Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Embarrassing Oversight Leads to Exploit Hub’s Compromise

Exploit Hub, an exploit marketplace orginally launched by NSS Labs in 2010, but spun off by the testing firm in March of this year, said on Tuesday that they were compromised by a quasi-rival group going by the name Inj3ct0r Team.

Exploit Hub, an exploit marketplace orginally launched by NSS Labs in 2010, but spun off by the testing firm in March of this year, said on Tuesday that they were compromised by a quasi-rival group going by the name Inj3ct0r Team. As it turned out, the information stolen by the attackers wasn’t of any real value as it was already publicly available.

Exploit Hub is a marketplace for researchers to buy and sell publically known exploits (no o-days allowed), of which Exploit Hub takes a 30-percent cut. In a way, Exploit Hub has plenty of positive points, such as paying researchers for their work, but faces the same setbacks, including low pay scales. Yet, it is the total opposite of exploit houses like Vupen, by design.

According to a public notice on Facebook, Exploit Hub was breached on Tuesday by a group going by the name Inj3ct0r Team. Oddly enough, Inj3ct0r Team also sells exploits, most of them publically known or scraped from other sources. It would seem that they planned to add Exploit Hub’s collection to their own, but they failed.

“Today (December 11th), the Inj3ct0r Team has hacked [Exploit Hub]… and stole private exploits worth $242,333,” an announcement from the group boasted.

“We hacked [Exploit Hub] because the people who publish private exploits on [there] need know that the ExploitHub Admins are lamers and can not provide them with adequate security.”

As it turns out, the cause for the breach was a lapse in security policy.

“After our initial investigation we have determined that the web application server itself was compromised and access to the database on that server was available to the attacker. The server was compromised through an accessible install script that was left on the system rather than being removed after installation, which was an embarrassing oversight on our part,” Exploit Hub explained.

Advertisement. Scroll to continue reading.

“The exploit information provided in Inj3ct0r’s attack announcement text file and SQL dump consists of exploit names, prices, the dates they were submitted to the market, the Authors’ IDs, and the Authors’ usernames, all of which is publicly available information retrievable from the web application’s normal browse and search functions; this is not private information and it was already publicly accessible by simply searching the product catalog through the website.”

The incident it still being investigated, but so far, Exploit Hub admins are reasonably sure that nothing critical was stolen or compromised. As of 0600 on Wednesday, the Exploit Hub domain remains offline.

Correction: This article originally incorrectly stated that Exploit Hub was part of NSS Labs but has been corrected to reflect that it was spun-off from NSS Labs in March Of 2012 and has been independent since.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.