07-01-2009, 11:05 AM
(07-01-2009, 08:14 AM)LilGrim1991 Wrote:The account that used the exploit posted on milw0rm to gain admin access was khodam. You do the math.(07-01-2009, 05:54 AM)khodam2 Wrote: Jeeesus!
He hacked military website of Bangladesh Military:
http://www.army.mil.bd/
and
http://mail.army.mil.bd/
how does you know so much about the websites being hacked? If it's for exposure, the very same person taking on an alt and spreading his works sounds plausible...
I mean, who are you?
(sorry for the insecurity but it's true, since you registered all you've done is dedicate yourself to posting news articles and websites of him...)
(07-01-2009, 08:49 AM)WWakerFAN Wrote: Having seen how the hack works, it's disappointing to see that mybb's profile page was so vulnerable to sql injection which enabled someone to modify their usergroup to get admin access.I know, I saw the one line patch for 1.4.7 and facepalmed, I didn't even need to see the exploit.
I'm almost tempted to run MyBB in a separate jail.
(07-01-2009, 07:53 AM)Dazz Wrote: Mastering security is something to do with his life - something rather impressive really. He's also spreading global protest messages which to me is at least a decent purpose for hacking sites. What he did with our site was fucking lame though...Well, it looks like he is using a public exploit that was posted on milw0rm, so unless he wrote that himself or wrote tools to automate the process, it's more of a dedication thing rather than security skills. Regardless, even if I don't really agree with spreading messages like this -- even if you had a point, it pretty much undermines it when you hurt innocent bystanders (who aren't even American) just to spread it -- I'm glad it was just a main page deface and not something more destructive like wiping out the forums.
I'm not sure why we got special treatment, though. Our deface message was different from all the other sites.