Hello,
Today i wanna tell three little stories when WeChall got hacked.
========================================================
Event#1 Infernal
WeChall was always open source. Not free as in beer, but open and transparent.
It was vastly inspired by TBS, and most users were from TBS.
There was one particular user, who turned blackhat, and became kinda enemy of the community.
On Day#2 after launch... He studied the source,... and wiped all users.
The vuln was easy to spot:
The admin permissions was detected via the username.
- Gizmore (with a capital G back then)
- Kender (still with caps)
- Inferno (did not even register!)
So the blackhat simply registered as Inferno and deleted all users one by one via the crude admin panel.
All five users hit the dust, but the site recovered quickly with 6 and more users.
No Big Deal, but a quite fun story.
==================================================================================
Event#2 Social pwnage
There were two users, let's call them Alice and Bob, who were involved here.
So, assume Bob just tried to link the site 3564020356 as the user Alice.
A mail got send to Alice, who did not really read it, and just clicked the linking link in it...
TaDa... Bob gained massive points with low effort.
Funny!
==================================================================================
Event#3 Faux pas
This was the most known and serious event in the history of WeChall.
I was working on the WeChall and GWF3 codebase locally, and had imported a backup from the live site.
Somehow, i forgot to protect my protected/ folder, which also held backups from the live site.
I showed my current work to a user on irc.german-elite.net and he discovered the db backup in his experiments.
He downloaded it, but promised to delete the backup.
This happened maybe in 2012, i and think i wrote about it in the forum already back then.
So this was the only real bad event that happened to wechall.net server.
=========================================================================
Happy Challenging!
- gizmore