Tuesday, 27 October 2009

IOE, Pulchowk website SQLi vulnerability

IOE.edu.np SQLi vulnerability:

Site: www.ioe.edu.np
Risk: Low[I just did it quickly and seems there's no critical data in the site]
Notified: NO
/*Action from Admin: N/A*/
Vulnerable file: You should figure it out easily
Exploit: The php script do not validate the inputs from user which can be used to compromise the database.
Solution: sam207 has written an article on it.

Just added this one to show how our security is? We don't care or we don't know how to...
Thank you.


  1. lau maryo pulchowk ko site pani yesto vulnerable...

  2. didn't understand what you mean in the screenshot

  3. the screenshot consists of the username: password extracted from the website...