Hey guys,
Just spend about 10 mins poking around BMR and Sheep to see what I could find.
Both of them leak info through their headers and HTML source. Sheep is running on Apache 2.2.22, using Ubuntu (see the headers on any page, the gallery forums and website are running off the same server and based on the sessid are part of the same application), with an X-Powered-By value of "Nette Framework", an open source PHP framework. Also they're setting a server side session ID (y no encrypted client side?!?!) for this framework. Unfortunately the framework seems to be resilient to the basic skiddie traditional attacks that I tried, but if I were a fed seriously looking for a vulnerability I know where I'd start. (cough Nette Framework Github).
BMR leaks less, but you can tell both the site and forums are running PHP. I'm not sure if it's the same server, but the timestamps are synchronized to within .5 seconds if it's not, which is possible but hints at them being on the same or a similarly configured box. You can also tell that at the very least the forums are running off PHP package 5.3.10-1ubuntu3.8 (attack vector!) and the forums are using the PunBB software (attack vector!).
Something to ponder when sending in your bitcoins, eh?
Want to add to the discussion?
Post a comment!