Apple Vulnerabilities by Idahc(lebanese hacker)

This is a quick post about vulnerabilities exposed by a Lebanese hacker who goes by the handle Idhac.

Apple hacks

According to Idhac, there exist two vulnerabilities in apple.com

1: IFrame Injection (https://consultants.apple.com)

2: Blind SQL Injection (https://consultants-locator.apple.com/)

For those who are always wondering as to how these work and why did this vulnerability of Apple made it into our blogs, heres a small explanation of the same.

Blind SQL Injection

When an attacker executes SQL Injection attack, sometimes the server responds with error messages from the database server complaining that the SQL Query’s syntax is incorrect. Blind SQL injection is identical to normal SQL Injection except that when an attacker attempts to exploit an application, rather then getting a useful error message, they get a generic page specified by the developer instead. This makes exploiting a potential SQL Injection attack more difficult but not impossible. An attacker can still steal data by asking a series of True and False questions through SQL statements.

Here is an example of normal SQL Injection

Now, I think the larger picture is now more clearer.

IFrame Injection Attack

In simple words, the site in question, offers yet another frame in which another site is loaded . Now this external site can download a malware or can be a form a phishing attack but whatever is the payload of the IFrame its the user who pays dearly.

Malacious IFrames code can be a part of the inserted code on the vulnerable web-server or as in the case of Apple.com, this malacious IFrame code simply doesn’t exist on the server but is a part of modified URL. Due to which IFrame Injections of this (Apple.com) type are mostly used in launching a Phishing attack. But sometimes, due to poor administration, the web-server gets hacked and the hacker now has the access to source code and they can insert a hidden IFrame directly into the source of the website. Thus a user visiting this legit site will endup executing this IFrame without any knowledge.

IFrames are one of the entry points for Malwares and Driveby downloads.

How does a malacious IFrame Look like ? here is a screenshot of a visible IFrame, Invisible / hidden IFrames can be found only upon closer inspection of the code.

Sometimes I wonder, which of the two is a much greater evil –

A: IFrame Injection – which leads to drive-by downloads

or

B: SQL Injection which provides access to the database.

Share

Tweet

Share

Share

Share