How I gained access to Sony’s database

Rahul R
Rahul R
Feb 6, 2018 · 2 min read

This was a bug that I found back in 2017. This started when a friend of mine (a.k.a 1337) showed me a T-Shirt that he got from Sony . So I thought why can’t I get one so I started doing Recon on the target Sony had a wide range of domains and Sub-domains. I spend 2 days looking for a bug on Sony's main domain and I got nothing

So went for the next thing Acquisitions Same result. So I thought I should do something else so started Dorking

site:*.sony.*

And I landed in sony.co.kr and found a sub-domain bpeng.sony.co.kr due to the difficulty in understanding Korean Language I didn’t knew any of the options in the page.

Then something interesting happened https://bpeng.sony.co.kr/handler/BPEtc-PageView?pagename=some page blah blah

so I changed the value of pagename to something else and boom it redirected to that page so lets try etc/passwd and nothing happened..

But Why..?

Because the server is Microsoft IIS you dummy

So as per my experience I never had a chance to Exploit an IIS server so lets search for resources and found that the site uses jsp and has something called a WEB-INF that contains the configuration

and PayLoadAllThings gave me the perfect payload

jsp/etc/../../WEB-INF/web.xml

https://bpeng.sony.co.kr/handler/BPEtc-PageView?pagename=jsp/etc/../../WEB-INF/web.xml

and i got this as in response

DB Configuration Files

Reported It to Sony and Listed my name in their HOF and a they gave me a T-shirt.

Stay Creative and Happy HACKING

InfoSec Write-ups

A collection of write-ups from the best hackers in the…

Rahul R

Written by

Rahul R

Security NOOB :)

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Rahul R

Written by

Rahul R

Security NOOB :)

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. In a nutshell, we are the largest InfoSec publication on Medium. Maintained by Hackrew

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store