[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Net SAPO flaws and vulnerabities
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Net SAPO flaws and vulnerabities
- From: Hacxx Under <hacxx20@xxxxxxxxx>
- Date: Wed, 5 Oct 2011 18:20:16 +0100
There is several flaws in the SAPO internet service in portugal that allow
certain tasks to be made.
. Unautorized internet access
. Obtain sapo username and password
. Obtain subscriber phone number
. Obtain name, address, tax number, etc
. Activate aditional sapo services
REMOTE ADMINISTRATION
. Target a specific device
. Block sites (antivirus for example)
. Read user info via DHCP (mac, pc name)
. DNS Hijack
. Open internet to anyone via fake WAN
Since i dedicate a few days on this one i will not disclose in detail
(software + technics used). More info via mail or phone.
Hacxx
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/