tag:blogger.com,1999:blog-8135211063584500909.post2537928247689762021..comments2023-10-02T15:18:02.659+05:30Comments on Lab of a Penetration Tester: Remote Code Execution on SkyMobile VTI ServerNikhil SamratAshok Mittalhttp://www.blogger.com/profile/02092541175521734123noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-8135211063584500909.post-3560242670006580782012-06-05T20:19:22.348+05:302012-06-05T20:19:22.348+05:30No this was not a demo version, this was a product...No this was not a demo version, this was a production system with default installation. <br /><br />As clear from your comment "The normal install is intentionally open", this is a case of insecure default installation (v22.00.04) as far as I understood the application.Nikhil SamratAshok Mittalhttps://www.blogger.com/profile/02092541175521734123noreply@blogger.comtag:blogger.com,1999:blog-8135211063584500909.post-81510666935600438132012-06-05T04:06:35.035+05:302012-06-05T04:06:35.035+05:30Thanks. Usually, access to the the web status page...Thanks. Usually, access to the the web status page is protected through identity management and all data and configurations are encrypted. You are obviously working off a development/demo version. The normal install is intentionally open with documentation on how to "harden" security for production systems. If this is a customer system, then you should report this and direct them to the SkyMobile help. Regards Sky support.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-8135211063584500909.post-6552346328834644132012-06-01T20:09:42.826+05:302012-06-01T20:09:42.826+05:30I tried to reach them but could not find any secur...I tried to reach them but could not find any security contact. I filled their contact form many times but (obviously) to no avail.Nikhil SamratAshok Mittalhttps://www.blogger.com/profile/02092541175521734123noreply@blogger.comtag:blogger.com,1999:blog-8135211063584500909.post-89813058655444205102012-06-01T20:02:48.572+05:302012-06-01T20:02:48.572+05:30Hi,
Did you report this to Sky Technology? Also, ...Hi,<br /><br />Did you report this to Sky Technology? Also, have you identified any other issues with other components of their solution?Adam Hirschhttps://www.blogger.com/profile/01718387911531608908noreply@blogger.com