Silk Road Forum Vulnerabilities

1. Wondering how the Silk Road forum server got identified? Here's one possibility:
2.  
3. The site ran a standard Simple Machine Forums installation with the addition of one front-end module 'SA Knowledge Base'. This module was used to display FAQ's and guides on the forums. The module was added to the forums soon after they were set up in November 2012 and a dive into the code quickly reveals some issues.
4.  
5. The code-base performs unserialization on user supplied data. SMF or the extension do not appear to provide any classes which could be exploited to gain remote code execution directly. There may be a way to call the SMF FTP client class to make an external request and attempt to discover the IP of the server.
6.  
7. A simpler issue is present during article creation. The module does not perform any sanitation on the value provided in the Source field when creating or editing a new article. This results in a trivial persistent XSS vulnerability. The module also does not correctly validate a user's privileges when creating a new article. The Create Article form cannot be viewed by regular users, but it is possible to make a direct POST request with the required fields to create an article on the knowledge base.
8.  
9. This XSS vulnerability could be exploited to steal admin cookies, or simply disable the file extension check for Knowledge Base attachments allowing for arbitrary file upload and code execution.
10.  
11. For an unknown reason, the forum domain also occasionally returned error pages which appeared in the same style as the main Silk Road marketplace error pages. Where the two sites actually hosted on the same server or behind the same load balancer?
12.  
13. There were likely many other issues lurking around both the forum and marketplaces code base. Who knows what else was found and exploited by LEO's and others..
14.  
15. ---
16. Never attribute to a GPA that which is adequately explained by shitty PHP
17. ---