Monday, July 2, 2012

SQL injection : CVV2 hashed in CMS hotel website

Hi, just find an easy vuln in hotel website for worldwide CVV2 :
This website used a CMS that is used by a lot of Hotel website
They have lot and lot of Hashed CC number !

The panel : 



The stats



Lot of cvv2


A cvv2 in pdf (with exp date, cvv2 code, cc hashed number)


Lot of other website, using the CMS are vulnerable !!! (MORE CVV !!)


If you know how to decrypt this HASH, you are rich
I have seen more than 10 000 Worldwide CVV in all CMS
They have not only US but lot of EU country too

If you have any comment :)

16 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. Thanks! CC = base64(MD5(CCnum)).

    ReplyDelete
  3. long time U do not post in blogspot. Are u busy ?

    ReplyDelete
  4. I think my blog is bad compared to krebsonsecurity and xylibox
    if you think contrary I will post again

    ReplyDelete
  5. i usualy visit blogspot to read news hacking. i think i will learn from they. Can u post again in your blog. Bookmark now.

    ReplyDelete
  6. Write me please!!! My icq 385176

    ReplyDelete
  7. Nice Posting! because there are a lot of informative postings so, thanks a lot for sharing the information. Ecommerce website Designing in Mumbai || Ecommerce Solution || Ecommerce Solution in Mumbai

    ReplyDelete
  8. Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is extremely helpful for me. Dynamic Website Designing || Dynamic website Designing in Mumbai || Ecommerce website Designing

    ReplyDelete
  9. Thanks for nice post. It is complicated to me now, but in typical, the efficiency and significance is annoying. Very much thanks again and best of luck! Thanks for sharing. Website Maintenance in Mumbai || Website Development || Website Development in Mumbai

    ReplyDelete
  10. Excellent post, I agree with you 100%! I’m always scouring the Internet for new information and learning whatever I can, and in doing so I sometimes leave comments on blogs. Web Designing || Web Designing in Mumbai || Website Maintenance

    ReplyDelete
  11. It was very useful for me. Keep sharing such ideas in the future as well. This was actually what I was looking for, and I am glad to came here! Thanks for sharing the such information with us. CMS Website Design || CMS Website Developer || CMS website development company

    ReplyDelete
  12. erol_viet pm me today

    ReplyDelete
  13. I like your effort for sharing such a descriptive blog with screenshots.
    Thanks for sharing useful insights
    Mumbai web designers | website maker in Mumbai | Mumbai website developers

    ReplyDelete