Wednesday, February 1, 2012

TinKode-Kaspersky Thailand Full Access


Kaspersky Thailand Full Access

Posted by isrtinkode on February 19, 2010
 _  __                             _                                _
| |/ /                            | |              /\              (_)
| ' / __ _ ___ _ __   ___ _ __ ___| | ___   _     /  \   __ _  __ _ _ _ __
|  < / _` / __| '_ \ / _ \ '__/ __| |/ / | | |   / /\ \ / _` |/ _` | | '_ \
| . \ (_| \__ \ |_) |  __/ |  \__ \   <| |_| |  / ____ \ (_| | (_| | | | | |
|_|\_\__,_|___/ .__/ \___|_|  |___/_|\_\\__, | /_/    \_\__, |\__,_|_|_| |_|
              | |                        __/ |           __/ |
              |_|                       |___/           |___/

                     #Kaspersky Thailand full access@c0de.breaker
Ok… As you might remember, some time ago, I gained access into Kaspersky Portugal.
Now I found another vulnerable parameter in Kaspersky Thailand.
Because the mod_security was ON, it was hard for me to make the injection, and in order to extract tables,colums,etc you must have a vast knowledge about how to filter some things.
Testing:






Main Informations:

#Version: 5.1.30
#censored
#censored
#censored
All databases:
#information_schema
#censored
#censored
Tables from thaikasp_dealer:

#censored
#newheader
#tb_dealer
#tb_part
Tables from thaikasp_forum:
#forum
#tbmember
Columns from tbmember
#ID
#Username
#Password
And now all accounts from tbmember. I can’t understand why passwords aren’t encrypted!

#censored
#censored
#censored
#censored
Admin Control Panel:


Yeah, finish.
Bye, TinKode

0 comentarii:

Post a Comment