Hello, world.
Major Airlines are affected by a major exploit. Among those affected include:
American Airlines
United Airlines
Vietnam Airlines
Sabre Airlines
Here's what I have access to:
=>Internal Access to both airports.
=>Booking Flights, Ticketing Info, Hotel Booking, etc.
=>Card Swaps.
=>Employee Info, etc
=>Flight Info, Passenger info, etc.
=>Multiple vulnerabilities among the software they're running.
The vulnerability was simple. Amongst those vulnerable, all were exploited. How did I do this? Simple:
=> We found an exploit which enabled the right for us to download all the attachments on the site.
=> Amongst the things we found was an Application system used for the Airports.
=> We tested the software for vulnerabilities.
=> Pew! We got past the Employee-Log in.
Furthermore, the piece of software was mildly outdated. I setup a file to pull any file it can get to. I got some coffee and came back. It pulled tons of information. I found this important to an extent as nobody else has ever been there.
I couldn't do much in the beginning as everything was local. I then got access to a configuration system which mildly accepted the file type, ".properties" - I found around four files pertaining to it, these being: editor.properties, pm.properties, qik.properties, and taconfig.properties. I had the ability to switch the key system from !local to !remote. Meaning, I could have logged card swaps, passenger info, and much, much more.
Insight:
Protocol: DNS
=> hsspconfig.sabre.com
=> ACCESS.SABRE.COM
=======================
! 151.193.141.254:54483
! American Airlines (h00lyshit)
! taconfig.key = XSTBCKA001
=======================
Host Name - sabre:hssup:uii_host
Line IATA: 000000
Pool Name: VNOCCNBA
=======================
This will be getting reported to all major airlines very soon.
I'm just addressing the public first so they know what happened.
