GoFuckYourself.com - Adult Webmaster Forum - View Single Post

flothrager · 05-14-2006, 05:12 PM

looks like jmbsoft is putting their money where their mouth is. i just saw this on their forums:

There have recently been some claims that a security hole in AutoGallery SQL has been used by hackers to
gain access to and compromise servers. We have done an extensive investigation, including examining a compromised
site along with a complete code review, and have found no evidence that such a security hole exists. Site owners
that have been hacked have also not been able to provide any evidence that shows a security hole.

To put this issue to rest and to show that we are serious and confident in our product's security, we are now
offering a $500 US dollar reward for anyone who can provide instructions for an AutoGallery SQL code exploit that
can be reproduced. Details on the requirements for this reward can be found below. If you have any questions
regarding this, you can send an e-mail message to [email protected].

1. The hack must be effective against a fresh installation of AutoGallery SQL version 3.5.0 or newer.

2. The hack must be effective against an unmodified installation. All AutoGallery SQL scripts must be the same that
are provided with the standard distribution.

3. The hack must be an exploit of the AutoGallery SQL code. Exploits of webserver software (Apache), telnet, SSH or
other programs will not be accepted. Successful hacks must show that the AutoGallery SQL code can be exploited to
allow access to the compromised server or allow the user to access the AutoGallery SQL control panel without having
prior knowledge of the username and password.

4. Hacks that simply utilize the AutoGallery SQL control panel to create files on a user's server will not be
accepted unless they are accompanied by details on a code exploit that allowed them to access the AutoGallery SQL
control panel without having prior knowledge of the username and password. It is known that files can be created
through the control panel, and this is a software feature, not a security hole.

5. Successful hacks should be sent to [email protected] with complete instructions on how the hack was done so
that it can be reproduced on a fresh installation of AutoGallery SQL. Upon confirmation of a successful hack, the
amount of $500 US dollars will be transferred to the PayPal account of the individual who provides the complete
instructions.

05-14-2006, 05:12 PM
flothrager Registered User Join Date: May 2005 Posts: 1	looks like jmbsoft is putting their money where their mouth is. i just saw this on their forums: There have recently been some claims that a security hole in AutoGallery SQL has been used by hackers to gain access to and compromise servers. We have done an extensive investigation, including examining a compromised site along with a complete code review, and have found no evidence that such a security hole exists. Site owners that have been hacked have also not been able to provide any evidence that shows a security hole. To put this issue to rest and to show that we are serious and confident in our product's security, we are now offering a $500 US dollar reward for anyone who can provide instructions for an AutoGallery SQL code exploit that can be reproduced. Details on the requirements for this reward can be found below. If you have any questions regarding this, you can send an e-mail message to [email protected]. 1. The hack must be effective against a fresh installation of AutoGallery SQL version 3.5.0 or newer. 2. The hack must be effective against an unmodified installation. All AutoGallery SQL scripts must be the same that are provided with the standard distribution. 3. The hack must be an exploit of the AutoGallery SQL code. Exploits of webserver software (Apache), telnet, SSH or other programs will not be accepted. Successful hacks must show that the AutoGallery SQL code can be exploited to allow access to the compromised server or allow the user to access the AutoGallery SQL control panel without having prior knowledge of the username and password. 4. Hacks that simply utilize the AutoGallery SQL control panel to create files on a user's server will not be accepted unless they are accompanied by details on a code exploit that allowed them to access the AutoGallery SQL control panel without having prior knowledge of the username and password. It is known that files can be created through the control panel, and this is a software feature, not a security hole. 5. Successful hacks should be sent to [email protected] with complete instructions on how the hack was done so that it can be reproduced on a fresh installation of AutoGallery SQL. Upon confirmation of a successful hack, the amount of $500 US dollars will be transferred to the PayPal account of the individual who provides the complete instructions.