- // c0mrade
- // 6-13-12
- Hello, world.
- I'm officially a white-hat.
- Major Airlines are affected by a major exploit. Among those affected include:
- American Airlines
- United Airlines
- Vietnam Airlines
- Sabre Airlines
- Here's what I have access to:
- =>Internal Access to both airports.
- =>Booking Flights, Ticketing Info, Hotel Booking, etc.
- =>Card Swaps.
- =>Employee Info, etc
- =>Flight Info, Passenger info, etc.
- =>Multiple vulnerabilities among the software they're running.
- The vulnerability was simple. Amongst those vulnerable, all were exploited. How did I do this? Simple:
- => We found an exploit which enabled the right for us to download all the attachments on the site.
- => Amongst the things we found was an Application system used for the Airports.
- => We tested the software for vulnerabilities.
- => Pew! We got past the Employee-Log in.
- Furthermore, the piece of software was mildly outdated. I setup a file to pull any file it can get to. I got some coffee and came back. It pulled tons of information. I found this important to an extent as nobody else has ever been there.
- Picture 1:
- Picture 2:
- Picture 3:
- I couldn't do much in the beginning as everything was local. I then got access to a configuration system which mildly accepted the file type, ".properties" - I found around four files pertaining to it, these being: editor.properties, pm.properties, qik.properties, and taconfig.properties. I had the ability to switch the key system from !local to !remote. Meaning, I could have logged card swaps, passenger info, and much, much more.
- Protocol: DNS
- => hsspconfig.sabre.com
- => ACCESS.SABRE.COM
- ! 220.127.116.11:54483
- ! American Airlines (h00lyshit)
- ! taconfig.key = XSTBCKA001
- Host Name - sabre:hssup:uii_host
- Line IATA: 000000
- Pool Name: VNOCCNBA
- This will be getting reported to all major airlines very soon. I'm just addressing the public first so they know what happened.
Major Airlines - HACKED
a guest Jun 13th, 2012 5,973 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
RAW Paste Data