Search This Blog

Showing posts with label INTRA. Show all posts

Team INTRA hacked into canon and siemens websites


A hacker known as JoinSe7en from Team INTRA claims to have hacked into subdomains of Canon and Siemens.Apparently, the hacker has found and exploited a Blind SQL Injection vulnerability in Canon's website and a Error based SQL Injection in Siemens.

He published a full disclosure on both of the databases on pastebin:
Siemens:
http://pastebin.com/HBL966wh
Canon:
http://pastebin.com/fbL0s9aS

60 High Profile sites vulnerable to XSS ~Zer0Freak(Team Intra):Op#Zer0XSS

A hacker from Intra, -Zer0Freak-, has found countless XSS vulnerabilities on high profile websites i.e. Companies, News, Products, Famous sites and many more.

-Zer0Freak- didn’t take much time finding them; he was to have said that he found these vulnerabilities in less than 30 min. However, he admitted that he took a while trying to figure out which site to XSS.

Cross Site Scripting(XSS) is a very harmful method of hacking websites, in fact it’s the 2nd most malicious act against hacking websites.

High profiles sites including EA games, NASA, ABC, LG,Adidas,Harvard University and more high Profile sites are found to be vulnerable to XSS attack.  Hacker list of vulnerable sites in pastebin with screenshot:
http://pastebin.com/Np3LGY6Z

Hacker claimed that he did this operation for Educational XSS and malicious activity used for training. Some of them are patched, but most are still vuln

Hacker published the full disclosure in pasteit website with password protection and claimed only members who willing to learn XSS can have it.

Full Disclosure Can be found here
http://pasteit.com/16958

Epson Brasil, Canon Nepal, FUJIFILM and Nikon Asia website Hacked by Mx. from INTRA

A Hacker known as Mx. from Team INTRA hacked four high profile sites and exposed the database details in pastebin.

The website belong to Nikon Imaging Asia Pacific(Nikon Imaging Asia Pacific), FUJIFILM Portugal(www.fujifilm.pt/),Epson Brasil(www.epson.com.br/) and Canon Nepal(canon-nepal.com) has been hacked by Team INTRA.

Pastebin leak:
http://pastebin.com/L4wnPh6s
http://pastebin.com/py8491V5
http://pastebin.com/s4Eq97tq
http://pastebin.com/m40WuHqF

Hacker exploited the SQL injection vulnerability in the websites and managed to extract the database.  The dump contains the username ,passwords of the hacked websites.

Garmin Southern Africa & Sharp Malaysia Hacked by Mx. from Team INTRA

A hacker known as Mx., from Team INTRA hacked into a high profile website Garmin Southern Africa (garmin.co.za). GARMIN, the world leader in Global Positioning System (GPS) technology and an innovator in consumer lifestyle electronics.
 
Hacker dumped the database detail in pastebin.  The leak contains the login info(username, encrypted password).  Also, the leak contains User Id, name, email and other details.


Also he hacked into Sharp Malaysia and leaked the database information in pastebin.


Team INTRA hacked MTV.com.au and Toshiba Subdomain


Team INTRA, one of the infamous hacker group, hacked MTV.com.au website and exposed database in pastebin. MTV Australia is 24 hour general entertainment channel specialising in music and youth culture programming which serves Australia.

The dump of the database contains username and password of admin and other users.  Unfortunately, passwords are in plain text.  Also, The password are very simple to guess.

Hackers also provide a vulnerable link of the mtv.com.au website.  The subdomain gallery.mtv.com.au is vulnerable to SQL Injection attack.

Pastebin link:
http://pastebin.com/CpaAUuXN

Update
Hackers also discovered SQL injection vulnerability in one of subdomain of Toshiba and exploited the vulnerability.  They dump the database details in pastebin. The dump has the username and passwords in plain text.

Philips website has been hacked by Bch195 and HaxOr

Hackers Bch195 and HaxOr ,Team INTRA, hacked into Philips website and defaced one of the sub domain of Philips. Sub domain www.microsites.philips.com is defaced by hackers.

Philips is a Dutch multinational electronics company headquartered in Amsterdam. It was founded in Eindhoven in 1891 by Gerard Philips and his father Frederik. It had revenues of €25.42 billion in 2010.

Hackers exposed the details of the database belong to the philips websites in privatepaste website. They posted the private paste links(3 links) in pastebin with secure id for the paste.

The leak contains personal information ,including name, address, phone number and email id. From the screenshot of shell which is provided by hacker, It clears that hackers has access to other sub domain also.



Pastebin link:
http://pastebin.com/BDbrcx8b

Two XSS Vulnerabilities found in NASA websites by Team INTRA


The well known Hacker group "Team INTRA" discovered two XSS Vulnerabilities in NASA websites.  The vulnerabilities found in sub domain of nasa.gov , LANCE - Land Atmosphere Near real-time Capability for EOS(lance.nasa.gov) and EOSDIS - Earth Data Website (earthdata.nasa.gov) .

Vulnerability Details:
Type: Reflected-XSS

Target: nasa.gov
Author: Team Intra
Vulnerable link:
  • http://lance.nasa.gov/?s=<script>alert("HaxOr///INTRA");</script>
  • http://earthdata.nasa.gov/search?term=<script>alert("HaxOr///INTRA");</script>&site[1]=1&form_id=search-earthdata

Hacker said this is tribute to TinKode. Tinkode is one of famous hacker who Vulnerabilities in Government sites including NASA websites and exposed it. Few days back, Romanian authorities arrested a suspect as Tinkode.

Pakistani Mobile Site Hacked by zer0Freak & VipVince :Team INTRA

A mobile site from Pakistan has been hacked by two web hackers, zer0Freak
and VipVince, revealing almost 30,000+ personal phone numbers and countless
personal messages from almost 27,000 users.
The website had 7000 users active everyday constantly sending SMS and
socializing causing a 16000+ visits per day
The admin panel of the website recently had 3000 un-confirmed SMS and the
administrator was to have had 10000+ contacts in his list.
VipVince and zer0Freak didn’t put too much effort into hackingthe site, in
fact, it took them less than 10 min to bypass and extract the databases
Website was * http://www.smsfree.pk * < http://www.smsfree.pk >
*Vulnerability Status:*
- Type: Union Based WAF Bypassing SQL Injection
- Website: www.smsfree.pk
- Status: Unfixed
- Researcher: VipVince & zer0Freak

*Shoutouts:*
*Team Intra, Zer0Lulz*
*Submitted by:*
*Zer0Freak ( http://www.zerofreak.blogspot.com )
CodeName: z3r0fr34k
VipVince ( Team Intra)
CodeName: VipVince*

22k Youtube Related Accounts Hacked by "Dan" from Team Intra


EazySubs, known for it's "sub4sub" service offering youtube users to gain subscribers has been hacked by security researcher "Dan" from Team Intra.

Eazysubs has more than 22k active members, and most of which have linked to a youtube account, twitter account or facebook account.

The hacker who also goes by the name "Dan" has made a small leak, proving that he does have access to the accounts. This can be found at - http://pastebin.com/pBJD90UN

The leak contains username and encrypted passwords.


Dan has contacted the owner of eazysubs, and claims that the vulnerability stood within simple remote SQL Injection. The owner has not responded.
 He also claims to have access to the userlist of sites - http://socialjumbo.com , containing 6000+ users, with linked facebook/twitters. and http://socialclump.com with more linked facebook and twitters.

Persistent XSS vulnerability in iPetitions site discovered by Team INTRA


Team INTRA discovered the XSS vulnerability in iPetitions website.  Unfortunately it is Persistent type, permanent storage of malicious script. iPetitions Provides free petition creation and database tools. Petitions can be hosted for free at iPetitions, or the tools can be easily integrated with an existing site.

Vulnerability Information:
  • Type: XSS(Persistent)
  • Alert: Critical
  • site:http://www.ipetitions.com
  • Demo: http://www.ipetitions.com/petition/danuk/
  • Status : Unfixed

Also they discovered the XSS vulnerability in CyberGhost VPN site.

XSS Vulnerability found in CyberGhost VPN by Team INTRA

Team INTRA found XSS vulnerability in CyberGhost website.  CyberGhost is one of famous VPN that provides complete privacy when surfing, downloading, and sharing files on the Internet.

Vulnerability Status:
  • Type: XSS
  • website:cyberghostvpn.com
  • Status: Fixed
  • Researcher: Team Intra

Proof of XSS:





Here you can check more news about Team INTRA:
Team INTRA

LG Australia website Hacked and Defaced by INTRA Team


A famous electronics firm LG's Australia website is hacked by INTRA Team.   They defaced the website.

Hacked Site:-
www.lge.com.au
Mirror Link:-
http://www.zone-h.org/mirror/id/15669350

Hackers Message:
It seems as though your website has been hacked.

How did we get past your security?

What security? ;)
The LGE site was taken off the air mid-afternoon Sydney time. They recovered it back and redirect it to www.lg.com/au

It looks they defaced the website using the common Web application vulnerability SQL Injection.

LG said it was alerted to the hack on Friday morning and immediately suspended the site "until the incident is fully investigated". It said the attack only affected lge.com.au, not lg.com.au, which had replaced the former as the "local primary hosting solution" a number of years ago.

You can check the past hacks of INTRA team here:
INTRA Team

UMH University(umons.ac.be) Hacked by TEAM iNTRA

Universiti de Mons-hainaut , Publications of Computer Science Institute hacked by Team INTRA.

Hacker's Message:
"I did not find the vulnerability on this site, gratz to .sfx who did though!

Just thought I'd put our name here again to increase the chances of you noticing this.


Exploited by Team Intra, via SQL Injection. Fix this, before someone more malicious comes along and decides to delete all your publications. 

Decrypted passwords:
.....
.....
.....(for security reasons we haven't publish the passwords here).
You are meant to be researchers of computer science, yet some of you can't even make a unique password? "

Hacked Website:
http://informatique.umons.ac.be/publications/index.php?page=paper_info&ID=303

XSS Vulnerability in US Department of Health Human Services website

An INTRA team member ,Jackeh discovered Non-Persistant XSS (Cross-Site Scripting) vulnerability in the Disaster Information Management Research Center.

Vulnerability Details:
Type: XSS(Non-Persistent)
Targer Url: phpreparedness.nlm.nih.gov
vulnerable Link: here

Adobe Labs vulnerable to XSS(Cross site Scripting) ,found by @codeinesec



Hacker named as codeine(INTRA Team member) discovered the XSS(Cross Site Scripting) vulnerability in Adobe Labs.  This XSS vulnerability may result in Cookie stealing.  So Adobe must fix this.

 Vulnerability:
 http://labs.adobe.com/technologies/spry/samples/rating/SpryRating.php?spry_dynamic=<script>alert(String.fromCharCode(67, 111, 100, 101, 105, 110, 101, 88, 115, 115))</script>

Yesterday  hacker named as sony discovered the Xss vulnerability(persistent) Adobe Profile.