Silk Road forums

Discussion => Security => Topic started by: gasparin on September 21, 2011, 01:44 am

Title: Attention 'whoever' -- Security Alert! Very Suspicious Listing
Post by: gasparin on September 21, 2011, 01:44 am
Unless there is some authorized pentesting going on, this probably needs some attention. I didn't want to take the time to post screenshots but I can produce that if this listing disappears before some admin get to take a look. So, here's what has me a bit freaked out:

When the Cannabis category is sorted by 'bestselling', this listing appears on page 5 of the listings (at the time of writing this post) -- http://ianxz6zefk72ulzz.onion/index.php/silkroad/category/1/140

From left to right, the columns read: Test listing    ฿0.11   truenull      x'; DROP TABLE members; --   add to cart

That "x" is a broken image link in the "ships to" field of the listing... And there in the 'ships from' field looks like a naughty lil bit of SQL.

The actual listing is just filler. -- http://ianxz6zefk72ulzz.onion/index.php/silkroad/item/9033

And the seller is ranked last, with no transactions. Member for a month, active today. -- http://ianxz6zefk72ulzz.onion/index.php/silkroad/user/36937

So, can somebody please tell me that they know this truenull character and that he's one of the good guys? As I mentioned, this has me kinda freaked, even though it looks like he's failing.
Title: Re: Attention 'whoever' -- Security Alert! Very Suspicious Listing
Post by: listentothemusic on September 21, 2011, 01:58 am
Oh shit, someone should look into this.
lol. theres already a few threads about this.
Title: Re: Attention 'whoever' -- Security Alert! Very Suspicious Listing
Post by: aus2aus on September 21, 2011, 02:06 am
Bad guy trying an SQL injection. I doubt it's SR staff testing the system for vulnerabilities, why would they be "testing" with queries aimed at deleting all users in the database :o

Perhaps LE? Why else would somebody bother to shell out for a sellers account solely for the purpose of (attempting to) take out SR?
Title: Re: Attention 'whoever' -- Security Alert! Very Suspicious Listing
Post by: mseller on September 21, 2011, 02:13 am
Old news, read other thread about that issue!
No worry about that!
Title: Re: Attention 'whoever' -- Security Alert! Very Suspicious Listing
Post by: gasparin on September 21, 2011, 03:02 am
Sorry for double-posting. Like I said at the start, I didn't want to waste time with the usual formalities when I saw something that might have been serious and ongoing. So I just logged in here and made a thread ASAP. I guess I'll search out that other thread now and maybe take something for my anxiety.   :-.

Thanks to you all for replying fast. :-)
Title: Re: Attention 'whoever' -- Security Alert! Very Suspicious Listing
Post by: lookbehindyou on September 21, 2011, 03:06 am
 ::)

Just filler. My pentesting isn't publicly visible.

Besides, it would be drop table users, not members, as evidenced by various SQL errors <<
Title: Re: Attention 'whoever' -- Security Alert! Very Suspicious Listing
Post by: gasparin on September 21, 2011, 03:20 am
 ???

So, what's going on, lookbehindyou?

I found the thread that you started about the problems in the search box, but still nothing about this listing. Obviously I can't diagnose this, but it's clear to me that it's not Cannabis. That much I know.
Title: Re: Attention 'whoever' -- Security Alert! Very Suspicious Listing
Post by: lookbehindyou on September 21, 2011, 03:21 am
Just miscategorizing, SR won't let me change it.
Title: Re: Attention 'whoever' -- Security Alert! Very Suspicious Listing
Post by: gasparin on September 21, 2011, 03:48 am
Hehe... alright... so, in the future, could you maybe do that shit in the benzo or opioid sections... putting it in Cannabis is a bit like yelling "FIRE" in a crowded theatre. Folks get paranoid enough already.