The hackers have leaked usernames and passwords after exploiting an LFI vulnerability
NullCrew hackers have targeted another major telecoms company, namely Comcast. The group claims to have hacked into the organization’s systems after exploiting a local file inclusion (LFI) vulnerability in a mail server.“Hello there beautiful people of the internet, once again; we here at NullCrew have some fun information for you. This time, our target is Comcast, yet another internet service provider who proclaims to be a secured one; shall we test these claims as well?” the hackers said.
First, the hackers obtained a list of Comcast mail servers running Zimbra, an email server and web client software. On these servers NullCrew identified the LFI flaw.
By leveraging the LFI vulnerability, which in general can be exploited for information disclosure and arbitrary code execution, the hackers appear to have gained access to usernames, passwords and other information.
I’ve reached out to Comcast to see if they can comment on the incident. It’s worth noting that NullCrew hackers tagged Comcast in a tweet just before leaking the data, and even told one representative who responded to fix the vulnerabilities in the mail servers.