Remote File Inclusion - Papa Johns Pizza

################################################
# Website: www.papajohnspizza.in
# Date: 20.03.13
# Bug: File Inclusion (Remote / Local)
###############################################

>> Click here for the File Inclusion - Demo <<

And please guys make your website a little secure, it shouldn't take 'just' 20 minutes for server pwnage (sic)... Do your homework on the login page, scripting on the client side and remove the plugins that are not necessary... More importantly allocate a budget towards securing your website, because your WWW is your brand image on the Internet.

Cheers,
Kish

Metallica Concert - Oct 30th, Bangalore

################################################
# Website: www.ticketgenie.in
# Date: 18.10.11
# Bug: XSS / SQLi / Multiple Vulnerabilities
###############################################

Special advisory dedicated to all metal heads and headbangers from all over the world. The concert tickets for Metallica's show at Bangalore, Palace grounds is available at TicketGenie website... The tickets started getting sold publicly 3 days back according to a news website. So you can pay for the ticket or get it for FREE :D

How many tickets do you want? :))

Want to track other people's tickets?

BONUS: Login page is vulnerable to bruteforce attacks, since there is no account lockout mechanism

We have not included Proof-of-Concept demonstrations as with other posts, since the pages can be abused to buy free tickets :))

A website which deals with financial information should be better protected than this... I am NOT going to trust Ticket Genie with my credit card, unless they show some improvement with security.

Cheers,
Kish

Mexico CNN Website - Open redirect

########################################
# Website: http://mexico.cnn.com
# Date: 14.09.11
# Bug: Open Redirection Page
########################################

Click here for demo

I could use a r57shell with this to make it look more scary :)

Sidenote: GoDaddy has made an effort to make us look good, by putting up their default banner...hmmm !

Cheers,
Kish

Money Image - Error Based SQLi

########################################
# Website: www.moneyimg.com
# Date: 11.07.11
# Bug: SQLi (SQL Injection)
########################################

Money Image is a website similar to Image shack :)

Click here for demo

Fix your input validation fellas !

Cheers,
Kish

ISS - Internet Security Systems?

I have great respect for the guys at ISS X-Force... You guys are the best, nothing personal :)

Although, I'm certain they wouldn't approve of this screenshot here...


Vuln URL: hxxp://webapp.iss.net/Search.do

On Behalf of Crimemachine, Wish You (Our Readers) a Happy New Year Guys

We are Back ! ;)

XSS in Linuxmafia website - Today's lulz

#########################
# Website: www.linuxmafia.com
# Date: 21.09.09
# Bug: Cross Site Scripting (XSS)
########################

Vuln URL: hxxp://www.linuxmafia.com/kb/

Sorry folks, I am lazy to post a screenshot for this one... just a quickie, if you will...

Click here for the demo

Click here for another demo (this one's a bit serious)

Cheers,
Kish

Advisory Updates: Q2 2009, and a bit more...

Even though a spectacular hack was pulled off on Imageshack, they've not fixed their bug yet.

The lazy developers behind the Indian Premier League (oh reely??) have not fixed their XSS and SQLi bugs either... In 2009 if you want to see a demo, of a site allowing "delete method" in databases please visit them :))

ZDNet that writes the special 0-day column, apart from regular security ramblings is "yet" to fix their bug, and Dancho danchev, one of the authors from their team is still replying to mail...

Adobe atleast fixed their bug even though it was late, and I applaud their security team / devs for their store.

Electronic arts and blogarama haven't fixed their bugs just like the others, no I am not surprised

Probably, I'll write the next / final advisory update for this year in 3 to 4 months from now... Keep your eyes open !

Cheers :)
Kish

Whitehouse.gov - One for the "lulz"

#########################
# Website: www.whitehouse.gov
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################

Vuln URL: hxxp://www.whitehouse.gov

Click here for the demo

LOL ! Please put some of your resources to work ;)

Cheers,
Kish !

ESPN Shop - XSS

#########################
# Website: www.espnshop.com
# Real gear for Real "XSS" fans
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################

Vuln URL: hxxp://www.espnshop.com


Click here for the demo

Learn input validation, and try to use it :)

Cheers,
Kish !

P.S: This was found and reported to ESPN in late 2008, but they're very active as you can see.

XSS in Blogarama

#########################
# Website: www.blogarama.com
# Date: 29.05.09
# Bug: XSS
########################

Vuln URL: hxxp://www.blogarama.com


Click here for the demo

Fix input validation in your website...

Cheers :)
Kish

XSS in Adobe's Store

#############################
# Website: www.abobe.com
# Date: 17.05.09
# Bug: XSS
############################

Vuln URL: hxxps://store3.adobe.com


Click here to see the demo

Fix your input validation, and make shopping with adobe a good memory for the customer.

Cheers :)
Kish

HTML Injection in ZDNET

############################
# Website: http://blogs.zdnet.com
# "Say hello to the experts"
# Bug: HTML Injection, XSS
# Date: 03.05.09
############################

Vuln URL: hxxp://blogs.zdnet.com


Click here to see the demo

Please advise people about web-application vulnerabilities, after you've fixed them ! *coughs*

Talking about input validation, their email form is a bad example... and can I use it to send my friend an email ? You bet... it's free email spoofing service, courtesy of ZDnet ;))

Cheers,
Kish

SQLi and XSS vulnerabilities in IPL website

###################################
# Website: www.iplt20.com
# (includes spoils from pulselive.com)
# Bug: XSS, and SQLi
# IPL T20 - Indian(or is it English) Premier League
# Date: 29.04.09
###################################

Vuln URL: hxxp://www.iplt20.com



Click here for SQLi demo

There were also 26 injectable spots other than this, and there's XSS in URI, Path, and Forms, can't post too many screenshots... you see ;)

What's more you can insert, update, and delete tables in their DB :))

Happy hunting, Cheers!

XSS in Imageshack

################################
# Website: http://www.imageshack.us
# Bug: XSS
# Date: 25.04.09
##############################

Vuln URL: hxxp://www.imageshack.us

Click here for XSS demo

Fix your input validation.

Cheers,
Kish

XSS in NSA's website

################################
# Website: http://www.nsa.gov
# National "Security" Agency - oh really ?!
# Bug: XSS
# Date: 27.03.09
##############################


Vuln URL: hxxp://www.nsa.gov

Click for the XSS demo

Fix input validation in your page... Please be true to your THREE Letter acronym ;)

Cheers :)
Kish

Fixed again... Good job AVG, ESET

AVG and ESET have fixed their respective XSS vulnerabilities, and it is good !

Full disclosure - We believe in it !

Cheers!

Advisory updates: Q1 2009 and a few more ...

Advisory updates, First Quarter, 2009, and a few from 2008.



DMOZ search's xss was found 2 months back... and NASA's XSS at Goddard space flight center, was exactly a month ago...

The other findings, from Myspace, AVG antivirus, and ESET antivirus websites, are also not fixed ... considering that these websites have a good user base, and are expected to fix quickly.

HSBC haven't fixed their bug just yet ... but it is obvious, they're a bank and they want money... not security ;)

The Indian government website, has removed the page having input sanitization problems, instead of fixing it... still not bad ... they've taken some measures to stay at bay ...

Cheers :)
Kish

XSS in AVG website

#########################################
# Website: http://www.avg.com
# Bug: XSS
# Date: 09.03.09
########################################

Vuln URL: hxxp://www.avg.com

Screenshot

Click here for the demo

The AV vendors have failed to secure their websites, and their saga of web bugs, ranging from sql injection, earlier demonstrated by Romanian hackers, to the XSS bugs we're demonstrating will continue...

Fix input validation in your pages, the page affected is their "license" page...

Cheers :)
Kish

XSS in Myspace

#########################################
# Website: http://www.myspace.com
# Bug: XSS
# Date: 09.03.09
########################################

Vuln URL: hxxp://www.myspace.com/Modules/PostTo/Pages/DefaultV1.aspx

Screenshot



Click here for XSS demo

Fix input validation in the page, social networks are my turf !

Cheers :)
Kish

XSS in ESET website

#########################################
# Website: http://www.eset.com
# Bug: XSS
# Date: 04.03.09
########################################



Vulnerable URL: hxxp://kb.eset.com

Click here for the demo

Fix input validation in the page, antivirus vendors are supposed to be careful, atleast, I thought so !

This is a special advisory, Dedicated to Digi (Crimemachine,Founder), my very good friend, and fellow hacker, who is an ardent supporter of ESET products, the antivirus especially, for the heur et al.

Cheers :)
Kish