Hacked data on open sale ?

[eSploit Guy <satyamhax () gmail com>]

Hello List,

I stumbled upon a site selling the below services in January this
year, it was in the news then and many (including me)blogged, tweeted
about it.

Hacking a military website      $150 USD
Hacking an Government website   $99 USD
Hacking Educational website     $66 USD
Hacking Online game website     $55 USD
Hacking forums, shopping carts  $55 USD
Immunity's CANVAS reliable exploit development framework LATEST
VERSION! 2011!  $66 USD
Undetected Private Java Driveby Exploit  $150 Source code and $30 for binary
Fresh shopadmin/forums, USA, UK, AU, DE, Valid Email lists      $10 per 1mb
PHP mailers %100 inbox  $5 USD per 1
Selling Edu/Gov database contain Firstnames, Lastnames, Email,
Country, Address, Phone, Fax details    $20 per 1k
Selling fresh Emails for spam from Edu's websites and shop websites
SQL Injection attacker bot (srb0tv2.0)

Thought it'll go down in a day or so. However, today after nearly 7
months saw the same news in imperva blog, checked the site and found
that it's not only still up and running but even updating frequently !

Apart from selling the services above, this guy also discloses SQL
injection vulnerabilities in major websites including banks,
universities, large corporations and Government organizations :

https://www.playstation.ru/
http://www.playstation.ca/
http://www.hartford.edu/
http://armani.com/
http://www.parliament.gov.bw/
http://www.nbc.org.kh/
http://www.bot-tz.org/
http://www.na.gov.pk/
http://www.presidentofpakistan.gov.pk/
http://www.cbp.gov/
http://www.ad.gov.ir/
http://www.tacp.toshiba.com/
http://labs.oracle.com/

Check out the details here:

http://esploit.blogspot.com/2011/08/open-sale-hacked-data-sqli.html

Regards,
Satyamhax
http://esploit.blogspot.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/