Republic Media Data POC (Huge Hacking) Republic Bharat & Republic TV Both.

Hello, My name is Chirag Artani and before I have shared here post about how I hacked Au optronics & also I got small reward from them. Today I am sharing about India’s top rated digital media network in Hindi & English, main database hacking POC (Proof Of Concept).

Well the first question in everyone mind comes: Why not you are submitting this report and vulnerability directly to Republic media? So the answer is — Yet I have sent them 8 emails, messages also did tweet, but they are not aware about it so what I can do is to make vulnerability public without sharing any data so might be then Republic Media will take action about this.

I am independent pen tester, I'm finding bugs and vulnerabilities and submitting reports to companies and for submitting vulnerabilities I am taking reward which could be money, prize, hall of fame etc.

Step 1. First I did research about Republic world web server IP’s

What I found that the every thing was based at two IPs which is:

52.172.197.48, 64.185.181.238

Now when a huge website are based at two IPs it means one IP is using for front end and other is using for back-end so yes backend includes database now that would be direct PHP, JS, Python files or Databases like: MySQL, MongoDB, PostgreSQL etc.

Step 2. I did research about subdomains of Republicworld.com

We can’t find vulnerability directly on the website example: republicworld.com, We have to look at Subdomains example: test.repulicworld.com, Directories or say paths example: republicworld.com/test. So I researched at all of Republic’s subdomains using Sublist3r, This is open-source tool for enumerating subdomains for any website.

So I found 44 subdomains as you can see in the screenshot. Now not all of them are working so for finding status about page in the bulk I used: https://httpstatus.io/ (awesome website).

What I saw out of 44. 12–15 are working so after that I did research on them only instead of wasting time on others.

Step 3. I found a subdomain with path along with parameter.

Now when I saw a subdomain with parameter suddenly I felt yes I can do more research. I can’t mention that exact subdomain and path with parameter because still there is vulnerability. So which vulnerability is there? I found SQL Injection which is the most critical vulnerability for any website, server because it includes database.

The subdomain, path and parameter which I found. It includes overall database of website. There are two networks first is Hindi network called Republic Bharat and second one is Republic TV which is English Channel both of editor is my favorite journalist called Arnab Goswami. So in this database both are available their subscribers, admins, users, shows, number, name, emails and everything. Will demonstrate with sharing that below:

Type: boolean-based blind
Title: AND boolean-based blind — WHERE or HAVING clause
Payload: ******** AND 7477=7477

Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: ***** AND (SELECT 4732 FROM (SELECT(SLEEP(5)))HLvv)

Main payload which actually worked here: Type — Union Query

UNION ALL SELECT CONCAT(0x717a6a7671,0x6c7a50765747694e644e574745554f6a435154597164576b7251636e4941624466776b57634f4c46,0x717a716b71)# — -

I found three databases:

available databases [3]:
[*] information_schema
[*] *************
[*] *******

I am very sorry for not sharing exact path, subdomain and parameter otherwise other pen tester will steal and leak their data. I don’t to become part of it. My aim is very simple I will provide details directly to republic media about exact vulnerability also how to fix it and will take reward.

Here is the main thing instead of writing much I’m sharing everything.

I have found around 64 tables, Here are some:

| gro*** |
| admin_***_** |
| cate***es |
| admins |
| bharat_*** |
| bharat_**** |
| bharat_***_****l |
| card_*** |
| comm****_******tions |
| ****urations |

I am not sharing name of all exact table otherwise that’s kind of data leak. Here you can see a word Bharat which includes database of Republic Bharat.

Now let’s come at any table’s columns and data:

Here you can see columns now these columns include real data which is expensive thing for any website/network.

Ok so now showing you emails with hiding main structure:

These are the main people who can operate the whole server, I have everything as I said their passwords too.

Note: I am not sharing anyone’s full data. I am sharing here everything with hiding full identity etc.

So if anyone from Republic media or Republic Bharat reading this post kindly contact me. Last time I submitted them a XSS they fixed that without even thanking me, It hurts me a lot. But this time everything is different and its huge data, As I see there are over 200K subscribers (Emails) and many things, so I believe you will give me reward.

If you want to donate for my research and study please send me via PayPal: sachinartani@yahoo.in or you want to learn penetration testing (paid task) you can comment here.

Thank You!

Regards

Chirag Artani