TinKode-ESET NOD32 Taiwan Full Disclosure

ESET NOD32 Taiwan Full Disclosure

Posted by isrtinkode on March 22, 2010

#NOD32 Taiwan@ TinKode - Romania

About ESET:
ESET is an IT security company headquartered in Bratislava, Slovakia that was founded in 1992 by the merger of two private companies. The company is privately held and has branch offices in San Diego, California; Wexford, Ireland; London, United Kingdom; Buenos Aires, Argentina; Prague, Czech Republic and Kraków, Poland.
Vulnerable website: www.eset.com.tw to MySQL Injection.

Main Informations:

• Version : 5.0.45
• Database: nod32twnew
• Datadir : /var/lib/mysql/
• User    : censored

Databases:

• information_schema
• mysql

• nod32twnew

Tables from main database:

• article
• category
• enterprise_apply
• estore_product
• estore_product_20100106
• estore_product_category
• estore_product_category_20100106
• estore_product_copy
• faq_category
• faq_category_detail
• game3
• manager
• nodtwflash1
• register
• regkeyreplace
• trial30
• updates

We have permission to access mysql.user accounts:

MySQL.user account:

• censored  :  censored

Accounts from manager table:

• admin    :  censored
• editor   :  censored
• nod32@tw :  censored
• soman    :  censored

The accounts are in plain-text… great!
Now some keys from “ censored key censored “:

• J102- censored :J112- censored
• J102- censored :J112- censored
• J102- censored :J112- censored
• J102- censored :J112- censored
• J102- censored :J112- censored
• J102- censored :J112- censored
• J102- censored :J112- censored
• J102- censored :J112- censored
• J102- censored :J112- censored
• …

~Verry simple!
Other webservers of ESET NOD32 hacked: NOD32 Hong Kong & NOD32 Romania
~Thanks, TinKode

Read More