Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

BlackEnergy botnet 0days

John Menerick

 More information about the botnet kit . In short, there are well over 5000 modifications of the original kit. The kit is an interesting piece of technology. Read the linked article for detailed information.  

As for the command and control portion, it is poorly coded.  There are plenty of SQL injections

  • Within index.php, line 104, name your country with tainted data.  On line 106, it is assigned to a sql statement. Line 112, the sql statement is executed.
  • But why go to all that work? Much simpler SQL injection in index.php. Line 120, send an ID parameter with your tainted input. One line below, it is executed.
  • Or better yet, index.php’s line 132. Send the malicious data to the opt parameter. Then it is executed within the same line.

Hotness!  There are other SQL injections within stat.php but I leave that up to the reader to exercise their static source code analysis prowess.

BlackEnergy's source code

Google hack to find instances

CNN.com XSS vulnerabilities

Google Glass Developer program - DOS and XSS