Airline Website Compromised
#1
Greetings everyone,

Upon compromising quite a few sites today, I thought I'd contribute this one. This Is a classic example of not only the Insecurities that exist In a website of this nature, but also how very little thought has been generated by the web developer(s) to fend off attacks and keep the Integrity of It's contents secure. Much to my surprise, there wasn't even a WAF In place, which made my job as an attacker, a lot easier.

This Is an International airline, whereby I had full raid on their system and everyone's credentials at my disposal. As I keep mentioning, you may do your utmost best to keep your personal details safe and secure, but does the entity that you've provided your details do the same? Evidently not.
Okay, so let's get to It. For security reasons, the Images have been heavily edited. Also, given I perform both my vulnerability scanning and exploitations manually, after Identifying that this was vulnerable to SQLi, we begin at the admin panel.


This Is a perfect example of In-Band SQLi, namely an Error-Based attack. So upon performing a few SQLi attacks, the webserver returned the message of "Wrong Password". Not only Is that a poor configuration and security Issue, but the change of password was available at the "Login page".

There were a couple of authentications, and then I was prompted to reset the password. I did that successfully.

I now have admin privileges and an array of details. I shall check out some records.


I've checked out the refund section- mainly because for refund purposes, a lot of Identification details would need to be provided by the ticket holder.

I've also viewed the details of another passenger. With the personal details I have on hand, I could quite easily SE the airline for all sorts of Information, even transaction details on this passenger.


I had access to a heap of other Information, but there's no point In posting It. You get the Idea here. So this just demonstrates that anyone's Identity can be assumed and their credentials compromised- all due to the Insecurities of those entities who hold their critical Information.
#2
That's a huge vulnerability for such a big business - a lot of sensitive information is available at your disposal.Nice SQL hack mothered :)
Reply
#3
(08-12-2016, 08:34 PM)StrandedBanana Wrote: That's a huge vulnerability for such a big business - a lot of sensitive information is available at your disposal.Nice SQL hack mothered :)

Thanks StrandedB.

From a security standpoint, measures must be formulated and applied to ensure the safety of user-credentials. It's absolutely appalling how a corporation of this scale, does not take their security seriously. If I was someone with malicious Intent, there's no prizes for guessing what the outcome would be.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
[GOV] Life Insurance Website Compromised mothered 10 9,665 08-23-2016, 02:43 PM
Last Post: mothered
Public School Website Compromised mothered 4 4,514 07-29-2016, 06:13 PM
Last Post: mothered

Forum Jump:


Users browsing this thread: 1 Guest(s)