16

Today my fellow @EaZyCode found out a local Hosting Provider has a massive security breach.

He wrote an Plugin for Minecraft with an own file explorer and the ability to execute runtime commands over it.

We discovered that this specific hosting provider stores the ftp passwords one level above the FTP-Root. In FUCKING PLAIN TEXT! AND THE MYSQL PASSWORD TOO! And even more shit is stored there ready to be viewed by intelligent people...

It's one of the fucking biggest Hosting provider Germanys!

But, because EaZyCode has such a great mind and always find such bugs, I give him the title "Providers Endboss" today, he has earned it.

Loving you ❤️

Edit: we used SendMail with runtime commands and sended too many empty Spammails (regret noting)

Comments
  • 2
  • 4
    That was actually cool!
  • 1
    And I created him this DevBanner just for lolz! Check out devBanner!

    (Endboss = Endgegner)
  • 2
    Yo thx! :)
    Btw, you can use sendmail command!
  • 0
    Das lustige ist ich habe das als erster herausgefunden ^^ und schon mehrere plugins damit verknüpft habe xD
  • 3
    Des is schon traurig.
    This is so fucking sad.
  • 3
    Nitrado, seriously? My friends use it, I thought it was reliable.

    Oh, I regret nothing on using my own VPS with my own management system and plugins 😂
  • 4
    HOLD UP
    NITRADO?!

    DAMN
  • 3
    Nitrado, really? They are around for so long.. also they seemed reliable..
  • 1
    @LastDigitOfPi yup
  • 3
    I read security branch and was very confused...
  • 2
    @Alice the next step is to create NiPinkTrado, your own hosting
  • 0
    @amahlaka jep they do
  • 0
    @amahlaka nope we didn't reported it, but we deleted most files of our own server and couldn't boot it then.... Also we didn't had permission to other accounts servers.
  • 0
    @amahlaka should work, we even can create screens within the Minecraft chat!

    (And because every server has 1gbit and you can buy 10 servers for 3 days for 10 bucks, you could easily create a DoS BotNet (Jes we tried it))
  • 0
    @amahlaka NOPE not really xD
  • 1
    @amahlaka they allow you to go up to / folder! You can also read grub bootloader configs and so on...
  • 0
    @EaZyCode @amahlaka and you could attack each system in the entire network by DoS attacks, because there were multiple network interfaces interconnected
  • 1
    @SteffTek there were 64 each 1GBit (using ifconfig)
  • 0
    @EaZyCode it looks like the Java process is started by an administrator account or that every account has a bad permissions setup.
  • 2
    This is legitimately making me sad.
    They are the biggest hoster in Germany.

    Off to get some passwords :)
  • 1
    @Kreischo It's more now ;)
    The were the cheapest I could find for my payment methods
  • 3
  • 1
    @LastDigitOfPi yup it still gets updates
Add Comment