PSA: Vault43 administrator(s) is(/are) incompetent and shouldn't be trusted with your data.

A page on their website is vulnerable to an SQL injection attack. Previously it would have been possible to use this attack to pull session ids (for the forum) and other data from the database (the attacker was able to 'guess' them in ~4 minutes by throwing a bunch of queries at the db), possibly hijack sessions, and potentially use SMFs extension upload utility to execute ones own code (Such as code to query the database and modify the table with the URLs).

As a 'fix' the code now appears to check the variable for certain keywords (and certain URLs are 'blacklisted' by the webserver), however it is still possible to 'modify' the query that is been done on the database.

It's pretty terrible that such a flaw existed in the code in the first place, but to attempt to fix the problem in such a manner screams incompetence. I think the marketplace comparison link in the sidebar should be changed.


Comments


[2 Points] hrmbus:

Seems pointless to attack this website anyways


[2 Points] sharpshooter789:

Blacklisting is pointless. He should be implementing parameterization.


[2 Points] vault43:

A page on their website is vulnerable to an SQL injection attack. Previously it would have been possible to use this attack to pull session ids (for the forum)

Except there is no forum on that site, only the .onion site which doesn't have the market links or that vulnerability, only .onion links to the markets.

Try it - http://vault43.org/forum/

and potentially use SMFs extension upload utility to execute ones own code (Such as code to query the database and modify the table with the URLs).

This feature is disabled on the forum, although there is no forum on this site. Try clicking the link.

As a 'fix' the code now appears to check the variable for certain keywords (and certain URLs are 'blacklisted' by the webserver), however it is still possible to 'modify' the query that is been done on the database.

There wasn't a "fix", site hasn't been changed until just now.

It's pretty terrible that such a flaw existed in the code in the first place, but to attempt to fix the problem in such a manner screams incompetence.

The "fix" was made just now, 14 hours after you claim it was made. Furthermore I suggest you try it again as it has actually been fixed now.

I think the marketplace comparison link in the sidebar should be changed.

There are no errors in the market chart, and the user privileges used to read the data (which is what you claim to exploit) does not have modification or write permissions. There is no forum on the clearnet site for you to hijack, and the forum feature you say you can exploit is disabled on the .onion site.

Furthermore you claim that fixes were made that were only more incompetent, yet no fixes were actually performed until right now.


[1 Points] None:

vault43 guys are cool as fuck, I really don't see them doing this. Also you mentioned a forum but I don't remember there being a vault43 forum.