exploithub.com/export/
6) Increased privileges "
 The team also provided us the screenshot of the PHPinfo of the site.

The details can be found here:
http://priv8.1337day.com/exploitHUB.txt

At the time of writing, the website (ExploitHub.com) is down.  It seems like administrators take down the site for patching the vulnerability.

*Update* Exploit Hub has released official statement regarding the "Inj3ct0r attack" in their official facebook page.

"After our initial investigation we have determined that the web application server itself was compromised and access to the database on that server was available to the attacker. The server was compromised through an accessible install script that was left on the system rather than being removed after installation, which was an embarrassing oversight on our part. The statement reads.

The database on that server however only contains information used by the web application itself as well as product information such as exploit name, price, and Author, but does not contain any actual product data such as exploit code. The product data is stored elsewhere and there is currently no evidence that the storage location was accessed by any unauthorized party or that any of the exploit code or other product data has been compromised or stolen as has been claimed, however our investigation is ongoing.

The exploit information provided in Inj3ct0r's attack announcement text file and SQL dump consists of exploit names, prices, the dates they were submitted to the market, the Authors' IDs, and the Authors' usernames, all of which is publicly available information retrievable from the web application's normal browse and search functions; this is not private information and it was already publicly accessible by simply searching the product catalog through the website."

XSS vulnerability found in myOpenID site by inj3ct0r Team


XSS vulnerability found in The Largest Independent OpenID provider "myOpenID"  ,Discovered by "SeeMe" - Member of Inj3ct0r Team.

Using this XSS vulnerability an attackers can do session Hijacking(stealing session ID). The session ID is very valuable because it is the secret token that the user presents after login as proof of identity until logout. If the session ID is stored in a cookie, the attackers can write a script which will run on the user's browser, query the value in the cookie and send it to the attackers. The attackers can then use the valid session ID to browse the site without logging in. The script could also collect other information from the page, including the entire contents of the page".



Poc is here.

To know more about XSS Vulnerability and risks

8 Websites Hacked By 1NJ3CT0R ~ Albanian Cyber Army

1NJ3CT0R , member of Albanian Cyber Army Hacked 8 Websites and defaced them.

Screenshot of Defacement:


 List of Hacked sites and Mirrors:
http://www.nikond90blackfriday.net/
http://zone-h.org/mirror/id/14923927

http://www.canon60dblackfriday.net/
http://zone-h.org/mirror/id/14923977

http://canont3iblackfriday.net/
http://zone-h.org/mirror/id/14923978

http://www.canont1iblackfriday.net/
http://zone-h.org/mirror/id/14923979

http://www.nikond3000blackfriday.net/
http://zone-h.org/mirror/id/14923980

http://www.nikond3100blackfriday.net/
http://zone-h.org/mirror/id/14923981

http://www.nikond5100blackfriday.net/
http://zone-h.org/mirror/id/14923982

http://www.nikond7000blackfriday.net/
http://zone-h.org/mirror/id/14923983

Inj3ct0r Team Hacked Sub domain of European Union

One of the European Union sub domain hacked by inj3ct0r Team. 
They leaked the file details also in the defacement page.

Part of Hackers Message:
We are against nuclear weapons. We are against violence in Libya. We are against the arrest of policy Tymoshenko's in Ukraine.

We are opposed to Russian influence in the territory of Ukraine!

Fuck off President Medvedev, Primerministr Putin , and Yanukovich !

You are idiots! You are trying to scold the Slavic peoples.

You can arrest me, but you do not arrest the idea. I am not alone, we are legion.

SPINNPHR hacked By Inj3ct0r


SPINN, Secure Personal Information and Notification Network, is a confidential and secure online service that allows you to access and organize your health information.

When i tried to visit the SPINN's website(spinnnphr.com) , the page displayed an image that contains the text "INJ3CTOR". 

It appears the hack was done by the inj3ct0r team.  They've placed a website link near to the SPINN logo .

I took a screenshot of the defaced website. At the time of writing, the website still shows the defacement page. Here is the screenshot i took :