Re: [Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE
[ TABLES: 119 ] : jiaozhu table `jiaozhu` was made by the auto sql inject tool HDSI for a temp use... aparently this sql injection point have been f*cked by a chinese hacker before(maybe long long time ago)..:) On Sat, May 7, 2011 at 12:33 AM, d3hydr8 D d3hy...@hotmail.com wrote: ** (+) Authors : d3hydr8 (+) WebSite : darkode.com (+) Date : 06.05.2011 (+) Hour : 08:21 AM (+) Targets : CCAvenue.com (Payment Gateway) (+) Document: ESA.int Full Disclosure (UPDATED) (+) Method : Hidden SQL Injection ** [ + ] Date: Wed May 3 04:47:33 2011 [ + ] Displaying information about MSSQL host ! [ + ] @@VERSION : Microsoft SQL Server 2005 - 9.00.4035.00 (Intel X86) Nov 24 2008 13:01:59 Copyright (c) 1988-2005 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2) [ + ] USER () : iusr_ccavenueiusr_ccavenue [ + ] S_USER () : iusr_ccavenue [ + ] DB_NAME () : gateway [ + ] HOST_NAME () : AV-2 [ + ] SERVER_NAME () : AVDB-3 [ + ] SERVER_TYPE () : Apache/2.2.14 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 mod_jk/1.2.28 [ + ] X-POWERED-By () : Servlet 2.5; JBoss-5.0/JBossWeb-2.1 [ + ] IP_ADDRESS_INFO : 124.153.83.27 -- [ + ] Displaying list of databases on this MSSQL host ! [ DATABASE: 0 ] : gateway [ DATABASE: 1 ] : master [ DATABASE: 2 ] : tempdb [ DATABASE: 3 ] : model [ DATABASE: 4 ] : msdb [ DATABASE: 5 ] : Reseller - [ DATABASE: 0 ] : gateway [ + ] Displaying Tables inside DB: [ TABLES: 0 ] : addl_merchant_details [ TABLES: 1 ] : admin_details [ TABLES: 2 ] : Admn_dept_roles [ TABLES: 3 ] : Admn_depts [ TABLES: 4 ] : Admn_prvlg_grps [ TABLES: 5 ] : Admn_prvlgs [ TABLES: 6 ] : Admn_role_prvlgs [ TABLES: 7 ] : Admn_roles [ TABLES: 8 ] : Admn_user_prvlgs [ TABLES: 9 ] : Admn_users [ TABLES: 10 ] : amex_cc_details [ TABLES: 11 ] : AMEX_CCDETAILS [ TABLES: 12 ] : amex_mer_details [ TABLES: 13 ] : amtShopperCart [ TABLES: 14 ] : amtShopperCart_MMT [ TABLES: 15 ] : auctionPayment [ TABLES: 16 ] : Auto_cancel [ TABLES: 17 ] : Bop_bank [ TABLES: 18 ] : callcenter_user_login_history [ TABLES: 19 ] : ccav_default_charges [ TABLES: 20 ] : Ccav_genid [ TABLES: 21 ] : Ccav_links [ TABLES: 22 ] : ccav_merchant_options [ TABLES: 23 ] : ccav_payout_allocated_keys [ TABLES: 24 ] : ccav_payout_credit_logs [ TABLES: 25 ] : ccav_payout_credits [ TABLES: 26 ] : ccav_payout_credits_realtime_ [ TABLES: 27 ] : ccav_payout_debits [ TABLES: 28 ] : ccav_payout_debits_realtime_bkp [ TABLES: 29 ] : ccav_payout_details [ TABLES: 30 ] : ccav_payout_details_10MAY2010 [ TABLES: 31 ] : ccav_payout_details_10OCT2010 [ TABLES: 32 ] : ccav_payout_details_12AUG2010 [ TABLES: 33 ] : ccav_payout_details_temp [ TABLES: 34 ] : ccav_payout_summaries_10MAY2010 [ TABLES: 35 ] : ccav_payout_summaries_10OCT2010 [ TABLES: 36 ] : ccav_payout_summaries_12AUG2010 [ TABLES: 37 ] : ccav_payout_summaries_temp [ TABLES: 38 ] : ccav_pending_authorizations [ TABLES: 39 ] : ccav_pending_authorizations_20100918 [ TABLES: 40 ] : ccav_pending_authorizations_20100924 [ TABLES: 41 ] : ccav_recon_sheets [ TABLES: 42 ] : ccav_recon_sheets_20100918 [ TABLES: 43 ] : ccav_recon_sheets_20100924 [ TABLES: 44 ] : Ccav_sms_providers [ TABLES: 45 ] : CCAV_tracking_ids [ TABLES: 46 ] : CCAV_tracking_ids_20100918 [ TABLES: 47 ] : ccav_tracking_ids_20100924 [ TABLES: 48 ] : ccav_trans_status_logs [ TABLES: 49 ] : CCAV_transactions [ TABLES: 50 ] : CCAV_transactions_20100918 [ TABLES: 51 ] : ccav_transactions_20100924 [ TABLES: 52 ] : CCAV_transactions_logs [ TABLES: 53 ] : CCAV_transactions_logs_20100918 [ TABLES: 54 ] : ccav_transactions_logs_20100924 [ TABLES: 55 ] : ccav_transactions_realtime_bkp [ TABLES: 56 ] : ccavenue_scheduler_logs [ TABLES: 57 ] : centurion_debit [ TABLES: 58 ] : Chrc_contact_dets [ TABLES: 59 ] : Chrc_contact_dets_20100918 [ TABLES: 60 ] : Chrc_feedback_dets [ TABLES: 61 ] : Chrc_feedback_dets_20100918 [ TABLES: 62 ] : Chrc_reasons [ TABLES: 63 ] : Chrc_reasons_20100918 [ TABLES: 64 ] : Chrc_srch_dets [ TABLES: 65 ] : Chrc_srch_dets_20100918 [ TABLES: 66 ] : Citi_TxtLog_Child [ TABLES: 67 ] : Citi_TxtLog_Parent [ TABLES: 68 ] : citibank_cc_details [ TABLES: 69 ] : citibank_log [ TABLES: 70 ] : citibank_wkey [ TABLES: 71 ] : COMMISSION [ TABLES: 72 ] : Commission_log [ TABLES: 73 ] : countries [ TABLES: 74 ] : country [ TABLES: 75 ] : country_ip [ TABLES: 76 ] : cpa_20100924 [ TABLES: 77 ] : crs_20100924 [ TABLES: 78 ] : ct_20100918 [ TABLES: 79 ] : ct_20100924 [ TABLES: 80 ] :
Re: [Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE
Hi The company CEO denies the attack claims that the images posted are fake :) http://packetstormsecurity.org/news/view/19110/CCAvenue-Denies-Hacking-Attack.html ~w0lf On Sat, May 7, 2011 at 11:36 AM, CnCxzSec衰仔 cncxzh...@gmail.com wrote: [ TABLES: 119 ] : jiaozhu table `jiaozhu` was made by the auto sql inject tool HDSI for a temp use... aparently this sql injection point have been f*cked by a chinese hacker before(maybe long long time ago)..:) On Sat, May 7, 2011 at 12:33 AM, d3hydr8 D d3hy...@hotmail.com wrote: ** (+) Authors : d3hydr8 (+) WebSite : darkode.com (+) Date : 06.05.2011 (+) Hour : 08:21 AM (+) Targets : CCAvenue.com (Payment Gateway) (+) Document: ESA.int Full Disclosure (UPDATED) (+) Method : Hidden SQL Injection ** [ + ] Date: Wed May 3 04:47:33 2011 [ + ] Displaying information about MSSQL host ! [ + ] @@VERSION : Microsoft SQL Server 2005 - 9.00.4035.00 (Intel X86) Nov 24 2008 13:01:59 Copyright (c) 1988-2005 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2) [ + ] USER () : iusr_ccavenueiusr_ccavenue [ + ] S_USER () : iusr_ccavenue [ + ] DB_NAME () : gateway [ + ] HOST_NAME () : AV-2 [ + ] SERVER_NAME () : AVDB-3 [ + ] SERVER_TYPE () : Apache/2.2.14 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 mod_jk/1.2.28 [ + ] X-POWERED-By () : Servlet 2.5; JBoss-5.0/JBossWeb-2.1 [ + ] IP_ADDRESS_INFO : 124.153.83.27 -- [ + ] Displaying list of databases on this MSSQL host ! [ DATABASE: 0 ] : gateway [ DATABASE: 1 ] : master [ DATABASE: 2 ] : tempdb [ DATABASE: 3 ] : model [ DATABASE: 4 ] : msdb [ DATABASE: 5 ] : Reseller - [ DATABASE: 0 ] : gateway [ + ] Displaying Tables inside DB: [ TABLES: 0 ] : addl_merchant_details [ TABLES: 1 ] : admin_details [ TABLES: 2 ] : Admn_dept_roles [ TABLES: 3 ] : Admn_depts [ TABLES: 4 ] : Admn_prvlg_grps [ TABLES: 5 ] : Admn_prvlgs [ TABLES: 6 ] : Admn_role_prvlgs [ TABLES: 7 ] : Admn_roles [ TABLES: 8 ] : Admn_user_prvlgs [ TABLES: 9 ] : Admn_users [ TABLES: 10 ] : amex_cc_details [ TABLES: 11 ] : AMEX_CCDETAILS [ TABLES: 12 ] : amex_mer_details [ TABLES: 13 ] : amtShopperCart [ TABLES: 14 ] : amtShopperCart_MMT [ TABLES: 15 ] : auctionPayment [ TABLES: 16 ] : Auto_cancel [ TABLES: 17 ] : Bop_bank [ TABLES: 18 ] : callcenter_user_login_history [ TABLES: 19 ] : ccav_default_charges [ TABLES: 20 ] : Ccav_genid [ TABLES: 21 ] : Ccav_links [ TABLES: 22 ] : ccav_merchant_options [ TABLES: 23 ] : ccav_payout_allocated_keys [ TABLES: 24 ] : ccav_payout_credit_logs [ TABLES: 25 ] : ccav_payout_credits [ TABLES: 26 ] : ccav_payout_credits_realtime_ [ TABLES: 27 ] : ccav_payout_debits [ TABLES: 28 ] : ccav_payout_debits_realtime_bkp [ TABLES: 29 ] : ccav_payout_details [ TABLES: 30 ] : ccav_payout_details_10MAY2010 [ TABLES: 31 ] : ccav_payout_details_10OCT2010 [ TABLES: 32 ] : ccav_payout_details_12AUG2010 [ TABLES: 33 ] : ccav_payout_details_temp [ TABLES: 34 ] : ccav_payout_summaries_10MAY2010 [ TABLES: 35 ] : ccav_payout_summaries_10OCT2010 [ TABLES: 36 ] : ccav_payout_summaries_12AUG2010 [ TABLES: 37 ] : ccav_payout_summaries_temp [ TABLES: 38 ] : ccav_pending_authorizations [ TABLES: 39 ] : ccav_pending_authorizations_20100918 [ TABLES: 40 ] : ccav_pending_authorizations_20100924 [ TABLES: 41 ] : ccav_recon_sheets [ TABLES: 42 ] : ccav_recon_sheets_20100918 [ TABLES: 43 ] : ccav_recon_sheets_20100924 [ TABLES: 44 ] : Ccav_sms_providers [ TABLES: 45 ] : CCAV_tracking_ids [ TABLES: 46 ] : CCAV_tracking_ids_20100918 [ TABLES: 47 ] : ccav_tracking_ids_20100924 [ TABLES: 48 ] : ccav_trans_status_logs [ TABLES: 49 ] : CCAV_transactions [ TABLES: 50 ] : CCAV_transactions_20100918 [ TABLES: 51 ] : ccav_transactions_20100924 [ TABLES: 52 ] : CCAV_transactions_logs [ TABLES: 53 ] : CCAV_transactions_logs_20100918 [ TABLES: 54 ] : ccav_transactions_logs_20100924 [ TABLES: 55 ] : ccav_transactions_realtime_bkp [ TABLES: 56 ] : ccavenue_scheduler_logs [ TABLES: 57 ] : centurion_debit [ TABLES: 58 ] : Chrc_contact_dets [ TABLES: 59 ] : Chrc_contact_dets_20100918 [ TABLES: 60 ] : Chrc_feedback_dets [ TABLES: 61 ] : Chrc_feedback_dets_20100918 [ TABLES: 62 ] : Chrc_reasons [ TABLES: 63 ] : Chrc_reasons_20100918 [ TABLES: 64 ] : Chrc_srch_dets [ TABLES: 65 ] : Chrc_srch_dets_20100918 [ TABLES: 66 ] : Citi_TxtLog_Child [ TABLES: 67 ] : Citi_TxtLog_Parent [ TABLES: 68 ] : citibank_cc_details [ TABLES: 69 ] : citibank_log [ TABLES: 70 ] : citibank_wkey [ TABLES: 71 ] : COMMISSION [ TABLES: 72
Re: [Full-disclosure] CCAvenue.com Payment Gateway Vulnerable SQL Injection UPDATE
The same thing as the CCbill, CEO has denied that their portal has been hacked/ had SQL injection vulnerabilities. - MG Wiadomość napisana przez w0lf w dniu 2011-05-07, o godz. 11:53: Hi The company CEO denies the attack claims that the images posted are fake :) http://packetstormsecurity.org/news/view/19110/CCAvenue-Denies-Hacking-Attack.html ~w0lf On Sat, May 7, 2011 at 11:36 AM, CnCxzSec衰仔 cncxzh...@gmail.com wrote: [ TABLES: 119 ] : jiaozhu table `jiaozhu` was made by the auto sql inject tool HDSI for a temp use... aparently this sql injection point have been f*cked by a chinese hacker before(maybe long long time ago)..:) On Sat, May 7, 2011 at 12:33 AM, d3hydr8 D d3hy...@hotmail.com wrote: ** (+) Authors : d3hydr8 (+) WebSite : darkode.com (+) Date : 06.05.2011 (+) Hour : 08:21 AM (+) Targets : CCAvenue.com (Payment Gateway) (+) Document: ESA.int Full Disclosure (UPDATED) (+) Method : Hidden SQL Injection ** [ + ] Date: Wed May 3 04:47:33 2011 [ + ] Displaying information about MSSQL host ! [ + ] @@VERSION : Microsoft SQL Server 2005 - 9.00.4035.00 (Intel X86) Nov 24 2008 13:01:59 Copyright (c) 1988-2005 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2) [ + ] USER () : iusr_ccavenueiusr_ccavenue [ + ] S_USER () : iusr_ccavenue [ + ] DB_NAME () : gateway [ + ] HOST_NAME () : AV-2 [ + ] SERVER_NAME () : AVDB-3 [ + ] SERVER_TYPE () : Apache/2.2.14 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 mod_jk/1.2.28 [ + ] X-POWERED-By () : Servlet 2.5; JBoss-5.0/JBossWeb-2.1 [ + ] IP_ADDRESS_INFO : 124.153.83.27 -- [ + ] Displaying list of databases on this MSSQL host ! [ DATABASE: 0 ] : gateway [ DATABASE: 1 ] : master [ DATABASE: 2 ] : tempdb [ DATABASE: 3 ] : model [ DATABASE: 4 ] : msdb [ DATABASE: 5 ] : Reseller - [ DATABASE: 0 ] : gateway [ + ] Displaying Tables inside DB: [ TABLES: 0 ] : addl_merchant_details [ TABLES: 1 ] : admin_details [ TABLES: 2 ] : Admn_dept_roles [ TABLES: 3 ] : Admn_depts [ TABLES: 4 ] : Admn_prvlg_grps [ TABLES: 5 ] : Admn_prvlgs [ TABLES: 6 ] : Admn_role_prvlgs [ TABLES: 7 ] : Admn_roles [ TABLES: 8 ] : Admn_user_prvlgs [ TABLES: 9 ] : Admn_users [ TABLES: 10 ] : amex_cc_details [ TABLES: 11 ] : AMEX_CCDETAILS [ TABLES: 12 ] : amex_mer_details [ TABLES: 13 ] : amtShopperCart [ TABLES: 14 ] : amtShopperCart_MMT [ TABLES: 15 ] : auctionPayment [ TABLES: 16 ] : Auto_cancel [ TABLES: 17 ] : Bop_bank [ TABLES: 18 ] : callcenter_user_login_history [ TABLES: 19 ] : ccav_default_charges [ TABLES: 20 ] : Ccav_genid [ TABLES: 21 ] : Ccav_links [ TABLES: 22 ] : ccav_merchant_options [ TABLES: 23 ] : ccav_payout_allocated_keys [ TABLES: 24 ] : ccav_payout_credit_logs [ TABLES: 25 ] : ccav_payout_credits [ TABLES: 26 ] : ccav_payout_credits_realtime_ [ TABLES: 27 ] : ccav_payout_debits [ TABLES: 28 ] : ccav_payout_debits_realtime_bkp [ TABLES: 29 ] : ccav_payout_details [ TABLES: 30 ] : ccav_payout_details_10MAY2010 [ TABLES: 31 ] : ccav_payout_details_10OCT2010 [ TABLES: 32 ] : ccav_payout_details_12AUG2010 [ TABLES: 33 ] : ccav_payout_details_temp [ TABLES: 34 ] : ccav_payout_summaries_10MAY2010 [ TABLES: 35 ] : ccav_payout_summaries_10OCT2010 [ TABLES: 36 ] : ccav_payout_summaries_12AUG2010 [ TABLES: 37 ] : ccav_payout_summaries_temp [ TABLES: 38 ] : ccav_pending_authorizations [ TABLES: 39 ] : ccav_pending_authorizations_20100918 [ TABLES: 40 ] : ccav_pending_authorizations_20100924 [ TABLES: 41 ] : ccav_recon_sheets [ TABLES: 42 ] : ccav_recon_sheets_20100918 [ TABLES: 43 ] : ccav_recon_sheets_20100924 [ TABLES: 44 ] : Ccav_sms_providers [ TABLES: 45 ] : CCAV_tracking_ids [ TABLES: 46 ] : CCAV_tracking_ids_20100918 [ TABLES: 47 ] : ccav_tracking_ids_20100924 [ TABLES: 48 ] : ccav_trans_status_logs [ TABLES: 49 ] : CCAV_transactions [ TABLES: 50 ] : CCAV_transactions_20100918 [ TABLES: 51 ] : ccav_transactions_20100924 [ TABLES: 52 ] : CCAV_transactions_logs [ TABLES: 53 ] : CCAV_transactions_logs_20100918 [ TABLES: 54 ] : ccav_transactions_logs_20100924 [ TABLES: 55 ] : ccav_transactions_realtime_bkp [ TABLES: 56 ] : ccavenue_scheduler_logs [ TABLES: 57 ] : centurion_debit [ TABLES: 58 ] : Chrc_contact_dets [ TABLES: 59 ] : Chrc_contact_dets_20100918 [ TABLES: 60 ] : Chrc_feedback_dets [ TABLES: 61 ] : Chrc_feedback_dets_20100918 [ TABLES: 62 ] : Chrc_reasons [ TABLES: 63 ] : Chrc_reasons_20100918 [ TABLES: 64 ] : Chrc_srch_dets [ TABLES: 65 ] :
Re: [Full-disclosure] CCAvenue Payment Gateway SQL Injection Vulnerability
so difficult to use pangolin :-) wtf /antisnatchor iSpy Team wrote: [ TABLES: 156 ] : pangolin_test_table ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF
On Fri, 06 May 2011 15:49:31 -0300, Gustavo said: WTF ? notebook:~$ ping www.compusa.com PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. www.compusa.com and www.tigerdirect.com are Akamai'zed. They play DNS games to point you at the nearest Akamai cache server (technically speaking, they use the one nearest your DNS resolver). So for www.compusa.com, it goes something like this: www.compusa.com.60 IN CNAME compusa.syx.com.akadns.net. compusa.syx.com.akadns.net. 300 IN CNAME www.compusa.com.edgekey.net. www.compusa.com.edgekey.net. 300 IN CNAME e3531.b.akamaiedge.net. e3531.b.akamaiedge.net. 20 IN A 173.223.190.102 (The final akamaiedge.net address will depend on where in the Internet you are) The fact that bh.georedirector.akadns.net got referenced in the ping most likely means Akamai got confused where you are and has no *clue* which cache is closest to you. pgpZF8R6baZzf.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WTF
Guess you got nulled On 05/06/2011 11:49 AM, Gustavo wrote: WTF ? notebook:~$ ping www.compusa.com PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 ms notebook:~$ ping www.tigerdirect.com PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.022 ms ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ 0x34C1CCB7.asc Description: application/pgp-keys ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] CCAvenue.com Payment Gateway Vulnerable Secret SQL Injection
** (+) Authors : iSpyTeam (+) WebSite : iSpyTeam.com (+) Date : 06.05.2011 (+) Hour : 22:16 PM (+) Targets : CCAvenue.com (Payment Gateway) (+) Document: ESA.int Full Disclosure (UPDATED) (+) Method : Hidden SQL Injection ** [ + ] Date: Tue May 3 04:47:33 2011 [ + ] Displaying information about MSSQL host ! [ + ] @@VERSION : Microsoft SQL Server 2005 - 9.00.4035.00 (Intel X86) Nov 24 2008 13:01:59 Copyright (c) 1988-2005 Microsoft Corporation Enterprise Edition on Windows NT 5.2 (Build 3790: Service Pack 2) [ + ] USER () : iusr_ccavenueiusr_ccavenue [ + ] S_USER () : iusr_ccavenue [ + ] DB_NAME () : gateway [ + ] HOST_NAME () : AV-2 [ + ] SERVER_NAME () : AVDB-3 [ + ] SERVER_TYPE () : Apache/2.2.14 (Unix) mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5 mod_jk/1.2.28 [ + ] X-POWERED-By () : Servlet 2.5; JBoss-5.0/JBossWeb-2.1 [ + ] IP_ADDRESS_INFO : 124.153.83.27 -- [ + ] Displaying list of databases on this MSSQL host ! [ DATABASE: 0 ] : gateway [ DATABASE: 1 ] : master [ DATABASE: 2 ] : tempdb [ DATABASE: 3 ] : model [ DATABASE: 4 ] : msdb [ DATABASE: 5 ] : Reseller - [ DATABASE: 0 ] : gateway [ + ] Displaying Tables inside DB: [ TABLES: 0 ] : addl_merchant_details [ TABLES: 1 ] : admin_details [ TABLES: 2 ] : Admn_dept_roles [ TABLES: 3 ] : Admn_depts [ TABLES: 4 ] : Admn_prvlg_grps [ TABLES: 5 ] : Admn_prvlgs [ TABLES: 6 ] : Admn_role_prvlgs [ TABLES: 7 ] : Admn_roles [ TABLES: 8 ] : Admn_user_prvlgs [ TABLES: 9 ] : Admn_users [ TABLES: 10 ] : amex_cc_details [ TABLES: 11 ] : AMEX_CCDETAILS [ TABLES: 12 ] : amex_mer_details [ TABLES: 13 ] : amtShopperCart [ TABLES: 14 ] : amtShopperCart_MMT [ TABLES: 15 ] : auctionPayment [ TABLES: 16 ] : Auto_cancel [ TABLES: 17 ] : Bop_bank [ TABLES: 18 ] : callcenter_user_login_history [ TABLES: 19 ] : ccav_default_charges [ TABLES: 20 ] : Ccav_genid [ TABLES: 21 ] : Ccav_links [ TABLES: 22 ] : ccav_merchant_options [ TABLES: 23 ] : ccav_payout_allocated_keys [ TABLES: 24 ] : ccav_payout_credit_logs [ TABLES: 25 ] : ccav_payout_credits [ TABLES: 26 ] : ccav_payout_credits_realtime_ [ TABLES: 27 ] : ccav_payout_debits [ TABLES: 28 ] : ccav_payout_debits_realtime_bkp [ TABLES: 29 ] : ccav_payout_details [ TABLES: 30 ] : ccav_payout_details_10MAY2010 [ TABLES: 31 ] : ccav_payout_details_10OCT2010 [ TABLES: 32 ] : ccav_payout_details_12AUG2010 [ TABLES: 33 ] : ccav_payout_details_temp [ TABLES: 34 ] : ccav_payout_summaries_10MAY2010 [ TABLES: 35 ] : ccav_payout_summaries_10OCT2010 [ TABLES: 36 ] : ccav_payout_summaries_12AUG2010 [ TABLES: 37 ] : ccav_payout_summaries_temp [ TABLES: 38 ] : ccav_pending_authorizations [ TABLES: 39 ] : ccav_pending_authorizations_20100918 [ TABLES: 40 ] : ccav_pending_authorizations_20100924 [ TABLES: 41 ] : ccav_recon_sheets [ TABLES: 42 ] : ccav_recon_sheets_20100918 [ TABLES: 43 ] : ccav_recon_sheets_20100924 [ TABLES: 44 ] : Ccav_sms_providers [ TABLES: 45 ] : CCAV_tracking_ids [ TABLES: 46 ] : CCAV_tracking_ids_20100918 [ TABLES: 47 ] : ccav_tracking_ids_20100924 [ TABLES: 48 ] : ccav_trans_status_logs [ TABLES: 49 ] : CCAV_transactions [ TABLES: 50 ] : CCAV_transactions_20100918 [ TABLES: 51 ] : ccav_transactions_20100924 [ TABLES: 52 ] : CCAV_transactions_logs [ TABLES: 53 ] : CCAV_transactions_logs_20100918 [ TABLES: 54 ] : ccav_transactions_logs_20100924 [ TABLES: 55 ] : ccav_transactions_realtime_bkp [ TABLES: 56 ] : ccavenue_scheduler_logs [ TABLES: 57 ] : centurion_debit [ TABLES: 58 ] : Chrc_contact_dets [ TABLES: 59 ] : Chrc_contact_dets_20100918 [ TABLES: 60 ] : Chrc_feedback_dets [ TABLES: 61 ] : Chrc_feedback_dets_20100918 [ TABLES: 62 ] : Chrc_reasons [ TABLES: 63 ] : Chrc_reasons_20100918 [ TABLES: 64 ] : Chrc_srch_dets [ TABLES: 65 ] : Chrc_srch_dets_20100918 [ TABLES: 66 ] : Citi_TxtLog_Child [ TABLES: 67 ] : Citi_TxtLog_Parent [ TABLES: 68 ] : citibank_cc_details [ TABLES: 69 ] : citibank_log [ TABLES: 70 ] : citibank_wkey [ TABLES: 71 ] : COMMISSION [ TABLES: 72 ] : Commission_log [ TABLES: 73 ] : countries [ TABLES: 74 ] : country [ TABLES: 75 ] : country_ip [ TABLES: 76 ] : cpa_20100924 [ TABLES: 77 ] : crs_20100924 [ TABLES: 78 ] : ct_20100918 [ TABLES: 79 ] : ct_20100924 [ TABLES: 80 ] : ct_20101005 [ TABLES: 81 ] : ctl_20100924 [ TABLES: 82 ] : custShopCart [ TABLES: 83 ] : custShopCart_20100918 [ TABLES: 84 ] : custshopcart_20100924 [ TABLES: 85 ] : custShopperCart [ TABLES: 86 ] : DB_SCHEMA [ TABLES: 87 ] : Deprecated_Payment_Invoice [ TABLES: 88 ] : Deprecated_Payment_Invoice_Logs [ TABLES: 89 ] : Dr_Cr_Notes [ TABLES: 90 ] : dtproperties [ TABLES: 91 ] : dummy_shopper_details [ TABLES:
Re: [Full-disclosure] WTF
Works fine for me on Windows. C:\ping www.compusa.com Pinging e3531.b.akamaiedge.net [96.17.206.102] with 32 bytes of data: Reply from 96.17.206.102: bytes=32 time=15ms TTL=58 Reply from 96.17.206.102: bytes=32 time=16ms TTL=58 Reply from 96.17.206.102: bytes=32 time=16ms TTL=58 Reply from 96.17.206.102: bytes=32 time=16ms TTL=58 Ping statistics for 96.17.206.102: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 15ms, Maximum = 16ms, Average = 15ms On Sat, May 7, 2011 at 12:27 AM, ksha k...@mitm.cl wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 05/06/2011 11:15 PM, Nick Boyce wrote: On Fri, May 6, 2011 at 6:49 PM, Gustavo gustavorober...@gmail.comgustavorober...@gmail.com wrote: WTF ? notebook:~$ ping www.compusa.com PING bh.georedirector.akadns.net (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost.localdomain (127.0.0.1): icmp_req=1 ttl=64 time=0.019 ms Same here ... this time on Windows : F:\ping www.compusa.com Pinging bh.georedirector.akadns.net [127.0.0.1] with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time1ms TTL=128 Reply from 127.0.0.1: bytes=32 time1ms TTL=128 Reply from 127.0.0.1: bytes=32 time1ms TTL=128 Reply from 127.0.0.1: bytes=32 time1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms F:\nslookup www.compusa.com Server: Address: 9 Non-authoritative answer: Name: bh.georedirector.akadns.net Address: 127.0.0.1 Aliases: www.compusa.com, compusa.syx.com.akadns.net Normally I'd say that's a DNS config screwup, which would make them unreachable (since their website is not on my system). However, Google seems to be able to reach them if you use the site preview option in the search results : http://www.google.com/search?q=www.compusa.com Curious. Relevant: http://forums.opendns.com/comments.php?DiscussionID=9721 Nick -- Leave the Olympics in Greece, where they belong. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ About dns ;; ADDITIONAL SECTION: ns01.highspeedbackbone.net. 240003 INA199.181.77.21 ns02.highspeedbackbone.net. 240003 INA199.181.78.22 ns03.highspeedbackbone.net. 240003 INA199.181.77.23 ns04.highspeedbackbone.net. 240003 INA199.181.78.24 testing one by one ... [ksha@warbof ~]$ dig compusa.com @199.181.77.21 AXFR ; DiG 9.8.0 compusa.com @199.181.77.21 AXFR ;; global options: +cmd ; Transfer failed. [ksha@warbof ~]$ dig compusa.com @199.181.78.22 AXFR ; DiG 9.8.0 compusa.com @199.181.78.22 AXFR ;; global options: +cmd ; Transfer failed. [ksha@warbof ~]$ dig compusa.com @199.181.77.23 AXFR ; DiG 9.8.0 compusa.com @199.181.77.23 AXFR ;; global options: +cmd ; Transfer failed. and the last allow zone transfer. compusa.com.86400INSOAns03.highspeedbackbone.net. hostmaster.highspeedbackbone.net. 2008134189 10800 3600 604800 3600 compusa.com.86400INTXTv=spf1 ip4:206.191.131.0/24 mx -all compusa.com.86400INMX10 mail.highspeedbackbone.net. compusa.com.86400INNSns01.highspeedbackbone.net. compusa.com.86400INNSns02.highspeedbackbone.net. compusa.com.86400INNSns03.highspeedbackbone.net. compusa.com.86400INNSns04.highspeedbackbone.net. compusa.com.900INA206.181.131.221 compusa.com.900INA206.181.131.220 nap.miadk._domainkey.compusa.com. 5 INTXTt=y\; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ5YnwXcWzCFY6fvQ1Gd6tzI97rvvOw9PVjoekWbja1reGBMfjJ+rfwsJCQavPadAUAKbs46KUDubUgcmwe1oU9abJ3APStwgcxMXlWfvlhuSXmyDHG+HQAIrk0PsR7BBwIDAQAB\; nap.miadkim._domainkey.compusa.com. 5 IN TXTv=DKIM1\; t=y:s\; p=MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAJ5YnwXcWzCFY6fvQ1Gd6tzI97rvvOw9PVjoekWbja1reGBMfjJ+rfwsJCQavPadAUAKbs46KUDubUgcmwe1oU9abJ3APStwgcxMXlWfvlhuSXmyDHG+HQAIrk0PsR7BBwIDAQAB\; _sip._tls.compusa.com.300INSRV0 0 443 sip.compusa.com. answers.compusa.com.86400INCNAME web220.highspeedbackbone.net. autodiscover.compusa.com. 300INA10.100.100.108 community.compusa.com.86400INCNAME web220.highspeedbackbone.net. comp.compusa.com.900INA206.181.131.89 comp.compusa.com.900INA206.181.131.49 dubdubdub.compusa.com.60INCNAME www.compusa.com.edgekey.net. forums.compusa.com.86400INCNAME web220.highspeedbackbone.net. help.compusa.com.86400INNSns02.highspeedbackbone.net. help.compusa.com.86400INNSns01.highspeedbackbone.net.
Re: [Full-disclosure] VMSA-2011-0008 VMware vCenter Server and vSphere Client security vulnerabilities
Hi... Quick question. As cloud virtualization becomes an increasingly popular trend now for enterprises companies and VMWare is sought after in most cases to supply the infrastructure, where does VMWare stand from a vulnerability standpoint when it comes to publicized attacks such as Guest Stealer and the vulnerabilities that Metasploit's VASTO module aims to take advantage of. What I hope to be the case is that VMWare has patched all of the exploits that would make a script-kiddies efforts a waste of time when launching Metasploit and throwing a bunch of exploits from the VASTO module against a VMWare environment. Forgive me if this is something that has already been discussed or the vulnerability has been plugged. I do intend on setting up ESXi in my own lab and running some of the VASTO modules, but I figured I would go to the source and bounce the question off a VMWare Security expert. VASTO guest_stealer Demonstration - just to name one particular payload. http://www.youtube.com/watch?v=b_5yg_xg6Y4 Thanks in advance for your time. J K On May 6, 2011, at 1:35 AM, VMware Security Team wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - VMware Security Advisory Advisory ID: VMSA-2011-0008 Synopsis: VMware vCenter Server and vSphere Client security vulnerabilities Issue date:2011-05-05 Updated on:2011-05-05 (initial release of advisory) CVE numbers: CVE-2011-0426 CVE-2011-1788 CVE-2011-1789 - 1. Summary VMware vCenter Server directory traversal and information disclosure vulnerabilities. vSphere Client Installer is delivered through an unsigned package. 2. Relevant releases vCenter Server 4.1 GA vCenter Server 4.0 Update 2 and earlier VirtualCenter 2.5 Update 6 and earlier ESXi 4.1 GA ESXi 4.0 without patch ESXi400-201103402-SG ESX 4.1 GA ESX 4.0 without patch ESX400-201103401-SG 3. Problem Description a. vCenter Server Directory Traversal vulnerability A directory traversal vulnerability allows an attacker to remotely retrieve files from vCenter Server without authentication. In order to exploit this vulnerability, the attacker will need to have access to the network on which the vCenter Server host resides. In case vCenter Server is installed on Windows 2008 or Windows 2008 R2, the security vulnerability is not present. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-0426 to this issue. VMware Product Running Replace with/ ProductVersion on Apply Patch = === = vCenter4.1 Windows Update 1 * vCenter4.0 Windows Update 3 * VirtualCenter 2.5 Windows Update 6a hosted ** any any not affected ESXi any ESXi not affected ESXany ESX not affected * vCenter 4.1 and vCenter 4.0 installed on Windows 2008 or Windows 2008 R2 is not affected ** hosted products are VMware Workstation, Player, ACE, Fusion. b. vCenter Server SOAP ID disclosure The SOAP session ID can be retrieved by any user that is logged in to vCenter Server. This might allow a local unprivileged user on vCenter Server to elevate his or her privileges. VMware would like to thank Claudio Criscione for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2011-1788 to this issue. VMware Product Running Replace with/ ProductVersion on Apply Patch = === = vCenter4.1 Windows Update 1 vCenter4.0 Windows Update 3 VirtualCenter 2.5 Windows not affected hosted * any any not affected ESXi any ESXi not affected ESXany ESX not affected * hosted products are VMware Workstation, Player, ACE, Fusion. c. vSphere Client Installer package not digitally signed The digitally signed vSphere Client installer is packaged in a self-extracting installer package which is not digitally signed. As a result, when you run the install package file to extract and start installing, the vSphere Client installer may display a Windows warning message stating that the publisher of the install package cannot be verified. The vSphere Client Installer package of the following product versions is now digitally signed: vCenter Server 4.1 Update 1 vCenter Server 4.0 Update 3 ESXi 4.1 Update 1 ESXi 4.0 with patch ESXi400-201103402-SG ESX 4.1 Update 1 ESX 4.0 with