ESET NOD32 Taiwan Full Disclosure

#NOD32 Taiwan@ TinKode - Romania

About ESET:

ESET is an IT security company headquartered in Bratislava, Slovakia that was founded in 1992 by the merger of two private companies. The company is privately held and has branch offices in San Diego, California; Wexford, Ireland; London, United Kingdom; Buenos Aires, Argentina; Prague, Czech Republic and Kraków, Poland.

Vulnerable website: www.eset.com.tw to MySQL Injection.

Main Informations:

  • Version : 5.0.45
  • Database: nod32twnew
  • Datadir : /var/lib/mysql/
  • User    : root@localhost

Databases:

  • information_schema
  • mysql
  • nod32twnew

Tables from main database:

  • article
  • category
  • enterprise_apply
  • estore_product
  • estore_product_20100106
  • estore_product_category
  • estore_product_category_20100106
  • estore_product_copy
  • faq_category
  • faq_category_detail
  • game3
  • manager
  • nodtwflash1
  • register
  • regkeyreplace
  • trial30
  • updates

We have permission to access mysql.user accounts:

MySQL.user account:

  • root : 4e3401b911c2ca0b

Accounts from manager table:

  • admin    : ^NOD*@(TW)P*$%
  • editor   : ^@NODTW@32!$
  • nod32@tw : $P#^NOD@
  • soman    : P!@#SO@NODTW

The accounts are in plain-text… great!

Now some keys from “regkeyreplace“:

  • J102-grq25tzvs:J112-j9gqmgqed
  • J102-hexnvsv8c:J112-7sraae78y
  • J102-hmgw425hv:J112-4x9aeh3hv
  • J102-nbh4756dv:J112-838b6evk6
  • J102-qcd67aymf:J112-73fx6g8kp
  • J102-qg7zmmkjt:J112-apawrmph4
  • J102-r4hc5tzy6:J112-wk6xhhay9
  • J102-sppc32fvc:J112-jkx97dkew
  • J102-wpyxhgvks:J112-5ghmjd9b5

~Verry simple!

Other webservers of ESET NOD32 hacked: NOD32 Hong Kong & NOD32 Romania

~Thanks, TinKode

Advertisements

6 thoughts on “ESET NOD32 Taiwan Full Disclosure

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s