Thursday 10 December 2009

Engineering express [www.engxpress.com.np] Multiple Vulnerabilities

The online website of The Engineering Express http://www.engxpress.com.np is pretty insecure with multiple vulnerabilities. It suffers from SQLi and insecure file upload vulnerability. Anyway below are some dumps from the website:
Few tables:
register
signin

Columns in signin table:
Username
Password


Fucking lots of SQLi...


Login process:

$stmt=sprintf("SELECT * FROM login WHERE username='%s' AND password='%s'",$usr, $pwd);
$dblink=DBset() ;//Connect to the database...
$result = DBquery($stmt, $dblink) ;//Send Query
$totresult = mysql_num_rows($result);
$row = mysql_fetch_object($result);

Page.php:
$stmt=sprintf("SELECT Content FROM page WHERE Id='%s'",$_GET['recordID']);
$dblink=DBset() ;//Connect to the database...

Other scripts are also vulnerable but I am too lazy to post them, too.

Screenshots:







Certainly no offense but you need to improve yourself...
Thanks!!!

1 comment: