Tuesday 27 October 2009

IOE, Pulchowk website SQLi vulnerability


IOE.edu.np SQLi vulnerability:

Site: www.ioe.edu.np
Risk: Low[I just did it quickly and seems there's no critical data in the site]
Notified: NO
/*Action from Admin: N/A*/
Vulnerable file: You should figure it out easily
Exploit: The php script do not validate the inputs from user which can be used to compromise the database.
Solution: sam207 has written an article on it.

Just added this one to show how our security is? We don't care or we don't know how to...
Thank you.
Posted by at
Labels: , ,

4 comments:

  1. T3h Ma5t3r6 November 2009 at 22:29

    lau maryo pulchowk ko site pani yesto vulnerable...

    ReplyDelete
  2. Anonymous25 December 2009 at 20:04

    didn't understand what you mean in the screenshot

    ReplyDelete
  3. Cool Samar29 December 2009 at 19:53

    the screenshot consists of the username: password extracted from the website...

    ReplyDelete
  4. Unknown28 March 2013 at 21:22

    still exists ??

    ReplyDelete

Subscribe to: Post Comments (Atom)