ExploitHub.com, the well-known online marketplace where one can buy exploit code for disclosed vulnerabilities, has confirmed that its web application server was compromised, but that no confidential or sensitive data was stolen during the attack.
A group called “Inj3ct0r Team”, which apparently runs a rival online exploit market, claimed responsibility for the attack. To prove they did it, they published a small part of a database they found on the server.
“The exploit information provided in Inj3ct0r’s attack announcement text file and SQL dump consists of exploit names, prices, the dates they were submitted to the market, the Authors’ IDs, and the Authors’ usernames, all of which is publicly available information retrievable from the web application’s normal browse and search functions; this is not private information and it was already publicly accessible by simply searching the product catalog through the website,” ExploitHub commented the leak.
“The server was compromised through an accessible install script that was left on the system rather than being removed after installation, which was an embarrassing oversight on our part.”
“Being a high profile target, the ExploitHub endures attacks daily. Due to this high level of risk, the ExploitHub system is architected in such a manner as to drastically limit and contain the impact of a successful compromise of its public-facing component, the web application server, to prevent the further compromise of any valuable product data such as exploit code,” they explained.
“Current assessment of the attack indicates that the impact was limited to compromise of data from only the web application server which does not house exploit code or other product data,” they concluded, and added that they will continue the investigation into the matter.