lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <8738a29b0908082256q2ebdadc6t30abc336d8a074dd@mail.gmail.com>
Date: Sun, 9 Aug 2009 11:26:48 +0530
From: Sky <whitematrix@...il.com>
To: full-disclosure@...ts.grok.org.uk, lists@...samer-threads.com, 
	full-disclosure@...ts.netsys.com, dailydave@...ts.immunitysec.com, 
	bugtraq@...urityfocus.com, editor@...urityfocus.com
Subject: Hindustan Times epaper Server Hacked

Hindustan Times epaper Server Hacked
http://sky.net.in/hindustan-times-epaper-server-hacked/

Hindustan Times (HT) is India’s leading newspaper, published since 1924 with
roots in the independence movement. In 2008, the newspaper reported that
with a (circulation of over 1.14 million) ranking them as the third largest
circulatory daily English Newspaper in India. The Mumbai edition was
launched on 14 July 2005. HT has a readership of (6.6 million) ranking them
as the second most widely read English Newspaper after Times of India.
(Source: Wikipedia article on Hindustan Times) -
http://en.wikipedia.org/wiki/Hindustan_Times

HindustanTimes + Hindustan epaper Server Hacked
http://lh4.ggpht.com/_gbWPSul_tCM/Sn5UNhLLVYI/AAAAAAAAASM/JY9bc67HV14/s800/hindustan_times_hacked.jpg

Why was Hindustan Times (HT) epaper Server Hacked ?

Many people think that Hindustan Times (HT) (English Edition) + Hindustan
(Hindi Edition) is available on the internet free of cost, HT Media has made
it compulsory to register on their website in order to read the daily online
edition of their published newspapers, on completion of registration HT
Media provides you instant access to read daily edition, the CATCH is – you
can only read the daily edition + past seven days editions (from the current
date) as a free user, whileas if you wanna read any edition beyond seven
days, you will have to pay a huge (rip off) amount to HT Media (in the name
of digital archive subscription)


Registration Information Collected by HindustanTimes
http://lh6.ggpht.com/_gbWPSul_tCM/Sn5WIrsZxcI/AAAAAAAAASs/Lc6NaQzxEfk/s800/HT_registration.jpg

Free HindustanTimes Editions
http://lh6.ggpht.com/_gbWPSul_tCM/Sn5UN35Yx5I/AAAAAAAAASU/6THfLaMu00M/s800/HT_free_editions.jpg

Restricted Access to HindustanTimes epaper Archives
http://lh4.ggpht.com/_gbWPSul_tCM/Sn5UN5umsJI/AAAAAAAAASY/5_SfNzOEm7w/s800/HT_newspaper_subscribe.jpg

Archive Subscription Charges for HindustanTimes is a total Rip Off
http://lh4.ggpht.com/_gbWPSul_tCM/Sn5ViIwx2aI/AAAAAAAAASo/6TMgKDuc6Vg/s800/HT_archive_charges.jpg


As a hacker, i think its not fair (for anyone) to loot common people and
sell (publicly gained) information in such a way, so i decided to peek
inside the server and find some bugs / architectural flaws which would allow
me to access past newspaper (Images / PDF) editions for free

Within a couple of hours, i managed to find some bugs / architectural flaws
(& vulnerabilities) which gave out free access to the past (Images / PDF)
newspaper editions

Calvin and Hobbes publishing error

I used to search the newspaper (HT hard copy) every morning for technology
related news (hoping any Indian journalist must have written some piece)
that went on for like weeks and then i started reading Calvin and Hobbes
(the comic strip) every day published in HT Cafe

On 2nd / 4th / 9th June, Hindustan Times (HT) published the same Calvin and
Hobbes strip, how should i react against this publishing error by Hindustan
Times, as a fan of Calvin and Hobbes, i expect new comic strip every day

Checkout the exact same Calvin and Hobbes strip published thrice on various
days in the single month of June (2009)

    2nd June

http://epaper.hindustantimes.com/Web/HTMumbai/Article/2009/06/02/538/02_06_2009_538_013.jpg

    9th June

http://epaper.hindustantimes.com/Web/HTMumbai/Article/2009/06/09/538/09_06_2009_538_002.jpg

    4th June

http://epaper.hindustantimes.com/Web/HTMumbai/Article/2009/06/04/538/04_06_2009_538_006.jpg

Informing the privileged authorities

On 10th July 2009, i informed the editor and other top most authorities @
HindustanTimes via email regarding the serious bugs / flaws (&
vulnerabilities) on their ePaper Server which can be exploited to compromise
data and cause financial losses for HT Media

My email to HindustanTimes
http://lh5.ggpht.com/_gbWPSul_tCM/Sn5WJt3UKGI/AAAAAAAAAS0/KOnhjTtBNnk/s800/my_email_hindustan_times.jpg

Rashmi Chugh's reply to me
http://lh4.ggpht.com/_gbWPSul_tCM/Sn5W9mSD0pI/AAAAAAAAATI/O5hazb5IIY4/s800/rashmi_livemint_reply.jpg

Although i received a reply from Rashmi Chugh (Business Head and Publisher,
LIVEMINT) within 3 minutes, i waited for 24 hours to receive other
recipients reply (as i wanted to know what they thought about the issue) but
sadly no one replied back except Rashmi Chugh, so i sent her a reply the
other day

My reply to Rashmi Chugh, LIVEMINT
http://lh3.ggpht.com/_gbWPSul_tCM/Sn5WNEiwmRI/AAAAAAAAAS8/F4K3XhMWLyc/s800/my_reply_rashmi_chugh.jpg

After sending my reply to to Rashmi Chugh, i haven’t received any responses
(since 29 days) from any of the authorities / employees working for
HindustanTimes

I have been using these architectural flaws for sometime to gain access to
past editions of newspapers / magazines / supplements published by HT Media,
i believe information taken from the people (especially newspapers) should
be free and accessible to everyone

The bugs / architectural flaws (& vulnerabilities) found by me still exists
and works actively when used on the server, this shows that they are not
interested (or don’t care) anymore to fix it, which makes me post the full
disclosure information on my blog for (free access to previous epaper
editions)

Follow the below steps to gain free access to past (online) editions without
subscribing to the archives

    * Proceed to the HindustanTimes – ePaper Registration URL @
http://epaper.hindustantimes.com/registernew.aspx

    * Fill in only the essential fields required (for registration) such as
(any) email ID, name, password, address, city, state, zip

    By default the country (field) option value (txtCntry) is set to
Albania, whileas it should be India – at least show some patriotism towards
our country

    * After you complete the registration, you will be presented with

    Registration Approval without Verification is a Vulnerability in
HindustanTimes

http://lh6.ggpht.com/_gbWPSul_tCM/Sn5UN8jQlYI/AAAAAAAAASc/boEUb_YSzkg/s800/HT_reg_success.jpg

    Once the registration process is completed, the email ID (used during
registration) will be activated instantly by Pressmart (the automated system
used by HT Media) without any welcome / verification email to the inbox,
which would allow anyone to use any email ID (during registration) without
being detected by the real email ID owner, which in itself poses a security
risk (making it a vulnerability)

    The implementation / usage of verifying the email ID (used during the
registration) with a random activation link to the inbox should resolve this
issue (which HT Media currently doesn’t)

    Its possible that such facilities might be already existing within
Pressmart (the automated system used by HT Media) and the Webmaster didn’t
feel like activating it to save time and increase more registrations on
their epaper website in order to retrieve the users information (filled
during the registration) for their internal marketing / research purposes or
to increase their newspaper ranking

    * Proceed to the Login Page @
http://epaper.hindustantimes.com/Login.aspx

    * Enter the email ID and password, select any edition from below and
paste the URL into your address bar (to view the past editions in Image /
PDF format for free)

    In the URLs below, after the text (pg2=) first value is the date /
second is the month / third is the year / fourth is the page number

English Editions – Hindustan Times (PDF Format)

    * Mumbai Edition


http://epaper.hindustantimes.com/PDFHandler.ashx?p1=Web/HTMumbai&p2=12_06_2009_001.pdf

    * Delhi Edition


http://epaper.hindustantimes.com/PDFHandler.ashx?p1=Web&p2=21_05_2009_001.pdf

    * Chandigarh Edition


http://epaper.hindustantimes.com/PDFHandler.ashx?p1=Web/HTPunjab&p2=19_06_2009_001.pdf

Hindi Editions – Hindustan (PDF Format)

    * Delhi Edition


http://epaper.hindustandainik.com/PDFHandler.ashx?p1=Web&p2=29_05_2009_001.pdf

    * Kanpur Edition


http://epaper.hindustandainik.com/PDFHandler.ashx?p1=Web/HTKanpur&p2=21_06_2009_001.pdf

    * Patna Edition


http://epaper.hindustandainik.com/PDFHandler.ashx?p1=Web/HTPatna&p2=26_05_2009_001.pdf

    * Lucknow Edition


http://epaper.hindustandainik.com/PDFHandler.ashx?p1=Web/HTLucknow&p2=24_05_2009_001.pdf

Hindustan Times (HT) Brunch Magazine (English) (PDF Format)

    * Mumbai Edition (Published Only On Sundays)


http://epaper.hindustantimes.com/PDFHandler.ashx?p1=Web/HTMumbai&p2=31_05_2009_321.pdf

Hindustan Times (HT) Cafe (English) (PDF Format)

    * Mumbai Edition (Daily Supplement with HT Mumbai – English Edition)


http://epaper.hindustantimes.com/PDFHandler.ashx?p1=Web/HTMumbai&p2=26_05_2009_531.pdf

Accessing the past ePapers in Image Format

If you would like to browse the past newspapers in image edition, then
simply change the values according to your choice in the below URL and
retrieve it from the server

The variable format is

    / Page / year / month / date / date_month_year_pageno.jpg

    / Page / year / month / date / date_month_year_pageno_part.jpg

    Hindustan Times – 31st December 2008 – Main Edition (English) – Mumbai

http://epaper.hindustantimes.com/Web/HTMumbai/Page/2008/12/31/31_12_2008_001.jpg

    HT Cafe (English) – 26th January 2009 – Hindustan Times – Mumbai

http://epaper.hindustantimes.com/Web/HTMumbai/Page/2009/01/26/26_01_2009_531.jpg

    HT Brunch – Magazine (English) – 31st May 2009 – Hindustan Times –
Mumbai

http://epaper.hindustantimes.com/Web/HTMumbai/Page/2009/05/31/31_05_2009_321.jpg

The automated system

Hackable Magazine Publishing Software
http://lh6.ggpht.com/_gbWPSul_tCM/Sn5W9ujFvkI/AAAAAAAAATE/Xg54_u9W2vQ/s800/pressmart.jpg

Hindustan Times epaper webportal is powered by Pressmart, which provides
electronic publishing software (& digital publishing solutions) to various
newspaper publishers across the world, if i had more time to work then i
would have surely dug out more bugs / architectural flaws (&
vulnerabilities) within Pressmart softwares but the fact is (i don’t find
them interesting enough)

    Pressmart is a digital publishing service for newspapers, magazines,
journals, catalogs and practically any print publication. We help
publications deliver their print content on the new media – covering the
entire breadth of web, mobile, podcast, RSS, social networking sites and
search engines, with integrated revenue and cost-saving capabilities.

    Beyond delivery, Pressmart help publications monetize their digital
edition through subscriptions and advertisements. Our service platform is
eCommerce and advertising ready to generate revenue streams instantly. It
includes all the components up to the monetization stage after the pre-press
pages are prepared. All the publication has to do is supply their pre-press
pages and Pressmart takes care of the rest.

    Source: Pressmart Official Website -
http://www.pressmart.com/eedition.html

Internet explorer sucks

HindustanTimes is coded for Internet Explorer Compatibility which Sucks
http://lh5.ggpht.com/_gbWPSul_tCM/Sn5WJHT68wI/AAAAAAAAASw/pvOSLmr6UeQ/s800/internet_explorer_sucks.jpg

Hindustan Times website + ePaper portal says

    (Site best viewed in Microsoft Internet Explorer 5.5+ SP1 in 800×600 &
1024×768 resolution)
    Click here to download the latest version of internet explorer

I would advise Hindustan Times to download / use Firefox and some other open
source tools / codings for their website + ePaper portal instead of stuffing
it with junk / heavy / unwanted codings, try to keep it clean / clear /
simple

Internet Explorer Sucks
http://lh3.ggpht.com/_gbWPSul_tCM/Sn5dF1sxLtI/AAAAAAAAATs/g93iLoFd-3I/s800/internet_explorer_sucks.jpg

Dedications

I would like to dedicate this hack towards Club Calvin @
http://www.clubcalv.in and all cute kids

I love you Firefox <3 / thank you (Firefox) for being my companion during my
pen tests………

I love Mozilla FireFox
http://lh3.ggpht.com/_gbWPSul_tCM/Sn5X-A8gyWI/AAAAAAAAATQ/5kI9IeHLexA/s800/i_love_mozilla_firefox.jpg

-- 
Sky
http://sky.net.in
http://twitter.com/skycu
=============================

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ