Interview with Hacker S@BUN
Today’s interview is with S@BUN, a hacker from Turkey. S@BUN released a number of WordPress-related vulnerabilities recently and the BlogSec team wanted to find out a bit more about him.
Q: Would you please tell us a little about yourself?
A: I’m 26 years old and live in Turkey. Exploiting flaws has always been a hobby for me and now I’m writing bugs.
Q: How long have you been active within the security field? What got you started?
A: I’ve been in security for a long time, just hacking to begin with, but now I’m sending my exploits to sites.
Q: You have recently disclosed a number of WordPress and Joomla vulnerabilities to the public. What motivated you to target these web applications? Are other web applications just as vulnerable in your opinion?
A:Oh no problem joomla-wordpress-xoops-php-nuke-phpbb2. Its a hobby for me. Sometimes I send big exploits to site owners or company owners and other times I send them to sites like milworm-secruityfocus-securtyreason-secmania.
Q: A large number of your vulnerabilities focus on database manipulation (SQL Injection). Why did you choose this type of vulnerability?
A:I exploit SQL injection because ıts easy. I can write and use all types of vulnerabilities. Also inexperienced attackers can exploit them.
Q: BlogSec has mentioned on a few occasions that WordPress needs to provide database safe functions for its core code as well as for its plugin development. Would you agree with this? What else would you suggest that can help improve the security of these and similar web applications?
A: WordPress has a lot of software errors and I’ve sent them alot but I think they thought I was joking. I have 45-50 big exploits for WordPress. One day I will release them.
Thanks for taking the time to answer our questions.
BlogSec look forward to seeing more research from you in the future.
Random Posts
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
[...] a BlogSec fan una entrevista a un hacker de Turqia especialitzat en trobar forats de seguretat a Wordpress i [...]
thx for writing about me but sorry:((
for all wordpress gallery-picture and album
http://securityreason.com/exploitalert/3566
http://my.opera.com/SQL-Injection/blog/
yeah s@bun realy great person.. we are takling and he has got lot of bugs and he know lots of way about vulnerabilities and i think he ll fing all web scirpts holes :D good luck my bro…
What consideration or thought does s@bun give when releasing known flaws to the public (or at least on public forums) to their affects on the thousands if not tens of thousands of everyday users of those affected products who don’t have the time, technology, or know how to fix said vulnerabilities?
he is one of the best hackers i see.
he always say he isnt a hacker and thats typical for real hackerz. we can learn a lot from s@bun. i hope you show the world, the real face of the world.^^
s@bun is really perfect ı think he is the best in the world yea we are curiosity his face who is he???ı think he must be computer or real bill gates:)
All I can say is s@bun is doing wordpress and other open source software a great favor by focusing his attention on them for locating bugs and exploitable code.
That is one of the main DUHs to open-source software, and a primary advantage of open-source vs. proprietary.
Merhaba s@bun abi yeğenimle birlikte sizin büyük hayranlardanız.Verdiğiniz exploit’hiç kaçırmıyoruz ve çok beyeniyoruz.İzmirlimisiniz diye çok merak ediyoruz.
[...] Securityproblemen zijn de keerzijde van de succes-medaille. Een populaire en toegankelijke taal (php) en architectuur (de themes en plugins) zorgen voor een grote diverse community, en noodzakelijkerwijs ook voor een interessant doelwit voor de spreekwoordelijke Turkse hacker… [...]
[...] Blogsecurity veröffentlichte heute ein Interview mit dem türkischen Haker S@BUN. Interessantester Abschnitt: WordPress has a lot of software errors and I’ve sent them alot but I think they thought I was joking. I have 45–50 big exploits for WordPress. One day I will release them. [...]
oohh, I’m so great and have such a cool nic. and oohhh, I find 40-50 security leaks in one second!!!!111
No I’m not a H4×0r, i’m 2 cool 4 that.
Sorry, but this guy is just a liar and you fell for it.
What do you think why no developer takes this jerk seriously? The sentence: “I’ve sent them alot [software errors] but I think they thought I was joking.” says all. They didn’t think that this guy was joking. They just found out his “security holes” are not real.
We’d love to hear about your WordPress exploits at security @ wordpress.org !