[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <AANLkTikTIl3RKcE-hDOeYjAYDqnVkKtEU1Fa8DjALSjl@mail.gmail.com>
Date: Sat, 17 Jul 2010 17:17:08 +0530
From: Shreyas Zare <shreyas@...fence.com>
To: Sandeep Sengupta <sandeep.sengupta@...il.com>,
Full-Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Two biggest Indian University Websites are
vulnerable
Hi,
Considering the fact you didn't inform the concern authority at both
the universities (before disclosing publicly), are you not breaking
Indian IT Act by doing such type of public disclosure [1]? IANAL but
if you (someone else on list) have something to say about this point
it would be cool.
[1] IT Act 2000, Chapter 9, 43 (G) (
http://www.cybercellmumbai.com/cyber-laws/chapter-9 )
Regards
Shreyas Zare
Sr. Information Security Researcher
Secfence Technologies
www.secfence.com
On Sat, Jul 17, 2010 at 3:01 PM, Sandeep Sengupta
<sandeep.sengupta@...il.com> wrote:
> Topic:
>
> a) Sikkim Manipal University portal is vulnerable to SQL Injection attack.
> b) Calcutta University website is spreading malware via iframe code
> insertion.
>
> Details:
>
> a) About the university: Sikkim Manipal is one of the largest private
> University in India. The Institute attracts students from all over the
> country, with over 1700 students enrolled in the various engineering
> disciplines. 102 full-time faculties are employed.
>
> Type of problem: SQL Injection
>
> Vulnerable Portal: http://portal.smude.edu.in/
>
> User Name: sanjay
> [any name will work]
> Password: ' OR ''='
> Choose "Center Login" radio button
> Press SUBMIT.
>
> Screenshot: http://www.isolutionindia.com/isolutionindia/disclosure/SM.JPG
>
> Effect: You have access to the main admin panel. Option to download & print
> ALL student records, contact information, admit cards for upcoming
> examinations, assignments, results, etc. Option to change password.
>
> Credit: Pradip Sharma, Surajit Biswas, Sandeep Sengupta; Cyber Security
> Research Analysts, iSolution Software Systems Pvt. Ltd.,
> www.isolutionindia.com
>
> b) Calcutta University is the oldest existing University in Indian
> Subcontinent. Founded 1857, it is ranked 39th in the world.
>
> Vulnerability: The main page is spreading virus. www.caluniv.ac.in
> It has iframe code injection & pulling virus from the Russian site
> pantscow.ru
> Hundreds will be infected while checking for results on the website.
>
> Screenshot: http://www.isolutionindia.com/isolutionindia/disclosure/CU.JPG
>
> Credit: Arnab Kanti Choudhury, Sandeep Sengupta; Cyber Security Research
> Analysts, iSolution Software Systems Pvt. Ltd., www.isolutionindia.com
>
> Disclaimer: The above information has been published with intention that the
> concerned authorities will take notice & amend the bugs. People are
> requested not to use the above information for illegal actions. We take no
> responsibility of the consequences.
>
> Thanks.
>
> Cyber Security Research Team
> iSolution Software Systems Pvt. Ltd.
> www.isolutionindia.com
> Mob: +91 9830310550
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists