lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <3c09a67d2cd6a698dd82316f320a77bc@thenopsled.com>
Date: Thu, 11 May 2017 08:34:40 -0400
From: g00se--- via Fulldisclosure <fulldisclosure@...lists.org>
To: fulldisclosure@...lists.org
Subject: [FD] trashbilling.com and Trashflow 3.0.0 Multiple Issues

A blog post with information located here:
https://thenopsled.com/trashbilling.html

============
Introduction
============

This was a basic vulnerability analysis of trashbilling.com (which I am 
required to use to pay my trash bill), and Trashflow 3.0, which updates 
trashbilling.com from the Trash Hauler side.  My disclosure intent was 
to force Ivy Computers Inc to re-assess their security posture as it was 
severely lacking.  This is a full disclosure following their 90 day 
remediation period.

============
List Summary
============

trashbilling.com:

-Account enumeration/PII Leak [major]: trashbilling.com uses client side 
identification without a password to access billing software, revealing 
names/email/address/phone as well as partial CC data.
     >This client side validation is unobfuscated javascript
-SQLI [major]- vulnerability contained in CC update field, giving access 
to billing database, on any user
-XSS [minor]- vulnerability in email update field
-DOS [minor]- no restriction on setting another user's password, could 
block all users from accessing their data

Trashflow 3.0:

-Hardcoded credentials [medium]- FTP hardcoded credentials available in 
plaintext during backup and update software operations
-Hardcoded credentials [medium]- Software billing credentials hardcoded 
in helper binary cash_drawer_cc.exe (allows editing of user billing 
data)
-Public Exploits [medium]- FTP servers run off vsFTPd 2.0.5, risking 
numerous DOS vulnerabilities



_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ