Developer suspects a ‘patent troll’ is to blame

Sploitus exploit search engine comes under DMCA fire, search engine page removal

The Sploitus exploit search engine has become subject to a DMCA copyright complaint in a case the creator believes is due to a failed piracy block attempt.

Developed by web application security researcher Anton “Bo0om” Lopanitsyn, Sploitus is a non-profit resource for finding and identifying exploits and new attacks leveraging known vulnerabilities.

In a tweet dated November 20, a notice received by the Sploitus webmaster from Google was published, which accused the website of hosting content that contravened the notorious Digital Millennium Copyright Act (DMCA).

“Google has been notified, according to the terms of the DMCA, that some of the material found on your site allegedly infringes upon the copyrights of others,” the notice reads.

“Although some of these URLs may not be available in our search results now, we are retaining these notices and will act on them if at some point in the future we do crawl these pages for inclusion in search results.”

WordPress plugin exploit

The DMCA claim does not apply to the entire Sploitus search engine. Instead, it relates to only one URL – a page related to an exploit for the SuperStoreFinder WordPress plugin.

SuperStoreFinder is a plugin used to create store functionality on WordPress websites. The licensed software has been purchased over 5,000 times.

Read more of the latest security vulnerabilities

The Sploitus webpage describes a cross-site request forgery (CSRF) exploit, leading to unauthorized shell uploads, impacting versions 6.1 and below of the plugin.

The page also contains a link to a description of the exploit on Packet Storm and a video link relating to the exploit, although the latter has since been removed by YouTube.

At the time of writing, the developer of the plugin has not responded to requests for comment.

Burying bad news?

Lopanitsyn suspects that the claim was not necessarily made by someone concerned about squashing news of an exploit or vulnerability.

Instead, the researcher thinks they are “patent trolls” who attempted to “block pirated links, but somehow blocked the exploit”.

Google does allow recipients of DMCA notices to contest claims and potentially have pages restored on search engine results.

However, as only one URL was blocked in this instance, Lopanitsyn told us that the claim “does not hurt him”, and so it may not be worth fighting.

“I have not thought about it,” Lopanitsyn commented. “Most likely not, because the exploit can still be found through Sploitus.”

The Daily Swig has reached out to Google and the WordPress plugin developer for comment and will update when we hear back.

READ MORE Computer Misuse Act: Most UK cybersecurity pros fear breaking the law by simply doing their jobs