Google, Paypal, Facebook Internal IP disclosure vulnerability
Posted by
Unknown
at
9:58 PM
Do you have any idea about an Internal IP Address or a Private IP Address that too assigned for Multinational CompaniesYeah, today we are gonna discuss about Internal IP or Private IP address Disclosure.
Disclosure of an Internal IP like 192.168.*.* or 172.16.*.* , can really Impact ? Most security researchers call it as "bull shit" vulnerability. But when it comes to impact calculation even if the server is behind a firewall or NAT, an attacker can see internal IP of the remote host and this may be used to further attacks.
Internet Giants like Facebook, Google, PayPal and Serious National Security organizations like FBI, Pentagon and NASA are taking initiatives for their Security Issues. At same, we at 'The Hacker News' stand together for organizations that talk about national security in a serious way.
I guess,its the time to understand about the flaws and its impacts where I would like to share my findings about our Internet Giants and Organizations.
Facebook - Internal IPv4 Address and Session Cookie Disclosure
Facebook spent $8.5 million to buy fb.com. According to the many report available on the internet says "fb.com is for Facebook Internal Use Only".
URL - http://newsroom.fb.com/v/?id=467&skip=False
Internal IP : 192.168.149.88
Session Cookie : Session Cookie Generation probably depends the administration from their admin panel located athttp://newsroom.fb.com/admin/login.aspx?RefUrl=%2fadmin%2fdefault.aspx
PayPal - [ www.paypal.com & www.where.com ]
Paypal is being the largest in the e-banking business has its Internal IPv4 Address and Other Server Detail Disclosure while accessing one of its sub domain.
URL - http://ad.paypal.com/jin/info.jsp
Internal IP Range - 192.168.*.*
URL - http://www.where.com/jin/info.jspURL - http://api.where.com/jin/info.jsp
Google - [ Server Path Disclosure]
Recently , I came across an issue reported by an user on Google Code website to Google Team members of modpagespeedproject.. mod_pagespeed is an open-source Apache module created by Google to help Make the Web Faster by rewriting web pages to reduce latency and bandwidth.
If you closely analyze the URL mentioned in the forum post you might get some encoding error. But if you access the URL via Google Web-Cache ( Interesting Part: Using Google Service to Retrieve Information of Other Google Services )
Vulnerable Domain: dl.google.com
Vulnerability: Server Path Disclosure
Steps to Reproduce: Access Google Web-Cache URL: Click Here
Cron Job Info of Google Talk, Plugins and Google Chrome
Google Talk - Cron Job Info , Path Disclosed: Cache URL
/etc/cron.daily/google-chrome
/opt/google/chrome/PepperFlash/libpepflashplayer.so
/opt/google/chrome/chrome-sandbox
/opt/google/chrome/chrome.pak
/opt/google/chrome/chrome_100_percent.pak
/opt/google/chrome/default-app-block
Google Talk Plugin - Cron Job Info, Path Disclosed: Cache URL
google-talkplugin-3.10.2.0-1.src.rpm
/etc/cron.daily/google-talkplugin
Google Chrome- Cron Job Info, Path Disclosed: Cache URL
google-chrome-beta-24.0.1312.40-172509.src.rpm
/usr/bin/google-chrome/
etc/cron.daily/google-chrome
NASA
Internal IP, Subnet mask disclosure in a publicly available file at NASA ftp (now deleted) can be seen via Google cache.
Tata Consultancy ServicesTCS was also having similar internal IP disclosure flaw, recently fixed. We have a screenshot of that
In the above screenshot we can easily find the Microsoft OLDE DB provider Information and the Server Internal (Private IP Address : 192.168.15.65).
This may disclose information about the IP addressing scheme of the internal network. This information can be used to conduct further attacks.
For a hacker Information is like a treasure and gathering each and every small information = Treasure hunting. Vulnerability either low or Critical, its still remains a vulnerability.
.jpg)
0 comments:
Post a Comment