Interview with Hacker S@BUN
Filed Under (Interviews, WordPress) by DK on 18 March 2008

Today’s interview is with S@BUN, a hacker from Turkey. S@BUN released a number of WordPress-related vulnerabilities recently and the BlogSec team wanted to find out a bit more about him.

Q: Would you please tell us a little about yourself?

A: I’m 26 years old and live in Turkey. Exploiting flaws has always been a hobby for me and now I’m writing bugs.

Q: How long have you been active within the security field? What got you started?

A: I’ve been in security for a long time, just hacking to begin with, but now I’m sending my exploits to sites.

Q: You have recently disclosed a number of WordPress and Joomla vulnerabilities to the public. What motivated you to target these web applications? Are other web applications just as vulnerable in your opinion?

A:Oh no problem joomla-wordpress-xoops-php-nuke-phpbb2. Its a hobby for me. Sometimes I send big exploits to site owners or company owners and other times I send them to sites like milworm-secruityfocus-securtyreason-secmania.

Q: A large number of your vulnerabilities focus on database manipulation (SQL Injection). Why did you choose this type of vulnerability?

A:I exploit SQL injection because ıts easy. I can write and use all types of vulnerabilities. Also inexperienced attackers can exploit them.

Q: BlogSec has mentioned on a few occasions that WordPress needs to provide database safe functions for its core code as well as for its plugin development. Would you agree with this? What else would you suggest that can help improve the security of these and similar web applications?

A: WordPress has a lot of software errors and I’ve sent them alot but I think they thought I was joking. I have 45-50 big exploits for WordPress. One day I will release them.

Thanks for taking the time to answer our questions.
BlogSec look forward to seeing more research from you in the future.

   
Enjoy the article? Please take a second to: Digg it! | StumbleUpon it!

Comments

Donncha O Caoimh on 18 March, 2008 at 11:54 am #

We’d love to hear about your WordPress exploits at security @ wordpress.org !


anonim on 18 March, 2008 at 1:08 pm #

S@BUN is a Great person, And always says “I´m Not a Hacker” =)


Problemes de seguretat a Wordpress on 18 March, 2008 at 3:47 pm #

[...] a BlogSec fan una entrevista a un hacker de Turqia especialitzat en trobar forats de seguretat a Wordpress i [...]


s@bun on 18 March, 2008 at 5:31 pm #

thx for writing about me but sorry:((
for all wordpress gallery-picture and album

http://securityreason.com/exploitalert/3566
http://my.opera.com/SQL-Injection/blog/


xcorpitx on 18 March, 2008 at 6:03 pm #

yeah s@bun realy great person.. we are takling and he has got lot of bugs and he know lots of way about vulnerabilities and i think he ll fing all web scirpts holes :D good luck my bro…


Vic Fichman on 21 March, 2008 at 10:25 pm #

What consideration or thought does s@bun give when releasing known flaws to the public (or at least on public forums) to their affects on the thousands if not tens of thousands of everyday users of those affected products who don’t have the time, technology, or know how to fix said vulnerabilities?


S1xty0n3 on 26 March, 2008 at 2:37 pm #

he is one of the best hackers i see.
he always say he isnt a hacker and thats typical for real hackerz. we can learn a lot from s@bun. i hope you show the world, the real face of the world.^^


world_hacker_team on 28 March, 2008 at 1:52 pm #

s@bun is really perfect ı think he is the best in the world yea we are curiosity his face who is he???ı think he must be computer or real bill gates:)


Vrodo_G.u.e.s.t.007 on 30 March, 2008 at 10:45 pm #

Yes…. Good Luck S@bun….


AskApache on 31 March, 2008 at 5:26 am #

All I can say is s@bun is doing wordpress and other open source software a great favor by focusing his attention on them for locating bugs and exploitable code.

That is one of the main DUHs to open-source software, and a primary advantage of open-source vs. proprietary.


Gharib on 31 March, 2008 at 8:59 pm #

Good Luck Bro im wating for ur new exploits :D cya

Gharib From Tunisia


Amber on 2 April, 2008 at 10:06 pm #

I LOVE YOU S@BUN !!!


PerWin on 7 April, 2008 at 12:06 am #

Good Luck!:)


infazci on 17 April, 2008 at 8:27 am #

Merhaba s@bun abi yeğenimle birlikte sizin büyük hayranlardanız.Verdiğiniz exploit’hiç kaçırmıyoruz ve çok beyeniyoruz.İzmirlimisiniz diye çok merak ediyoruz.


Help! Mijn Wordpress is gehackt! Wat te doen en hoe te vermijden? | Weblog Pascal Van Hecke on 22 April, 2008 at 12:22 am #

[...] Securityproblemen zijn de keerzijde van de succes-medaille.  Een populaire en toegankelijke taal (php) en architectuur (de themes en plugins) zorgen voor een grote diverse community, en noodzakelijkerwijs ook voor een interessant doelwit voor de spreekwoordelijke Turkse hacker…   [...]


Wie “sicher” ist WordPress? » » Meerblickzimmer on 5 May, 2008 at 3:02 pm #

[...] Blogsecurity veröffentlichte heute ein Interview mit dem türkischen Haker S@BUN. Interessantester Abschnitt: WordPress has a lot of software errors and I’ve sent them alot but I think they thought I was joking. I have 45–50 big exploits for WordPress. One day I will release them. [...]


אבטחת הבלוג ניסיון שני » ITbananas on 5 June, 2008 at 1:41 am #

[...] ראיון עם האקר של וורדפרס. [...]


23dfe2 on 3 July, 2008 at 10:39 am #

oohh, I’m so great and have such a cool nic. and oohhh, I find 40-50 security leaks in one second!!!!111

No I’m not a H4×0r, i’m 2 cool 4 that.

Sorry, but this guy is just a liar and you fell for it.

What do you think why no developer takes this jerk seriously? The sentence: “I’ve sent them alot [software errors] but I think they thought I was joking.” says all. They didn’t think that this guy was joking. They just found out his “security holes” are not real.


Comment
Name:
Email:
Website:
Message: