Gelvora data breach and your personal data

Working as a part of Digital Security Alliance, we came across vulnerability affecting Gelvora SIA owned system infodebt.lv. This system potentially contains financial data about most of the citizens of Latvia. Based on the domain registration information provided in WHOIS records, system has been active since year 2013. The vulnerability allowed unauthorized access to the database, with which, all of the database records can be retrieved. From the information available on Gelvora.lv about infodebt.lv: “The advantages of the database: it is one of the largest debt history databases in Latvia;”. Based on this it’s safe to assume that the database contains information for

Continue Reading

“Freelancer Office” by gitbench privilege escalation vulnerability

Working together with Digital Security Alliance, filling a request to do penetration testing through clients infrastructure, we found privilege escalation vulnerability in “Freelancer Office” by gitbench. The exploit affects all versions above 1.7 (including current release) and can be done in less than 2 minutes, with browser as the only required tool. Simple Google Dork due to scripts copyright allowed us to find hundreds of vulnerable targets within seconds. All of the targets confirmed that the issue indeed isn’t a false positive. Informing both the author gitbench (via wm@gitbench.com – William Mandai) and distributor Envato, CodeCanyon (via their support channel) is without

Continue Reading

“Hacking” into MacBook Pro to Recover files

It’s quite often to receive requests for fixing and reinstalling computers from private clients which I’ll decline almost every time. This case was different, as the task was actually interesting. Clients problem was having blue screen right after the booting of the Mac: Meaning it’s impossible to access any files on the computer, without removing hard drive (and thus, voiding warranty). I had done several tests before with Windows to access filesystem without any kind of authentication requirements, had never tried that on OS X… yet. So, lets begin with the setup: 16 GB Kingston Flash An Image (ISO) of

Continue Reading