Kaspersky Thailand Full Access
Posted by isrtinkode
on February 19, 2010
_ __ _ _ | |/ / | | /\ (_) | ' / __ _ ___ _ __ ___ _ __ ___| | ___ _ / \ __ _ __ _ _ _ __ | < / _` / __| '_ \ / _ \ '__/ __| |/ / | | | / /\ \ / _` |/ _` | | '_ \ | . \ (_| \__ \ |_) | __/ | \__ \ <| |_| | / ____ \ (_| | (_| | | | | | |_|\_\__,_|___/ .__/ \___|_| |___/_|\_\\__, | /_/ \_\__, |\__,_|_|_| |_| | | __/ | __/ | |_| |___/ |___/ #Kaspersky Thailand full access@c0de.breakerOk… As you might remember, some time ago, I gained access into Kaspersky Portugal.
Now I found another vulnerable parameter in Kaspersky Thailand.
Because the mod_security was ON, it was hard for me to make the injection, and in order to extract tables,colums,etc you must have a vast knowledge about how to filter some things.
Testing:
Main Informations:
#Version: 5.1.30
#censored
#censored
#censored
All databases:
#information_schema
#censored
#censored
Tables from thaikasp_dealer:
#censored
#newheader
#tb_dealer
#tb_part
Tables from thaikasp_forum:
#forum
#tbmember
Columns from tbmember
#ID
#Username
#Password
And now all accounts from tbmember. I can’t understand why passwords aren’t
encrypted!
#censored
#censored
#censored
#censored
Admin Control Panel:Yeah, finish.
Bye, TinKode