| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20110120061825.CF878BD0EA6@emkei.cz> Date: Thu, 20 Jan 2011 07:18:25 +0100 (CET) From: "Rakesh Nagekar" <nagekar.rakesh@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: vsworld.com - SQL Injection Vulnerability Good to know that isolution members find the vulnerabilities in most of the websites.Great India. But sorry to say that their own websites related to http://www.isolutionindia.com/ are more vulnerable. can you please check it once. Regards, Rakesh... ---------- Forwarded message ---------- From: Rakesh Nagekar <nagekar.rakesh@...il.com> Date: Wed, Jan 19, 2011 at 5:04 PM Subject: vsworld.com - SQL Injection Vulnerability To: full-disclosure@...ts.grok.org.uk vsworld - SQL Injection Vulnerability http://www.thehackerslibrary.com/?p=979 Profile: Developing solutions for areas as diverse as technology, trading, power, travel, education and retail. In addition, regularly called upon to cater to the requirements of prestigious Government Bodies. Various prestigious clients are in Client list. Vendor URL:http://www.vsworld.com/index.php Vulnerability Type : SQL Injection Vulnerable URL: http://www.vsworld.com/index.php/en/admin-login.html & http://www.vsworld.com/index.php =>VSM Login User Name: NIL Password: ' or '1'='1 Now, login to the Control Panel. Effect: You have access to the main admin panel. Option to View, delete & update all client records, contact information, Email ids etc. All employees personal information Contact no, address mail ids etc, theire login credentials passwords are visible. Name: Venkatesh ID: venky Pwd: ---- Name: sangeeta ID: sangeeta Pwd: -------- Name: Ramkishan ID: VSMlHN23 Pwd : ------- Name: Vikas ID: vsm_vik1 Pwd: ------- Name: Vijay ID: vsm_vij Pwd: ------------ Name: X_Harish ID: vsm_hari Pwd: -------------- and more....... passwords are not mentioned here for security reasons. As the vulnerability is of most common type, notified to the vendor and he has applied a fix. Credit: Pradip Sharma, Sandeep Sengupta Cyber Security Research Analysts, iSolution Software Systems Pvt. Ltd. www.isolutionindia.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists