Monday, 9 November 2009

DC-nepal.com Multiple Vulnerabilities

I got the link to the site from some nepali social networking site and was just testing the security issues of the site as the about us page stated that the people of DC-nepal are quite good in computer technology. I started with general web hacks and unfortunately found this site to be vulnerable to SQL injection and persistent cross site scripting. So I thought to share this with you guys.
SQLi:
http://www.dc-nepal.com/nepali_model.php?id=437
The id variable is not well sanitized so valid queries can be injected to the site. Since the MySQL version>5, its even more easier for hackers to get different credentials from the site.
Some tables:
admin
dc_classicfied

Login user/hash: laxman: hnz/uP1502jYsjqs//hCfg==
You need to decrypt the password and you can login from /admin.


Persistent XSS:
http://www.dc-nepal.com/nepali_model.php?id=437
The comment form doesn't filter any malicious so this can be used to drop executables and redirects.
Hope they make a quick fix. They were notified...

No comments:

Post a Comment