Black market for zero day vulnerabilities

Fugitif · 3 Nov 2008

Black market for zero day vulnerabilities still thriving

One would assume that popular sources for zero day vulnerabilities+Poc’s such as Full-Disclosure, Bugtraq or Milw0rm are the primary sources for obtaining responsibly or irresponsibly released flaws. They’d be wrong. The black market for zero day vulnerabilities and the concept of over-the-counter (OTC) trade of zero day flaws, has been gradually developing itself through the last couple of years.

Let’s take a brief retrospective of the black market for zero day vulnerabilities, and review a recently launched underground shop for zero day vulnerabilities, currently offering 15 zero day vulnerabilities affecting popular web applications in order to execute successful XSS or SQL injection attacks, with prices ranging from $10 to $300.
Click to expand...

Which products are they targeting? Currently offered zero days affect multiple versions of the following web applications :

- All versions of PHP Fusion
- WHMCompleteSolution
- PHP Nuke
- PunBB
- Tiki Wiki
- BMForum
- Invision Power Board
- YaBB
- PunBB
- e170 Plugin Calendar
- vBulletin v3.6 + ICQ Mod
- vBulletin v3.6 + GVideo Mod
- vBulletin v3.6 + Youtube Mod
- vBulletin v3.6 + LJ Mod
- Zen Cart

The most expensive is the $300 SQL injection flaw affecting all versions of PHP Fusion, which can be exploited on a large scale since there are over 2.5 million instances of it on the web, and even if the stats are conservative this hit list building approach through search engines reconnaissance has always been there, with the most recent proof of its usability were the massive SQL injections attacks.

Next to their current inventory, the service is also offering zero day vulnerabilities on demand charging the following prices :

“- Remotely upload shell - $120
- Remote file inclusion on request - $100
- Remote SQL injection - $70
- Passive and Active XSS for $10 and $40 respectively”.
Click to expand...

More Info About:
Code:
http://blogs.zdnet.com/security/?p=2108

[Raz0r] · 3 Nov 2008

- All versions of PHP Fusion
- WHMCompleteSolution
- PHP Nuke
- PunBB
- Tiki Wiki
- BMForum
- Invision Power Board
- YaBB
- PunBB
- e170 Plugin Calendar
- vBulletin v3.6 + ICQ Mod
- vBulletin v3.6 + GVideo Mod
- vBulletin v3.6 + Youtube Mod
- vBulletin v3.6 + LJ Mod
- Zen Cart
Click to expand...

looks like expdb.cc... but why the author of the blog post doesnt want to reveal the address of the "black market"? ExpDB.cc could become more popular... anyway my congrats to the developers of the site and the researchers of the web-apps - their creation has been seen by the guys from zdnet.com

.Slip · 3 Nov 2008

Bitches..

_kREveDKo_ · 3 Nov 2008

They are not bitches.. because if only they leaved there link to the name of this shop, people would have decided that it is just stupid advertisement.

(sorry for bad english)

[Raz0r] · 4 Nov 2008

b00zy_c0d3r said:

They are not bitches.. because if only they leaved there link to the name of this shop, people would have decided that it is just stupid advertisement.

(sorry for bad english)
Click to expand...

people would have decided that the post on zdnet.com was buyed by Russian black market expdb.cc? hmm... i can hardly believe it, there are some other reasons...

Fugitif · 5 Nov 2008

maybe the reason is to open the eyes of some FBI agent , maybe someone want to close that site,closed like dark market

Black market for zero day vulnerabilities

Fugitif Elder - Старейшина

[Raz0r] Elder - Старейшина

.Slip Elder - Старейшина

_kREveDKo_ _kREveDKo_

[Raz0r] Elder - Старейшина

Fugitif Elder - Старейшина

Useful Searches

Black market for zero day vulnerabilities

Fugitif Elder - Старейшина

[Raz0r] Elder - Старейшина

.Slip Elder - Старейшина

_kREveDKo_ _kREveDKo_

[Raz0r] Elder - Старейшина

Fugitif Elder - Старейшина