Thursday 10 December 2009

Internet Business Bureau Common SQL injection Vulnerability

I checked the IBB's portfolio and the sites it develops uses the same script and it is vulnerable to SQL injection. Check my previous post for more on knowing this:
http://nepsecvulns.blogspot.com/2009/12/party-popper-wwwpartypoppercomnp-sqli.html

The same mysql injection is valid but filtering takes so you need to bypass filters (not hard). I would recommend you to google for mysql injection cheatsheets and learn and practice hacking in these sites.

Nepali Hackers Are Not Dead, They Are Underground and Might Be At Your Root

3 comments:

  1. Good work! I think its about time Nepali developers start thinking about security when writing code.
    Now my only concern is that, sensitive information should not be revealed in these posts. That would however be a crime.

    Good work again.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete
  3. thanks for appreciation techblogger...

    ReplyDelete