Hodie duos casus simul spectabimus - notitia clientium et sociorum duarum omnino diversarum societatum, gratuito praesto fuit "gratias" apertas ministratores elasticas inquisitionis cum indiciis systematis (IS) harum societatum.
In primo casu hae sunt decem milia (et fortasse centena milia) tesserarum pro variis eventibus culturalibus (theatra, fustes, itinera fluminis, etc.) per systema Radario venditum.www.radario.ru).
In secundo casu haec data est in itineribus peregrinatorum millium (fortasse complura decem milia) peregrinorum qui Turones emerunt per agentia itinerariorum systematis Sletat.ru coniuncta (www.sletat.ru).
Ilicet notare velim nomina non solum societatum quae notitias publicas in promptu differre permisit, sed etiam accessus harum societatum ad cognoscendam incidentem ac sequentem reactionem ei. Sed prima prima...
Дисклеймер: вся информация ниже публикуется исключительно в образовательных целях. Автор не получал доступа к персональным данным третьих лиц и компаний. Информация взята либо из открытых источников, либо была предоставлена автору анонимными доброжелателями.
Casus unus. "Radario"
Vespere 06.05.2019/XNUMX/XNUMX nostri systematis , possessus a Radario tessera electronic venditio serviendi.
Secundum miseram traditionem iam stabilitam, ministrans singulas tabulas systematis informationis officii continebat, ex quo fieri potuit ut personales notitias, usorum logins et passwords obtinere posset, necnon ipsae tesserae electronicae pro variis eventibus per universam regionem.
Totum volumen lignorum exceditur 1 TB.
Secundum quaero engine Shodan, cum servo publice praesto fuit post diem tertium Kalendas Aprilis MMXIX. Notavi Radario operarios in 11.03.2019/06.05.2019/22 in 50:07.05.2019 (MSK) et die 09/30/XNUMX circiter XNUMX:XNUMX servitorem unavailable factus est.
Tigna universalis (singula) auctoritatis documentum continebat, aditum praebens omnibus tesseras acquisitis per nexus speciales, velut:
http://radario.ru/internal/tickets/XXXXXXXX/print?access_token=******JuYWw6MDIzOWRjOTM1NzJiNDZjMTlhZGFjZmRhZTQ3ZDgyYTk
http://radario.ru/internal/orders/YYYYYYY/print?access_token=******JuYWw6MDIzOWRjOTM1NzJiNDZjMTlhZGFjZmRhZTQ3ZDgyYTkQuaestio etiam fuit quod ad rationem tesserarum, continuam numerum ordinum adhibitam esse, ac simplicem numerationem tesserae numeriwrote) Vel ordo (YYYYYYY) omnes tesseras e ratione colligere licuit.
Ad reprimendam congruentiam datorum, etiam honeste memetipsum tesseram vilissimam comparavi;
et postea in servo publico in IS acta reperit;
http://radario.ru/internal/tickets/11819272/print?access_token==******JuYWw6MDIzOWRjOTM1NzJiNDZjMTlhZGFjZmRhZTQ3ZDgyYTkSeparatim confirmare volumus tesseras praesto fuisse tum pro eventibus iam factis tum pro iis quae adhuc conponuntur. Hoc est, invasor potentiale alterius tesseram uti posset ad eventum destinatum ingredi.
In mediocris, indicem elasticae inquisitionis uniuscuiusque diei in uno certo contento (incipiens ab 24.01.2019/07.05.2019/25 ad 35/XNUMX/XNUMX) continet a XNUMX ad XNUMX milia tesserarum.
Praeter ipsas tesseras, index continebat logins (inscriptiones electronicas) et Tesserae textus accessus ad rationes personales de Radario sociis, qui tesseras suas eventus per hoc officium vendunt;
Content: "ReturnUrl=&UserEmail=***@yandex.ru&UserPassword=***"In summa, plus quam 500 login/password paria deprehensi sunt. Tessera venditionesque statisticae in rationibus personalibus sociis apparent:
Etiam publice in promptu erant nomina, numerus telephonicus et electronica electronica emptorum, qui tesseras antea emptas reddere decreverunt;
"Content": "{"name":"***","surname":"*** ","middleName":"Евгеньевна ","passportType":1,"passportNumber":"","passportIssueDate":"11-11-2011 11:11:11","passportIssuedBy":"","email":"***@mail.ru","phone":"+799*******","ticketNumbers":["****24848","****948732"],"refundReason":4,"comment":""}"Passim in unum diem selectae sunt, plusquam 500 talis monumenta reperta sunt.
Responsum accepi a magistro technico Radario intento:
Ego sum technicus moderator Radarii et gratias tibi ago pro identitate problemati. Ut scis, accessum clausimus ad elasticas et solvendas exitus tesseras re-editionis clientium.
Paulo post societas publica verba fecit;
vulnerabilitas in Radario electronic tessera venditionis systematis inventa est et mox emendanda quae perspicere potuit ad Leak notitiarum clientium servitii, moderatoris societatis mercatoriae, Kirill Malyshev, nuntiavit Moscoviae City News Agency.
"In actu vulnerabilitatem deteximus in operatione systematis cum regularibus updates coniungendis, quod statim post inventionem figebatur. Propter vulnerabilitatem, sub certis conditionibus, actiones inimicae tertiarum partium ad lacus notitias ducere potuerunt, sed nullae res scripti sunt. In momento, vitia omnia corrupta sunt,” inquit K. Malyshev.
Societas repraesentativa in lucem proclamavit omnes tesseras venditas in solutione problematis retractare decrevisse ut facultatem fraudis contra clientes serviendi omnino tolleret.
Paucis post diebus, sedatus sum paratas notitiarum nexus emanatas utendi - aditus ad tesseras "expositae" re vera obtecta erat. Opinor, hoc est competens professionalis accessus ad solvendum problema notitiarum ultrices.
Casus duo. "Fly.ru"
Mane diluculo 15.05.2019/XNUMX/XNUMX DeviceLock Data contritionem intelligenti identificatur publicus elasticae inquisitionis cum lignis cuiusdam IS.
Postea statutum est quod minister ad servitium electionis Peregrinationis pertinet "Sletat.ru".
Ex indice cbto__0 fieri potuit ut millena millia (11,7 mille duplicata inclusis) inscriptionum electronicarum, necnon informationes quaedam solutionis (tour costs) et notitiarum pretium (cum, ubi, tessera aerea singula всех viatores comprehenduntur in itinere, etc.) in quantitate circiter 1,8 milium monumentorum:
"full_message": "Получен запрос за создание платежного средства: {"SuccessReturnUrl":"https://sletat.ru/tour/7-1939548394-65996246/buy/?ClaimId=b5e3bf98-2855-400d-a93a-17c54a970155","ErrorReturnUrl":"https://sletat.ru/","PaymentAgentId":15,"DocumentNumber":96629429,"DocumentDisplayNumber":"4451-17993","Amount":36307.0,"PaymentToolType":3,"ExpiryDateUtc":"2020-04-03T00:33:55.217358+03:00","LifecycleType":2,"CustomerEmail":"[email protected]","Description":"","SettingsId":"8759d0dd-da54-45dd-9661-4e852b0a1d89","AdditionalInfo":"{"TourOfficeAdditionalInfo":{"IsAdditionalPayment":false},"BarrelAdditionalInfo":{"Tickets":[{"Passenger":{"FIO":"XXX VIKTORIIA"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false},{"Passenger":{"FIO":"XXX ANDREI"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false},{"Passenger":{"FIO":"XXX Andrei"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false}],"Segments":[{"Flight":"5659","AviaCompany":null,"AviaCompanyIataCode":null,"DepartureCity":"LED","DepartureAirport":"LED","DepartureAirportIataCode":"LED","DepartureDate":"2019-04-11T02:45:00","DepartureTime":null,"ArrivalCity":"SHJ","ArrivalAirport":"SHJ","ArrivalAirportIataCode":"SHJ","ArrivalDate":"2019-04-11T09:40:00","ArrivalTime":null,"FareCode":null},{"Flight":"5660","AviaCompany":null,"AviaCompanyIataCode":null,"DepartureCity":"SHJ","DepartureAirport":"SHJ","DepartureAirportIataCode":"SHJ","DepartureDate":"2019-04-14T10:45:00","DepartureTime":null,"ArrivalCity":"LED","ArrivalAirport":"LED","ArrivalAirportIataCode":"LED","ArrivalDate":"2019-04-14T15:50:00","ArrivalTime":null,"FareCode":null}]},"Tickets":[{"Passenger":{"FIO":"XXX VIKTORIIA"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false},{"Passenger":{"FIO":"XXX ANDREI"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false},{"Passenger":{"FIO":"XXX Andrei"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false}],"Segments":[{"Flight":"5659","AviaCompany":null,"AviaCompanyIataCode":null,"DepartureCity":"LED","DepartureAirport":"LED","DepartureAirportIataCode":"LED","DepartureDate":"2019-04-11T02:45:00","DepartureTime":null,"ArrivalCity":"SHJ","ArrivalAirport":"SHJ","ArrivalAirportIataCode":"SHJ","ArrivalDate":"2019-04-11T09:40:00","ArrivalTime":null,"FareCode":null},{"Flight":"5660","AviaCompany":null,"AviaCompanyIataCode":null,"DepartureCity":"SHJ","DepartureAirport":"SHJ","DepartureAirportIataCode":"SHJ","DepartureDate":"2019-04-14T10:45:00","DepartureTime":null,"ArrivalCity":"LED","ArrivalAirport":"LED","ArrivalAirportIataCode":"LED","ArrivalDate":"2019-04-14T15:50:00","ArrivalTime":null,"FareCode":null}]}","FinancialSystemId":9,"Key":"18fe21d1-8c9c-43f3-b11d-6bf884ba6ee0"}"Viam nexus soluendi explicatae satis operantur;
In indices cum nomine graylog_ in textu perspicuo erant logins et passwords institutionum itinerariorum cum Sletat.ru connexorum et explicatae venditionis clientibus suis:
"full_message": "Tours by request 155213901 added to local cache with key 'user_cache_155213901' at 5/6/2019 4:49:07 PM, rows found 0, sortedPriceLength 215. QueryString: countryId=90&cityFromId=1265&s_nightsMin=6&s_nightsMax=14&stars=403%2c404&minHotelRating=1¤cyAlias=RUB&pageSize=300&pageNumber=1&s_showcase=true&includeOilTaxesAndVisa=0&login=zakaz%40XXX.ru&password=XXX, Referer: , UserAgent: , IP: 94.154.XX.XX."Secundum meam aestimationem plura centena login/password paria ostensa sunt.
Rationem personalem de peregrinatione in porta agent.sletat.ru Lorem notitia impetrare potuit, inclusis numerorum passportrum, diplomata internationalia, dies nativitatis, nomina plena, numeros telephonicos et electronica electronica.
Sletat.ru ministerium in 15.05.2019/10/46 in 16:00 (MSK) notificavi et paucis horis post (usque ad XNUMX:XNUMX) ex libero accessu evanuit. Postea, cum publicatione in Kommersant, procuratio muneris per media enuntiationem valde miram fecit:
Moderator societatis Andrei Vershinin explicavit Sletat.ru plures socium laboris operariorum maiorem praebet accessum ad historiam quaerendi in machina inquisitionis. DeviceLock id accepit et assumpsit: "Quamvis datorum definitorum not diplomata peregrinatores, logins et passwords, informationes solucionis, etc." Andrei Vershinin notavit Sletat.ru nondum ullum testimonium tam gravium criminum accepisse. "Nos nunc contact DeviceLock conamur. Hunc ordinem esse credimus. Nonnulli nostri celeris incrementi non placent,” addidit. "
Ut supra, logins, passwords, et notitia diplomata peregrinatores in dominio publico satis diu fuerunt (saltem ex die 29.03.2019 mensis Martii anno XNUMX, cum minister societatis primus in dominio publico a Shodan inquisitionis engine est conscriptus). Utique nemo nos tangit. Spero ut saltem notificaverint institutiones peregrinationis de Leak et eos Tesserae mutare coegit.
Nuntii de informationibus liberorum et intrantium semper inveniri possunt in alveo meo Telegram "".
Source: www.habr.com