lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 17 Jul 2010 15:01:38 +0530
From: Sandeep Sengupta <sandeep.sengupta@...il.com>
To: sandeep.sengupta@...il.com
Subject: Two biggest Indian University Websites are
	vulnerable

Topic:

a) Sikkim Manipal University portal is vulnerable to SQL Injection attack.
b) Calcutta University website is spreading malware via iframe code
insertion.

Details:

a) About the university: Sikkim Manipal is one of the largest private
University in India. The Institute attracts students from all over the
country, with over 1700 students enrolled in the various engineering
disciplines. 102 full-time faculties are employed.

Type of problem: SQL Injection

Vulnerable Portal: http://portal.smude.edu.in/

User Name: *sanjay*
[any name will work]
Password: *' OR ''='
*Choose "*Center Login*" radio button
Press SUBMIT.

Screenshot: http://www.isolutionindia.com/isolutionindia/disclosure/SM.JPG

Effect: You have access to the main admin panel. Option to download & print
ALL student records, contact information, admit cards for upcoming
examinations, assignments, results, etc. Option to change password.

Credit: Pradip Sharma, Surajit Biswas, Sandeep Sengupta; Cyber Security
Research Analysts, iSolution Software Systems Pvt. Ltd.,
www.isolutionindia.com

b) Calcutta University is the oldest existing University in Indian
Subcontinent. Founded 1857, it is ranked 39th in the world.

Vulnerability: The main page is spreading virus. www.caluniv.ac.in
It has iframe code injection & pulling virus from the Russian site
pantscow.ru
Hundreds will be infected while checking for results on the website.

Screenshot: http://www.isolutionindia.com/isolutionindia/disclosure/CU.JPG

Credit: Arnab Kanti Choudhury, Sandeep Sengupta; Cyber Security Research
Analysts, iSolution Software Systems Pvt. Ltd., www.isolutionindia.com

Disclaimer: The above information has been published with intention that the
concerned authorities will take notice & amend the bugs. People are
requested not to use the above information for illegal actions. We take no
responsibility of the consequences.

Thanks.

Cyber Security Research Team
iSolution Software Systems Pvt. Ltd.
www.isolutionindia.com*
Mob: +91 9830310550
*

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ