Saturday, 31 October 2009

Hitechacademy Security Disclosure

Hi there,

in this post, I am going to disclose the security issues of hitech academy which gives computer training to many students. Though it says its one of the best from Nepal, it knows nothing about security. So I thought to disclose them...



Learn some coding Hitech guys, the manager had told me in my interview that he has got some best paid programmers from Nepal and you(means I) can't compete with them, so sorry for this time.



From index.php:

if(isset($_GET['action']))

{

include("includes/".$_GET['action'].".php");

}



WTF? Don't you know how to validate variables. Sucks... Poor coding.



From DBConnection file:

<?php



$dbuser="hitechac_hitech";

$dbpassword="hitech";

$database="hitechac_hitech";



$host = "localhost";





$ado=new data($host,$dbuser,$dbpassword,$database);

?>



From one of the functions file:

function adminLogin($username, $password)

{

global $ado;

global $userGroups;



$sql = "SELECT u.* FROM users u, usergroups ug WHERE u.username = '$username' AND u.password = '$password'

AND u.userGroupId = ug.id AND ug.name = 'admin'";

$result = $ado->exec($sql);



if ($ado->count_row($result) > 0)

{

//login successful



$row = $ado->fetch_array($result);



$_SESSION['userId'] = $row['id'];

$_SESSION['userFullname'] = $row['fullname'];

$_SESSION['userUsername'] = $row['username'];

$_SESSION['userGroupId'] = $row['userGroupId'];



$gResult = $userGroups->getById($row['userGroupId']);

$gRow = $ado->fetch_array($gResult);



$_SESSION['userGroupPower'] = $gRow['power'];

$_SESSION['userGroupName'] = $gRow['name'];



return true;

}

//invalid login

return false;

}



WTF? Don't you know SQLi vuln is very bad.



Hitech email login PHP script snippet:



<?

session_start();

if (isset($_POST['Submit']))

{

if ($_POST['username'] == "hitechemail" && $_POST['password'] == "emailhitech")

{

$_SESSION['userId'] = "hitech";

header("Location: index.php");

exit();

}

}

?>


LOL... passes in normal form. Learn to use md5(), hitech.



To Hitech Academy, please make corrections in the following informations from your site(Do not hide the truth from your clients; just say how lame you are...):



HiTech Academy is an institution established with the aim of providing (non-)quality education and training in the field of Basic (and Advance; remove this) Computing, Computer Accounting, Hardware and Networking, (Add insecure) Computer Programming, Web Designing, Tele-communications, English Language and Personality Development and a host of other allied subjects. It also provides job placement services to its students as well as other job seekers.

No comments:

Post a Comment