@SuperSl1nk has announced yesterday via Twitter that he has found a couple vulnerabliities in Barracuda’s official site.
He announced this new via a Tweet, which you can view below:
In the tweet he included a Pastebin link with urls to the vulnerabilities and an image.
Here is a small snippet of the Pastebin post, which also included Barracuda’s subnets and all their IPs.
Industrial espionage is wrong, this is a warning. The information we hold could close your business. If you do not remove the backdoor all your other products. We will make public your information. Vulnerability of your Website: XSS DOM Based, Upload. FileUpload Forms: [+] https://www.barracudanetworks.com/support/malware_submission/virus [+] https://www.barracudanetworks.com/support/malware_submission/spyware XSS DOM Based: [+] http://imgur.com/p2z6Ery,AdffzmI,nWuSe8c DNS Servers for barracudanetworks.com: ns2.p23.dynect.net ns3.p23.dynect.net ns1.p23.dynect.net ns4.p23.dynect.net ** Found 90444178360.barracudanetworks.com at 126.96.36.199.