Symantec Exposed Passwords, Serials – SQL Injection, Full Database Access
A self-proclaimed grey-hat hacker has located a critical SQL injection vulnerability in a website belonging to security giant Symantec. The flaw can be leveraged to extract a wealth of information from the database including customer and admin login credentials, product serial numbers, and possibly credit card information.
The flaw was found by a Romanian hacker going by the online handle of Unu, according to whom an insecure parameter of a script from the pcd.symantec.com website, allows for a Blind SQL Injection (SQLi) attack to be performed. In such an attack, the hacker obtains read and/or write permission to the underlying database of the vulnerable website.
The content of the pcd.symantec.com website is written in Japanese, but from what we could determine, it serves a product called Norton PC Doctor. The Web server appears to be running Windows Server 2000 as operating system, Microsoft IIS 6.0 with ASP support and Microsoft SQL Server 2000 as database back-end.
From the screen shots released by Unu there are many potentially interesting databases, but the one he chose to look at is called “symantecstore.” One of the tables in this database is named “PaymentInformationInfo” and contains columns such as BillingAddress, CardExpirationMonth, CardExpirationYear, CardNumber, CardType, CcIssueCode, CustomerEmail, CustomerFirstName, CustomerLastName or SecurityIndicator.
Source: Unu’s Blog
The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.
Version 3.3 is the latest stable release of the Metasploit Framework and the recommended starting point for new users. Using the online update system, this version can be synchronized with the development tree to obtain the latest exploits and payloads.
Metasploit now has 445 exploit modules and 216 auxiliary modules.
Download: Metasploit 3.3
More Info: Metasploit 3.3 Release Notes
Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols.
- Added support for Windows 2008 Terminal Server in APR-RDP sniffer filter.
- Added Abel64.exe and Abel64.dll to support hashes extraction on x64 operating systems.
- Added x64 operating systems support in NTLM hashes Dumper, MS-CACHE hashes Dumper, LSA Secrets Dumper, Wireless Password Decoder, Credential Manager Password Decoder, DialUp Password Decoder.
- Added Windows Live Mail (Windows 7) Password Decoder for POP3, IMAP, NNTP, SMTP and LDAP accounts.
- Fixed a bug of RSA SecurID Calculator within XML import function.
- Fixed a bug in all APR-SSL based sniffer filters to avoid 100% CPU utilization while forwarding data.
- Executables rebuilt with Visual Studio 2008.
- Added Windows Firewall status detection on startup.
- Added UAC compatibility in Windows Vista/Seven.
- Winpcap library upgrade to version 4.1.1.