French safety researcher Robert Baptiste who goes past times Elliot Anderson on Twitter has been revealing cybersecurity flaws inwards the Indian scene for a spell now. This time, he has reported a vulnerability on the Republic of Republic of India Post server that allows remote code execution.
Baptiste has inwards fact reported this flaw inwards house of an Indian researcher who chose to rest anonymous because of legal implications inwards confront of Indian law.
The subdomain of Republic of Republic of India Post — digitization.indiapost.gov.in — was vulnerable to an Apache vulnerability i.e. CVE 2017-5638. It meant that the assailant would hold out able to run code on Republic of Republic of India Post server, every bit shown below:
The flaws led to exposed depository fiscal establishment details of employees every bit good every bit databases of sensitive information. He posted several screenshots of the files he was able to access past times exploiting the flaw.
He likewise revealed that he was non the rootage someone to exploit these flaws too posted screenshots that exhibit activeness from close a yr agone on 14th April, 2017.
The vulnerability has since been fixed, leading to Elliot Anderson tweeting out the details of this recent hack.
Baptiste has inwards fact reported this flaw inwards house of an Indian researcher who chose to rest anonymous because of legal implications inwards confront of Indian law.
The subdomain of Republic of Republic of India Post — digitization.indiapost.gov.in — was vulnerable to an Apache vulnerability i.e. CVE 2017-5638. It meant that the assailant would hold out able to run code on Republic of Republic of India Post server, every bit shown below:
The flaws led to exposed depository fiscal establishment details of employees every bit good every bit databases of sensitive information. He posted several screenshots of the files he was able to access past times exploiting the flaw.
This server incorporate a lot of interesting files: Contract_Data2018-03-05.xls, Customer Advance Balance2018-03-05.xls, CustomerBookings2018-03-05.xls, OfficeSpecificData2018-03-05.xls, Bank Master2018-03-05.xls, ...https://t.co/EH0846azge— Elliot Alderson (@fs0c131y) March 11, 2018
He likewise revealed that he was non the rootage someone to exploit these flaws too posted screenshots that exhibit activeness from close a yr agone on 14th April, 2017.
For the record, I was non the 1st. Someone created three files on 13-04-2017 inwards lodge to exploit the vulnerability. pic.twitter.com/lgiIjePnHB— Elliot Alderson (@fs0c131y) March 11, 2018
The vulnerability has since been fixed, leading to Elliot Anderson tweeting out the details of this recent hack.
As the termination is at in 1 trial fixed, I tin dismiss bring out the details of the @IndiaPostOffice vulnerability.— Elliot Alderson (@fs0c131y) March 11, 2018