Nhasi tichatarisa nyaya mbiri kamwechete - data yevatengi uye vanobatana nemakambani maviri akasiyana zvachose yaiwanikwa mahara "ndatenda" kuvhura Elasticsearch maseva ane matanda eruzivo masisitimu (IS) emakambani aya.
Muchiitiko chekutanga, aya makumi ezviuru (uye zvichida mazana ezviuru) ematikiti ezviitiko zvakasiyana-siyana zvetsika (theatre, makirabhu, nzendo dzenzizi, nezvimwewo) anotengeswa kuburikidza neRadario system (www.radario.ru).
Muchiitiko chechipiri, iyi idata parwendo rwevashanyi rwezviuru (zvichida makumi ezviuru zvezviuru) zvevafambi vakatenga nzendo kuburikidza nemasangano ekufambisa akabatana neSletat.ru system (www.sletat.ru).
Ndinoda kucherechedza pakarepo kuti kwete chete mazita emakambani akabvumira kuti data iwanikwe pachena yakasiyana, asiwo maitiro emakambani aya kuti aone chiitiko chacho uye maitiro anotevera. Asi zvinhu zvekutanga kutanga ...
ΠΠΈΡΠΊΠ»Π΅ΠΉΠΌΠ΅Ρ: Π²ΡΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π½ΠΈΠΆΠ΅ ΠΏΡΠ±Π»ΠΈΠΊΡΠ΅ΡΡΡ ΠΈΡΠΊΠ»ΡΡΠΈΡΠ΅Π»ΡΠ½ΠΎ Π² ΠΎΠ±ΡΠ°Π·ΠΎΠ²Π°ΡΠ΅Π»ΡΠ½ΡΡ
ΡΠ΅Π»ΡΡ
. ΠΠ²ΡΠΎΡ Π½Π΅ ΠΏΠΎΠ»ΡΡΠ°Π» Π΄ΠΎΡΡΡΠΏΠ° ΠΊ ΠΏΠ΅ΡΡΠΎΠ½Π°Π»ΡΠ½ΡΠΌ Π΄Π°Π½Π½ΡΠΌ ΡΡΠ΅ΡΡΠΈΡ
Π»ΠΈΡ ΠΈ ΠΊΠΎΠΌΠΏΠ°Π½ΠΈΠΉ. ΠΠ½ΡΠΎΡΠΌΠ°ΡΠΈΡ Π²Π·ΡΡΠ° Π»ΠΈΠ±ΠΎ ΠΈΠ· ΠΎΡΠΊΡΡΡΡΡ
ΠΈΡΡΠΎΡΠ½ΠΈΠΊΠΎΠ², Π»ΠΈΠ±ΠΎ Π±ΡΠ»Π° ΠΏΡΠ΅Π΄ΠΎΡΡΠ°Π²Π»Π΅Π½Π° Π°Π²ΡΠΎΡΡ Π°Π½ΠΎΠ½ΠΈΠΌΠ½ΡΠΌΠΈ Π΄ΠΎΠ±ΡΠΎΠΆΠ΅Π»Π°ΡΠ΅Π»ΡΠΌΠΈ.
Case one. "Radario"
Manheru e06.05.2019/XNUMX/XNUMX system yedu
Zvinoenderana neyakatosimbiswa tsika inosuruvarisa, sevha yaive neakadzama matanda eiyo sevhisi yeruzivo system, kubva kwazvaikwanisika kuwana dhata remunhu, mazita evashandisi nemapassword, pamwe nematikiti emagetsi pachawo ezviitiko zvakasiyana munyika.
Huwandu hwehuwandu hwematanda hwakapfuura 1 TB.
Zvinoenderana neiyo Shodan yekutsvaga injini, sevha yave kuwanikwa pachena kubva munaKurume 11.03.2019, 06.05.2019. Ndakazivisa vashandi veRadario musi wa22/50/07.05.2019 na09:30 (MSK) uye musi waXNUMX/XNUMX/XNUMX nenguva dzinenge XNUMX:XNUMX sevha haina kuwanikwa.
Iwo matanda aive nechero (imwe) mvumo tokeni, achipa mukana kune ese akatengwa matikiti kuburikidza neakakosha malink, senge:
http://radario.ru/internal/tickets/XXXXXXXX/print?access_token=******JuYWw6MDIzOWRjOTM1NzJiNDZjMTlhZGFjZmRhZTQ3ZDgyYTk
http://radario.ru/internal/orders/YYYYYYY/print?access_token=******JuYWw6MDIzOWRjOTM1NzJiNDZjMTlhZGFjZmRhZTQ3ZDgyYTk
Dambudziko raive zvakare rekuti kuverengera matikiti, kuenderera kwenhamba dzemaodha kwakashandiswa uye nyore kuverenga nhamba yetikiti (XNUMX) kana kurongeka (YYYYYYY), zvaikwanisika kuwana matikiti ese kubva kuhurongwa.
Kuti nditarise kukosha kweiyo dhatabhesi, ndakatozvitengera nekutendeka tikiti yakachipa:
uye gare gare akaiwana pane yeruzhinji server muIS matanda:
http://radario.ru/internal/tickets/11819272/print?access_token==******JuYWw6MDIzOWRjOTM1NzJiNDZjMTlhZGFjZmRhZTQ3ZDgyYTk
Kuparadzana, ndinoda kusimbisa kuti matikiti aivepo zvese zvezviitiko zvakatoitika uye kune izvo zvichiri kurongwa. Ndiko kuti, munhu anogona kurwisa anogona kushandisa tikiti remumwe munhu kupinda muchiitiko chakarongwa.
Paavhareji, imwe neimwe yeElasticsearch index ine matanda ezuva rimwe chete (kubva pa24.01.2019/07.05.2019/25 kusvika 35/XNUMX/XNUMX) iri kubva pamakumi maviri neshanu kusvika makumi matatu neshanu matikiti.
Pamusoro pematiketi acho pachawo, index yacho yaive nema logins (email kero) uye mameseji mapassword ekuwana maakaundi ega evadyidzani veRadario vanotengesa matikiti kuzviitiko zvavo kuburikidza nesevhisi iyi:
Content: "ReturnUrl=&UserEmail=***@yandex.ru&UserPassword=***"
Pakazara, anopfuura mazana mashanu ekupinda / password mapairi akaonekwa. Nhamba dzekutengesa matikiti dzinoonekwa mumaakaundi emunhu evadyidzani:
Zvakare aiwanikwa pachena aive mazita, nhamba dzenhare uye kero dzeemail dzevatengi vakasarudza kudzosa matikiti akange atengwa kare:
"Content": "{"name":"***","surname":"*** ","middleName":"ΠΠ²Π³Π΅Π½ΡΠ΅Π²Π½Π° ","passportType":1,"passportNumber":"","passportIssueDate":"11-11-2011 11:11:11","passportIssuedBy":"","email":"***@mail.ru","phone":"+799*******","ticketNumbers":["****24848","****948732"],"refundReason":4,"comment":""}"
Muzuva rimwe rakasarudzwa zvisina tsarukano, zvinopfuura 500 zvinyorwa zvakadaro zvakawanikwa.
Ndakagamuchira mhinduro kune yambiro kubva kune technical director weRadario:
Ini ndiri technical director weRadario uye ndinoda kukutendai nekuzivisa dambudziko. Sezvaunoziva, isu takavhara mukana kune elastic uye tiri kugadzirisa nyaya yekupa zvakare matikiti evatengi.
Mushure mechinguva kambani yakaita chirevo chepamutemo:
Kusagadzikana kwakawanikwa muRadario electronic tikiti yekutengesa system uye nekukasira kururamiswa, izvo zvinogona kutungamira mukudonha kwedata kubva kune vatengi vesevhisi, director wekambani yekushambadzira, Kirill Malyshev, akaudza Moscow City News Agency.
"Isu takanyatsoona kusagadzikana mukushanda kwesystem kwakabatana neanogara achigadziridzwa, iyo yakagadziriswa pakarepo mushure mekuwanikwa. Nekuda kwekusagadzikana, pasi pemamwe mamiriro, zviito zvisina hushamwari zvevechitatu mapato zvinogona kutungamira mukudonha kwedata, asi hapana zviitiko zvakanyorwa. Panguva ino, zvikanganiso zvose zvakabviswa, "akadaro K. Malyshev.
Mumwe mumiriri wekambani akasimbisa kuti zvakasarudzwa kuburitsa matikiti ese akatengeswa panguva yekugadzirisa dambudziko kuitira kubvisa zvachose mukana wehutsotsi hwese kune vatengi vebasa.
Mazuva mashoma gare gare, ndakatarisa kuwanikwa kwedata ndichishandisa ma link akaburitswa - kuwana matikiti "akafumurwa" akavharwa. Mukuona kwangu, iyi inyanzvi, inyanzvi nzira yekugadzirisa dambudziko rekudonha kwedata.
Nyaya yechipiri. "Fly.ru"
Mangwanani-ngwanani 15.05.2019/XNUMX/XNUMX DeviceLock Data Breach Intelligence yakaratidza yeruzhinji Elasticsearch server ine matanda eimwe IS.
Gare gare zvakazosimbiswa kuti sevha ndeyebasa rekusarudza vashanyi "Sletat.ru".
Kubva pane index cbto__0 zvaikwanisika kuwana zviuru (11,7 zviuru zvinosanganisira zvakapetwa) zveemail kero, pamwe nerumwe ruzivo rwekubhadhara (mutengo wekushanya) uye data rekushanya (nguva, kupi, ruzivo rwetikiti remhepo. Π²ΡΠ΅Ρ vafambi vanosanganisirwa mukushanya, nezvimwewo) muhuwandu hwemarekodhi zviuru 1,8:
"full_message": "ΠΠΎΠ»ΡΡΠ΅Π½ Π·Π°ΠΏΡΠΎΡ Π·Π° ΡΠΎΠ·Π΄Π°Π½ΠΈΠ΅ ΠΏΠ»Π°ΡΠ΅ΠΆΠ½ΠΎΠ³ΠΎ ΡΡΠ΅Π΄ΡΡΠ²Π°: {"SuccessReturnUrl":"https://sletat.ru/tour/7-1939548394-65996246/buy/?ClaimId=b5e3bf98-2855-400d-a93a-17c54a970155","ErrorReturnUrl":"https://sletat.ru/","PaymentAgentId":15,"DocumentNumber":96629429,"DocumentDisplayNumber":"4451-17993","Amount":36307.0,"PaymentToolType":3,"ExpiryDateUtc":"2020-04-03T00:33:55.217358+03:00","LifecycleType":2,"CustomerEmail":"[email protected]","Description":"","SettingsId":"8759d0dd-da54-45dd-9661-4e852b0a1d89","AdditionalInfo":"{"TourOfficeAdditionalInfo":{"IsAdditionalPayment":false},"BarrelAdditionalInfo":{"Tickets":[{"Passenger":{"FIO":"XXX VIKTORIIA"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false},{"Passenger":{"FIO":"XXX ANDREI"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false},{"Passenger":{"FIO":"XXX Andrei"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false}],"Segments":[{"Flight":"5659","AviaCompany":null,"AviaCompanyIataCode":null,"DepartureCity":"LED","DepartureAirport":"LED","DepartureAirportIataCode":"LED","DepartureDate":"2019-04-11T02:45:00","DepartureTime":null,"ArrivalCity":"SHJ","ArrivalAirport":"SHJ","ArrivalAirportIataCode":"SHJ","ArrivalDate":"2019-04-11T09:40:00","ArrivalTime":null,"FareCode":null},{"Flight":"5660","AviaCompany":null,"AviaCompanyIataCode":null,"DepartureCity":"SHJ","DepartureAirport":"SHJ","DepartureAirportIataCode":"SHJ","DepartureDate":"2019-04-14T10:45:00","DepartureTime":null,"ArrivalCity":"LED","ArrivalAirport":"LED","ArrivalAirportIataCode":"LED","ArrivalDate":"2019-04-14T15:50:00","ArrivalTime":null,"FareCode":null}]},"Tickets":[{"Passenger":{"FIO":"XXX VIKTORIIA"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false},{"Passenger":{"FIO":"XXX ANDREI"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false},{"Passenger":{"FIO":"XXX Andrei"},"ReservationSystem":null,"TicketNumber":null,"IsRefundPossible":false}],"Segments":[{"Flight":"5659","AviaCompany":null,"AviaCompanyIataCode":null,"DepartureCity":"LED","DepartureAirport":"LED","DepartureAirportIataCode":"LED","DepartureDate":"2019-04-11T02:45:00","DepartureTime":null,"ArrivalCity":"SHJ","ArrivalAirport":"SHJ","ArrivalAirportIataCode":"SHJ","ArrivalDate":"2019-04-11T09:40:00","ArrivalTime":null,"FareCode":null},{"Flight":"5660","AviaCompany":null,"AviaCompanyIataCode":null,"DepartureCity":"SHJ","DepartureAirport":"SHJ","DepartureAirportIataCode":"SHJ","DepartureDate":"2019-04-14T10:45:00","DepartureTime":null,"ArrivalCity":"LED","ArrivalAirport":"LED","ArrivalAirportIataCode":"LED","ArrivalDate":"2019-04-14T15:50:00","ArrivalTime":null,"FareCode":null}]}","FinancialSystemId":9,"Key":"18fe21d1-8c9c-43f3-b11d-6bf884ba6ee0"}"
Nenzira, zvinongedzo kune kushanya kwakabhadharwa zvinoshanda chaizvo:
Muma indexes ane zita greylog_ mumagwaro akajeka aive ma logins uye mapassword emasangano ekufambisa akabatana neSletat.ru system uye kutengesa kushanya kune vatengi vavo:
"full_message": "Tours by request 155213901 added to local cache with key 'user_cache_155213901' at 5/6/2019 4:49:07 PM, rows found 0, sortedPriceLength 215. QueryString: countryId=90&cityFromId=1265&s_nightsMin=6&s_nightsMax=14&stars=403%2c404&minHotelRating=1¤cyAlias=RUB&pageSize=300&pageNumber=1&s_showcase=true&includeOilTaxesAndVisa=0&login=zakaz%40XXX.ru&password=XXX, Referer: , UserAgent: , IP: 94.154.XX.XX."
Zvinoenderana nefungidziro yangu, mazana akati wandei ekupinda / password pairi akaratidzwa.
Kubva kuakaundi yemunhu yekufambisa pane portal agent.sletat.ru zvaikwanisika kuwana data revatengi, kusanganisira nhamba dzepasipoti, mapasipoti epasi rose, mazuva ekuzvarwa, mazita azere, nhamba dzenhare uye kero dzeemail.
Ndakazivisa Sletat.ru sevhisi pa15.05.2019/10/46 na16:00 (MSK) uye maawa mashoma gare gare (kusvika XNUMX:XNUMX) yakanyangarika kubva pakuwana kwavo kwemahara. Gare gare, mukupindura kuburitswa muKommersant, maneja wesevhisi akataura zvinoshamisa kuburikidza nenhepfenyuro:
Mukuru wekambani, Andrei Vershinin, akatsanangura kuti Sletat.ru inopa nhamba huru yevashandi vekushanyira vafambisi vane ruzivo rwenhoroondo yemibvunzo mujini yekutsvaga. Uye akafungidzira kuti DeviceLock yakaigamuchira: "Zvisinei, dhatabhesi rakatarwa harina pasipoti yevashanyi data, ekufambisa agency logins nemapassword, ruzivo rwekubhadhara, nezvimwe." Andrei Vershinin akacherekedza kuti Sletat.ru haisati yawana humbowo hwekupomerwa kwakadai. "Isu tiri kuyedza kubata DeviceLock. Tinotenda kuti uyu murairo. Vamwe vanhu havafarire kukura kwedu nekukurumidza, βakawedzera. "
Sezvaratidzwa pamusoro, mapindiro, mapassword, uye pasipoti data yevashanyi yaive munzvimbo yeruzhinji kwenguva yakati rebei (kubvira Kurume 29.03.2019, XNUMX, apo sevha yekambani yakatanga kurekodhwa munzvimbo yeruzhinji neShodan yekutsvaga injini). Chokwadi, hapana akatibata. Ndinovimba kuti vakazivisa masangano ekufambisa nezve kuvuza uye kuvamanikidza kuti vachinje mapassword avo.
Nhau nezve ruzivo rwunoburitswa uye vemukati vanogona kugara vachiwanikwa pane yangu Telegraph chiteshi "
Source: www.habr.com