apo

ROL isn’t bothering me at all now I’ve got 4mb internet connection. Few months back I was checking www.wataniya.mv, I don’t know why but I started browsing all the pages they had. HTML and simple UI, nothing much to offer as we seen in Dhiraagu. Nothing to blame, as I’ve noticed these guys were more secure than Dhiraagu. Security isn’t much of a concern to Wataniya.

Simply I browsed the media page and then to pressroom archive. While I was Hovering each and every link the from 1st june 2008 onwards they had given direct links to the PDF files(the press releases). The days behind 28th may 2008 were given a PHP file “download_sis.php” and a variable SIS to download the PDF i.e “download_sis.php?sis=media/pressrelease-21may2008-talkchoice.pdf” and so on. This isn’t something huge but yes vulnerability is there to Wataniya. This file download_sis.php can be used to download any files in the server. Ok now you do have a question. Why the hell do I need to download some static HTML’s? According to my php knowledge this was indeed vulnerability in the site. A normal user can call for files in the server.

Alright let me tell you why this is not safe. “download_sis.php?sis=download_sis.php” got my point. PHP pages are server side scripts. If you try to save them there’s no way to get the original code thus you get the out from the server which is the HTML.

<?php
$filename = $_GET['sis'];
if( ! is_file($filename) || $filename[0] == ‘.’ || $filename[0] == ‘/’ )
die(”Bad access attempt.\n”);
$file = explode(’.', $filename);
//if($file[1] != ’sis’) die(’Could not download selected file.’);
header(”Pragma: public”);
header(”Expires: 0″);
header(”Cache-Control: must-revalidate, post-check=0, pre-check=0″);
header(”Content-Type: application/force-download”);
header(”Content-Type: application/octet-stream”);
header(”Content-Type: application/download”);
header(”Content-Disposition: attachment; filename=”.basename($filename).”;”);
header(”Content-Transfer-Encoding: binary”);
header(”Content-Length: “.filesize($filename));
readfile(”$filename”);
exit();
?>

That’s the code I’ve downloaded from the download_sis.php file. Basically it checks for whether the typed file exists or not. If the file exists it send the browser the request to download it, else it gives an error message saying “Bad access attempt”. Well the mistake here is they should have mentioned that only PDF files can be downloaded in the coding, as validation or other PHP validations could have been applied.

Still feels it’s not a security measure we can leave, well think again. Linux shadow password file is what you should be looking for “/etc/passwd” Just keep in mind if u get to that file you probably can do some damage.

You have probably got an image here. As I said I was browsing the whole site. I went to the Contact Us page. I tried submitting an enquiry. Filled all the fields they had and tried to send a prank one. As you all know sending an email requires server side support. So I tried submitting my “prank” message. The form was submitted to a file “mail.php”.

A php warning came along:

Warning: fsockopen(): php_hostconnect: connect failed in /var/www/html/wataniya/contactus/class.smtp.php on line 105

Warning: fsockopen(): unable to connect to 10.10.9.2:25 in /var/www/html/wataniya/contactus/class.smtp.php on line 105
Message could not be sent.
Mailer Error: Language string failed to load: connect_host

We can download the mail.php file too. But the important thing here is about the error. An error can give us lots of information. As we can see above, the structure of the site is clearly showed in the error.

As far as the mail php application is concerned, they have lots of SMTP information in those mail files.
Well after everything we have seen above, this is indeed a huge vulnerability for Wataniya and its online server. This should have been taken cared by the Wataniya administrators. Without the use of easy PHP validations they have come up with this exploit. Making it more easier for any one to get into their private data. A telecommunication company user information should be secured. So just think what if this server is connected to their main frame(just in case), what are the out puts of this whose gonna take responsible for just a simple validation they missed out. Am not an expert but figuring out this puzzle was what piece of cake. Yeah.

Drop me a line if you were able to do anything with my information given above. And one last thing am not even 18 I cant take any responsibilities don’t come and scratch my head with “cyber crime unit”. I’ve got better things to do than this. Please take a note that information given above is only ment to be used as educational purpose only.

UPDATE:
They have removed the file download_sis.php, now that was fast. -_-

I was checking out ROL website tonight, and found something really interesting. Something another ISP on earth wouldn’t provide you, best of all its all in Maldives… :). Believe me or not they got more in their FTP back yard… keke…

So let me come to the point. The most important thing I found tonight in its back yard is ROL provides Vista Crack. Being one of the internet service providers in Maldives, they are currently hosting a crack for the well known operating system Microsoft Windows Vista in its back yard. So whose taking responsible for this. Am sure TAM (Telecom Authority of Maldives) wont even care about these actions by these companies. And about ROL am not calling them or emailing them at least this time they wont ask me to disconnect my modem power cable and put it on again. Any how I get the same response from the geeks at ROL’s phone booth. So when can Maldivians have a genuine internet service provider. All I can see is Dhiraagu is bluffing their advertisements and ROL doing their backyard business. Perhaps ROL is turning out to be some warez geeks to host something like Vista Crack.

Thats not all. ROL site is full of holes more than you could expect from an ISP at least Dhiraagu has a secure site. But ROL ass is not clean at all. Any one with the knowledge of XSS can do many cool stuffs to ROL’s web site. Something like this (Maumoon One) ( Don’t laugh too much keke ).

Damn it was fun… haha and regarding vista crack I was laughing to death… Finally something to do after olevel’s. Well I got few words for Raajje Online and that is …

Clean up ur staffs
Stick up the notes
Clean out the holes

PS: Tell all your friends that ROL’s Vista Crack Really works keke … Click here to Download
Shame on you ROL

UPDATE:
They have removed the crack plus all the warez. Now thats called power of blogging…
Oh and I didn’t take a screen shot damn… but heres one from a friend ..

After one year running on beta “@live” accounts are available. First it was opened for USA & China in 7th of November. Now its available worldwide, but yet its not officially announced by Microsoft.

Live application such as Windows Live Desktop also has dropped from beta. With all new features such as Blogging and sharing pictures arent gonna change your mind for Gmail. But it can combine your Yahoo and Gmail. Yeh and it also includes posting pictures directly to Flickr. The features are not that bad, but could be improved or worsen. Apparently the online nature of Windows Live Mail is slow and no change has been brought to it yet. New features on Windows Live Mail are expected to be seen with the official launching of @live mail.

Guys its time to start with a fresh mail stop entering numbers before and after your mail, get your mail before some one takes it out ;). Feel fresh Live is out.

But how can I leave Gmail ;).

Click here to get You@Live.Com

Click here to get Windows Live Desktop

It seems Raaje Online (ROL) is going to introduce a new internet package named to be ROL MEGA PIPE. According to their ads in Haveeru Online it seems that finally ROL feels that their customers are unsatisfied.

“We will let you enjoy broadband internet the way it meant to be”

So the question arises whether it’s the best time to introduce the new package or is it just the competition against Dhiraagu. Dhiraagu has also introduced a new package but in limited terms as bandwidth is only 3 GB. Yeh we all know ROL doesn’t have bandwidth issues but yes the difference arises in speed and the services given by both of these companies. So my question is this the time? Well NO. Furthermore the quotes on the ads also indirectly tell us that they haven’t been giving good service to the users.

They have already fooled us the customers previously. After the submarine cable came we all thought the speed would make a difference. But no, a week after they have installed the upgrades the speed was like heaven for a normal customer like me. I’ve received around 60-80 kbps. And again they had failed to protect their promise and after few weeks the speed went down to 30 kbps. So this means finally the SUBMARINE CABLE drama is still on show.

Ok so what’s next? What’s with this new package mega pipe? Is it an upgrade for the 650/- package users or is it a new package where the price is double. I’ve also given a ring to them today to get more info but unfortunately was unable to get any info on the new package. So my question remains are they attempting to fool us again.

Oh yeh the ad is edited below \/