Yesterday was a interesting one, after many big, high profile hacks, hacker .c0mrade has come out stating they are now white hat and as a result they have started out with attempting to show the world that a few major airline systems are exploitable. The post which was uploaded to pastebin with a few images and a bit of server information also contains the following message.
I’m officially a white-hat. Major Airlines are affected by a major exploit. Among those affected include: American Airlines United Airlines Vietnam Airlines Sabre Airlines Here’s what I have access to: =>Internal Access to both airports. =>Booking Flights, Ticketing Info, Hotel Booking, etc. =>Card Swaps. =>Employee Info, etc =>Flight Info, Passenger info, etc. =>Multiple vulnerabilities among the software they’re running. The vulnerability was simple. Amongst those vulnerable, all were exploited. How did I do this? Simple: => We found an exploit which enabled the right for us to download all the attachments on the site. => Amongst the things we found was an Application system used for the Airports. => We tested the software for vulnerabilities. => Pew! We got past the Employee-Log in. Furthermore, the piece of software was mildly outdated. I setup a file to pull any file it can get to. I got some coffee and came back. It pulled tons of information. I found this important to an extent as nobody else has ever been there. Picture 1: https://i50.tinypic.com/ev73fs.png Picture 2: https://i47.tinypic.com/ofo5rp.png Picture 3: https://i48.tinypic.com/ibicmv.png I couldn’t do much in the beginning as everything was local. I then got access to a configuration system which mildly accepted the file type, ".properties" – I found around four files pertaining to it, these being: editor.properties, pm.properties, qik.properties, and taconfig.properties. I had the ability to switch the key system from !local to !remote. Meaning, I could have logged card swaps, passenger info, and much, much more.
https://pastebin.com/E4cPi7md @OfficialComrade