Major Companies Vulnerable to Heartbleed

SUBMITTED BY: Guest

DATE: April 21, 2014, 2:36 p.m.

FORMAT: Text only

SIZE: 775 Bytes

Raw Download

HITS: 937

Report
  1. Title: Juniper SSL VPN Openssl HeartBleed Vulnerability Dork
  2. Author of Exploit: @surivaton
  3. Contact information(I only use twitter): @surivaton
  4. Vulnerable Software: www.juniper.net
  5. Google Dork: inurl:"/dana-na/auth/
  6. Vulnerable Sites:
  7. http://extranet.uphs.upenn.edu
  8. http://vpn.stlouiscountymn.gov
  9. http://vpn1.broadcastaustralia.com.au
  10. http://remote.compumenn.com.au
  11. http://rna.n.nsa.nexus.telstra.com.au
  14. Usage:
  15. Search google with: inurl:"/dana-na/auth/
  16. Check each site with heartbleed openssl exploit.
  17. Dump the vulnerable sites for a few hours.
  18. Search through the files for USER and PASS.
  19. The username and password should be stored in plain text.
  20. Go to there login page: site.com/dana-na/auth/
  21. Login with details.
comments powered by Disqus