Vulnerabilities netbilling.com

Somehow browsing Forum www.xakep.ru, I met the announcement of hacking websites to order, and it seemed like a man offered good money. I have written off with him, and got a list of three sites, one of which was listed netbilling.com. He stood on the Apache 1.3.26, than favorably with the other two, who also stood on the Apache, but version 1.3.27.
Proskanil XSpider I did, and saw not a fun picture, open standard ports on the server can be a leak in the shared memory 'scoreboard', but since I'm not a local user, it was me and not have to. True, there were open to view directories:
/ merchant /
/ files /
/ images /
/ info /
/ mrtg /
/ scripts /
But in these directories as there was not something particularly valuable.
There was also a couple of bugs with the setting:
http://netbilling.com:80/admin/credit_card_info.php - credit card was not here,
http://netbilling.com:80/phpmyadmin/tbl_create.php - it was interesting, it was possible to view information about registered in MySQL Users (1) and their rights (2) for:
http://netbilling.com/phpmyadmin/user_details.php

and the list of MySQL databases with statistics:
http://netbilling.com/phpmyadmin/db_stats.php.

But these were trifles, because config.inc.php was not available for viewing, and also the entrance to unauthorized addresses on MySQL has been banned.
The truth is there was another bug with setting:
http://netbilling.com:80/cgi-bin/printenv - about which Xspider issued "may be useful information." But unlike standard page the printenv, which sometimes can be, and often useful information aka server version of your the ip, etc, this time appeared Apache module update the page with the input window Module to update:

And in this window (actually at that time the idea that the page itself resembles cmdasp.asp script), I type in ls /, and see the listing for the root. Well, after that started the journey for the directories - ls / www / etc

Sites there hung abound. Half of them were pornushnyh, so slowly I got to the Membury passwords and administrators, especially as the cat command worked without problems - cat / www / hornybitches / passwords / htpasswd2 ;-).

Download all this yourself on the screw, I decided to look for a place and the location of the credit card.
In one of the directories netbillinga 1020048073633.dmp I found the file, when you open it, and I saw the magic symbols zabugornoy respectable life. But the file was big, and when you open IE in a moment frozen. I had to reboot the system and return to the page. Then I decided to copy the file into one of the web directories, and it too worked:
cp / www / netbilling / I do not remember what directory / 1020048073633.dmp
/www/netbilling/htdocs/files/1020048073633.dmp
where he still lies ;-).
For those who do not understand - http://netbilling.com:80/files/. Take the file ;-) This is my gift.
Wait, read to the end of the base even have time to download, there I still broke and compuserve.zip file there to fig soaps CompuServe users.
Inspired by their victory, I immediately wrote to the customer, where you can pick up a base, and threw a message to http://www.void.ru/. The next morning, I decided that I was not in vain zadefeysil all these sites and decided that now is the time. But it was not there. We must pay tribute to the guys from http://www.void.ru/, information about the hole already hanging on their website. And whether the admin netbillinga amazed handling traffic to that page, or someone from the unconscious "comrades" wrote to him about the unfortunate hole, but it was already covered. The page was removed. Anyway, defaces more - less defaces, not the happiness.
Well, the hell that I ordered the site, so I did not pay, Kidal turned, started to cry that soap there say wrong, and few of them there (230 meters lyricist! In the zip file), then sent another list of a dozen sites and disappeared. In general, the guys to turn to people with soap [email protected] know - scam.
Well, everyone a happy hacking.

Your bug Durito.
_________________
EAT THE RICH!