Vault 43 SQL Issue

Thought I'd post this for those that saw the site (or rather, could not see the site properly).

A few hours ago this was done, and I estimate it stayed up for only a couple hours but wanted to cover the issue.

I got a clearnet site to display the data on as several users requested, and taking a shortcut I made a simple SQL insertion page for additional records. This page was created less than 12 hours ago.

Someone ran a vulnerability scan and it found it, and while this was a temporary maintenance page that has been removed it was up long enough for 2,000 additional records to be inserted, rendering the database unreachable from the external site (site chart no longer functioned due to calling thousands of random rows instead of just 23 for the markets).

I want to point out the page permission and user permission were only for insert, so no links or existing records were changed since neither the page nor the user had permission for this.

This resulted in random data being added to random fields, no existing data was or could have been altered as it was insert only, not update. Market links were not affected, nor could they have been.

I reverted back to the darknet database and cloned the database again to the clearnet site, it's working normally now and the troublesome page has been removed.

I just wanted to let everyone know that this was due to an error on my part in creating an insecure insertion page, but the database itself was not hacked. The malicious user used an existing page I built and overloaded the database (or rather the page calling the database records) with 2000+ records since they didn't have direct control over the database itself.

Credentials have been changed & update page has been removed.


tldr; Malicious user used a temporary page to insert (not update) ~2000 records rendering the site chart unusable. This user did not have access to the database itself, only a single table through the update page with insert privileges only. This was entirely my mistake and has been corrected.
No market links were changed


Comments


[1 Points] darknetsolutions:

At least you're open about it.

As long as you're being truthful about the insert only privileges I see no major issue other than a blunder on your part.

Naturally, I'm going to be probing the site now though to see what I can find.