I checked the IBB's portfolio and the sites it develops uses the same script and it is vulnerable to SQL injection. Check my previous post for more on knowing this:
http://nepsecvulns.blogspot.com/2009/12/party-popper-wwwpartypoppercomnp-sqli.html
The same mysql injection is valid but filtering takes so you need to bypass filters (not hard). I would recommend you to google for mysql injection cheatsheets and learn and practice hacking in these sites.
Nepali Hackers Are Not Dead, They Are Underground and Might Be At Your Root
Subscribe to:
Post Comments (Atom)
Good work! I think its about time Nepali developers start thinking about security when writing code.
ReplyDeleteNow my only concern is that, sensitive information should not be revealed in these posts. That would however be a crime.
Good work again.
This comment has been removed by a blog administrator.
ReplyDeletethanks for appreciation techblogger...
ReplyDelete