Innocent comment regarding sensitive information disclosure…

27Sep/100

Innocent comment regarding sensitive information disclosure…

I don't know really how to comment it... This is what I found recently in my web server logs in the "Referrers" table:

http://10.10.1.1/login?user=0045f2&password=806361&popup=false
&dst=http://hcrservermirror.ecnex.com/hccrs/fitio/clogin.php?nasIp=10.10.1.1
&nasId=fitio&loginIp=10.10.1.1:80&vlan=bridge1&macAddress=00:21:6B:15:E3:70
&ipAddress=10.10.1.95&loginPort=&urlPostLogin=http://itsecuritylab.eu/index.php/2010/09/26/pentesting-privilege-escalation-in-web-applications/

So what can I find here? Oh God...

URL to the Network provider: http://hcrservermirror.ecnex.com/hccrs/fitio/clogin.php
Someone's internal IPs disclosure: 10.10.1.1, 10.10.1.95
Login IP and port: 10.10.1.1:80
MAC address: 00:21:6B:15:E3:70
Someone's credentials: user=0045f2, password=806361
NAS ID: fitio
VLAN name: bridge1

What else I already know (from geolocation info):

Connection from IP: 189.223.43.88.dsl.dyn.telnor.net
Country : Mexico
City : Tijuana

Definitely I will try to mess with this VLAN next time I will be in Tijuana! One thing is clear: if the next time I would get something like this - I should not be surprised at all... ;-)

...http://besure.bank.com/login?user=crazyUser&password=Tijuana12345&popup=false&account=1652635-1232-12312&lastTransaction=moneyTransf&targetAccount=123123-0000-0734&success=true&vlan=bridge1...

I think you are already big boys and girls, so think twice what sensitive information about you may leak out, in what weird and unusual way. Make conclusion by yourself and well... Beware! ;-)