Sourcery and DHL Market vulnerabilities exposed by /u/t0mcheck

https://www.reddit.com/r/DarkNetMarkets/comments/6qvs2m/sourcery_market_security_vulnerabilities/

https://www.reddit.com/r/DarkNetMarkets/comments/6qxd1o/dhl_market_security_vulnerabilities

edit: fixed links


Comments


[44 Points] None:

[deleted]


[28 Points] None:

[deleted]


[26 Points] t0mcheck:

..


[13 Points] dnm-researcher:

DHL is running on lighttpd, backend uses synala (github it), custom SQL is sanitized with meekroDb. Full path is /var/www/dhl/ Forum admins are root(/root/), sudo, SeriousSam.

Happy pentesting.


[2 Points] redditthentoss:

You linked the same thread twice


[2 Points] midnightmodders:

Has anyone found any vulnerabilities for CGMC or Trade Route


[2 Points] C_Lana_Zepamo:

As smart as most of us are, the US government has far more capabilities, most of the stuff we rely on "opsec", like TOR is getting outdated. Even PGP to an extent, it still pretty good (heh), but I have an inkling that DARPA is developing some sort of way around that.

Remember, your not competing against the feds, DEA, etc. It's fucking DARPA, they develop all the technological tools. Your opsec will never be good enough if they have enough time, resources.

So far, what have we learned from SR and AB/Hansa?

2 things mainly.

The US will make an example of your ass if they can.

and

You. Cannot. Fuck. Up. Even. One. Time.

If the story about Alexander is true, a random slip up on a message board is all it took. I believe the US has been hard at work at developing something.....a weapon to surpass TOR. Hell it's probably already here, this may have been a "first run trial" of this tech.

Scary shit if you think too hard about it.


[1 Points] SloppyJoeLieberman:

Yikes. Those Sourcery vulnerabilities are no bueno. The DHL one could be dangerous to less savvy users as well. From DHL-3's comments, I think I can guess their upcoming announcement - maybe a new iteration or update of the website itself.

Thanks for letting the community know about these issues, /u/t0mcheck


[1 Points] HotPlateD:

After all recent busts I thought it couldn't get worse. I was wrong. What do? Back on the streets again?


[1 Points] gangstahippy:

sourcery is absolute trash, it's painfully obvious the admin released a half finished project just to get things started.. the layout is stupid and lazy but the admin/coder want you to believe it's designed like it is on purpose. sourcery should have taken a month or two to get the code and design right instead of rushing things.

traderoute is very good and will be the biggest market. there multisig sucks and need work though. I'm sure someone is in the background about to release another major market in the coming weeks - month too. cgmc don't sale most things so they can never be a major player.


[0 Points] geotristan:

Free money sounds good

4AAyumxxCfuf8KDPxNsxRj7uuh7LvFTb6HPED4czkN1uGPnv4HA7p5QJ2v1PW8G9jZECUgj9g6SniWUqepoVBgF6SfmejfR


[0 Points] None:

[deleted]