Showing posts with label Web Hacking. Show all posts
Showing posts with label Web Hacking. Show all posts

Tuesday, March 19, 2013

Remote File Inclusion - Papa Johns Pizza

################################################
# Website: www.papajohnspizza.in
# Date: 20.03.13
# Bug: File Inclusion (Remote / Local)
###############################################



And please guys make your website a little secure, it shouldn't take 'just' 20 minutes for server pwnage (sic)... Do your homework on the login page, scripting on the client side and remove the plugins that are not necessary... More importantly allocate a budget towards securing your website, because your WWW is your brand image on the Internet.

Cheers,
Kish

Tuesday, January 17, 2012

Happy NY2012 - Directory Traversal

Shouts to all the people who tell me, directory traversal / listing is NOT important.

Additional shouts to people who tell me, how their website "security" budget is cramped, but they can do endless scans of their intranet, internal network and desktops for compliance, year on year! :)

################################################
# Website: www.mmasuperstore.com.au
# Date: 18.01.12
# Bug: Database PWNage
###############################################

If only you guys had invested a portion of the money you spent on design towards security, this day would not have arrived!


But, Enjoy while it lasts... Consider this to be more publicity :))


Directory Traversal Vuln - MMA Super Store


WP Config File - MMA Super Store

What you have to learn from this incident is invest in security... as much or a portion of your design budget. Test the website with QA & Security instead of designing eye candy and flashing banners for "affiliate" dollars in mind!

When you run an online store and sell merchandise, please provide the "level of security" promised in your privacy statement instead of keeping things adhoc and designing a flashy website. The Internet is not a secure place, the Internet was not designed with adequate security.

Directory traversal is often overlooked and Websites don't get the attention they deserve, in 2012, that's a bad statistic !

Cheers,
Kish

Tuesday, October 18, 2011

Metallica Concert - Oct 30th, Bangalore

################################################
# Website: www.ticketgenie.in
# Date: 18.10.11
# Bug: XSS / SQLi / Multiple Vulnerabilities
###############################################

Special advisory dedicated to all metal heads and headbangers from all over the world. The concert tickets for Metallica's show at Bangalore, Palace grounds is available at TicketGenie website... The tickets started getting sold publicly 3 days back according to a news website. So you can pay for the ticket or get it for FREE :D


How many tickets do you want? :))



Want to track other people's tickets?

BONUS: Login page is vulnerable to bruteforce attacks, since there is no account lockout mechanism

We have not included Proof-of-Concept demonstrations as with other posts, since the pages can be abused to buy free tickets :))

A website which deals with financial information should be better protected than this... I am NOT going to trust Ticket Genie with my credit card, unless they show some improvement with security.

Cheers,
Kish

Monday, July 11, 2011

New Google Dork (Thanks AXN!)

Presenting our own google dork, which stemmed from the AXN site goodies... To check whether a particular site uses jQuery extensively...

You can use this query...
intext: * jQuery 1.2.6 - New Wave Javascript * * Copyright (c)


You can check a specific website using the site operator...

Cheers,
Kish

AXN India - Exposed to the Internet

A simple google query did the trick... :D







This is not a great flaw by itself... the site's administration should not be enabled for all internet users (to play with and break the authentication)...We did not poke with the authentication scheme, hehe ;)



Update: We also found cron.php, install.php, xmlrpc.php, half a dozen email addresses, directory traversal (scripts, modules, profiles, themes, sites) and lots more...



Stopped playing for we didn't want to end up accidentally hacking the website :))

Bottom line: Functionally sound, security wise - bad idea?

Shouts to Jaymee ong... (marry me please !) and the eBuzz Team who's programme was being featured on AXN before I found the goodies :D

Money Image - Error Based SQLi

########################################
# Website: www.moneyimg.com
# Date: 11.07.11
# Bug: SQLi (SQL Injection)
########################################

Money Image is a website similar to Image shack :)

Click here for demo


Fix your input validation fellas !

Cheers,
Kish

Matasano Chargen - Redirection

########################################
# Website: www.matasano.com
# Date: 11.07.11
# Bug: Cross Site Scripting / Redirect
########################################

When reading their blog, you surf their services page, check out their RFP page and what comes up suddenly... a redirection page, hehe :D

>> Click here for redirect demo <<


This one was totally unintended, but fun nonetheless spotting bugs in a security company's website !

Cheers,
Kish

Thursday, December 30, 2010

ISS - Internet Security Systems?

I have great respect for the guys at ISS X-Force... You guys are the best, nothing personal :)

Although, I'm certain they wouldn't approve of this screenshot here...


Vuln URL: hxxp://webapp.iss.net/Search.do

On Behalf of Crimemachine, Wish You (Our Readers) a Happy New Year Guys

We are Back ! ;)

Wednesday, July 28, 2010

Talk about facebook funnies

http://graph.facebook.com/566543089 -> now that's funny ! :D

{
"id": "566543089",
"name": "Leo Fu",
"first_name": "Leo",
"last_name": "Fu",
"link": "http://www.facebook.com/people/Leo-Fu/566543089",
"gender": "male",
"locale": "zh_HK"
}


One more just to make sure, we can still rely on facebook ;)

nyaaaa, what's that : http://graph.facebook.com/676543089

{
"id": "676543089",
"name": "Michael Seng",
"first_name": "Michael",
"last_name": "Seng",
"link": "http://www.facebook.com/people/Michael-Seng/676543089",
"gender": "male",
"locale": "en_US"
}


Since when did we need a Opera or Firefox for facebook, lol ! :D

Cheers,
Kish

Sunday, September 20, 2009

XSS in Linuxmafia website - Today's lulz

#########################
# Website: www.linuxmafia.com
# Date: 21.09.09
# Bug: Cross Site Scripting (XSS)
########################

Vuln URL: hxxp://www.linuxmafia.com/kb/

Sorry folks, I am lazy to post a screenshot for this one... just a quickie, if you will...

Click here for the demo

Click here for another demo (this one's a bit serious)

Cheers,
Kish

Wednesday, August 26, 2009

Advisory Updates: Q2 2009, and a bit more...

Even though a spectacular hack was pulled off on Imageshack, they've not fixed their bug yet.

The lazy developers behind the Indian Premier League (oh reely??) have not fixed their XSS and SQLi bugs either... In 2009 if you want to see a demo, of a site allowing "delete method" in databases please visit them :))

ZDNet that writes the special 0-day column, apart from regular security ramblings is "yet" to fix their bug, and Dancho danchev, one of the authors from their team is still replying to mail...

Adobe atleast fixed their bug even though it was late, and I applaud their security team / devs for their store.

Electronic arts
and blogarama haven't fixed their bugs just like the others, no I am not surprised

Probably, I'll write the next / final advisory update for this year in 3 to 4 months from now... Keep your eyes open !

Cheers :)
Kish

ESPN Shop - XSS

#########################
# Website: www.espnshop.com
# Real gear for Real "XSS" fans
# Date: 27.08.09
# Bug: Cross Site Scripting (XSS)
########################

Vuln URL: hxxp://www.espnshop.com


Click here for the demo

Learn input validation, and try to use it :)

Cheers,
Kish !

P.S: This was found and reported to ESPN in late 2008, but they're very active as you can see.

Thursday, June 25, 2009

Electronic Arts - XSS vulnerability

#########################
# Website: www.ea.com
# Date: 25.06.09
# Bug: XSS
########################

Vuln URL: hxxp://www.ea.com



Click here for the demo

FIFA 09 and the online game play rocks, but your website ?... not really ! pffft ...

Cheers :)
Kish

Friday, May 29, 2009

XSS in Blogarama

#########################
# Website: www.blogarama.com
# Date: 29.05.09
# Bug: XSS
########################

Vuln URL: hxxp://www.blogarama.com


Click here for the demo

Fix input validation in your website...

Cheers :)
Kish

Sunday, May 17, 2009

XSS in Adobe's Store

#############################
# Website: www.abobe.com
# Date: 17.05.09
# Bug: XSS
############################

Vuln URL: hxxps://store3.adobe.com


Click here to see the demo

Fix your input validation, and make shopping with adobe a good memory for the customer.

Cheers :)
Kish

Sunday, May 3, 2009

HTML Injection in ZDNET

############################
# Website: http://blogs.zdnet.com
# "Say hello to the experts"
# Bug: HTML Injection, XSS
# Date: 03.05.09
############################

Vuln URL: hxxp://blogs.zdnet.com


Click here to see the demo

Please advise people about web-application vulnerabilities, after you've fixed them ! *coughs*

Talking about input validation, their email form is a bad example... and can I use it to send my friend an email ? You bet... it's free email spoofing service, courtesy of ZDnet ;))

Cheers,
Kish

Saturday, April 25, 2009

XSS in Imageshack

################################
# Website: http://www.imageshack.us
# Bug: XSS
# Date: 25.04.09
##############################



Vuln URL: hxxp://www.imageshack.us

Click here for XSS demo

Fix your input validation.

Cheers,
Kish

Friday, March 27, 2009

XSS in NSA's website

################################
# Website: http://www.nsa.gov
# National "Security" Agency - oh really ?!
# Bug: XSS
# Date: 27.03.09
##############################


Vuln URL: hxxp://www.nsa.gov

Click for the XSS demo

Fix input validation in your page... Please be true to your THREE Letter acronym ;)

Cheers :)
Kish

Wednesday, March 11, 2009

Advisory updates: Q1 2009 and a few more ...

Advisory updates, First Quarter, 2009, and a few from 2008.



DMOZ search's xss was found 2 months back... and NASA's XSS at Goddard space flight center, was exactly a month ago...

The other findings, from Myspace, AVG antivirus, and ESET antivirus websites, are also not fixed ... considering that these websites have a good user base, and are expected to fix quickly.

HSBC haven't fixed their bug just yet ... but it is obvious, they're a bank and they want money... not security ;)

The Indian government website, has removed the page having input sanitization problems, instead of fixing it... still not bad ... they've taken some measures to stay at bay ...

Cheers :)
Kish

Monday, March 9, 2009

XSS in AVG website

#########################################
# Website: http://www.avg.com
# Bug: XSS
# Date: 09.03.09
########################################

Vuln URL: hxxp://www.avg.com

Screenshot

Click here for the demo

The AV vendors have failed to secure their websites, and their saga of web bugs, ranging from sql injection, earlier demonstrated by Romanian hackers, to the XSS bugs we're demonstrating will continue...

Fix input validation in your pages, the page affected is their "license" page...

Cheers :)
Kish