Prosper202 Security Hole, DL new version

Status
Not open for further replies.
blueRAP

blueRAP

On the come up
Apr 22, 2008
788
20
0
Oklahoma City
From #cakes:

This is an urgent message from the prosper202 team. Recently, we've found a security hole in our software. More Details of the security hole will be posted soon. As of now the Prosper202 team has fixed the problem and patched the security hole, so we encourage all users to download prosper version 1.2.1.

You can download version 1.2.1 Here

Download Prosper202
 
  • Like
Reactions: Nikko


Everyone should update ASAP. Some guy has been stealing prosper info for a long time. Just checked my server logs and I got hit...
 
Last edited:
well... there goes all my free money. Back to the drawing board.

(In case you are interested, doing a basic file compare I can see that they made some changes to the way they authenticate, including a new function to help escape all sql string properly that could be injected into the login form)
 
Yep, the malicious user posted some data to my login form. Cock sucker was stealin' my shit.
 
Hold on, there's actually more IP's hitting my login page, that aren't bots, then I expected. Give me a few to sort them out...
 
Oh I wouldn't worry too much about the guys behind it anymore..

Aside for having all of their affiliate accounts nuked today, and pissing off a shitload of affiliates, we also have all of their info both personal and business, IP's, domains, photos, phone numbers, paypal info, etc. -- Also had Wes and Steven from P202 speak to the FBI about it, and they've got all of his info and the evidence we raped from their server. Apparently while he was smart enough to figure out how to hack into people's P202 accounts and take screen shots of the data, he wasn't smart enough to cover his tracks by any means.

Everything will be posted later tonight by SlightlyShadySEO.
 
Can't say I didn't see this coming, and it'll probably keep on happening.

Best thing you guys can do is completely block all IPs but your own to your tracker.. don't trust 202! The script is not very secured and the chances of another injection happening again are pretty much 100% likely. Protect your campaign data!
 
That's awesome news about catching the guys hacking installs. I already updated my install. WTF, When you say the cocksucker was stealing your shit, what was he doing specifically? I'd like to check it out- did you grep through your apache access logs for POSTS to the login form page or something else?
 
Jon said:
Oh I wouldn't worry too much about the guys behind it anymore..

Aside for having all of their affiliate accounts nuked today, and pissing off a shitload of affiliates, we also have all of their info both personal and business, IP's, domains, photos, phone numbers, paypal info, etc. -- Also had Wes and Steven from P202 speak to the FBI about it, and they've got all of his info and the evidence we raped from their server. Apparently while he was smart enough to figure out how to hack into people's P202 accounts and take screen shots of the data, he wasn't smart enough to cover his tracks by any means.

Everything will be posted later tonight by SlightlyShadySEO.
Click to expand...
:music06:(drum roll)
Martin Stary would be the bastard in question.

Last Known Address:
2016 N BISSELL ST #2
CHICAGO, IL 60614

Phone Number(confirmed): 773-665-2994
Phone Number (Unconfirmed): (312) 226-1343
mstary@33rpm.com
mstary@invesio.com
Invesio is his company name. Domains pending. I have to find a second to remove the ones he copied from others so I don't out those guys by assocation. Also I've got a fair number of the p202s that he comromised, if anyone wants to go for some legal fun. I'll post those in a bit.
33RPM.com is a business owned by his brother, Sid. "Guidance Recordings"

Don't do stupid shit. Triple checking it now.
Also to those looking through logs, keep in mind that while I was digging for this shit I hit a few peoples p202s in the process.
 
Last edited:
Yep, you got it.

I was tipped off from a friend in the industry about the vulnerability. So I started looking for any IP's posting data to the login page that I didn't recognize. There's actually a couple suspicious IP's that keep revisiting the login. Unfortunately my log files are incomplete because this install is on a shared host and not on my dedicated.

I'm going to hold off posting more info until know 100% that I've got the right IP.
 
Status
Not open for further replies.
Top Bottom