Tuesday, 27 October 2009

Nepal Telecom XSS vulnerability

Nepal Telecom XSS vulnerability:

Site: www.ntc.net.np
Risk: Low
Notified: YES
Action from Admin: N/A
Vulnerable file: /search/searchresult.php
Exploit: The search doesn't sanitize the input from user. So it suffers from XSS.
Solution: sam207 has written an article on it.

More message to NTC, you are open to a lot of problems. We got all the PSTN Bank user logins(we also know where to login from) and what's the point of putting phpinfo() online. We grabbed the PHP information from NTC. Also, why would you like to put apache manual on the website (though isn't a potential risk). Contact us if you want to know more vulnerabilities I think I shouldn't discuss over here.
Thank you.

2 comments:

  1. I hadn't tested the XSS in NTC. Nice find bro. Yeah NTC is very very vulnerable to hacks... I dunno why they don't make good level of security.

    ReplyDelete
  2. i already got that the damn ntc can't even put a genuine security softwares.I am nepali and i don't want to harm it.but if any there there in my place then...??? i have fixed some Gprs bugs but still some are remaining..

    ReplyDelete