Kaspersky Portugal Full Disclosure
Posted by isrtinkode
on February 19, 2010
_ __ _ | | / / | | | |/ / __ _ ___ _ __ ___ _ __ ___| | ___ _ | \ / _` / __| '_ \ / _ \ '__/ __| |/ / | | | | |\ \ (_| \__ \ |_) | __/ | \__ \ <| |_| | \_| \_/\__,_|___/ .__/ \___|_| |___/_|\_\\__, | | | __/ | |_| |___/
#owned by c0de.breaker
In one evening, when i searched a antivirus, I entered on the official kaspersky website of Portugal from mistake.
Link: www.kaspersky.com.pt
Kaspersky, from what i know has been hacked by “unu” with MySQLi.
So I said to try to see if I could find a vulnerability!
After 5 minutes of searching, I found something interesting, namely::
Warning: censored()
[function.censored]: Query failed: ERROR: syntax error at or near "\" at
character 306 in
/home1/_sites/wwwkasperskycompt/kaspersky/PHP/IfDBRevendedoresKaspersky.phpclass
on line 121
ERRO na execucao da query getRevendedors
ERROR: syntax error
at or near "\" at character 306
censored() : That means as he
use a censoredSQL database.First time, i checked to see if is injectable, and if i can extract something.
The answer:
———————————————————–
———————————————————–
So I can make censoredSQL Injection!
What I extracted?
I wasn’t concerned about the content, I only “got” the names of databases, tables and columns.
#Other Databases#Principal Database: censored
#User: censored
#Version: censoredSQL 8.1.11 on i486-pc-linux-gnu, compiled by GCC cc (GCC) 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)
1 censored
2
template1
3 template0
4 monitoring
5 estkaspersky
6 horde
7
licence
8 hardwareipbrick
9 acessosclientes
10 licencefmota
11
temp
12 dbdoc
13 webcalendar
14 ipbox
15 adcav
16 jpleitao2
17
funambol
18 gaia
19 cinel2
20 makeupdate
21
tempdefaultconfig
#The tables from censored database (number:458)
1
table_base_idxml73
2 table_ass_idxml73_idtab1025
3
liga_tipoent_categoria
4 liga_subcat_categoria
5 classif_entidades
6
ignora
7 categoria_entidade
8 site
9 subcategoria_entidade
10
tabela_gestao_ipcontactos
11 ipcontactos_lang_files
12
utilizador_externo
13 webcal_sincro
14 pga_queries
15 pga_forms
16
pga_scripts
17 pga_reports
18 pga_schema
19 pga_layout
20
avaliar
21 estadorec1
22 liga_resultado_tarefa
23 webcal_user
24
utilizadores_operacao
25 webcal_entry
26 webcal_entry_repeats
27
webcal_entry_repeats_not
28 webcal_entry_user
29
webcal_entry_ext_user
30 webcal_user_pref
31 webcal_user_layers
32
exhumationprice
33 webcal_site_extras
34 webcal_reminder_log
35
webcal_group
36 table_base_idxml13
37 webcal_group_user
38
webcal_view
39 webcal_view_user
40 gravetype
41 webcal_entry_log
42
webcal_categories
43 webcal_config
44 cemeterysection
45 solucao
46
ipdoclanguages
47 ipdoctranslation
48 ipdocsentences
49
ipdocpages
50 ipdocpagetranslation
51 table_base_idxml15
52
table_ass_idxml15_idtab51
53 lockcodigos
54 assunto
55
table_base_idxml16
56 subassunto
57 table_ass_idxml16_idtab68
58
entidades2
59 coordenadas_estado
60 dados_infantarios
61
coordenadas_estadopr
62 codigo_accaopr
63 table_base_idxml17
64
raca
65 table_base_idxml18
66 table_base_idxml19
67
table_base_idxml20
68 table_base_idxml14
69 distrito
70
concelho
...
439 accaopr
440 table_base_idxml79
441 estadopr
442
funcaoproc
443 funcaopr
444 table_ass_idxml79_idtab1183
445
table_ass_idxml79_idtab1190
446 table_ass_idxml79_idtab1191
447
table_ass_idxml79_idtab1192
448 table_ass_idxml79_idtab1193
449
table_ass_idxml77_idtab1194
450 table_base_idxml78
451
table_ass_idxml80_idtab1216
452 table_base_idxml81
453
table_ass_idxml81_idtab1228
454 table_base_idxml70
455
table_base_idxml82
456 documento
457 revisaodoc
458
table_ass_idxml82_idtab1257
#Me: Ma gandesc, daca tot este
una din cele mai mari compani din lume care asigura protectia poate a multor
milioane de utilizatori prin produsele sale,de ce nu au grija de propria securitatea in primul rand? Acest lucru poate fi si din cauza firmelor care creaza aceste website-uri intr-un timp foarte scurt pe sume exagerat de mari…
Cam atat.
~Where is a will, there is a way