A website called ShitExpress allows customers to purchase and send actual animal feces to friends or enemies anywhere in the world. The company’s motto is “A simple way to send a piece of shit in a box around the world.’. Co-hacking community and a renowned hacker have already obtained private data from companies like Mangatoon and QuestionPro.
An unexpected development, however, was that the client who is a recognized threat actor opted to exploit the vulnerability and download the entire database rather than properly reporting the issue. The angry and oftentimes panicked personal messages sent by the receivers of the presents were made public after the publishing of this information on a hacker website.
Additionally, the hacker had already posted the stolen data of 7 million Robinhood users online for sale.
According to a forum post by pompompurin, the hacker recently visited ShitExpress to ship a box of feces to cybersecurity expert Vinny Troia. Troia once mawkishly launched a petition on change.org begging international leaders to extradite pompompurin to the US. When pompompurin visited ShitExpress to thank Troia on Tuesday, the hacker found that the website was vulnerable to SQL Injection.
Pompompurin also acknowledged that they had used SQL Injection to exploit ShitExpress, although they did not seek a ransom from the site’s owners.
