[VIM] fake vulnerability extortion?
jericho at attrition.org
Fri Feb 17 00:51:54 EST 2006
the January 23 me was done work on revealing the criticality in
forum vBulltin(3.0.7 - 3.5.3) and IPB(2.0.0 - 2.1.4).
The Criticality were find nearly similar nature. Later I have tested them
on rest version and they have in the same way operated. After two three
days were written two exploits under these two forums. Eksploit allows to
get web - shell on server where is installed forum. So much for that I can
say on this cause. Letter this has wrote therefor that developers of these
programme products knew that in them there are mistakes for attention.
> No, I nobody has not reported on this criticality. Let all read
> message on securityfocus.com. poc will possible be on sale only
> narrow circle of the people from russian hacker
So your exploit is not being reported to the vendors and you are going to
While we take all security reports seriously we have investigated this
report and have been unable to find any sort of exploit suggested by the
After contacting the author for more information the response we received
was that a fee would have to be paid for more information. As a company we
refuse to be coerced into paying a ransom given that the author has not
been able to demonstrate that the vulnerability exists, much less a
willingness to work with us to ensure a secure product for end users.
I sent him an email about his bugs and exploits.
He asked me to add him in his ICQ.
I told him I dont have and I gave him my msn and he added me.
He asked me if I want the exploits I have to pay 500$.
I said how and he gave me a site for transfring money.
I told him I cant. I said if you want me to transfer money by paypal I
will do.Then, he said yes. I told him do you have an account and he
replied No. I opend an account for him, new account and gave him the
password.He asked me to send money. I did :)
I sent him 500$. Then he disappeared and he gave me nothing.
He thinks he took 500$ :)
He doesnt know anything and he is from russia and his langauge is broken.
This is the result:
We got a new king of rippers but this time by caiming that the have new
exploits and they will sell it.
More information about the VIM