[Owasp-singapore] Insecurity of AXA SG websites

Wong Onn Chee ocwong at usa.net
Mon Nov 15 09:31:23 EST 2010


Hi folks,

Just want to share with all of you something I found on 27 Oct (which I
had responsibly disclosed to the right parties on 27 Oct).

When I was surfing AXA websites for their insurance products on 27 Oct,
the following incidents were discovered:

*1) www.axalife.com.sg was deemed malicious*
Refer to "AXA Reported Attack Page.png" and "Google Safe Browsing
diagnostic page for axalife.com.sg.png"
Google Safebrowsing has blacklisted www.axalife.com.sg as a suspected
malicious site which may harm visitors' machines.
I have attached the diagnostic page for your reference.

Another attached file, StopBadware - axalife.com.sg.png, shows that the
www.axalife.com.sg was actually infected since 20 Oct!!

Is there any one you know whose system was compromised when they visited
www.axalife.com.sg between 20 Oct to 28 Oct?

I assuming none of you will be compromised since all of you are gurus. ;-)

*2) Unpatched www.axa.com.sg website*
Refer to "AXA Information Leakage.png" and "AXA Information Leakage - 2.png"

Obsolete URLS on AXA website, www.axa.com.sg, result in disclosure of
sensitive platform information.

>From these screen captures, any hacker can see that AXA is running on a
IIS server with "Microsoft .NET Framework Version:2.0.50727.4927;
ASP.NET Version:2.0.50727.4927"

According to this Wikipedia page,
https://secure.wikimedia.org/wikipedia/en/wiki/List_of_.NET_Framework_versions,
it seems like the www.axa.com.sg has not been patched since 22 Oct 2009.



So if you are a AXA customer, please exercise due care and diligence
when using their online portal

-- 

Best Regards
Onn Chee

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20101115/3c038585/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AXA Information Leakage - 2.png
Type: image/png
Size: 115581 bytes
Desc: not available
Url : https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20101115/3c038585/attachment-0005.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AXA Information Leakage.png
Type: image/png
Size: 115036 bytes
Desc: not available
Url : https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20101115/3c038585/attachment-0006.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Google Safe Browsing diagnostic page for	axalife.com.sg.png
Type: image/png
Size: 118993 bytes
Desc: not available
Url : https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20101115/3c038585/attachment-0007.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AXA Reported Attack Page.png
Type: image/png
Size: 72402 bytes
Desc: not available
Url : https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20101115/3c038585/attachment-0008.png 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: StopBadware - axalife.com.sg.png
Type: image/png
Size: 113299 bytes
Desc: not available
Url : https://lists.owasp.org/mailman/private/owasp-singapore/attachments/20101115/3c038585/attachment-0009.png 


More information about the Owasp-singapore mailing list